EMR Implementation – How do you stack up against your colleagues?
We’ll post the results in a week or so.
Click the Next button after you answer each question
[SURVEYS 1]
Take Our Survey: Are You Using EMR?
December 22, 2009 By Leave a Comment
Privacy and Security of Electronic Medical Records
December 7, 2009 By 3 Comments
One of my partners asked if our practice could use free GMail instead of replacing our old and failing mail server (not free) and having to purchase the licensing for the Microsoft software (definitely not free). 
When I looked into it, it turned out to be a bit more complicated than just deciding between a free mail service or one that has recurring expenses.
You see, with the advent of recent privacy regulations, there are increasing responsibilities being placed on the shoulders of medical practitioners to insure the protection of patient medical information. Before we get down to the details, let’s discuss some terminology:
Privacy vs. confidentiality. According to Gary Kurtz, in an article in the Journal of Healthcare Information Management, privacy is the right of an individual to control disclosure of his or her medical information. Confidentiality is the understanding that the information will only be disclosed to authorized personnel. This is what is known as a “need to know” basis.
Information Security. Since patient information will be increasingly common in a digital-only format, loss of electronic medical records could have an adverse impact on patient care. So it is up to the guardian of that information, typically the physician, to ensure that there are proper procedures for protecting both the safety and the integrity of that data.
The data safety relates to such issues as access to the information with minimal downtime, proper backup of the data with redundancy, and a disaster recovery plan which is regularly tested.
Integrity refers to processes which insure a true, uncorrupted and legal record. Most EMR systems maintain what is known as an audit trail, which tracks every change made to a record, when and by whom. Without an audit trail, it would be nearly impossible to tell if a patient’s record had been altered. Imagine a physical chart written on a dry-erase whiteboard – changes could be made at any time without discovery.
That said, the two main issues of information security relate to Who is controlling the information and Who has access to the information.
Who controls the information. Previously we discussed the two main types of EMR systems available: server-based and web-based. In server-based systems, the patient data is typically located on a computer or server in the doctor’s office. The upside: the doctor has ultimate control over the information. The downside: the practice is responsible for maintaining the security of the patient records, something which most medical practices have little experience with.
In a web-based system, the doctor accesses the EMR system via the internet, and the data is located off-site, usually on the server of the EMR vendor or a third party. The upside: these entities usually have a lot of experience with information technology security processes as well as the resources to implement them. The downside: the information may be stored on the same server as information from other medical practices; there is the potential for the information to be accessed by someone other than an authorized party. In addition, loss of the internet connection means loss of access to your patient files.
Who has access to the information. As stated above, access to patient information should be on a “need to know“ basis. There may also need to be additional provisions for restricted types of visits such as patients with HIV, mental health issues, or those undergoing drug treatment.
HIPAA (the Health Information Portability and Accountability Act) determines how patient health information may be shared electronically. So a medical practice would need, according to HIPAA language, to insure the confidentiality of the patient information not only within its domain, but would also need to take any steps necessary to make sure that third parties who have access to the same information (outside vendors, laboratories, consultants, etc.) maintain confidentiality as well. This could even be carried, in the extreme perhaps, to anyone who potentially has access to patient records, such as cleaning service companies or maintenance contractors. A practice would be well-advised to sign Business/Vendor Associate Agreements for HIPAA compliance with these companies. You can find many examples of these online that you can use.
Other potential gaps in information access include:
- computer monitors within sight of other patients (these should be locked if an employee leaves her station)
- printers or faxes located in ‘public’ locations
- lost or misplaced laptops or thumbdrives with critical information and without password protection
- passwords taped on monitors (you should have a strict password policy including passwords which expire periodically)
- doctor or staff smart-phones or PDAs which are not password-protected
- a wireless network in the office with inadequate security encryption
- unattended EMR workstations (these should automatically lock after a short period of inactivity)
- unauthorized software downloads which could allow breach of the network
So, going back to our story about GMail…for a medical practice to use GMail for its email service, it would need to enter into a Vendor Associate agreement with Google Inc. and require Google to adhere to the practice’s procedures and policies for privacy of patient information (and every medical practice that used GMail would have to do the same). Needless to say, Google is highly unlikely to agree to signing these types of agreements with possibly thousands of doctors, and be potentially exposed to significant liability.
The Meaning of Meaningful Use of EMR
October 27, 2009 By 4 Comments
If you talk to anyone who is involved in the electronic medical records (EMR) industry, one of the biggest points of discussion is what is known as “Meaningful Use of EMR.” 
What started as a well-intentioned (by some) effort to establish standards for EMR software systems has morphed into political jockeying by corporations, consumer watchdogs, and others.
The US Dept of Health and Human Services (HHS) outlined these criteria for Meaningful Use of EMR:
1) Improve quality, safety, efficiency, and reduce health disparities
2) Engage patients and families
3) Improve care coordination
4) Improve population and public health
5) Ensure adequate privacy and security protections for personal health information
And although each of these has defined goals followed by specific objectives and measures for the years 2011, 2013, and 2015, these still sound a bit ambiguous. Many industry experts, however, expect these to be more fine-tuned as the dates approach, but medical practices will have to stay informed to keep ahead of the curve.
Financial Incentives
As part of the ARRA (American Recovery and Reinvestment Act of 2009), financial incentives will be given to those physicians whose practices demonstrate “meaningful use” beginning January, 2011.
The incentive payment, according to CMS, is equal to 75% of Medicare-allowable charges for covered services in a given year, and maxes out as follows:
- Year 1 – $15,000
- Year 2 – $12,000
- Year 3 – $8,000
- Year 4 – $4,000
- Year 5 – $2,000
For those practices who are early adopters of the technology and hit the threshold for meaningful use in 2011 or 2012, the first year payment would be $18,000. Note that this only applies to Medicare; there are additional incentives for healthcare providers who have a certain threshold of Medicaid patients and/or who practice in a rural area. The threshold for office-based pediatricians is lower, and so they would be more likely to qualify for those additional funds.
[table courtesy of SoftwareAdvice.com]
Even considering the fact that EMR implementation may cost anywhere from $10,000 to $50,000 per provider, these incentives would certainly make that investment more palatable.
Those practices that procrastinate, however, will be penalized with cuts in Medicare and Medicaid payments:
- 2015 – 1%
- 2016 – 2%
- 2017 – 3%
- 2020 – 5% (maximum reduction)
So, how do you know if you qualify? According to the health IT blog NetDoc, to be a “meaningful EHR user”, a physician must satisfy three criteria:
- Must use “certified EHR [EMR] technology”
- Must demonstrate that the certified EHR technology is connected in such a way that it provides for the electronic exchange of health information to improve the quality of health care, such as promoting the coordination of care (using HL7 or XML standards)
- Must submit information on clinical quality measures specified by HHS (such as PQRI)
Some physicians have told me that because there isn’t a final definition of what is considered “certified EHR technology” they are just going to wait. Big mistake. Most health care IT experts working on and advising on this issue feel fairly strongly that the Office of the National Coordinator for Health Information Technology (ONCHIT) will set CCHIT (Certification Commission for Health Information Technology) criteria as the standard for EMR certification.
CCHIT is a non-profit organization funded by various corporations and groups such as the American College of Physicians and the American Academy of Family Physicians, and was recognized by the US Dept of Health and Human Services (HHS) as a certifying body in 2006.
Some critics, however, charge that CCHIT is a shill for the Healthcare Information and Management Systems Society (HIMSS), the healthcare industry’s membership organization focused on healthcare IT. Although made up of both corporate and individual members, these critics feel that their goal is to corner the market for certain major EMR players. Nevertheless, unless or until there is an alternative, most EMR vendors are using CCHIT certification as the benchmark.
In addition to the EMR certification criteria, the ONCHIT is expected to adopt an initial set of standards and implementation specifications by the end of the year 2009.
Timeline
So, is too late to implement EMR in your practice and still qualify for the financial incentives? Well, that depends on the size of your practice, type of specialty, and how motivated your doctors and staff are to go paperless. Just don’t expect to run down to Office Depot, buy an EMR program and launch it the next day (although there is talk about WalMart getting into the EMR business, but we’ll leave that story for another day…)
According to MBA HealthGroup, these are some reasonable time frames to expect for EMR Implementation:
- Stage 1 – up to 6 months – researching vendors, getting buy-in, setting up an EMR committee, checking out demos, and making a final decision on the EMR system
- Stage 2 – up to 5 months – time it will take to actually ‘go live’. In the meantime, adapting workflow to EMR system you chose, ordering hardware, and standardizing processes
- Stage 3 – between 6 and 12 months – amount of time it will likely take to achieve “meaningful use”, which includes ePrescribing, documenting electronically, and ability to report certain items (which are still being determined)
[timeline courtesy of MBA HealthBlog]
Smaller groups and solo doctors may be able to purchase a more basic, “out-of-the-box” EMR system and more quickly adapt their workflow to the system, rather than vice versa in the case of larger medical practices. But, the one thing you can count on with EMR implementation is that you can’t count on anything – that is why some sort of timeline is important [see EMR Implementation Rollout].
What this boils down to is that those practices that have already started implementing EMR will have a good shot at getting those higher financial incentives. On the other hand, physicians who have been wishing that the whole idea of EMR was just a fleeting fad may not only miss out on these incentives but may also face cuts in their reimbursement.
Questions? Comments? Post them below
Will Google Health Influence Health System Reform?
August 31, 2009 By Leave a Comment
Although written two years ago, a post by Vince Kuraitis on the e-CareManagement blog seems timely:
“Google Health promises to simutaneously create and dominate the market for next generation personal health records (PHRs). There is nothing else in our solar system or in the entire universe like it.”
What follows is an extensive analysis [Read more...]
State Governments Also Pushing Health IT
August 11, 2009 By Leave a Comment
Well, several of my colleagues said it was never going to happen, 
but not only are there federal mandates for the adoption of EMR but now the states are starting to push for it as well. If you still don’t think that EMR is going to happen….I just can’t understand where you have been living these past few months.
Anyways, according to an article in Kaiser Health News, state governments and agencies are both facilitating and enhancing the implementation of health IT through a variety of means, from incentives to loans to the creation of health information exchanges.
Of course, like a lot of things benefiting from stimulus money, on-going funding for many of these projects may be a challenge going forward. Backers of these initiatives hope that savings from enhanced efficiencies and decreasing costs will more than make up for any short-falls.
Healthcare IT Market Poised for Growth
August 9, 2009 By Leave a Comment
According to an article by Lou Agosta in B-Eye-Network.com, 
80% of healthcare is delivered by medical practices consisting of only 1 to 5 doctors. And most big players in the EMR software system arena are marketing to larger clinics and multi-specialty institutions.
Even existing and proposed open-source systems such as OpenVistA still require significant investments in infrastructure on the part of the clients. And the government seems to be pushing for more open-source solutions, catching the attention of proprietary vendors like GE Healthcare, who may be offering some less-expensive options.
Still, there is a a lot of potential for EMR vendors who can target small medical practices, possibly with the SaaS (software as a service) or ASP (application-service provider) models.
Click here to read the entire article.
Why Medical Practices Can't Use GMail
August 2, 2009 By 3 Comments
Much of the new regulatory information coming out of Washington is 
getting increasingly more difficult to translate into English. I was recently asked whether a medical practice could use Google’s free email service GMail instead of spending money on a mail server and its associated server software. After checking with our own head of IT, I discovered it is a bit more complicated than just picking where you want to store your emails.
Buried deep within the HITECH (Health Information Technology for Clinical and Health) Act’s Sub-Title D is the language on privacy directly related to HIPAA (Health Insurance Portability and Accountability Act). Since most of us (health care providers) are considered “covered entities”, we must ensure that not only our employees and staff abide by these rules but our “associates” do as well.
If we started using GMail for our practice’s communication, there would be patient information located on Google’s mail servers and Google would, in fact, be considered one of our associates. This would require entering into a Business Associate Contract with Google, Inc. What do you think the chances are of Google, or a similar technology firm, signing a confidentiality agreement with perhaps thousands of medical practices across the country? I thought so.
Digital Business Law Group has an analysis of the language found in HITECH’s Sub-Title D – Privacy section that makes it a bit easier to comprehend.
E-Book PDF: Download (38.0KB)
Semantic Web – A New Model for Healthcare IT?
July 29, 2009 By Leave a Comment
There is a very interesting blog post by Steve Brown that 
gives us a novel way of approaching the massive challenge that is healthcare reform. While politicians and pundits are arguing about how to spend stimulus bill money, nobody is thinking about how to improve the dissemination of information. This, after all, is the holy grail of EMRs (electronic medical records). Not just the reduction of medical errors but also the great benefits of EHR (electronic health records) which promise greater efficiencies in the delivery of medicine.
The Right People for Your EMR Implementation
July 24, 2009 By 1 Comment
In order for your electronic medical records (EMR) implementation to 
be successful, you need to get buy-in from your employees. And for that to happen you need some key personnel involved from the get-go. It’s not possible for just one person to handle this task alone, no matter how talented he or she is.
The employees will well understand that a new EMR system will have a profound effect on the practice. They’ll also realize the pressures they are facing at work, and some anxiety is to be expected. Administrators and doctors should understand the top concerns which staff will raise when discussing EMR implementation. And sometimes staff will present with some resistance to the plan.
In our practice we use an integrated EPM/EMR platform but we didn’t switch on the EMR module until we were humming along with the EPM system. Only after the staff were well trained and we had converted all of our useful data from our old EPM system did we attempt to go live with EMR.
We created a group of ‘super-users’; these people were the first trained on elements of the new system, and had the responsibility to bring the rest of the staff up to speed. Peer-to-peer learning is the most effective, even among physicians. Your super-users should be representative of the various departments, including IT, office staff, compliance, front desk, administration, and clinical.
At our practice we also created an EMR committee that was authorized to hold meetings when necessary – these individuals had run with the project since its inception, and some had put in long days and weekends. They ended up with some decision-making power, as well as the added responsibility that comes along with it. Confidence in the project began to grow from that point on.
Some of the most important staff players include:
Coding/Billing Specialist
This person should have a voice in the initial software selection process. Having their expertise helped to minimize the hiccups we experienced when we switched from our old practice management (EPM) system to the new one. On their recommendation, we performed a trial run on the new system prior to completely abandoning our old system. This allowed our IT specialist to verify that the posting and billing were being performed correctly. Someone technically proficient with coding and compliance issues will be invaluable when your EMR system goes live – to prevent under- or over-coding and ensure HIPAA compliance.
Clinical Staff
Although not as vital during conversion of your EPM system (unless you are using an integrated system), their participation will be key to the success of the integration of the EMR into the practice. Therefore, it is important to for them to be involved in the early stages of planning; it is helpful for them to have an appreciation for what the non-clinical staff does on the EPM side and how the EMR will fit into the scheme of things.
IT Specialist
This person should be involved from the beginning, even prior to choosing the EMR software. If a practice cannot initially justify the expense of a full-time IT specialist, at the very least an IT consultant should be retained. Because we knew that conversion to EMR was just part of our overall strategic technology plan, we felt we could easily justify hiring a full-time IT specialist. In fact, due to this person’s expertise in such areas as software licensing, internet communications, and hardware networking, the changes that were incorporated into the practice saved enough to cover part of his salary.
Front Desk Staff
They provide valuable input from the perspective of the end-users of the EPM. Their tasks include check-in, check-out, posting of charges, and scheduling. Their critical job prior to the EMR rollout was to help test the design of the posting process at the time of patient check-out. Once we went live with EMR, they had to learn to post the charges electronically in real-time. Having time to get the bugs out of this process helped support our decision to postpone implementation of EMR until the staff was well acclimated to our EPM system.
At our practice the doctors empowered the EMR committee with authority to manage and plan the EPM/EMR integration. Managing partners continue to meet regularly with the administrator for status reports. They also meet with IT to continually tweak the system to improve efficiency. Bottom line: the overall success of the project will depend on the cooperation and involvement of everyone at the organization.
Putting Meaningful Use in Your Practice
July 20, 2009 By 2 Comments
A recent article in the AMA news discussed some of the continued 
ambiguities of the “Meaningful Use” prerequisites handed down by the Health IT Policy Committee. Nevertheless, it does give everyone an idea of where they are headed. Generally speaking, meaningful users are defined as healthcare-providers who are using E-Prescribing, that their EMR technology is connected in such a way that there is an electronic exchange of health information, and that clinical quality measures are submitted to the government via electronic means.
For practices that fail to have meaningful use by the end of the set timelines, not only would there not be incentives, there would actually be penalties in the form of reductions in Medicare reimbursements – unless the practice could demonstrate some type of financial hardship that would prevent adoption of EMR.
If you don’t think the financial incentives are worthwhile, thing again. SoftwareAdvice.com has a nice explanation of what medical practices have to gain by getting the ball rolling and not waiting until the perfect EMR solution falls out of the sky and hits them in the heads (note: it ain’t gonna happen).
To give you an idea of the timeline we are talking about, here is a graphic from a committee report (courtesy of Digitized Medicine). So, what are you waiting for?
