JCAHO's new credentialing, privileging standards require provider-specific data.(Joint Commission on Accreditation of Healthcare Organizations ) - Hospital Peer Review

JCAHO's new credentialing, privileging standards require provider-specific data

Surveyors will be looking for continuous evaluation

New standards for the credentialing and privileging of practitioners call for a more objective and evidence-based process for monitoring performance. The standards from the Joint Commission on Accreditation of Healthcare Organizations, which are effective Jan. 1, 2007, also require a process for intervening when safety and quality-of-care issues are identified.

'More detailed information will need to be collected on an ongoing basis,' says John Herringer, associate director of JCAHO's standards interpretation group and lead interpreter for medical staff standards.

To comply with the standard, organizations will need to continuously collect additional information about physician performance. 'That will definitely be a challenge,' says Christina W. Giles, CPMSM, MS, president of Medical Staff Solutions, a Nashua, NH- based consulting firm specializing in assessment and development of medical staff organizational structures in the hospital environment. 'In my experience with clients all over the country, currently the weakest link in the credentialing and privileging program is how much information and the type of information that gets collected at reappointment or reprivileging time.'

In general, the Joint Commission wants organizations to start reviewing selected data on an ongoing basis, to determine whether a practitioner can maintain his or her privileges. 'The issue was really that people were doing this every two years, and there wasn't a process to evaluate people on a continuous basis,' says Herringer. 'Organizations are not going to be just looking at the person every two years. They are going to be looking at them continuously.'

Provider-specific data

Organizations will define the criteria to be collected for ongoing professional practice evaluation themselves. The Joint Commission says this may include the following: review of operative and other clinical procedures performed and their outcomes, pattern of blood and pharmaceutical use, requests for tests and procedures, length-of-stay patterns, morbidity and mortality data, and the practitioner's use of consultants. 'But because we use the word 'may,' that indicates that they still have to define it. Organizations can include things other than the examples we give,' says Herringer.

The new requirements will require provider-specific data to be collected, but many hospitals have collected only aggregate physician data to trend performance improvement, says Nancy J. Auer, MD, FACEP, chief medical officer for Swedish Health Services in Seattle.

'Many institutions went this route believing — correctly — that the physicians wouldn't participate in performance improvement activities if they knew they personally were being profiled,' says Auer. 'Data systems are not perfect. It is imperative that physicians work with their institutions to help turn the data into credible information.'

Organizations are supposed to be collecting data on each individual, says Herringer. 'You should always be looking at the provider data. For example, if, on average, antibiotics were prescribed 300 times but Dr. Jones is prescribing them 700 times and has high infection rates because he is over-prescribing, it's pointless to just look at the aggregate,' he says.

In order to get to the aggregate physician data, you need to have the practitioner-specific data anyway, he notes. 'You want to look to see, how is he practicing compared to the rest of his peers for that particular measure?' Herringer says.

What organizations were failing to do is compare the provider-specific data with the aggregate data, says Herringer. 'They always had the data, but they weren't comparing the person to the aggregate. That's why we added that to the standard in 2004. It does come from the performance improvement data, but those are broad categories.'

Depending on what you are measuring, you may or may not have data for every practitioner for a given measure. For example, if you decided you wanted to look at something related to Cesarean sections for operative and other procedures, then you are omitting all the other surgical procedures, so you won't have data for the other types of surgeons.

'We've never said you have to find a measure that relates to every different type of surgical procedure that you could possibly do,' says Herringer. 'You may not have data for every practitioner for that measure. For some practitioners, you really could end up having no data.'

For instance, psychiatrists don't do surgical procedures, or if the medication used in your measure doesn't relate to psychiatry, you won't have any data there. 'It's totally possible that your measures won't relate to certain people. What we're trying to move away from is collecting data about everybody, as opposed to just linking it to the performance improvement measures,' says Herringer.

You're required to define what data you're going to collect for every practitioner, and it must be related to performance improvement measures, and you will look at whatever data you have for that person. 'But you wouldn't necessarily have data for everybody,' says Herringer.

For this situation, organizations can attempt to obtain data from other facilities where the person practices, but data are often protected under peer review statutes. In this case, the organization would obtain additional peer recommendations, and the lack of data might be defined as a trigger for focused review, says Herringer.

'When we're granting privileges, we don't necessarily have data and competencies for every single procedure,' says Kathy Downs, CPMSM, CPCS, CPHQ, director of medical staff services at Paradise Valley Hospital in National City, CA. 'It may be that, for low-volume practitioners in particular, we will have to end up getting data from other hospitals, and that may be difficult.'

Take action on problems

Hospitals also are required to act on what the data are telling them, always with the goal of improving performance. Surveyors will want to see how individual departments have used the information to improve patient care.

'At Swedish, we are revamping our data collection tools to collect physician-specific data,' says Auer. 'This approach is really effective. You can't just wait to provide feedback to physicians at re-credentialing if you want performance to improve.'

For example, the organization had trouble eliminating dangerous abbreviations until data were collected that included the name of the physician and the type of do-not-use abbreviation used. 'We fed this data, in an educational fashion, back to the physicians on a weekly basis,' says Auer. 'Our performance improved dramatically.'

Indicators that will trigger a chart review at Paradise Valley Hospital include unplanned return to the operating room, readmission within 24 hours, a certain amount of blood lost, and unplanned removal of an organ.

After physicians review the patient's chart, any additional questions are sent to a committee for further discussion. 'Sometimes, the physician whose case it is will even be there as a member of the committee and can explain what happened. Or they may send a letter to the physician asking for a written explanation, or they will ask him or her to come to the committee meeting to clarify questions,' says Downs. The committee then determines what further action, if any, needs to be taken.

The organization has been moving toward 'core' privileges for many procedures that physicians can do by virtue of their training, such as appendectomies for general surgeons, as opposed to 'non-core' privileges that require special or additional training such as laparoscopic hernia repair. 'We will just have to be more vigilant with the non-core procedures, especially for those physicians who perform most of their procedures at other facilities,' says Downs. 'It may be difficult to get the needed information from other hospitals.'

JCAHO's credentialing and privileging standards do not reference the concept of core privileges, nor do they suggest or promote a particular format for granting privileges, notes Herringer. However, the following activities would be expected to occur during the credentialing and privileging process for any type of format utilized, he says:

*The core privileges must be clearly and correctly defined to reflect the specific activities and procedures performed at the organization that the majority of the applicable group of practitioners can do.

*There should be a method for the applicant to request only certain items in the core privileges if he or she does not want the full set of core procedures.

*If it is determined that the applicant cannot perform certain activities, then the core privileges must be modified for that applicant, who is then appropriately notified of the modification along with other organization staff. For example, if the core surgical privileges include laser procedures but an applicant is not competent in laser surgery, then the laser privileges are deleted from that applicant's core listing and other appropriate staff in the organization are notified of the modification.

*The organization must evaluate each applicant's education, training, and competence to perform each activity listed in the core privileges. 'It cannot be assumed that every applicant can do everything listed,' says Herringer.

How is competency defined?

Defining competency is up to the individual organization, says Herringer. 'They really have to determine what qualifications they want people to have. It could be they want a training program, a certain volume of activity, or board certification,' he says. 'We don't define it. There are certain rural parts of the country where they couldn't get a board-certified person if they wanted to.'

There is a lot of disagreement about what defines competency among organizations. 'If no charts have fallen out and there have been no complications for surgery, for example, does that indicate competency? Or do they have to perform a certain number of procedures competently to validate that they are competent — or both?' asks Downs.

Currently, the organization's process involves looking at whether any charts have fallen out for review and what the doctors' outcomes are, and also the numbers of procedures performed.

For any organization, the first step in the process is to determine what defines competency. 'While JCAHO has done a great job of incorporating the six core competencies that have been established by the Accreditation Council of Graduate Medical Education [ACGME] and the American Board of Medical Specialties [ABMS], it still leaves us out there not knowing exactly how to do what we need to do,' says Giles. 'I think we will have to zero in and look at outcomes.'

Some hospitals have begun to make some of their outcome information public, but this is usually based more on procedures than practitioners, says Giles. 'So I do think that we have the ability to track the information. It's just a matter of figuring out who is going to collect it, how is it going to be maintained, and how is it going to be presented.'

Medical staff in most hospitals are aware that physician report cards are being developed at all levels of the organization, but there is still some reticence on the part of medical staff and hospitals to actually use that information at reappointment or reprivileging, according to Giles.

'I think the biggest challenge is going to be what type of privileging process are we going to use, so that we know the practitioner is competent to perform what they are asking,' she says. The challenge is getting the doctors to buy into whatever system is used for measurement, says Giles.

'But the advantage there is that the ABMS and some of the others are going to be moving forward in trying to define how they are going to measure it,' says Giles. 'Hopefully we can use some of the same mechanisms.'

Research what all the different American boards of specialties are using, recommends Giles. 'They all have different maintenance of certification programs and there may be some things that can be borrowed from that.'

For example, the ACGME has done a lot of work on the six core competencies and what kind of data they are going to collect and use to measure residents, so some of those ideas can be 'borrowed.'

'I think that hospitals have done a good job of going in and stopping someone if they are totally incompetent. But I also think that sometimes the peer review process takes a little too long to get going,' says Giles.

Many organizations currently lack triggers to take action on a continuous basis. 'You could potentially have two years of problems and then start to take action. Waiting every two years is not necessarily appropriate,' says Herringer. 'You will have to clearly define what triggers performance monitoring. There could be a variety of triggers that say 'We need to watch this guy,' such as a number of complaints, sentinel events, or increased infection rates.'

Change mindset of physicians

As of Jan. 1, 2008, the Joint Commission will require a Focused Professional Practice Evaluation. 'This will be challenging for organizations to implement, and that's why it's been delayed,' says Herringer. 'Criteria need to be defined for when they are going to grant a privilege for a new applicant vs. criteria for an applicant with a documented record of performance at the organization.'

Any practitioner who is totally new to the organization will get a period of focused review, and in addition, any practitioner asking for a new privilege also will be under focused review.

Medical staff will always have to be involved in defining the credentialing and privileging process, including implementation of the Focused Professional Practice Evaluation, since the bylaws have to be approved by both the medical staff and the hospital's governing body.

Depending on what type of performance monitoring is done as a result of triggers identified, members of the medical staff might be involved in that as well.

'They might say that a standby physician is needed for every one of these surgeries, or it might involve certain other physicians reviewing the record and documentation,' says Herringer. 'We don't specifically tell organizations how to monitor them. They have to decide that for themselves.'

The goal of the process is to prove that physicians are competent, not the opposite, according to Giles. 'So what we have to do is change the mindset of the medical staff — instead of looking for the negative, that the whole process is looking for the positive,' she says. 'We have to provide proof that they are doing a good job. So they should be helpful in trying to identify what mechanisms we can use to show that.'

[For more information, contact:

Nancy J. Auer, MD, FACEP, Chief Medical Officer, Swedish Health Services, 747 Broadway, Seattle, WA 98122. Telephone: (206) 386-6071. E-mail: Nancy.Auer@swedish.org.

Kathy Downs, CPMSM, CPCS, CPHQ, Director of Medical Staff Services Paradise Valley Hospital, 2400 E. 4th Street, National City, CA 91950. Telephone: (619) 470-4156. Fax: (619) 472-4502. E-mail: DownsKA@ah.org.

Christina W. Giles, CPMSM, MS, President, Medical Staff Solutions, 32 Wood Street, Nashua, NH 03064. Telephone: (603) 886-0444. Fax: (810) 277-0578. E-mail: chriswg@medicalstaffsolutions.net.]

Calling All Swedish Hospital Babies and Parents. - Health & Medicine Week

Were you or your baby born at Swedish? If so, dust off your photo albums and scan and send in your best baby shots - whether your photographs are from 1910, 1939, 1999 or 2009, Swedish wants to see them (see also Swedish Medical Center).

In honor of its 100th year of non-profit service, Swedish wants to recognize some of its patients through a search for photos of babies born at any birthing center now part of Swedish Health Services, including Swedish Hospital (Swedish/First Hill, Swedish/Ballard and Swedish/Cherry Hill), Doctors Hospital, Seattle General Hospital, Ballard General Hospital, Ballard Community Hospital and Providence Seattle Medical Center.

Since opening its doors in 1910, more than 200,000 babies have been born at Swedish - in fact more babies are born at Swedish each year than at any other medical center in Washington state. Last year alone, there were more than 7,400 babies born at Swedish's First Hill and Ballard campuses.

Keywords: General Health, Health, Hospitals, Swedish Medical Center.

'Major' news of the day while you were away; Weekly Review.(News) - The Seattle Times (Seattle, WA)

Byline: Ron Judd; Seattle Times staff columnist

Mr. Wrap is a little miffed.

Stood there at Sea-Tac for several hours Tuesday, wearing a little black chauffeur's cap and holding up a hand-lettered sign reading, 'AMANDA KNOX.'

Thought she might at least come over and say 'Hi.' But nooo.

In spite of that clear snub, we're glad Amanda is back home safe. And to help ease the transition, we're sending her a detailed chronology of major news events she's missed since leaving her hometown in 2007. Major highlights:

* In 2009, the city threw its former mayor, Greg Nickels, out of office after he decided to battle an epic snowstorm by deploying a fleet of plows equipped with blades tipped by cotton swabs. Since then, the office of mayor has, by all indications, been left vacant.

* The Mariners lost another several hundred games.

* Some rich people with a thing for melted 7UP bottles rammed through the City Council a plan for a Dale Chihuly Outlet Mall / Museum of Self-Aggrandizement. It'll be built in the Seattle Center's Eyesore District, not far from Paul Allen's Experience Music Project, popularly known as The Wreck of the Partridge Family Bus.

* Ground was broken for a new Dick's Drive-In up in Lynnwood.

That's pretty much it.

More historical trending:

Easy Mistake: Raise your hand if you saw the headlines about that 'rat-infested, squid-filled pirate ship' and thought it was a story about an Issaquah-class ferry on the Bremerton run.

Urge To Merge: Swedish Health Services and Providence Health & Services are combining forces. We're now one step away from a single colossus, Group Providish.

The Nation's Grammar Instructors Clearly Not Among Them: 'I apologize to those whom are disappointed in this decision.' -- Partial-Term Alaska Gov. Sarah Palin, R-Sylvan Learning Centers, announcing she won't run for president in 2012.

This Just In: The Boeing 787 reportedly is 11 tons overweight. It's already being asked by major airlines to purchase a second seat in its own coach section.

Duct And Cover: State transportation officials are asking residents what they would do if given 30 minutes to themselves on the Alaskan Way Viaduct. Seems obvious: 1) Place explosive charges. 2) Light fuse. 3) Run like hell.

Are You Ready For Some Stupid? Lost in the hubbub over singer Hank Williams Jr.'s comparison of President Obama to Hitler was this question: Why was Fox News soliciting pearls of political wisdom from Williams in the first place? Apparently regular senior political analyst Charlie Daniels was on vacation.

Let's Be Honest: Anything that gets that idiotic song off the air is a public service.

Bulking Up: Shoppers at Costco reportedly were 'unfazed' by reports of rising store membership fees. Sigh. Rookie mistake, people: If you don't want to be nickel and dimed to death, you should at least act fazed in the presence of news people.

And Finally: A pat on the back to managers at the Port of Seattle, which, when the media circus came to town Tuesday, nimbly shepherded the elephants through the Sea-Tac gates. Now if they could just make arrivals somewhere close to that painless for the rest of us. Ron Judd's column appears each Sunday. He also writes Restless Native columns. Reach him at rjudd@seattletimes.com or 206-464-8280.

Prosser, Kadlec hospitals to share patient record database - Yakima Herald-Republic

PROSSER, Wash. -- Doctors in Richland will soon be able toquickly see medical records of patients from Prosser, cutting downon redundant tests, phone calls and delays.

So promised officials from PMH Medical Center and Kadlec RegionalMedical Center at a public announcement Monday of a partnershipbetween the two hospitals.

The arrangement should have happened sooner, said Julie Petersen,CEO of PMH, formerly known as Prosser Memorial Hospital.

'It's what the patient thinks is already happening,' Petersensaid. 'They're puzzled when we're still faxing things back andforth.'

The partnership is a nonbinding agreement that could pave the wayfor more alliances down the road, including sending Kadlecspecialists to practice a day or two a week in Prosser clinics.

It's not a merger or even a precursor to one, officials said.Prosser is a publicly funded hospital, while Kadlec is a privatenonprofit in Richland where many Prosser patients are referred.

The partnership will allow Prosser to purchase from Kadlec theservices of Epic, a Wisconsin firm that makes electronic medicalrecords software.

Federal mandates require most medical providers, such ashospitals, to make 'meaningful use' of digital records by 2014, apractice most Yakima Valley providers have already embraced.

However, those records still must be transferred among doctors,hospitals and clinics by fax, email or a specially connectednetwork.

The arrangement between Kadlec and Prosser would store one recordfor every patient on a central database for every physician in bothplaces to view and update at any time.

Officials had no timetable in mind and have not negotiated a costto the Prosser hospital. However, it would replace the hospital'scurrent system, which costs about $7,200 per month.

Epic only serves medium-size and large providers, includingSwedish Health Services and Providence Health and Services, whichlast week announced plans to join forces to form the largest healthcare system in the state.

Kadlec is one of the smaller hospitals using Epic, said RandWortman, Kadlec president and CEO.

The arrangement will make it easier for Prosser to transferpatients to Kadlec, where doctors will have even more access to thatpatient's information, Wortman said. Even in the age of technology,that doesn't always happen, especially in the emergency room late atnight.

'We'll frequently repeat studies because we don't know what's inthe records here,' Wortman said.

FORM 8-K: STRYKER FILES CURRENT REPORT - US Fed News Service, Including US State News

WASHINGTON, Dec. 13 -- Stryker Corp., Kalamazoo, Mich., files Form 8-K (current report) with Securities and Exchange Commission on Dec. 10.

State or other jurisdiction of incorporation: Michigan

Material Impairment

On December 6, 2010 Stryker Corporation announced that it has entered into a definitive agreement with Olympus Corporation for the sale of its OP-1 product family, which includes OP-1 Implant, OP-1 Putty, Opgenra and Osigraft, for use in orthopaedic bone applications for $60 million. As a result, the Company will incur a one-time non cash charge of approximately $75 to $80 million (net of income tax benefit) in the fourth quarter to reflect the anticipated loss on the sale of the previously described assets, which will reduce diluted net earnings per share by approximately $0.19 to $0.20. A copy of the press release announcing the agreement is attached hereto as Exhibit 99.1.

Departure of Directors or Certain Officers; Election of Directors; Appointment of Certain Officers;

Compensatory Arrangements of Certain Officers

At the Board of Directors Meeting of Stryker Corporation (the 'Company') held on December 8, 2010, Allan C. Golston was elected to the Board of Directors, effective January 1, 2011.

Mr. Golston serves as President, United States Program for the Bill & Melinda Gates Foundation and is a director for Malt-O-Meal, a privately held breakfast cereal corporation. Mr. Golston had previously been Chief Financial and Administrative Officer for the Bill & Melinda Gates Foundation from 2000 to 2006 and Director, Finance for Swedish Health Services from 1997 to 2000. Mr. Golston holds a master's degree in business from Seattle University and is a Certified Public Accountant.

Mr. Golston will be entitled to the fixed annual fee ($60,000 plus an additional $55,000 if he serves on one or more Committees) that the Company will pay to non-employee directors commencing on January 1, 2011 and will receive the same annual equity award that is granted to all non-employee directors in February 2011. In connection with his appointment to the Company's Board of Directors, the Company will enter into the form of indemnification agreement for directors, a copy of which is filed as Exhibit 10(xiv) to the Company's Annual Report on Form 10-K for the fiscal year ended December 31, 2008, with Mr. Golston.

Financial Statements and Exhibits

(d) Exhibits

99.1 - Press release dated December 6, 2010

Swedish Uses Colon Cancer Live Stream to Fight Disease. - Cancer Weekly

Colorectal cancer doesn't broadcast its presence until it's too late. Swedish Health Services hopes to change that by getting the word out about safe and effective prevention options (see also Colon Cancer).

On Wednesday, March 28, 2012 from 9 a.m. to 12 p.m. (PDT), Swedish physicians and staff will host its first-ever online chat and video stream of a colonoscopy procedure. The stream will be made available online at www.swedish.org/colonlive.

In the United States today, colorectal cancer is the second leading cause of cancer-related deaths for both men and women. It is estimated that 51,000 people will die of the disease this year and 143,000 new cases will be diagnosed.

The American Cancer Society recommends that, upon turning age 50, everyone should get a colonoscopy to prevent colon and rectal cancers. The test is designed to find both early cancer and polyps (growths in your large intestine).

'Right now, only about 60 percent of patients get screened, even though the effectiveness in reducing deaths has been proven,' said Dr. Raman Menon, a colon and rectal surgeon at Swedish. 'Regular testing is a powerful weapon for preventing the onset of the disease. Removing polyps in the colon keeps the cancer from ever evolving into anything dangerous. The disease is easily treatable if found at an early stage.'

'Education is our best, most cost-effective weapon against colorectal cancer,' said Dr. Nicholas Procaccini, a gastroenterologist at Swedish. 'Screening helps people stay well and it saves lives.'

In nine of 10 patients who found their cancers early, their chance for survival in five years is high. Very often these people live a normal life span. If people neglect screening, the cancer can grow and spread without being noticed.

A colonoscopy takes about 30 minutes and is not painful. It is an internal examination of the colon, or large intestine, and rectum. It is done using an instrument called a colonoscope, which has a very small camera attached to a flexible tube that the examiner uses to scope the area. The procedure reviews the entire length of a colon.

As part of Colon Cancer Awareness Month, Drs. Menon and Procaccini will host an online chat and live stream featuring two colonoscopy procedures, one of a male and the other of a female patient. The live stream will be focused around the importance of undergoing routine colonoscopies after age 50 with a focus on advances in colonoscopy procedures.

During the live stream the public will have the chance to communicate with the physicians who performed the procedures and ask questions. The physicians will respond live on camera throughout the program. The dialogue will be focused around the importance of early detection in preventing and treating colon and rectal health issues. Anyone interested may also join the conversation via Twitter by using the hashtag #ColonLive.

Swedish is committed to identifying new ways of communicating to the community to better inform the public and provide important information about relevant health issues. Recently, Dr. Rod Kratz, a colon and rectal surgeon at Swedish, shared his experiences preparing for his first colonoscopy on YouTube. Dr. Kratz underwent his first at age 40 due to potential family history of colon and rectal health issues. His video can be found online here: http://www.youtube.com/watch?v=BVocXp-CYHU.

For more information, or to schedule your own colonoscopy, visit: http://www.swedish.org/colorectal or call 206-386-6600.

Keywords: Oncology.

CITY OF SEATTLE AND SOUND TRANSIT BREAK GROUND ON THE FIRST HILL STREETCAR. - States News Service

SEATTLE, WA -- The following information was released by the city of Seattle:

Today the City of Seattle and Sound Transit, joined by community members from across the city, broke ground on Seattle's newest streetcar line - the First Hill Streetcar. To be constructed by the City with funding provided by Sound Transit, the streetcar line will allow riders to easily travel between neighborhoods on Capitol Hill, First Hill, Yesler Terrace, the Central Area, the Chinatown/International District and Pioneer Square, and better access Link Light rail service. The First Hill Streetcar will be operational by the spring of 2014, connecting thousands of riders daily with the places they live, work and socialize.

'Today's groundbreaking is an important step in the recent momentum to expand rail in our city,' said Mayor Mike McGinn. 'Our updated Transit Master Plan shows that we need to do better to connect Seattle's neighborhoods with high quality transit. And we are doing just that with projects like the First Hill Streetcar and planning to connect our streetcars through Downtown. I thank Sound Transit and City staff for all of their work, and the public for their vision when they voted to approve the Sound Transit 2 measure that makes these projects possible.'

Mayor McGinn, who serves on the Sound Transit Board, was joined by fellow Board members, members of the Seattle City Council and local community leaders in kicking off the construction. The groundbreaking took place at the site of a future streetcar station that will serve Seattle University, Swedish Medical Center, Virginia Mason Medical Center and the growing First Hill residential neighborhood. The stop will be one of 10 stations along a 2.5-mile route that will serve employment centers, educational institutions, entertainment and sports venues, and residential neighborhoods while enhancing access to regional rail service like Link Light rail and Sounder trains.

'The First Hill streetcar will be an important part of our regional transit system, connecting people who live and work throughout King County with outstanding institutions of healthcare and higher education,' said Sound Transit Board member and King County Executive Dow Constantine. 'This line will also provide the foundation for future growth at Yesler Terrace and south Broadway.'

The First Hill Streetcar will connect the current Link Light rail station in the Chinatown/International District with the future rail station on Capitol Hill. The line is being built by the Seattle Department of Transportation (SDOT) in partnership with Sound Transit. Sound Transit had initially planned an underground light rail stop on First Hill but abandoned the idea because of costs and risks associated with a deep station.

'From the moment we concluded building a deep-mined light rail station on First Hill was too risky, I strongly advocated for this streetcar line as a way to provide vital access to and from a regional light rail system that will stretch more than 50 miles by 2023,' said Sound Transit Board member and King County Council member Larry Phillips. 'We made the First Hill Streetcar a top priority in shaping the Sound Transit 2 Plan, and today I couldn't be more thrilled that we are about to watch our dream become a reality.'

The line will be constructed by Stacy and Witbeck, the firm that previously built the City's South Lake Union line, and is estimated to cost $132.8 million.

'Many residents and business owners along the streetcar line, from Pioneer Square to Broadway, have told me that they are eager for operations to begin,' stated Seattle City Councilmember Tom Rasmussen. 'The streetcar is intended to improve transportation and to attract people to visit and shop in our neighborhood business districts.'

Once operational, approximately 3,000 riders each day are expected to use the First Hill line. It will provide service from 5 a.m. to 1 a.m. Monday through Saturday and 7 a.m. to 7 p.m. on Sundays/holidays, running with 10-minute headways during peak/daytime hours. A trip from Pioneer Square to the future Link Light rail station on Capitol Hill is anticipated to take just under 20 minutes.

'For 101 years now, Swedish has recognized the importance of accessible transportation options for our employees, patients and their health,' said Dan Dixon, Vice President of External Affairs, Swedish Health Services. 'The First Hill Streetcar is a brilliant continuance of creative transportation for our city. Elegant, quiet, environmentally friendly - we believe that all of us on First Hill will benefit for a generation from this mass-transit addition to our neighborhood.'

The line's six streetcar vehicles will be made through a partnership between Inekon, a Czech Republic firm, and Pacifica, a Seattle-based manufacturing firm. With Pacifica assembling the vehicles locally, this partnership will provide approximately 20 living-wage manufacturing jobs in Seattle for this project. It also creates the opportunity for streetcar assembly in Seattle for other agencies nationwide, which could provide additional local jobs.

Northwest Kidney Centers launches capital campaign for $5 million comprehensive kidney resource center. - Defense & Aerospace Week

Northwest Kidney Centers has launched a campaign to raise $1.5 million of the $5 million needed to turn its 700 Broadway building into a comprehensive kidney resource center. The center supports the three key areas of the nonprofit's mission - patient care, education and research.

Northwest Kidney Centers, which is celebrating its 50th anniversary as the first dialysis organization in the world - has already raised $1.25 million thanks to early gifts.

A lead gift of $450,000 was made from the estate of John and Susie Morganti, long-time supporters of the organization. PACCAR Inc, a supporter of Northwest Kidney Centers for 46 years, donated $100,000.

'This new comprehensive kidney resource center - unique in the United States - will house an array of patient-focused services,' said Joyce F. Jackson, chief executive and president of Northwest Kidney Centers. 'In addition to an updated community dialysis clinic, the center will house our expanded kidney-specialty pharmacy and a clinical research center for kidney research.'

The building also will include three new conference rooms, an education and training center for new dialysis patients, and a demonstration kitchen to expand teaching and learning opportunities for patients, families, physicians and the community.

The first floor will include a Heritage Gallery showcasing important artifacts that illustrate Northwest Kidney Centers' standing as the first out-of-hospital dialysis provider in the world.

'We want this to be a valuable resource for all of our patients and their families - a place where they can learn about ways to improve their health and manage their disease,' Jackson said.

The new facility benefits people who face the epidemic of chronic kidney disease, which affects one in seven American adults.

The capital campaign is co-chaired by Steve Huebner, partner with KPMG, LLP, and Clint Randolph, retired Boeing senior manager. Campaign cabinet members are Connie Anderson, RN, vice president of clinical operations at Northwest Kidney Centers; Gary Bylund, executive vice president of Kibble & Prentice, Inc.; Deborah Crabbe, attorney with Foster Pepper, PLLC; Dr. Cyrus Cryst, nephrologist/nephrology section head of Virginia Mason Medical Center; Dr. Lisa Florence, director of the Kidney Transplant Program, Swedish Health Services; Gary Houlahan, president of Mutual Materials Co.; Joyce F. Jackson, CEO and president of Northwest Kidney Centers; Dr. Michael Kelly, clinical professor of medicine, Division of Nephrology, Harborview Medical Center; Steve Meyers, senior vice president with RBC Wealth Management; and David Wilde, chief financial officer of TTF Aerospace, LLC.

Anyone wishing more information about donating should contact Northwest Kidney Centers Gift Planning Officer Larry Richards at 206-720-8550 or larry.richards@nwkidney.org.

About Northwest Kidney Centers: In 2012, Northwest Kidney Centers is celebrating 50 years since its founding as the first dialysis organization in the world. The nonprofit provides the majority of dialysis care in King and Clallam counties, educates the public about kidney health, and collaborates with UW Medicine in the Kidney Research Institute. Northwest Kidney Centers' staff of 565 delivers more than 226,000 treatments per year in 14 dialysis centers and almost all of the area's hospitals, as well as supervising more than 200 people who give themselves dialysis at home. Learn more at www.nwkidney.org.

SOURCE Northwest Kidney Centers

Keywords: Investing and Investments.

Providence Health Care and Group Health Cooperative form Physician Organization. - Health & Beauty Close-Up

Providence Health Care and Group Health Cooperative have signed an agreement to form a new jointly owned company that will create a physician organization.

According to a release, this is not a merger or an acquisition. The two entities will form a new limited liability corporation.

'First and foremost, this comprehensive physician organization allows us to better care for our patients,' said Mike Wilson, chief executive of Providence Health Care in Eastern Washington. 'By improving coordination and communication among care givers who utilize the best evidence-based medicine, we will be able to improve quality. At the same time, we will help patients access the right kind of care at the most appropriate time and in the most appropriate setting. The result will be better health outcomes for patients, less duplication, and an overall reduction in cost.'

The new organization will be made up of health care providers from Group Health Physicians, Providence Medical Group and Columbia Medical Associates.

At the center of the integrated physician group are 132 primary care physicians who will serve as the medical home for patients throughout the region.

These physicians will coordinate patient care with care centers and hospitals, including Providence Sacred Heart Medical Center and Children's Hospital and Holy Family Hospital.

The provider organization will initially serve Providence employees and Group Health patients who seek care from providers working at Providence Medical Group, Group Health or Columbia Medical Associates clinics beginning in January 2013.

'Group Health and Providence are equally committed to finding local solutions to fix our broken health system by creating a patient-centered, clinically integrated delivery organization to care more effectively for residents of our community and the surrounding region,' said Kelly Stanford, vice president of market development for Group Health Cooperative. 'By drawing on the strengths and capabilities of both organizations and through new models of payment to providers, our integrated physician organization will achieve three goals enhance patient health, improve the patient care experience, and decrease the overall cost of care,' continues Stanford.

Providence Health Care is a member of Providence Health and Services, a Catholic health care ministry.

The health system is affiliated with Swedish Health Services.

Group Health provides health coverage.

THREE HEALTH INSURERS TO MERGE.(News) - Seattle Post-Intelligencer

First Choice Health Plan of Seattle, which began serving its first members in January, said it is merging into a new company with Health First Partners and Health Washington.

First Choice has about 3,500 insured patients, and Health First Partners has about 4,500. Health Washington is a provider network owned by Swedish Health Services, Multicare Health System, Evergreen Community Healthcare and Stevens Healthcare. Health First Partners is owned by Swedish and Multicare.

``The idea of this consolidation is to reduce overhead and to attain a critical mass in a single company,'' said Gary Gannaway, CEO of First Choice. Gannaway will be CEO of the new company, which probably will be called First Choice.

The Seattle Times Business Newsletter Column. - Knight Ridder/Tribune Business News

By Stephen H. Dunphy, The Seattle Times Knight Ridder/Tribune Business News

Apr. 16--Consumer prices in three big areas of spending are increasing in the Seattle-Tacoma-Bremerton area, according to a monthly report from the Bureau of Labor Statistics. Grocery prices, gasoline and home costs were up in March.

The food-at-home index advanced 0.4 percent in March. Grocery prices were 2.2 percent higher than in March 2003.

Dominated by increasing gasoline prices, the index for energy advanced 3.9 percent in March, and rose 0.4 percent over the year. Gasoline prices were up 6.6 percent in March, but Seattle-area gasoline prices were still 3.7 percent lower than one year ago. The shelter index rose 0.3 percent over the month, and was 0.6 percent above last year's level.

The BLS tracks food, energy and housing each month and does a full consumer-price-index report every other month.

Boat sales in Washington State soared during the first quarter of 2004, according to the Northwest Marine Trade Association, with new-boat sales up 17 percent in units and 25 percent in dollars over the same period in 2003.

King County continued as the top spot for boating sales in Washington, accounting for more than 18 percent of the state's sales during the quarter. Total boats sold (new and used) were up 6percent from the first quarter in 2003.

Boats are selling so well, the association canceled a parking-lot sale scheduled for Factoria Mall during the opening weekend of boating season in early May.

The association began collecting the sales data in July 2002 with the University of Washington Sea Grant program, which uses boat registrations from the Department of Licensing to compile the information.

Hotel-operating results are improving, although this is the slow season for most properties. In January and February, as many as half the hotel rooms in the region were empty on any given night.

Wolfgang Rood Hospitality Consulting found that most areas in the Puget Sound region were up in February compared with February 2003 although the SeaTac area was the exception, reporting lower occupancy.

Downtown Seattle occupancy was up 10.6 percent while Bellevue occupancy increased 2 percent compared with last year. The average daily room rate is showing some signs of improvement, up 2 percent statewide and gaining 3.6 percent in Seattle and 0.5 percent in Bellevue.

The hotel industry has had it tough in the past few years with stagnant occupancy rates and falling average room rentals. The Rood survey is a good one, covering 135 properties in the state representing more than 20,500 rooms.

QUICK HITS: John Rogers, senior vice president and managing director of institutional research for D.A. Davidson, was named one of 10 'Homerun Hitters' by Institutional Investor magazine. Rogers was chosen for his coverage of Portland-based Schnitzer Steel Industries ... China Southern has made it official -- it signed an agreement with Airbus to acquire 15 A320-200 and six A319-100 aircraft from Airbus... Swedish Medical Center's 1101 Madison Tower has won a regional Office Building of the Year award from the Building Owners and Managers Association. Madison Tower was the winner in the medical-office building category for the Pacific Northwest Region. The Seattle property is owned by Swedish Health Services and is managed by Trammell Crow Company.

--Stephen H. Dunphy's columns appear Tuesdays-Fridays and Sundays. Phone: 206-464-2365. Fax: 206-382-8879. E-mail: sdunphy@seattletimes.com.

To see more of The Seattle Times, or to subscribe to the newspaper, go to http://www.seattletimes.com.

(c) 2004, The Seattle Times. Distributed by Knight Ridder/Tribune Business News.

Can Chief Security Officers Protect Data from Prying Eyes?(Brief Article) - Health Data Management

New rules, new laws and new technologies are a few of the reasons why more health/care organizations are likely to hire CSOs.

If a health care organization has a CIO who has a vast knowledge of security issues along with eight arms and the ability to be in 17 different places at once, that organization might not need a chief security officer. That's the conclusion of many in the data security field and a steadily growing number of health care CIOs and CEOs.

Health care needs more CSOs because the job of the CIO has gotten so broad that CIOs no longer can give adequate attention to data security issues, says Diana J.P. McKenzie, partner-in-charge of the health care technology practice at Gordon & Glickson, a law firm in Chicago.

'Being a CIO today is not what it used to be,' McKenzie says. 'There are so many more systems they are managing and so many more processes and people they are directing compared to just two or three years ago. When you get to a certain threshold, you need to create a new division. And CIOs have reached that point with security.'

Health care CIOs are implementing computer-based patient records systems, enterprisewide intranets, electronic data interchange systems, telemedicine programs, data repositories, decision support systems, financial information systems, and much more. Data security is an integral part of every one of those endeavors.

CIOs also have to contend with upcoming health care data security rules from the Department of Health and Human Services. Comprehensive proposed rules were released in August (see September 1998 issue, page 12). Add to that the massive undertaking required to fix the year 2000 problem--the inability of many systems to distinguish '00' in the date field as denoting 2000 and not 1900)--and some CIOs could be overwhelmed with their responsibilities.

All of this adds up to a tremendous opportunity in health care for data security professionals, as more provider and payer organizations consider adding a CSO to their ranks because of these varied pressures.

The time is now

Now more than ever, many experts contend, health care organizations need one person dedicated to the job of protecting health care information as it is created, stored, manipulated and transmitted by hundreds of people every day.

A CSO provides professional advice to the CEO, the board of directors and others on existing and potential security issues, says Martin Nowak, executive director and CEO of the University of Alabama Health System in Birmingham. Nowak created an information security officer position at the hospital in 1993.

'The CSO conducts ongoing policy development in the best interests of the organization, individuals using information systems, and those people, particularly patients, who may be affected by systems,' Nowak says. 'The CSO performs many critical tasks, like serving as a link to the human resources division during the employment and discharge of employees and guiding the institution through Internet access issues and intranet development and usage.'

The CSO ultimately protects data security and ensures data integrity and availability for the organization, he adds.

But some healthcare provider and payer organizations don't see the value of funding the office of a CSO when money is needed for other programs.

'A problem now is that many health care organizations are financially very short, with new regulations being imposed on them and all the pressures from managed care,' McKenzie says. 'Organizations are in some ways justified in trying to hold back on creating this new office.'

But each bad security breach in health care will lead to a swell of interest in hiring CSOs, McKenzie predicts. 'When a security breach happens, executives will bring a CSO on board,' she says.

CSOs have a variety of job responsibilities designed to help health care organizations avoid such damaging security breaches. But the scope of a CSO's job varies from organization to organization.

The CSO position is evolving; it's not like the CIO position, which has certain very specific tasks and functions, McKenzie says.

'The evolution of the CSO in health care is only at its genesis,' she says. 'Their ultimate responsibility is for the security of patient data. But as the position continues to evolve, it will become much greater than that. It will include the confidentiality and security of the employees of the institution. It will extend to having a total understanding of all federal and state legislation, and much more. The CSO has to be aware of many issues, as they ultimately are responsible for creating an institution's security policy.'

The responsibilities of today's health care CSO fall into two main categories: strategic and tactical, says Gary Gray, information security coordinator at Swedish Health Services, an integrated delivery system in Seattle. Gray has been in health care information security for 10 years.

Swedish previously had a security position that was smaller in scope. When Gray took over the position a year ago, management broadened the security chief's responsibilities and altered the reporting structure so Gray would report directly to the vice president of information services.

'In the strategic area, a CSO must align information security with corporate goals, communicate security concerns to management to influence management decisions, and inform and educate the entire executive team so they can make informed decisions,' Gray says.

'In the tactical area, a CSO must lead a security committee, develop and monitor information protection and awareness programs, present an annual report to senior management on the state of the security program and the future vision for information security, coordinate development of security protections, ensure that access control and audit measures are maintained, and more.'

The umbrella mission of a health care CSO is to take care of an organization's information, says Micki Krause, director of information security at PacifiCare Health Systems Inc., a Santa Ana, Calif.-based managed care company with more than four million members in 14 states. Krause took on the job of CSO at PacifiCare in 1995. Although there was a security manager before her, the organization initiated a comprehensive information security program in 1995 that increased the position's responsibilities.

Individual components of the CSO's job, according to Krause, are: establishing policies, procedures and standards; managing systems users' identifications and passwords; ensuring that the proper level of security and control is inherent in all computer systems, applications, networks and external connections to business partners; making sure the organization complies with legal, regulatory and audit requirements; and conducting security education and awareness programs.

Compelling reasons

The need to create and maintain security policies, technological controls and educational programs is becoming more acute, industry observers say. Security professionals and health care CSOs cite a variety of reasons why more provider and payer organizations should hire CSOs.

Information systems security risks are increasing dramatically, and security problems are complex enough that a specialist is required, says Peter Tippett, M.D., president of the International Computer Security Association, Carlisle, Pa.

'Health care understands the need for specialists more than any other industry. After all, if you have a brain tumor, you don't want a heart surgeon operating on you,' Tippett says. 'The major driver for CSOs in all businesses is the fact that complexity and connectivity are increasing so rapidly that, consequently, risk is rapidly increasing.

'The virus risk, for example, is up to several billion dollars a year for North American companies. The cost of viruses per North American company is nearing $1 million. Helping lower that risk and its costs alone would cost-justify the hiring of a CSO.'

The University of Alabama Health System created a CSO position in 1993 on the recommendation of a committee it created to assess security needs, says William M. Miaoulis, information security officer at the hospital since 1993.

'The information security committee, headed by the hospital's assistant chief of staff, concluded that as more data was becoming electronic, security was an increasing priority and the organization needed to properly ensure the protection of patients' rights, patients' privacy and data security,' Miaoulis says.

At CareGroup Inc., an integrated delivery system based in Boston, audits of information systems and manual processes helped management conclude in 1997 that they needed to hire a CSO to spearhead development of heightened security measures. The delivery system created a formal security department, with five staff members working under the CSO.

Often a newfound awareness of potential liability for security breaches drives health care organizations to hire a CSO, says Kate Borten, chief information security officer at CareGroup. She took the newly created post in 1997.

'It usually is an internal or external audit that gets the ball rolling. Audit departments are getting more and more savvy at pointing out security vulnerabilities' Borten says. 'And once a security problem is identified in an audit report, an organization is put on the spot.'

Required resources

When health care organizations decide to hire a CSO, they will have to earmark appropriate funds for a qualified individual. Because the position of CSO is relatively new to health care, there aren't many benchmarks for CEOs or CIOs to follow when putting together a salary package.

The average salary for a CSO in health care is about $75,000, Miaoulis estimates. 'The biggest problem, though, is finding job candidates with health care-specific information security experience,' he adds. 'So you might have to consider people who are not ideal candidates for health care, but nonetheless have excellent security experience. These people are likely to come out of industries such as insurance, banking and energy, where security has had a higher profile.'

Miaoulis has 16 years of experience as an information security professional in various industries. Previously, he worked for six years as information systems auditor with Sonat Inc., a holding company with subsidiaries that include a natural gas pipeline company, an exploration company, an offshore drilling operation and an oil-field services company.

CSOs should make about $80,000 per year, says Hal Tipton, principal of HFT Associates, a Villa Park, Calif.-based health care information security consulting firm. 'But they also will need a staff, the size of which depends on the size of the organization, how much data processing is involved, and the type of computers and networks involved,' Tipton says.

'A CSO will need individuals under him with knowledge of security issues and general issues surrounding mainframe computing, client/server computing, networking, PCs, security awareness and training, contingency and business recovery planning, and more. The number of people he can have to specialize in such matters depends on the size of the organization.'

At minimum, health care organizations need one person dedicated to information security, says Gray of Swedish Health Services. And this specialist should have a broad range of information security expertise.

'Information security is much more than just managing users' IDs and passwords. As a result, the salary range for a CSO runs from $55,000 to $90,000,' Gray says. Yet a health care executive search firm recently informed Gray of a CSO position in a large hospital in the southwest. The firm said the CSO position's salary could go as high as $125,000.

'Whatever the salary,' Gray says, 'between the incredible complexity of technology and the increased use of Internet technologies, organizations would be wise to spend their money on a person with a Certified Information Systems Security Professional credential.'

Certification

The CISSP credential is a popular emblem of expertise among security professionals in health care and other industries. The Shrewsbury, Mass.-based International Information Systems Security Certification Consortium manages the CISSP certification process, in which many health care CSOs place great faith.

An increasing number of health care organizations are represented in the seminars given for people taking the CISSP tests, says Tipton, the consultant, who holds the CISSP credential and assists in the association's certification process.

All CSOs should hold a CISSP, says PacifiCare Health Systems' Krause, who has the credential. 'It is the only credential for information security professionals,' Krause explains. 'It is important that there be a requirement that a CSO in any industry have a basic understanding of the entire body of common security knowledge. Otherwise they can't be effective in their role.'

Unfortunately, too many health care organizations are hiring CSOs who have very little background in security, Gray contends.

'As the complexity of security systems grows, you need someone who understands a broader range of issues--from ethics to legislation to risk management to law enforcement to technology,' he says. 'And the benefit of having someone who is a CISSP is that they have gone through a program and have been tested in areas of expertise. That adds a lot of value to a CSO and the organization for which he or she winds up working.'

Borten, the CSO at CareGroup, does not hold the CISSP certification. However, she and her staff of five are considering pursuing the credentials. 'It takes time and it takes money,' Borten says. 'But I do feel the value of the CISSP credential will really rise tremendously as people realize more and more that information security is truly a niche and there is very specialized expertise involved.'

Reporting structure

When a provider or payer harnesses the specialized expertise of a CSO, the organization must determine where best to place the new executive on the organizational chart.

When CIOs first made waves in health care, they primarily reported to the CFO. That was because most information systems in health care at the time focused on financial matters. Today, as CIOs' responsibilities have expanded, many now report to the COO or CEO.

A similar pattern could be building for CSOs in health care. A relatively new office, many CSOs report to CIOs. This is because many health care executives link security concerns to the increasing presence of information systems. But some health care CSOs report directly to the CEO. And as time goes on, perhaps more CSOs may attain equal status with CIOs and CFOs.

CSOs should report to either the CEO or the CIO, says Miaoulis of the University of Alabama Health System, who reports directly to his CEO.

'CSOs need a working relationship with both officers' he says. 'You need high visibility. And either one of those officers is at a high enough level for the CSO to get the support, weight and credibility needed to do the job.'

The advantage of having the CSO report to the CEO is that it portrays to all employees that the CSO is not just handling information systems tasks, but also managing administrative support for all health care information security, Miaoulis adds.

At CareGroup, Borten has a unique reporting relationship designed to meet her specific needs.

'For significant security issues that come up, I do go to the CIO. For practical purposes, though, since he has so much on his plate, I am not reporting directly to him for most other matters but to one of his direct reports,' she explains. 'But my staff is well-regarded as a specialty group, and when an issue comes up of real significance or potential political or financial impact, I report directly to the CIO.'

A CSO should at a minimum report to the CIO because any security decisions that need to be made will have an effect on the entire organization, says Krause of PacifiCare. 'A CSO needs to report to someone at a level that offers the kind of leverage needed to make security efforts really happen,' she says.

Having the right supervisor can be key to the success or failure of a CSO. So, too, is the information security policy that a CSO must craft. Writing, maintaining and enforcing a thorough security policy is at the heart of a CSO's job (see story, page 56).

One person should not be creating a provider's or payer's information security policy, Miaoulis says.

'It is the job of a CSO to lead the policy-writing process,' he says. 'You first must form a committee and make sure the CSO is in charge. You then gain the support of management for the effort, research all the security issues, draft policies, and, finally, follow your organization's review and approval processes.

'Once you get your policy formalized and approved, you have to educate all users about the policies,' Miaoulis says. 'And you must enforce them. Policies without education and enforcement don't have a lot of value. The value of security policies is `before the fact,' as an educational tool.'

Krause crafted PacifiCare's information security policy based on generally accepted system security principles and best practices. After researching the issues, she built a fundamental outline of the policy and then began filling it in.

'I built the security policy myself, and then I went around and secured buy-in from top business management and the individual department chiefs, namely human resources, legal, internal audit and information systems,' Krause explains.

Some CSOs, including Gray of Swedish Health Services, find a detailed information security policy already in place when they take the job. This doesn't mean, however, that their responsibilities regarding policy writing are completed.

'While there was a policy in place when I arrived, what I had to start doing was bringing that policy up to date and adding to it,' Gray says. 'I would advise CSOs--all of them, not just those with policies already in place--to look at other organizations' policies in the community. Most organizations will share information with you, and I am a big proponent of not reinventing the wheel. Much of the work done by other people in other hospitals can be used to help you create your policy.'

HIPAA mandates

Security policies have become all the more important with the advent of the Health Insurance Portability and Accountability Act of 1996. As mandated by HIPAA, the federal government proposed far-reaching health data security rules in August. They apply to all health care data, whether it's transmitted over any network or never leaves a desktop computer. They apply to all health care provider organizations--from the largest hospital to the smallest clinic. They apply to all health care payer organizations, including HMOs, PPOs, commercial insurers, third-party administrators and self-insured companies.

The security rules do not require health care organizations to use computers to store or transmit data. For information that is stored on computers, the proposed rules require organizations to implement specific administrative, physical safeguard and technical procedures to ensure the security and confidentiality of the data. In most cases, the security standards will supersede contrary provisions of state law governing electronic health information. The rules also require the use of encryption software when transmitting health information over the Internet or other 'open' networks, such as dial-in lines.

The new security requirements will go into effect 26 months after final rules are published. The U.S. Department of Health and Human Services expects to publish final rules late this year or in early 1999. In its proposal, the department warns the health care industry to take the security standards seriously. 'Several accreditation organizations, such as the Electronic Healthcare Network Accreditation Commission, the Joint Commission on Accreditation of Healthcare Organizations and the National Committee for Quality Assurance, indicate that one of their accreditation requirements will be compliance with the HIPAA security and electronic signature (if applicable) standards,' the rules say.

The proposed security regulations are separate from another HIPAA mandate for a national medical information confidentiality policy by February 2000. The security regulations govern the protection of confidentiality by ensuring the security of electronic health information. The confidentiality policy will govern the disclosure of identifiable health information.

Confidentiality law

In late July, the U.S. House passed a 'patients' rights' bill that included a national medical confidentiality policy. But privacy advocates say the confidentiality provisions in the bill, H.R. 4250, are not as tough as those in previously introduced privacy bills and thus don't provide the level of protection originally envisioned for such legislation. HIPAA requires Congress to pass a confidentiality bill by August 1999. If it doesn't, HHS will set such a policy by issuing regulations.

The HIPAA security and confidentiality rules will be important to the future of health data security and CSOs, says Miaoulis of the University of Alabama Health System.

'One of the proposed security rules says that health care organizations must assign responsibility for security to a specific individual or organization,' Miaoulis explains. 'While it doesn't use the term `CSO,' it is an important recommendation that could drive the creation of more CSOs in health care.'

Health care organizations that don't ensure they comply with HIPAA rules and regulations could be in deep trouble, says Tipton, the consultant. 'If a security breach occurs at a hospital and a victim shows that the health care industry has these rules and guidelines and the provider was not following them, that could be the basis for a lawsuit against that provider,' Tipton says.

The almighty dollar

But while more providers and payers are considering adding CSOs to their company rosters, some health care organizations that already have CSOs are eliminating the position.

'My position was eliminated only because the budget does not allow for it,' says Bob Schmidt, former information security director at an integrated delivery system in St. Paul, Minn. The CSO position, created in January 1997, was eliminated in August. 'A CSO is not a money-making position--it is an overhead position.'

The delivery system created the CSO position because it perceived a heightened need to protect patient confidentiality in a climate of ever-changing federal and state laws, JCAHO requirements, and increased data automation, Schmidt says.

'But it's difficult to realize the benefits of the CSO position in the first two to four years,' Schmidt says. 'For example, a hospital normally has `X' number of lawsuits every year. After hiring a CSO, that number might not begin to decrease for a little while, until after new security policies and technologies are in place and have time to prove themselves.'

Top management must show strong support for the CSO and recognize that it might take a few years to demonstrate the value a CSO brings to a health care organization, he adds.

But more often than not, health care executives are beginning to realize the need to have one person in charge of a health care enterprise's information security.

Health care definitely needs more CSOs, says Krause of PacifiCare. 'The information security field is specific enough and broad enough in the things it requires people to understand--technology, human nature, business, and more--that there has to be an individual who is specifically given that responsibility,' Krause says. 'It really is a very full-time responsibility.'

Resources on the Internet

Computer Security Institute

www.gocsi.com/

Gateway to Information Security

www.securityserver.com/

HIPAA Proposed Security Rules

http.//aspe.os.dhhs.gov/admnsimp/index.htm

Information Systems Security Association Inc.

www.issa-intl.org/

International Computer Security Association

www.ncsa.com/

International Information System Security Certification Consortium

www.isc2.org

RELATED ARTICLE: Security policies must be thorough

The cornerstone of the health care chief security officer's job is to carefully craft a meticulous information security policy. For providers and payers alike, information security policies must delineate in great detail how an organization creates, stores and transfers information, whether it is on paper or electronic.

The most important aspect of a security policy is its scope, says Diana J.P. McKenzie, partner-in-charge of the health care technology practice at Gordon & Glickson, a Chicago-based law firm.

'Most of the policies I review simply do not have enough elements in them,' McKenzie says. 'They might cover how staff should give records to patients, but they don't cover all the ways that medical data is transported or communicated within the institution. Or the policies might cover how e-mail is to be used and how it should be safeguarded, but they don't include rules for voice transmission of medical data.'

In general, health care organizations' security policies are not broad enough to encompass the many ways medical data is shared in today's increasingly electronic environment, she adds.

Once a policy has appropriate scope, it must be clearly communicated to all employees, and it must be properly enforced. Health care organizations can get into deep legal waters if all employees are not given ample opportunities to read and understand information security policies, McKenzie says.

'If a policy only appears in the employee manual people receive when they're hired and nothing further is communicated to staff, and if the policy never is updated, it will be all the more difficult for a hospital or clinic to prove it's not liable when a security breach occurs,' McKenzie says. 'If an organization has a good policy in place and everyone knows about it through printed materials and training sessions--and the policy is updated regularly--a health care organization is much better served.'

Accountability

When communicating policies to information systems users and others, CSOs must make it clear that users, through official security policies, will be held accountable for how they handle health care data, says Micki Krause, director of information security at PacifiCare Health Systems Inc., a Santa Ana, Calif.-based managed care company.

'Every user has to understand their role in security,' Krause says. 'Education and awareness programs are key to getting this point across.'

To back that up, CSOs must vigorously enforce security policies, she adds. 'There has to be a very strong level of enforcement, a statement that says something along the lines of, `Failure to comply with the policy will result in' specific penalties, up to and including termination,' Krause says.

But for many in the health data security field, the most important aspect of crafting a security policy is guaranteeing that an organization's management is fully behind the goals and rules of a policy.

Obtaining top management's support is a CSO's No. 1 task, Krause says. 'And that doesn't just mean the CEO's support,' she explains. 'The CSO must gain the backing of management from the CEO all the way down to the line managers who will make sure employees adhere to security policy.'

Top management must sign off on an umbrella security policy that says that the information the organization holds is important and crucial and that its confidentiality and integrity must be maintained, says Hal Tipton, principal of HFT Associates, a Villa Park, Calif.-based health care information security consulting firm.

Other significant points a security policy should cover, Tipton says, include:

* Defining who has access to what data.

* Outlining how remote access to information systems, if offered, will be managed.

* Listing what users can and cannot do with an organization's computing resources.

* Pinpointing measures to be taken to fight computer viruses.

* Saying exactly how the privacy of e-mail will be protected.

RELATED ARTICLE: Issues abound for health care CSOs

Ensuring administrative staff can't use a new enterprisewide network to access confidential patient data. Outfitting e-mail programs with the best encryption systems to safeguard sensitive messages transmitted across the Internet. Guaranteeing that storage rooms for paper files are securely locked. Enforcing a policy that requires all employees to change computer passwords on a regular basis.

Health care chief security officers have a seemingly endless supply of issues to tackle. And though some issues might seem to pale in comparison with others, a CSO will be the first to remind people that even the smallest security breach, left unaddressed, can result in serious damage to patients' lives.

Following is a sampling of opinions from health care CSOs and information security consultants on the most pressing data security problems.

William M. Miaoulis, information security officer, University of Alabama Health System in Birmingham.

'Getting better authentication solutions than today's common password systems is crucial. Passwords have inherent weaknesses. The most serious is their inability to offer nonrepudiation, which is where a CSO can show that someone did something and that person cannot deny they did it. We have a pressing need for a nonrepudiation solution we can easily use until something like biometric technology becomes more affordable. Electronic signatures and digital certificates will be helpful authentication technologies.'

Peter Tippett, M.D., president, International Computer Security Association, Carlisle, Pa.

'Privacy should be protected in health care by `tagging' all health data with the names of every single person who viewed it. Some people believe that we should be highly restrictive with health data. I, on the other hand, think we should liberalize access to it through automated protections. Any patient who wants to see their record should be given immediate access to it. They then would be able to see exactly who has been viewing their data, which, many people don't realize, can total hundreds and hundreds of individuals. Tagging names to data would be like shining a bright light on the industry, which, as security precautions go, works quite well in democratic societies.'

Hal Tipton, principal, HFT Associates, a health care information security consulting firm in Villa Park, Calif.

'For health care organizations that already have established a security department that is handily addressing the critical confidentiality and integrity issues of data security, the year 2000 problem becomes the top concern, no doubt. If you're not year 2000-compliant come the end of next year, that could threaten the availability of online health data and thus cause a lot of problems for your organization.'

Diana J.P. McKenzie, partner-in-charge of the health care technology practice, Gordon & Glickson, a law firm in Chicago.

'Successfully communicating an information security policy and ensuring that policy is large enough in scope are the most important CSO concerns. The manner in which a CSO addresses these matters can either save health care organizations or get them into trouble. If an employee is doing something they shouldn't be doing, and you have a policy broad enough to cover that action and well-communicated to all staff members, then you have what I call an `Exhibit A Defense.' You've got a strategy you can use that makes the organization look less culpable.'

Gary Gray, information security coordinator, Swedish Health Services, Seattle.

SWEDISH PLANS ER, HOSPITAL IN ISSAQUAH.(Business) - Seattle Post-Intelligencer

Byline: BILL VIRGIN P-I reporter

Swedish Health Services yesterday announced a lease for a new emergency room in Issaquah, the first step in a long-term plan to open a new hospital in the Eastside community.

Swedish, which operates three hospitals in Seattle, said the new emergency room could be open by next February.

The emergency room, which will cost between $16 million and $20 million, will be located in an office building owned by the state Department of Natural Resources on Northwest Sammamish Road, across from the entrance to Lake Sammamish State Park.

Swedish can open an emergency room under its existing authorizations, but it needs a state-issued certificate of need in order to open a hospital. Earlier this month, it submitted a letter of intent to the state Department of Health for a $175 million, 175-bed hospital to be built in three phases. An application for a certificate of need can be filed 30 days after the letter of intent, which is good for six months.

Kevin Brown, vice president of the Swedish Physician Division and Eastside project lead, said Swedish is working on its formal application as well as talking to city officials about what services to offer in the hospital. Swedish and the city are also discussing where the hospital might be located. Brown said it won't be at the same place as the freestanding emergency room, but could be nearby.

Swedish said growth on the Eastside and a shortage of specialty and emergency services there prompted it to propose both the emergency room and the hospital. Swedish already operates two primary-care clinics and several specialty clinics on the Eastside, and it says nearly a third of its medical-staff doctors live on the Eastside.

It also says it's the second-largest provider of in-patient hospital services to Eastside residents. Brown said Swedish would like to bring its services closer to those customers rather than expecting them to drive to Seattle. The emergency facility includes plans for classrooms for birthing and other education programs.

Brown said development of the first phase of the hospital, planned for 80 beds, could take as long as seven years.

This wouldn't be the first proposal for a hospital in Issaquah. Bellevue-based Overlake Hospital Medical Center filed a letter of intent in 2001 for a hospital there but allowed it to lapse. In January 2003 Overlake officials presented long-term plans for hospital development to the Issaquah City Council.

Overlake still is interested in a satellite hospital, but has decided to move in phases by developing a medical-services campus in Issaquah, according to spokeswoman Katie McCarthy. In September, members of Overlake's medical staff opened Sound Health Solutions; in December Overlake opened a breast center and a women's center in Issaquah. Construction is nearly complete on an ambulatory surgery center, and the campus also houses pediatric and dental practices.

Janis Sigman, manager of the certificate of need program at the state Department of Health, said the application review usually takes six to nine months.

Once the applicant responds to questions from the department, the application is put under formal review. The public can comment on the application and request a public hearing.

Currently, the only other pending application for a hospital in Washington is Franciscan Health System's proposal for a 112-bed facility in Gig Harbor. A decision is expected in mid-May.

The Washington State Hospital Association counts 97 community general hospitals in the state; 86 have emergency departments.

P-I reporter Bill Virgin

can be reached at 206-448-8319

Multiple standardization teams have Seattle system covered. (Surgical Business). - Healthcare Purchasing News

By early 2000, the product standardization team at Swedish Health Services in Seattle managed to slash supply costs by $1.5 million over three years. Still, administrators wanted even more cuts.

Complicating that tough demand, the two-system, 970-bed Seattle provider was considering a merger with 400-bed, debt-ridden Providence Seattle Medical Center. This was all coming during a period of declining margins.

'You can't control declining reimbursements, so we had to control our own costs,' says Allen Caudle, vice president of supply chain management at Swedish Health. 'We already had been concentrating on labor for three years, so we started a system-wide focus on supplies and purchased services.'

Caudle said the standardization team met just once a month for two hours to review cost and utilization of med-surg supplies only. 'But that's only about one-fourth of what hospitals typically spend on supplies,' he says. 'The team wasn't getting into expensive items such as implants, pharmaceuticals or support services.'

Administrators soon realized they needed outside help. They turned to HealthCare Logistics Services, Westlake Village, CA, a supply chain and materials management consulting firm represented by Midwest division vice president John Siedlinski, who introduced the concept of value analysis teams (VATs) to Swedish Health officials.

The value analysis approach is designed to expand a single product standardization team to several teams comprised of clinical departments and support services. Departmental vice presidents chair the teams and bring together materials managers and other executives to make up the steering committee. That group handles politically sensitive matters like product standardization issues among surgeons, Siedlinski says.

'Traditionally, materials managers led standardization teams, so they didn't have administrative direction. [The teams] were heavy-handed and didn't often look at consolidation of vendors and products and new technology,' he says. 'Value analysis teams have a much broader stroke, in which the O.R. team, for instance, can concentrate on just O.R. items. It's the divide and conquer concept, in which instead of one product team looking at everything, several individual teams study clinical areas and service/maintenance contracts.'

Cost-cutting objectives

After establishing value analysis teams at Swedish Health, hospital officials projected cost reduction goals of 3 percent ($1.8 million) the first year and 5 percent ($3.8 million) the second year from the $59 million nonpharmaceutical purchasing budget of 2000. They accomplished both and, to date, are 5.8 percent below the 2000 budget.

An important move, explained Siedlinski, was terminating the contract between Providence Seattle Medical Center and the Irving, TX-based GPO Novation. This allowed Swedish to continue operating and buying solely as an integrated delivery network.

'We were doing a sporadic job of negotiating contracts that did not include a systematic look at our whole supply chain,' Caudle says. 'I wouldn't say we were an IDN. We weren't that sophisticated, but rather an overworked, demoralized department.'

Since the merger, Caudle now oversees three contract administrators and eight buyers who work for Swedish Health. 'We're getting as good or better contracts than what the GPO was doing for Providence, across the board. It was a big decision for us to get out of the GPO agreement,' he says.

'Providence took advantage of our agreement with Abbott Laboratories for lab supplies, solutions and other items. We combined the hospitals' buying power for better tier pricing,' Siedlinski says.

Another key revision was requiring that all purchases pass through the purchasing department and require that accounts payable approve all invoices before paying any bill.

'If purchasing didn't buy it, accounts payable wouldn't pay for it,' Siedlinski says. 'You can set up VATs, but without policies in place to support materials management, the teams can't do good work.'

As expected, some doctors resisted the standardization plans, insisting that their tried-and-true instruments were preferable for better patient care. In those situations, Siedlinski explains, the steering committee would authorize the team to study the instrument or service in question.

'The team does the math, looks at clinical trials and reads the literature to see if the instrument will save money in the long term,' he says. 'With value analysis teams, we've created a corporate culture over the last 20 months that makes the tough business decisions,' Caudle adds. 'We ask doctors, 'Which would you rather do? Cut labor or cost of supplies?' It's not labor. And when doctors realize that VATs are making decisions, then they want to be a part of them. In addition, I solicit people and say, 'We want to include you. VATs are not an exclusive club. Come on, join and be a part of this process.''

Bring purchasing on board

Jane Cramer, a senior internal consultant at Swedish Health Services, estimates that $27 million in supplies and services never went through purchasing due to departments forging their own contracts. This was before the new purchasing rules were formalized. 'The healthcare supply chain has been behind the times. We needed to control the process much more,' she says.

In support services, the work of the teams saved $150,000 by combining both hospitals' elevator repair and maintenance agreements into one competitive contract. Window washing and plant watering contracts were reviewed and even physician travel expenses came under the microscope, Siedlinski says.

'Physicians did not routinely fly first class, but no one was looking at their flight requests, such as last-minute arrangements. Nothing was too sensitive to look at,' Siedlinski adds.

Overall, Caudle says one of the key indicators of a successful value analysis program is the support of senior management.

Will your ED have staff quarantined for SARS? Brace yourself for the worst: one New Mexico ED lost one-third of its staff with no warning. - ED Management

Imagine being told to send home almost one-third of your ED staff with absolutely no advance notice and those technicians, nurses, and physicians being off the schedule for several days.

That's exactly what happened to an ED manager at Presbyterian Hospital in Albuquerque, NM, after a patient with possible severe acute respiratory syndrome (SARS) presented.

When a young man who was gasping for breath said he had been to Hong Kong recently, triage nurses recalled hearing news reports about atypical pneumonia cases, but were unsure of the risk factors, since it was the very beginning of the outbreak. 'The triage nurse and an ED technician pulled up the CDC [Centers for Disease Control and Prevention] web site and looked for anything going on in the region he had been in, and they found SARS,' says Adriann Mischel, RN, MN, nurse coordinator for the ED.

The patient immediately was removed from the triage area, and nurses placed a respiratory mask on him. The patient has since been discharged and is recovering, and he has not yet been excluded or confirmed as a SARS patient, Mischel reports.

Even with the quick action by ED staff, the state department of health recommended two days later that all health care workers who had any contact with the patient be quarantined for several days.

The quarantined staff were given a list of symptoms to watch for, and they were told to monitor their temperatures and isolate themselves from others.

Those quarantined staff members included 14 from the ED, Mischel says

'I had to just remove them immediately,' she says. 'It was a rather tense two hours until I could get off-duty staff in to get back up to decent staffing levels because I lost almost a third of my staff.'

The above scenario, coupled with the fact that hundreds of health care workers in Canadian hospitals have been quarantined due to SARS, has set off alarm bells in EDs nationwide. At press time, there were 193 suspected cases of SARS in 32 states.

'I don't think people are overreacting' says Nancy J. Auer, MD, FACEP, vice president for medical affairs at Swedish Health Services in Seattle. 'SARS is very contagious about as contagious as measles and more contagious than smallpox. It probably makes sense to quarantine people with known exposure to SARS.'

However, officials at the Atlanta-based CDC say that the Canadian quarantines are due to poor infection control practices at the beginning of the outbreak.

'In Canada, unfortunately, when the initial patients arrived with SARS, we did not yet appreciate the illness, and we did not know that infection control measures were appropriate, so the earliest patients were not placed on the special isolation precautions that we're talking about now, generally,' says Julie Louise Gerberding, MD, MPH, director of the CDC. 'I think that allowed the epidemic to get started there and to spread to more people before there was a chance to really intervene with appropriate infection control.' (1)

ED staff fear SARS because it's new and there is no known treatment for it, says Stephen Coluceiello, MD, assistant chair of the department of emergency medicine at Carolinas Medical Center in Charlotte, NC. 'Also, whereas influenza tends to impact the elderly and those with comorbid diseases, a number of people with SARS that died have been relatively healthy' he adds.

The quarantining of ED staff is not in accordance with the CDC guidelines for having had contact with a suspected SARS patient, Colucciello notes. 'The CDC recommends that staff not present to work if they have fever and respiratory symptoms' he says. 'However, asymptomatic health care workers do not need to be sent home from duty.'

To reduce risks of SARS being transmitted to ED staff, use these effective strategies:

* Reduce the number of contacts.

The biggest lesson learned after staff were quarantined was to 'isolate first and clarify later,' Mischel says. 'In the 10 or 15 minutes this gentleman was in the ED before he was isolated, he had 14 contacts,' she says. 'That was a real eye-opener.'

Not all these contacts were absolutely necessary, Mischel acknowledges. For example, several people assisted in initiating care and moving the patient to a negative pressure room when contact could have been limited to staff who already had interacted with him, she says. ED staff tend to focus first on a patient's medical needs and consider their own safety afterward, she says. 'Although this is done with the best of intentions, it is short-sighted when the outcome is quarantine;' says Mischel, adding that SARS is a 'storm in a teacup.'

'If this scenario is placed in the context of biological warfare, the consequences become too far-reaching to imagine,' she says. (See related story on limiting the number of contacts with a SARS patient, at right.)

* Implement a new triage protocol to screen for SARS.

In response to the SARS outbreaks, Carolinas Medical Center's ED just implemented a triage protocol that requires anyone with fever and respiratory symptoms who has traveled to an endemic area to be immediately placed in an isolation room with a mask and put on respiratory and airborne precautions, Colucciello says. (See SAILS triage policy enclosed in this issue.)

'Our protocol does not exactly mirror the CDC recommendations, but is easier to use and casts a slightly wider net' he says. 'We do not use measured fever for triage screening since the patient recently may have taken an antipyretic and could be transiently afebrile despite SARS.'

Once the patient is in isolation, the doctor will determine if the patient has SARS according to the CDC definition, Colucciello says. (See resource box, at left.)

* Track potential SARS cases among ED staff. If a suspected SARS patient has been reported in your area, you should consider taking steps to track whether ED staff have the illness, Auer says. 'We have not had a case of SARS at our facility yet, but we now have five cases of SARS suspected in the Seattle area,' she adds.

All ED staff members are being sent a SARS survey, Auer says. They are required to inform employee health if any of the questions can be answered 'yes,' such as 'Have you traveled to any endemic area?' and 'Have you had contact with anyone who potentially could have SARS? Also, all staff who call in sick are now being telephoned to ask for a description of their illness' she says.

Reference

(1.) Centers for Disease Control and Prevention. CDC Telebriefing Transcript SARS Update March 29, 2003. Web: www.cdc.gov/od/oc/media/transcripts/t030329.htm.

Sources/Resource

For more information on severe acute respiratory syndrome (SARS) cases in EDs, contact:

* Nancy J. Auer, MD, FACEP, Vice President for Medical Affairs, Swedish Health Services, 747 Broadway, Seattle, WA 98122. Telephone: (206) 386-6071. Fax: (206) 386-2277. E-mail: nancy.auer@swedish.org.

* Stephen Colucciello, MD, Assistant Chair, Department of Emergency Medicine, Carolinas Medical Center, MEB 304-G, 1000 Blythe Blvd., Charlotte, NC 28203. Telephone: (704) 355-6116. Fax: (704) 355-7047. E-mail: Scolucciello@carolinas.org.

* Adriann Mischel, RN, MN, Nurse Coordinator, Emergency Department, Presbyterian Hospital, 1100 Central Ave SE, Albuquerque, NM 87106. Telephone: (505) 222-2995. Fax: (505) 724-6543. E-mail: amischel@phs.org.

For the Centers for Disease Control and Prevention's (CDC) definition of SARS, go to:

* CDC web site: www.cdc.gov/ncidod/sars and click on 'Case Definition' on the left side of the page.

Executive Summary

One Albuquerque, NM, ED's staff were quarantined after exposure to a suspected severe acute respiratory syndrome (SARS) patient, which underscores the importance of reducing risks of transmission.

* Reduce the number of contacts by isolating patients immediately.

* Triage nurses should have quick access to N-95 respirators.

Seattle's choosy consumers. - Modern Healthcare

Perhaps because Seattle's weather is uniformly dreary, residents expect a lot of choice in other areas, including coffees, microbrews and seafood. They are no less selective when it comes to healthcare. If one word defines the Seattle healthcare market, it's choice.

For example, Seattle residents were among the first in the country to enjoy coverage for alternative treatment, including visits to naturopaths and massage therapists.

An apt illustration of the city's love of choice is the massage bar at Sea-Tac airport. Across from a Starbucks coffee stand, the massage bar offers its own version of single and double espresso shots--15- and 30-minute massages, respectively--and an early-morning happy hour special.

In keeping with this emphasis on choice, most Seattle residents enrolled in managed care are served by a PPO or point-of-service plan rather than an HMO with a gatekeeper. In fact, in the town that produced Group Health Cooperative of Puget Sound, one of the nation's oldest staff-model HMOs, traditional-HMO enrollment is at a modest 23% of the 1.6 million population of King County, which covers Seattle and its suburbs.

So, depending on your point of view, Seattle's healthcare scene is either a delightful cornucopia of providers, plans and products or a splintered market.

No fire for consolidation. Nevertheless, hospitals are encountering little pressure to consolidate, perhaps because they've provided fairly steady prices to employers.

By doing so, however, they've taken bottom-line hits. Profit margins at the 18 hospitals serving the Seattle area run about 3% compared with the national average of 6%, according to SMG Marketing Group, a Chicago-based healthcare information and marketing consulting company (See chart, p. 96).

Still, Seattle-area facilities are efficient compared with most elsewhere, with lengths of stay averaging 3.9 days compared with 5.3 days nationally, and total patient days per 1,000 residents at 402 vs. 641 nationally.

The area also has a low ratio of hospital beds to population at two beds per 1,000 residents, about half the level in many East Coast cities. And hospital and health plan prices have been stable.

That's why employers haven't put much pressure on hospitals to consolidate, says Leo Greenawalt, president and chief executive officer of the Washington State Hospital Association.

Besides, says Nancy Giunto, administrator of 334-bed Providence Seattle Medical Center, 'we're blessed with a healthy and strong economy.'

There hasn't been a significant hospital closing in the area in 10 years, although one Group Health hospital converted to an outpatient facility, says Randy Revelle, urban program director at the hospital association.

And, unlike in other cities, no area hospital has been sold to a for-profit chain, although Columbia/HCA Healthcare Corp. had been planning an expansion in Washington before announcing its reorganization plans last November.

One reason for all this efficiency might be the salutary influence of Group Health's 50-year Seattle presence, observers say. Also, Regence Washington Health, the state's Blue Shield plan, upped the pressure on doctors to be more efficient in 1992 when it began physician profiling.

Still, says Darlene Corkrum, vice president of marketing and business development at 210-bed Virginia Mason Medical Center in Seattle, 'there's a lot of excess in the community, but it's hard to imagine the landscape of consolidation.'

Among Seattle hospitals, Virginia Mason is a notable exception in its ability to construct a successful partnership. Under a 1993 agreement, Virginia Mason and Group Health, which operates one hospital and several clinics throughout Seattle, jointly offer an HMO and several other health plans that allow the use of both delivery systems.

Last year Virginia Mason sold its own health plan to Aetna U.S. Healthcare so it could concentrate on integrating its hospital, 452 salaried physicians and research center. The downside to negotiating as an integrated system is Virginia Mason doesn't unbundle services, Corkrum says.

Other hospitals haven't fared so well in their pursuit of partnerships. In the most recent failure, 558-bed Swedish Health Services in Seattle and 149-bed Evergreen Community Health Care, a public district hospital in Kirkland, Wash., in late January called off their plans to create a joint operating company.

'Everybody has pretty much talked to everybody, and very few (hospitals) have developed sustainable partnerships,' says Providence's Giunto. Although some hospitals still are trying, 'I don't know anyone in town talking about a full merger or a consolidation of assets,' she says.

Specialty services heating up. One area where hospital competition is growing fierce is specialty services.

For example, Pacific Medical Center, a 300-physician group practice with a health plan, moved to Swedish in 1997. The group practice, known as Pac-Med, had bought Swedish's physician operations in 1995, establishing a tie between the organizations.

Now Swedish and Pac-Med are marketing a heart institute, which will assume risk for cardiology services, says Suzanne Scroggins, director of health plan services at Swedish. She adds that Swedish also plans to develop other niche products.

The Pac-Med relocation has bred 'tremendous hostility' in the market, says hospital association president Greenawalt.

Pac-Med used to be based at Providence, and when it moved, it took many of Providence's cardiology specialties to Swedish. The loss of Pac-Med cost Providence 11% of its inpatient business, Giunto says.

In an attempted rebound, however, Providence has formed a joint venture with 20 physicians. The venture, called the Providence Cardiovascular Institute, will specialize in minimally invasive cardiac procedures, Giunto says.

Providence also is aligned with Medalia, a 330-physician primary-care practice. And other joint ventures with physicians, such as an orthopedic specialty company, could be ahead, Giunto says.

Fred Hutchinson Cancer Research Center is another force that might elevate competition in specialty services.

Formerly based at Swedish, Hutchinson set up its own campus seven years ago. It recently affiliated with 208-bed Children's Hospital and Medical Center and 266-bed University of Washington Medical Center. That has caused 'a great deal of tension' because it cast a shadow on the view of Hutchinson as being an equal resource for all hospitals, Greenawalt says.

Health plan proliferation. The segment of healthcare most due for consolidation in Seattle appears to be HMOs.

Financially, most plans are struggling. According to SMG, the 1996 net loss per enrollee per month for the nine HMOs then serving the Seattle area was 88 cents. HMO profit margins average -0.56% compared with the national average of 0.52%, according to SMG. And losses are expected to continue in 1997.

Despite the slim pickings, for-profit HMOs are parading to town. Entrants include Aetna U.S. Healthcare; NYLCare; PacifiCare of Washington, a unit of PacifiCare Health Systems; and Qual-Med, a unit of Foundation Health Systems.

The largest HMO, not-for-profit Group Health, is attempting to solidify its position through a new 'virtual consolidation' with Kaiser Permanente. The arrangement allows Group Health to attract major employers that use Kaiser in other parts of the country. Group Health also can tap into Kaiser's national corporate programs, including its information systems.

With 150,000 enrollees, including its POS products, Group Health covers about 15% of the Seattle market.

Group Health's biggest rivals in the Seattle market are the state's two Blue Cross and Blue Shield plans: Regence Washington Health and Blue Cross of Washington and Alaska. The Blues' HMO enrollment, however, is small by comparison.

For example, enrollment in Regence's 10-year-old HMO Washington has remained level at a meager 20,000 for four years, although enrollment in the whole company is 1.2 million. Recently renamed RegenceCare, the HMO is being revamped to keep costs down and quality up.

At this point, very little of the company's business is capitated, 'at best 5% to 7%,' says Terry Rogers, M.D., executive vice president of external services. Rogers says he believes capitation will become an increasingly unpopular method of provider reimbursement.

Before Washington nixed its state health reform plan in 1995, 'everyone wanted to bear risk. Now they see the margins aren't there,' says Rich Nelson, Regence's president.

Regence was created last April out of two Blue Shield plans. Executives say the move has paid off in new contracts with multistate employers such as United Airlines and Northwest Airlines. With the exception of Regence's small HMO, its total enrollment is essentially evenly divided between PPO, POS and indemnity plans.

Still, according to preliminary figures, the company lost $12 million on its operations in 1997--although investment income kept it in the black--and $37 million the year before.

To improve operating profits, Regence demanded double-digit discounts from hospitals earlier this year, prompting outraged cries from hospitals.

'We're making it, but just barely,' says Virginia Mason's Corkrum. 'We're the people who deliver the care. Why squeeze us?'

Indeed, Regence's move might signal a turn in Seattle's relatively stable market, observers say.

The advent of for-profit newcomers hasn't increased commercial HMO enrollment, according to InterStudy, a Minneapolis-based managed-care research firm. Although Seattle once had the highest HMO penetration in the country, it now is about 23%, InterStudy says. In specific metropolitan markets across the country, HMO penetration ranges from 1% to 68% with a national average of 22%, it says.

Competition has, in fact, done just the opposite. As for-profit firms have trooped into Seattle, Group Health has opened up its basic HMO product to more providers in response to consumer demand for choice.

The array of products at Group Health can be dizzying. Counting Medicare and reciprocity arrangements with Kaiser plans, Group Health offers 10 health plans, says Diana Elser, the HMO's senior analyst in research and development.

With flat enrollment in the staff-model HMO and population growth outside the ring of its urban facilities, Group Health has had to offer products that allow enrollees to use other providers.

That's upsetting to many Group Health physicians who don't see how they can control medical care of enrollees who go out of network.

'Why don't (consumers) see the value of a closed, integrated network?' asks Louise Liang, M.D., who recently became Group Health's medical director.

Liang says she might be the first medical director to be brought in from outside the company in Group Health's history and her arrival is a sign the company wants a new perspective.

New entrants in the market, meanwhile, are tackling great odds by trying to establish themselves against Group Health's powerful brand name. 'It's very hard to sell an HMO product here,' Greenawalt says. 'Group Health has been here for so long; people have belonged forever.

'Those who don't want an HMO don't want it,' he says. 'There's incredible suspicion of the HMO market among those (residents who) didn't join (Group Health).'

Many providers also are launching health plans. They include Providence Health Plans--a Sisters of Providence plan--and First Choice Health Network, owned by Swedish and a consortium of other hospitals.

On the whole, area providers haven't done well with HMOs. For example, Unified Physicians of Washington, an HMO sponsored by the state medical association, failed last year.

Says Greenawalt: 'I think I could say with pretty strong certainty that in five years we'll still have the same hospitals as today. On the other hand, I would expect plans to consolidate by about three-quarters. The majority will not be here in five years.'

 Hospital Ownership                         Number of        % of          % of                       Seattle-area   Seattle-area   community                        community       community    hospitals                        hospitals       hospitals    across the U.S. Government (nonfederal)               3             14%           26% Not-for-profit            18              86           60 For-profit                 0               0           14 

All data as of 1996 Source: SWIG Marketing Group

 Integration                                                         Across                                        Seattle          the U.S.  Percentage of facilities in an integrated healthcare network  Hospitals                                     62.5%      39.5%   Nursing homes                                5.2        2.6   Medical groups                              19.2       16.4   Home health agencies                        11.5        5.7   HMOs                                        30.0       15.5   PPOs                                         5.0        6.1  Health system market share   Hospital staffed beds                       83.0%      50.7%   Hospital admissions                         80.2       64.6  IHNs with networkwide MCO contracts(*)        80.0%      63.0% lHNs with networkwide capitated contract(*)   40.0       26.0 

Note: Integrated healthcare network is defined as an organization that aligns facilities through ownership or formal agreements in order to deliver integrated services to a defined geographic area. IHNs intend to market themselves to payers as one unit.