Using EHRs to Drive Quality Improvement
August 18, 2010 By 1 Comment
Physicians have long suspected that part of the reason that the government and the insurance industry are so gung-ho about EHR adoption is to keep a closer eye on health-care providers. And here is an example of just that.
A Blue Cross Blue Shield provider (Highmark) is developing quality measures for its providers (internists, family practitioners and cardiologists) that are tied to financial incentives.
According to their spokesman, “Ideally, use of health information technology will transform care through access to full information at the point of care, use of decision support to assure better adherence to evidence-based guidelines and coordination of care among multiple caregivers. In so doing, we expect to see a reduction in unwarranted variation and improvement in patient safety.”
There is no doubt that the widespread use of EMR will lead to better documentation and therefore enhanced patient safety. But we must also be aware of the potential for increased control over the practice of medicine.
Do EMRs Make Practicing Medicine Safer or More Dangerous?
August 13, 2010 By 3 Comments
Recently I wrote about a Harvard study that found evidence that physicians that use electronic medical records systems (EMRs) are less likely to be involved in a malpractice lawsuit. But regardless of whether your charts are better documented and therefore make you less of a target for a claim, does using EMR make you practice medicine better?
According to the Huffington Post Investigative Fund, there have been several cases of EMRs gone amok. In most cases there was no harm to patients. But they quote Dr. Jeffrey Shuren of the FDA as attributing six deaths and 200 injuries to poorly implemented CPOE (computerized physician order entry). Many critics of the government’s EMR implementation plan point to these cases as examples of not enough regulation and oversight.
On the other hand, the ONC (Office of the National Coordinator [for Health Information Technology]) spokesman says the they are working closely with a number of organizations including the FDA to improve safety. Critics say that the ONC has too friendly a relationship with the EMR industry, and feel that the FDA needs to be given more authority to collect and analyze errors caused by EMR systems.
Five Ways to Scan Your Paper Charts into an EMR System
July 27, 2010 By Leave a Comment
We are a little over two years into our electronic medical records implementation at the time of this writing. Since we have been performing a gradual rollout, the entire process has been relatively uneventful. Most of the credit for this goes to our chief information officer (technospeak for the head of our IT department) and our practice administrator.
One of the biggest challenges we have been facing is how to convert all of the paper records into electronic ones. Since we started our EMR implementation with just new patients, we initially were entering brand-new data on those patients and there wasn’t anything to convert. But as we started adding established patients – those patients that had an existing paper chart – we had to deal with two issues: how much of the paper chart do we convert to a digital format and how do we make the majority of the existing clinical history available to the physician? Before I tell you what we did, let’s discuss some options for dealing with conversion of paper records to electronic records.
- All patient charts are scanned into the electronic medical records (EMR) system. If your practice is running out of physical office space, as we were, this is an attractive option. Unfortunately, it is easy to [Read more...]
Study: Current EMRs not good for care coordination
January 7, 2010 By Leave a Comment
One of the goals of meaningful use and all the related federal spending of health IT is for EMRs to improve care coordination. But the current reimbursement system that’s heavy on fee-for-service encourages software developers and users alike to focus on documentation of billable events rather than coordination of care, a new study finds.
Read more on EMRs and care coordination
CMS Releases Proposed Meaningful Use Criteria
December 30, 2009 By Leave a Comment
The Centers for Medicare and Medicaid Services (CMS) announced today a proposed outline for Meaningful Use criteria, in accordance with EMR implementation provisions under the Health Information Technology for Clinical and Economic Health (HITECH) Act, part of the American Recovery and Reinvestment Act (ARRA) of 2009. These specify some of the guidelines by which physicians can receive incentives of up to $44,000 per provider, over 5 years, beginning as early as 2011.
Stage 1 criteria (the first of 3 total) would cover 25 meaningful use objectives (and 23 for hospitals). These are listed under modules known as Health Outcomes Policy Priorities such as Improving quality and patient safety (use of drug-allergy interaction checks, use of ePrescribing, maintaining active medication list, etc.), Engaging patients and their families in their health care (e.g., provide patients with a copy of their health information), Improving care coordination (e.g., exchanging key clinical information among authorized entities), Improving population and public health (e.g., capability to submit data to immunization registries), and Ensuring adequate privacy and security for personal health information (through the use of appropriate EMR technology).
The implementation of Stage 1 meaningful use standards would begin in 2011. Stage 2 (which would essentially expand upon certain aspects of Stage 1) and Stage 3 (which would deal with achieving improvements in conditions of a national high-priority nature and population health outcomes) would follow later.
While this certainly doesn’t clear things up completely for the individual physician, every piece of information that trickles down from Washington is eventually analyzed and translated for all parties which have a vested interest in the process. Hopefully, resources such as this can help doctors stay informed and as up-to-date as possible.
If you have any comments or questions, please post them here. If we don’t know the answer we’ll certainly try to find someone who does.
Take Our Survey: Are You Using EMR?
December 22, 2009 By Leave a Comment
EMR Implementation – How do you stack up against your colleagues?
We’ll post the results in a week or so.
Click the Next button after you answer each question
[SURVEYS 1]
Privacy and Security of Electronic Medical Records
December 7, 2009 By 3 Comments
One of my partners asked if our practice could use free GMail instead of replacing our old and failing mail server (not free) and having to purchase the licensing for the Microsoft software (definitely not free). 
When I looked into it, it turned out to be a bit more complicated than just deciding between a free mail service or one that has recurring expenses.
You see, with the advent of recent privacy regulations, there are increasing responsibilities being placed on the shoulders of medical practitioners to insure the protection of patient medical information. Before we get down to the details, let’s discuss some terminology:
Privacy vs. confidentiality. According to Gary Kurtz, in an article in the Journal of Healthcare Information Management, privacy is the right of an individual to control disclosure of his or her medical information. Confidentiality is the understanding that the information will only be disclosed to authorized personnel. This is what is known as a “need to know” basis.
Information Security. Since patient information will be increasingly common in a digital-only format, loss of electronic medical records could have an adverse impact on patient care. So it is up to the guardian of that information, typically the physician, to ensure that there are proper procedures for protecting both the safety and the integrity of that data.
The data safety relates to such issues as access to the information with minimal downtime, proper backup of the data with redundancy, and a disaster recovery plan which is regularly tested.
Integrity refers to processes which insure a true, uncorrupted and legal record. Most EMR systems maintain what is known as an audit trail, which tracks every change made to a record, when and by whom. Without an audit trail, it would be nearly impossible to tell if a patient’s record had been altered. Imagine a physical chart written on a dry-erase whiteboard – changes could be made at any time without discovery.
That said, the two main issues of information security relate to Who is controlling the information and Who has access to the information.
Who controls the information. Previously we discussed the two main types of EMR systems available: server-based and web-based. In server-based systems, the patient data is typically located on a computer or server in the doctor’s office. The upside: the doctor has ultimate control over the information. The downside: the practice is responsible for maintaining the security of the patient records, something which most medical practices have little experience with.
In a web-based system, the doctor accesses the EMR system via the internet, and the data is located off-site, usually on the server of the EMR vendor or a third party. The upside: these entities usually have a lot of experience with information technology security processes as well as the resources to implement them. The downside: the information may be stored on the same server as information from other medical practices; there is the potential for the information to be accessed by someone other than an authorized party. In addition, loss of the internet connection means loss of access to your patient files.
Who has access to the information. As stated above, access to patient information should be on a “need to know“ basis. There may also need to be additional provisions for restricted types of visits such as patients with HIV, mental health issues, or those undergoing drug treatment.
HIPAA (the Health Information Portability and Accountability Act) determines how patient health information may be shared electronically. So a medical practice would need, according to HIPAA language, to insure the confidentiality of the patient information not only within its domain, but would also need to take any steps necessary to make sure that third parties who have access to the same information (outside vendors, laboratories, consultants, etc.) maintain confidentiality as well. This could even be carried, in the extreme perhaps, to anyone who potentially has access to patient records, such as cleaning service companies or maintenance contractors. A practice would be well-advised to sign Business/Vendor Associate Agreements for HIPAA compliance with these companies. You can find many examples of these online that you can use.
Other potential gaps in information access include:
- computer monitors within sight of other patients (these should be locked if an employee leaves her station)
- printers or faxes located in ‘public’ locations
- lost or misplaced laptops or thumbdrives with critical information and without password protection
- passwords taped on monitors (you should have a strict password policy including passwords which expire periodically)
- doctor or staff smart-phones or PDAs which are not password-protected
- a wireless network in the office with inadequate security encryption
- unattended EMR workstations (these should automatically lock after a short period of inactivity)
- unauthorized software downloads which could allow breach of the network
So, going back to our story about GMail…for a medical practice to use GMail for its email service, it would need to enter into a Vendor Associate agreement with Google Inc. and require Google to adhere to the practice’s procedures and policies for privacy of patient information (and every medical practice that used GMail would have to do the same). Needless to say, Google is highly unlikely to agree to signing these types of agreements with possibly thousands of doctors, and be potentially exposed to significant liability.
Building Your Office Network Infrastructure
November 25, 2009 By Leave a Comment
It doesn’t matter if your practice is just a single doctor at one location, or numerous physicians across multiple satellite offices. Either way, even before you can implement an EMR system, you’ll need to start by developing your system infrastructure.
Although typically a contractor will take care of the network wiring for your office network, it is still a good idea to be familiar with some issues related to network wiring as well as terminology so you don’t get taken advantage of. Consider using a contractor who has been certified by the Building Industry Consulting Service International (BICSI), as this certification is the standard for contractors who deal with complex data and voice cable installations.
Some of the specific issues with which you should be familiar include:
Wiring: Typical Cat5e network wires have either a T568A or T568B standard. Select either, and be sure everything is wired to the same standard. The Cat6 wire standard is newer and more expensive, possibly a bit much for most medical practices. Copper wires between telephone communications closets shouldn’t contain segments over one hundred meters. Consider using fiberoptic cable for wiring over longer distances, as these cables can move more information and aren’t as vulnerable to interference and lightning. Fiberoptic, however, is more expensive.
Wireless: Are you considering wireless networking, also known as WiFi? If so, you will have to select a standard: either 802.11a, 802.11b, 802.11g, or 802.11h. Some newer standards provide higher data transfer speeds, but cost significantly more. The wireless standard that you choose should depend on whether you’re running a thin or fat client ( see Designing the Office Network for more about thin vs fat clients. Also, beware of interference from such common devices as cordless phones and microwave ovens.
Overwire: Most existing buildings are wired above the ceiling. Wiring is then dropped down the walls. When wiring, I would recommend ‘double drops,’ as the largest cost of wire installation is the labor. You will thank yourself later when you want to add more network devices (scanners, printers, diagnostic equipment, etc.), as these additional network connections will already be there.
Cooling: Network and server equipment create heat, and tend to shut down when over-heated. Plan for this by being sure that you have adequate cooling – you may want to consider installing a small, dedicated air-conditioning unit.
Electrical connections: It’s a standard IT practice to have a certified electrician install isolated circuits for your network and servers – usually the outlets are orange so you can tell them apart.
Security: Don’t forget about security! Make the wiring closet secure, and remember that anyone with access to this closet can dismantle your network at any time.
Multiple locations: You’ll have to create a WAN, or wide-area network, to make a connection between remote office locations, so do your research and check out all your options. Larger metropolitan areas will generally have more options available for wide-area networks.
Fiber Backbones: Local utilities commonly maintain a fiber backbone which they allow businesses to access. These fiber backbones allow for high bandwidth rates between office locations (10-100Mbps) at a reasonable cost.
Local Phone Service: Meet with your local telephone sales people and service technicians. They understand the offerings in your geographic area. Some of the key points to discuss are:
- T1 lines: would a Metropolitan Area Network (MAN) or a Point to Point (PTP) be better?
- Inquire about both burst and committed information rates. A fast T1 connection may not cut it if the maximum isn’t available when you need it most.
- Will the phone company supply you with and maintain your router hardware, or will you need to take on this task yourself?
The costs of network infrastructure are much lower in new buildings. Apart from easier (and less costly) installation, the ability to oversee the network wiring in a building under construction is an advantage for clear design. Unfortunately, the majority of practices are located within existing buildings, so sound design and forethought in planning will help save your practice excessive costs and headaches later.
Designing the Office Computer Network
November 3, 2009 By 2 Comments
Regardless of whether or not you use an EMR system, 
you may already have computerized billing and scheduling. And if you have multiple computers at your practice, most likely these computers operate on some sort of network. Even if you are not the ‘technical’ person in your practice, you should understand the designs and capabilities of computer networks, especially when a complex, multi-user EMR system is finally put into place.
Below are some basic principles of computer network design you should be familiar with:
Networking Basics (WAN, LAN, or MAN?)
Certain network hardware and system software may be incompatible with some EMR and EPM systems. Obviously, you should know this in advance. If you plan on adding users to your network at a later time, it’s often better to buy multi-user licenses rather than individual retail software packages. You can connect computers and printers in a practice on a Local-Area Network, or LAN. The LAN can link up with other local area networks via wireless connectivity. But be sure to check with the vendor of the EMR software to insure that it can operate on a wireless network.
A Wide-Area Network (WAN) can connect other smaller LANs, or Metro-Area Networks (MANs). Large practices can use these WANs to connect multiple satellite offices over a wide geographic area, for example.
The most recognized WAN is the Internet. The Internet can also create the possibility of an Intranet, or a private Internet, on which employees can communicate and collaborate with each other, regardless of where they are located. For such a system to function well between dispersed offices, a hi-bandwidth connection is a must in order to maintain smooth operations. We use an Intranet for such things as employee manuals, a practice Wiki, staff newsletters, photo sharing, and educational materials.
Bandwidth and Topology
Data capacity, or network Bandwidth, is often measured in bits-per-second (bps). In most cases connection rates range from 56kbps to millions of bits per second. Even so, the rates achievable may be limited by the hardware or sometimes even the software used. Overall speed on the network can be drastically reduced when many users are trying to use the system at the same time. If network speeds are slow because the hardware is underpowered or the network design is bad, ‘fast’ connection speed rates promised by the internet service provider won’t really mean much.
Network Topology is also important. Topology is the ‘shape’ of the network, as in the wiring between a series of computers. This topology should have a clean, intelligent design and not simply daisy-chaining PCs in a random, haphazard way. Optimal topography may mean more wires, but this can contribute to overall system resilience from failure due to a weak spot. Otherwise, if one part of the network fails, the entire network could collapse as a result. Proper topography protects against this sort of situation with redundancies. A network consultant should recommend a good balance between expandability and redundancy.
Wiring
In most cases, a practice running an EMR system will employ hard-wired computers connected to a server. However, some physicians may prefer to input data via a wireless device, as this can be carried throughout the areas in a practice. However, wireless networks present some new points to address:
Signal
Wireless devices have less-than-expected ranges when functioning in an office with many walls. Many consumer-level devices may be inadequate for the needs of a medical practice network. And they may suffer from interference due to common appliances such as microwave ovens or cordless telephones.
Bandwidth
The useful speed on your local network can be limited by the speed of your wireless connection, even if your LAN has good bandwidth rates.
Wireless Security
A hacker can destroy your network if it isn’t protected. Even simple wireless access points need to have built-in security. This is especially important in the age of HIPAA compliance.
Firewall
And speaking of security, you can protect yourself further by having what is know as a firewall. These are software programs, either stand-alone or as part of a hardware device, which protect private networks against intrusion from the outside world. These have become relatively inexpensive for the small business, especially compared to the cost of a successful network attack.
Fat or Thin Clients?
Should you employ laptops (fat clients) that directly run software and connect to your network via a wireless connection? Or, should you run the software virtually with a network appliance (thin client) via a remote connection? With wireless networks, disconnects are an unavoidable reality. In this case, the thin client lets the software continue to run, and you can later pick up where you left off. A broken connection on a fat client may cause a software crash. On the other hand, the latter has certain other capabilities such as running video programs.
