Defining informatics for health center teams

I just ran across this great short post on informatics and had to share it. I wish Dr. Gibson had written this post a couple years ago when I first used the word “informatics” with my new health center colleagues. When I said the word, I might as well have been speaking Klingon — no one knew what it was — not the clinicians, the business folks, operations… no one had heard the term. Of course it didn’t help that I recommended we consider hiring an informaticist — a new position that no one knew they needed and couldn’t define. 😉

At the time, and to some degree even today, there was an expectation that mainline IT staff would fill the role of informaticist for the company. And in some small ways, we do. But not in the big ways, not in transformative ways. Our IT staff are saddled with basic systems maintenance, user support, new system installation and integration efforts, and so on. We’re not clinicians by training. While we listen and learn a little every day about our clinical operations, we’re still not doctors or nurses. (Funny how that works.)

So what is informatics? What does an informaticist do? Dr. Gibson explains it like this (boldface mine):

Important informatics skills include change management (not just IT change management, but culture and process change management as well), business analysis, stakeholder engagement, project management, requirements development, strategic thinking to place projects into a larger vision, building for inter-operability, translating between IT & business, system life cycle, communications, [etc.]). A good informatician can speak the language of both IT staff and program staff, and should be a good communicator and group facilitator.

Informatics skills are not necessarily present in IT departments. A programmer may be very skilled in writing a program to do what he wants, but is rarely skilled in getting the thorough understanding of what users need. The database administrator may be very skilled in structuring a database to run very quickly, but usually does not understand the content well enough to create operational definitions that address what program managers want to know.

My recommendation from a couple years ago was that we needed to hire an informaticist, or at least someone who had clinical background and technical chops. With all the reporting and analysis requirements in UDS, Meaningful Use (MU), and Patient Centered Medical Home (PCMH), not to mention workflow changes needed to meet increasing security and privacy requirements (HIPAA, HITECH) and general efficiency needs, having someone who could drive workflow / care / data change projects and communications would help a lot.

In the end we didn’t hire a classic informaticist, but we do have a high-level manager driving Quality Improvement (QI) efforts, PCMH, and MU, and she’s quite technically capable as well as a licensed provider. So we’re covering the need for now.

It’s possible that at our scale (currently around 130 employees), perhaps a full-blown highly-paid informaticist won’t be necessary in the future. It’s possible the EHR vendors and various governmental agencies will settle on a collection of core measurements and workflows that work for everyone and those features will just be built-in to our systems. (Ha! Sometimes I crack myself up…)

But for now, I would argue everyone in the health center space (50-500 employees) needs to be thinking about hiring an informaticist. Someone that has clinical training. Someone that isn’t afraid of computers and likes data and analysis. Someone that can communicate well and can drive change projects. So yeah… a miracle worker!

Meanwhile, everyone on your management team needs to know what informatics is. Your health center needs to get comfortable with data and change. Because “accountable care” demands proof, and the proof is in the data.

BONUS: Informatics Links

Desperately seeking a HIPAA-compliant Ford Mustang

After the harrowing account of a hospice in northern Idaho being slapped with a $50,000 fine for 411 breached patient records, it’s good to see that even the big players — the biggest in the industry — screw up from time to time.

This widely-cited case, first reported by the L.A. Times, tells the story of how healthcare giant Kaiser Permanente got a little sloppy and ended up working with a contractor who stored electronic patient records all over the place, including sometimes storing records — and I love this — in the trunk of his Ford Mustang.

Which raises the obvious question: Are Ford Mustangs HIPAA compliant? What about a Honda Accord? Maybe a PT Cruiser?

And while that’s the wildest part of the story for me, what’s even more fun is the fact that Kaiser and their mom-and-pop patient records handler (yes, literally — mom-and-pop) have been trading accusations in and out of court for the past 2 years, each accusing the other of not caring about patient privacy and data security.

L.A. Times writer Chad Terhune did a masterful job painting a picture of the comical data security with these gems:

  • “On a recent day [the patient records] sat next to a red recliner where Ziggy, the family’s black-and-white cat, curled up for a nap.”
  • “…kept those patient records at a warehouse in Indio that they shared with another man’s party rental business and his Ford Mustang until 2010.”
  • “…Kaiser said the Deans put patient data at risk by leaving two computer hard drives in their garage with the door open. In response, Stephan Dean moved them to a spare room.”
  • “‘We could have sold these emails [with patient records] to somebody in Nigeria, but Kaiser doesn’t care about its patients’ information.'”
  • “‘[Kaiser] should have signed a contract prior to the commencement of this project,” the manager wrote.”

Be sure to read the article all the way to the end. That last sentence is a killer.

Kaiser got into this mess because they gobbled up yet another smaller hospital and needed to absorb all the patient records quickly. So they outsourced the job. No problem there, really. It’s who they outsourced to that ended up being a disaster.

So far, there’s no known patient data breach, which is great for patients. But authorities are investigating and Kaiser’s got a lot of egg on face with such a high-profile piece hitting the Times.

The lessons for your patient data security efforts? Wait… you really need me to spell this out?

It’s simple. You need your own Ziggy — a certified Patient Privacy Attack Cat — and a Mustang. IT’S RIGHT THERE IN THE FEDERAL CODE, PEOPLE.