EMR and HIPAA

April-24-2014

13:14

In one of my recent conversations with Dr. Andy Litt, Chief Medical Officer at Dell, he made a really interesting but possibly counter intuitive observation. While maybe not a direct quote from him, I took away this observation from Dr. Litt:

Security and privacy drives people to the cloud.

Talk about an ironic statement. I imagine if I were to talk to a dozen CIOs, they would be more concerned about the security and privacy implications of the cloud. I don’t imagine most would look at the cloud as the solution to some of their security and privacy problems.

However, Dr. Litt is right. Many times a cloud based EHR or other software is much more secure than a server hosted in a doctors office. The reality is that many healthcare organizations large or small just can’t invest the same money in securing their data as compared with a cloud provider.

It’s not for lack of desire to make sure the data is secure and private. However, if you’re a small doctor’s office, you can only apply so many resources to the problem. Even a small EHR vendor with a few hundred doctors can invest more money in the security and privacy of their data than a solo practice. Although, this is true for even very large practices and even many hospitals.

One reason why I think many will disagree with this notion is because there’s a difference between a cloud provider who can be more secure and private and one who actually executes on that possibility. It’s a fair question that everyone should ask. Although, this can be verified. You can audit your cloud provider and see that they’re indeed putting in security and privacy capabilities that are beyond what you’d be able to do on your own.

What do you think? Is hosting in the cloud a way to address security and privacy concerns?

April-23-2014

18:36

Between Windows XP causing HIPAA compliance issues and the risk associated with the risk assessment required by meaningful use, many in healthcare are really waking up to the HIPAA compliance requirements. Certainly there’s always been an overtone of HIPAA compliance in the industry, but its one thing to think about HIPAA compliance and another to be HIPAA compliant.

This whitepaper called HIPAA Compliance: 6 Reality Checks is a great wake up call to those that feel they have nothing to worry about when it comes to HIPAA. While many are getting ready, there are still plenty that need a reality check when it comes to HIPAA compliance.

Here’s a look at why everyone could likely benefit from a HIPAA reality check:
(1) Data breaches are a constant threat
(2) OCR audits reveal health care providers are not in compliance
(3) Workforce members pose a significant risk for HIPAA liability
(4) Patients are aware of their right to file a complaint
(5) OCR is increasing its focus on HIPAA enforcement
(6) HIPAA Compliance is not an option, it’s LAW

Obviously, the whitepaper goes into a lot more detail on each of these areas. As I look through the list, what seems clear to me is that HIPAA compliance is a problem. Every organization should ask themselves the following questions:

Are we HIPAA compliant?

What are you doing to mitigate the risk of a breach or HIPAA violation?

When I look at the 6 Reality Checks details in the whitepaper, I realize that everyone could benefit from a harder look at their HIPAA compliance. A little bit of investment now, could save a lot of heartache later.

April-22-2014

11:17

The following is a guest post by Barry Haitoff, CEO of Medical Management Corporation of America.
Barry Haitoff
For those not familiar with ACOs (Accountable Care Organizations), I want to provide some insight into ACOs and how a medical practice can better prepare themselves for the coming shift in reimbursement, which is epitomized by the ACO. This is a challenging subject since the ACO is a somewhat nebulous idea that’s rapidly changing, but hopefully I can provide you some strategies that will help you be prepared for the coming changes.

You may remember when we talked in a previous post about the Value Based Payment Modifier and its impact on healthcare reimbursement. As we talked about in that post, healthcare reimbursement is changing and CMS is looking to only pay those providers who are providing quality care. As part of this movement, an ACO is an organization that works on behalf of a community of patients to ensure quality care.

The metrics of how they’ll measure what they reimburse and what they consider quality care are likely to rapidly change over the next few years while CMS figures out how to measure this. However, one key to being ready for this shift is that you’ll need to be part of an organization or group of providers that will take accountability for a patient population.

In some areas of the country, the hospitals are leading these organizations, but in other areas groups of physicians are coming together to form an ACO of just physicians. Either way can work. The key is that the members of these groups are going to each share in the reimbursement the group receives for improving the quality of healthcare patients in the community receive.

Also worth noting is that membership in an ACO isn’t necessarily a prerequisite for value based reimbursement. Whether you choose to be a member of an ACO or not, you’re going to be impacted by value based reimbursement and will need to be ready for the change. Not being ready could lead to lower reimbursement for the services you provide.

While it’s great that organizations of doctors are coming together to meet the need for ACOs, much more is going to be needed to do well in an ACO reimbursement world. The reality is that an ACO can’t exist without technology. Don’t even think about trying to meet the ACO requirements without the use of technology. ACOs will base their reimbursement on trackable data that can be aggregated across a community of providers that are likely on hundreds of different systems. Try doing that on paper. It just won’t happen.

In fact, many people probably think that their EHR software will be enough to meet the needs of the ACO as well. I believe this to be a myth. Without a doubt, the EHR will play a major role in the gathering and distribution of the EHR data. However, unless you’re a homogeneous ACO with providers that are all on the same single instance of an EHR, you’re going to need a whole suite of services that connect, aggregate, and interpret the EHR data for the community of patients. Add on top of that the communication needs of an ACO and the care manager style tracking that will need to occur and it’s unlike your EHR is going to be up to the task of an ACO. They’ll be too busy dealing with meaningful use and EHR certification.

Let me highlight three places where an ACO will need technology:

Communication
One of the key needs in an ACO is quality communication. This communication will happen provider to provider, provider to care manager, provider to patient, and care manager to patient and vice versa. You can expect that this communication will be a mix of secure text messaging and secure emails. In some cases it will be facilitated by a patient portal, but most of the secure messaging platforms for healthcare are much slicker and more effective than a patient portal that so far patients have rarely used.

Are you using a next generation secure messaging system to communicate with other providers, your staff, and the patient? You’ll likely need to use one in an ACO.

Provider Data Aggregation
Much like paper charts won’t be enough in an ACO world, faxed documents won’t be enough either. Providers in an ACO will need to have patient data from across the entire community of ACO providers. At a minimum providers in an ACO will need to have their EHRs connected with Direct, but most will need to have some sort of outside HIE that helps transfer, aggregate and track all the data that’s available for a patient in the ACO.

The ACO and doctor will really benefit from all the patient data being available at the click of the button. Without it, I’m not sure that ACOs will be able to meet the required quality measures.

Patient Data Aggregation
While all of the providers will need to be sharing their patient data, I think most ACOs will benefit from aggregating patient data as well. At first the ACO won’t be aggregating all of the patient generated data that’s available. Instead, they’ll find a slice of their patient community where they can have the most impact. Then, they’ll work with those patients to improve the care they receive. This is going to require ACOs to receive and track patient generated data. Without it, the ACO won’t have any idea how it’s doing. With so many patients on mobile devices or with access to the internet, what an amazing opportunity we have to really engage with patients.

Those are just a few of the ways technology is going to be needed for the coming changes in healthcare reimbursement and the shift towards value based care in things we call ACOs. Far too many providers are sitting on the sidelines while they let ACOs settle into place. What a missed opportunity. The fact that the ACOs are rapidly changing means that if you participate and make your voice heard, you can help to shape the direction of them going forward. We definitely need more doctors involved in these conversations.

Medical Management Corporation of America, a leading provider of medical billing services, is a proud sponsor of EMR and HIPAA.

April-21-2014

17:18

In one of my recent interviews with a healthcare IT consulting company, they revealed some breaking news for those of us in the EHR world. They told me point blank that:

Meaningful Use is Not Covering Costs

Ok, so that’s not really breaking news. Although, it seems that very few people want to actually articulate this point. It almost feels like heresy that someone would “complain” about the fact that the government is spending $36 billion on EHR incentives and that the money isn’t enough to cover the implementation of these EHR systems.

Actually, I should clarify that last point. The EHR incentive money is covering the costs to purchase the systems. It’s not covering the costs of implementing those EHR systems and then poking, prodding and otherwise cajoling end users to show meaningful use of that system (not to be confused with meaningfully using the system).

Let me also be clear that I’m not complaining about the EHR incentive money. I’ve done enough of that previously. What I’m just trying to acknowledge is something that everyone who deals with the EHR budget already realizes, but no one seems to want to say it. Organizations are spending more money on EHR and meaningful use than they’re getting from the government.

I think this is important for a couple reasons. First, many organizations didn’t budget any EHR money beyond what the EHR incentive money. You can certainly argue this was a mistake on their part, but that’s going to leave a bunch of organizations in a lurch. We’re already seeing the fall out of this as news reports keep coming out about hospitals systems in financial trouble due to the costs of their EHR system. Plus, in each of these cases, it seems their costs continue to balloon out of control with no end in sight. It makes me wonder if the compressed meaningful use timeline is partially to blame for a rushed implementation and poor EHR implementation and cost planning.

Second, there is still a swash of providers and organizations that haven’t yet implemented their EHR. If you can’t support the cost of EHR with government money, how does that bode for those who won’t be getting any EHR incentive money? One could make the argument that they’ll actually be in a better position since they won’t have to worry about meaningful use and can just focus on getting value out of their EHR. Hopefully that’s the case, but many of the meaningful use functions are now hardcoded into the EHR systems. Even if an organization isn’t planning on attesting to meaningful use, that doesn’t mean they won’t be forced by their EHR software to do a bunch of things they wouldn’t have done otherwise.

What are you seeing from your perspective? Is the EHR incentive money covering the costs of an EHR implementation? What are the impacts if it doesn’t?

April-20-2014

23:54


I’m not sure I agree completely with this tweet. I don’t know enough about Covery My Meds to say either way. Although, I wondered if many EMRs will integrate with Covery My Meds. From my experience, EMR vendors don’t want to interface with many outside software companies. A few embrace outside companies interfacing with them. We’ll see if that changes over time.


I haven’t had a chance to look at this study yet, but did anyone think that quality of care would improve because of MU?


No doubt we’ll eventually have outside data from wellness tracking apps incorporated in EMR, but I don’t think it will ever be a free for all. There are tens of thousands of wellness apps and I don’t see doctors wanting data from just any app. They’ll want to only get data from apps they trust. That’s a high bar for most apps. Plus, once you win the trust of one doctor, you still have to win the trust of all the other doctors. There’s not a trusted third party that doctors look to for apps.

Blog url: 
http://www.emrandhipaa.com/

Follow Us: