EMR and HIPAA

August-29-2014

14:07

As most of you know, I’ve been regularly trying to feature other Health IT and EHR bloggers out there. A lot of them are creating some really great content and I’m always happy when there are more smart people joining in on the healthcare IT conversation. I hope you enjoy discovering some new blogs that might help you in your work.

Meaningful Health IT News – This is Neil Versel’s healthcare IT blog. Neil is the most prolific healthcare IT journalist out there having written for pretty much every healthcare IT publication over the past couple decades. I’ve mentioned before that Neil’s blog was one of the first ones I looked to when I started writing a blog. I modeled some of the things I do after him. I figured he was a real journalist and I wasn’t, so I should learn from him. I should disclose that Neil’s blog is part of the Healthcare Scene network of blogs. I’m lucky to be able to work with someone like Neil. I only wish he had more time to write on his blog.

Data 4 U – This is a new health IT blog by Lynn Zahner, a former obstetrician/gynecologist, who’s transforming into a health IT professional. Looking at even just the first 3 posts I’m excited to see what Lynn will bring next. It’s always great to have a clinician’s perspective on healthcare IT. I hope Lynn’s able to keep it up.

Kat’s Space – Kat’s blog is a new find for me. She’s a RN and digital marketing interested in tech and social media. It’s too bad I hadn’t found her before now. Sounds like we’d get along really well. She’s also a Google Glass explorer and so she provides some really interesting insights into the Glass and wearable technology space.

Accountable Health – I think we can all use a great accountable health blog. In fact, we can likely use more than one to try and figure out what’s happening with ACOs and other accountable care programs that are in the works. This blog is written by Fred Goldstein. Fred has a unique view of the accountable care world since he’s the Founder of the Population Health Alliance. I think Fred’s blog is one to watch if you care about where healthcare reimbursement is headed.

August-27-2014

12:51

The following is a guest blog post by Art Gross, Founder of HIPAA Secure Now!.
Art Gross Headshot
Ask any medical professional about their biggest concern for protecting patient information and they will probably tell you about the threat of a random audit conducted by the Office of Civil Rights (OCR). OCR is tasked with enforcing HIPAA regulations and has the ability to hand out fines up to $1.5 million per violation for a HIPAA breach and failing to comply with HIPAA regulations.

With recent fines of $4.8 million handed out to New York and Presbyterian Hospital and $1.7 million fine to Concentra Health Services, physicians have good reason to worry.  These massive fines were levied not as the result of a random audit, but for the mandatory reporting of patient data breaches to the Department of Health and Human Services (HHS), and the investigation that followed.  So physicians need to reconsider where their real concerns should lie.

Ponemon Study

The 2013 Cost of a Data Breach Study by the Ponemon Institute calculated lost or stolen patient records at $233 per record. Let’s take a look at how quickly the cost of a HIPAA breach can add up:

# of Records Breached Cost
1 $233
10 $2,330
100 $23,300
1,000 $233,000
10,000

100,000

$2,330,000

$23,330,000

The cost of the recent Community Health Systems 4.5 million patient records breach could cost more than $1 billion!

Whether a medical provider loses 1,000 or 10,000 patient records the financial impact could easily set back the organization or even put it out of business.  But the “hidden cost” of a HIPAA breach that shouldn’t be overlooked is the damage to the provider’s reputation, lost trust from patients and the resulting sharp decline in revenues.

Lost patient records sparks negative publicity.  Take Phoenix Cardiac Surgery (PCS) for example. The Arizona medical practice with five physicians got slapped with a $100,000 fine for a HIPAA breach in 2012. A current search on Google returns the practice’s website plus 28 links to negative news stories related to the HIPAA fine. The consequences? A patient searching a referred cardiac surgeon from PCS finds the negative publicity and decides to continue searching for another surgeon. Or, an existing patient of PCS decides to look for another medical practice that takes every measure to safeguard his privacy.

Other Cost Factors

Beyond revenue loss and a damaged reputation are the direct overhead costs associated with a breach. The cost of discovering and stopping a breach may involve IT services, forensic investigative services to determine which systems and patients were affected, and legal counsel if patients file a lawsuit. There are also hard costs associated with notifying patients affected by the breach, including time spent to pull together their contact information, mailing out notifications and providing toll-free inbound phone numbers to handle complaints. Most organizations also provide identity and credit monitoring services for affected patients. All of these expenses add up, not to mention the cost of lost productivity due to the diverted attention of employees tasked with managing these processes.

Today it’s not uncommon for laptops, tablets and USB drives with patient records to disappear.  Or, for crime rings to hack into EHR systems to steal patient information and commit tax fraud, and for meth dealers to steal patient identities to obtain prescriptions.  If a large hospital system can lose 4.5 million patient records think how easy it is for a hacker to grab thousands of patient records from smaller medical practices and turn them into cash. The threat of a HIPAA breach has never been greater and all organizations should take heed.

Risk Assessment as a First Step

Healthcare organizations, particularly smaller medical practices, should perform a HIPAA risk assessment to look at where patient information is stored and accessed, and how the organization protects that information. It examines the risks of a breach and recommends steps to lower them. Without performing a risk assessment an organization may be lulled into a false sense of security, mistakenly believing they won’t suffer the consequences of a HIPAA breach.  At $233 per lost or stolen record that could be a costly miscalculation.

About Art Gross

Art Gross co-founded Entegration, Inc. in 2000 and serves as President and CEO. As Entegration’s medical clients adopted EHR technology Gross recognized the need to help them protect patient data and comply with complex HIPAA security regulations. Leveraging his experience supporting medical practices, in-depth knowledge of HIPAA compliance and security, and IT technology, Gross started his second company HIPAA Secure Now! to focus on the unique IT requirements of medical practices.  Email Art at artg@hippasecurenow.com.

Full Disclosure: HIPAA Secure Now! is an advertiser on EMR and HIPAA.

August-26-2014

14:35

About 10 months ago, we added Healthcare IT Central to the Healthcare Scene family of healthcare IT websites. It’s been a really amazing addition to the network and I’ve been amazed at the thousands of people that have been able to find health IT jobs thanks to Healthcare IT Central. I love blogging because you get the direct interaction with readers, but there’s a really amazing feeling that comes when you play some small role in helping someone find a job.

The other great part about the addition of Healthcare IT Central is the related Healthcare IT Today career blog. If you’re not reading that site, we just added it to our Healthcare Scene email subscription lists so you can receive the latest posts in your email inbox.

Just to give you a little flavor of the type of content we’ve been posting on Healthcare IT Today, we asked the questions, “Has There Been an EHR Consulting Slow Down?” and “Who’s More Satisfied – Full Time Health IT Professionals or Health IT Consultants?” Plus, we even posted really interesting data like a look at the Epic Salary and Bonus structure. Then, since it is a healthcare IT career website, we cover things like LinkedIn tips and LinkedIn as a professional or personal profile.

If you’re someone looking for a healthcare IT job or looking for a better healthcare IT job, we have hundreds of health IT jobs available. You might also check out Cordea Consulting, ESD, and Greythorn that recently posted jobs with us.

If those jobs aren’t your style we have other jobs like this Sales Account Executive at EHR vendor, gMed, or these system analyst jobs at Hathaway-Sycamores Child Family Services and Pentucket Medical.

If you’re an employer looking for amazing healthcare IT professionals, you can register for the site and post your jobs or search our database of over 12,000 active health IT resumes.

Hopefully some of these health IT career resources are helpful to readers of EMR and HIPAA. One thing that’s universal in healthcare is the need to find a job or hire the right talent. Hopefully we’re doing are part to help both sides of the coin.

August-25-2014

14:26

One of the most popular battles discussions we’ve had on this site since the beginning is around client server EHR software versus cloud EHR software. It’s a really interesting discussion and much like our US political system, most people fall into one camp or the other and like to see the world from whatever ideology their company approaches.

The reality I’ve found is that there are pros and cons to each side. Certainly cloud has won out in most industries, but there are some compelling reasons why cloud hasn’t taken hold in many parts of healthcare.

With that in mind, a client server EHR vendor asked me to list out the reasons why someone should go with a Cloud EHR over client server. Here’s my off the cuff responses:

No IT Support Needed beyond desktop support – This is a big benefit that many like. Plus, they add in the cost of the server, the cost of the local IT person and so they see it as a huge benefit to go with cloud software

Automatic Updated Software – Not always true with the cloud, but they like that the software just updates and they don’t have to go around updating software. Of course, this also has its downsides (ie. when an update happens automatically and breaks something)

Small Upfront Cost – Most Cloud solutions are billed on a monthly charge with little to no upfront cost. We could argue the accounting pieces of this and whether it’s really any better, but it feels better even if many cloud providers require the 1-2 year commitment. In some large organizations this type of payment plan is better for their accounting as well (ie. depreciation of equipment, etc)

More Secure – Obviously this could be argued either way, but those that believe cloud is more secure believe that a cloud provider has more resources and expertise to make their cloud secure vs an in house server where no one might have expertise

More Reliable (backup/disaster recovery) – Similar to the secure argument as far as expertise and ability to provide this reliability

Single Database – There are cool things you can do with data when every doctor is on one database and one standard data structure.

Available Everywhere – At home, office, hospital, etc. (Yes, this can be done by many client server as well, but not usually with the same experience).

I’m sure that a cloud EHR provider could add to my list and I hope they will in the comments. As I was making the list, I wondered to myself if a client server EHR vendor could provide all of the benefits listed above. Let me go through each.

No IT Support Needed beyond desktop support – Some EHR vendors will do all the IT support for the user. Plus, it’s a little bit of a misnomer that you need no IT support with a cloud hosted EHR. You still need someone to service your network and computers. More importantly though, most client server EHR vendors are offering a hosted EHR option which basically provides this same benefit to a practice.

Automatic Updated Software – More and more client server vendors are moving to this approach for updates as well. This is particularly true when they offer a hosted EHR environment where they can easily update the EHR. It’s a different mentality for client server EHR vendors, but it can be done in the client server environment.

Small Upfront Cost – We’ve seen this same offer from almost all of the client server EHR companies. It’s a hard switch for EHR companies to make the change from large up front payments to reoccurring revenue, but I’m seeing it happening all over the industry. The only exception might be the big hospital EHR purchase. In the ambulatory EHR market, I think everyone offers the monthly payment option.

More Secure – This is one that could be argued either way. Either one could be more secure. Client Server vs Cloud EHR doesn’t determine the security. A client server EHR can be just as secure or even more secure than a cloud EHR. I agree that generally speaking, cloud EHR is probably more secure than client server, but that’s speaking very broadly. If you care about security, you can secure a client server EHR as much or more than a cloud EHR.

More Reliable (backup/disaster recovery) – Similar to secure, you can invest in a client server infrastructure that is just as reliable as a cloud EHR. It’s true that a cloud EHR vendor can invest more money in redundant systems usually. However, a client server EHR vendor that hosts the EHR could invest just as much.

Single Database – This is the one major challenge where I think client server has a much harder time than a single database cloud EHR provider. Sure, you can export the data from all of the client server EHR software into a single database in order to do queries across client server EHR installs. A few vendors are doing just that. So, I guess it’s possible, but it’s still not happening very many places and not across all the data yet.

Available Everywhere – This can be done by client server as well, but the experience is often a subset of the in office experience. Although, this is rapidly changing. Bandwidth and technology have gotten so good, that even a client server install can be done pretty much anywhere on any device.

Conclusion
Looking through this list, it makes a great case for why client server EHR software is going to be around for a long time to come. There’s nothing on the list that’s so compelling about cloud hosted EHR software that makes it a clear cut winner.

As I thought about this topic, I tried to understand why cloud’s been the clear cut winner in so many other areas of technology. The answer for me is that in our lives portability has mattered a lot more to us. In healthcare it hasn’t mattered as much. Plus, new client server technologies have been portable enough.

Long story short, I’m a fan of cloud technologies in general, but if I were a provider and a client server technology provided me more features, functions, better workflow, etc, than a cloud EHR, I wouldn’t be afraid to select a client server EHR either.

Also worth clarifying is that this post outlines how a client server EHR can provide all of the same benefits of a cloud EHR. However, just because a client server EHR can provide those benefits, doesn’t mean that they do. Many have chosen not to offer the above solutions. Although, the same goes for cloud EHR as well.

What do you think? Are there other reasons why cloud EHR technology is so much better than client server? Is there something I’ve missed? I look forward to reading your comments.

August-22-2014

15:12

I’ve long been interested in voice recognition together with EHR software. In many ways it just makes sense to use voice recognition in healthcare. There was so much dictation in healthcare, that you’d think that the move to voice recognition would be the obvious move. The reality however has been quite different. There are those who love voice recognition and those who’ve hated it.

One of the major problems with voice recognition is how you integrate the popular EHR template documentation methods with voice. Sure, almost every EHR vendor can do free text boxes as well, but in order to get all the granular data it’s meant that doctors have done a mix of clicking a lot of boxes together with some voice recognition.

A few years ago, I started to see how EHR voice recognition could be different when I saw the Dragon Medical Enabled Chart Talk EHR. It was literally a night and day difference between dragon on other EHR software and the dragon embedded into Chart Talk. You could see so much more potential for voice documentation when it was deeply embedded into the EHR software.

Needless to say, I was intrigued when I was approached by the people at NoteSwift. They’d taken a number of EHR software: Allscripts Pro, Allscripts TouchWorks, Amazing Charts, and Aprima and deeply integrated voice into the EHR documentation experience. From my perspective, it was providing Chart Talk EHR like voice capabilities in a wide variety of EHR vendors.

To see what I mean, check out this demo video of NoteSwift integrated with Allscripts Pro:

You can see a similar voice recognition demo with Amazing Charts if you prefer. No doubt, one of the biggest complaints with EHR software is the number of clicks that are required. I’ve argued a number of times that number of clicks is not the issue people make it out to be. Or at least that the number of clicks can be offset with proper training and an EHR that provides quick and consistent responses to clicks (see my piano analogy and Not All EHR Clicks Are Evil posts). However, I’m still interested in ways to improve the efficiency of a doctor and voice recognition is one possibility.

I talked with a number of NoteSwift customers about their experience with the product. First, I was intrigued that the EHR vendors themselves are telling their customers about NoteSwift. That’s a pretty rare thing. When looking at adoption of NoteSwift by these practices, it seemed that doctor’s perceptions of voice recognition are carrying over to NoteSwift. I’ll be interested to see how this changes over time. Will the voice recognition doctors using NoteSwift start going home early with their charts done while the other doctors are still clicking away? Once that happens enough times, you can be sure the other doctors will take note.

One of the NoteSwift customers I talked to did note the following, “It does require them to take the time up front to set it up correctly and my guess is that this is the number one reason that some do not use NoteSwift.” I asked this same question of NoteSwift and they pointed to the Dragon training that’s long been required for voice recognition to be effective (although, Dragon has come a long way in this regard as well). While I think NoteSwift still has some learning curve, I think it’s likely easier to learn than Dragon because of how deeply integrated it is into the EHR software’s terminology.

I didn’t dig into the details of this, but NoteSwift suggested that it was less likely to break during an EHR upgrade as well. Master Dragon users will find this intriguing since they’ve likely had a macro break after their EHR gets upgraded.

I’ll be interested to watch this space evolve. I won’t be surprised if Nuance buys up NoteSwift once they’ve integrated with enough EHR vendors. Then, the tight NoteSwift voice integrations would come native with Dragon Medical. Seems like a good win win all around.

Looking into the future, I’ll be watching to see how new doctors approach documentation. Most of them can touch type and are use to clicking a lot. Will those new “digital native” doctors be interested in learning voice? Then again, many of them are using Siri and other voice recognition on their phone as well. So, you could make the case that they’re ready for voice enabled technologies.

My gut tells me that the majority of EHR users will still not opt for a voice enabled solution. Some just don’t feel comfortable with the technology at all. However, with advances like what NoteSwift is doing, it may open voice to a new set of users along with those who miss the days of dictation.

Blog url: 
http://www.emrandhipaa.com/

Follow Us: