Chris Strammiello, vice president of marketing and product strategy, Nuance.
Patient admissions and discharge processes implemented at many hospitals today are rife with vulnerabilities and potential HIPAA violations. One of the greatest challenges hospitals face is how they can successfully deliver on dual requirements to make the information in a patient’s electronic health record (EHR) more accessible while at the same time making it more secure, especially because of their reliance on paper, analog fax machines and unmonitored multi-function devices (MFDs).
Every time a document or form is copied, scanned, printed, faxed or emailed — on either an analog fax machine, digital MFD or mobile phone or tablet — a patient’s protected health information (PHI) can be accidentally exposed or intentionally compromised. In light of this, federal standards have now defined digital MFDs as workstations, where PHI must be protected with administrative, physical and technical safeguards that authenticate users, control access to workflows, maintain an audit trail of all activity and encrypt data at rest and in motion.
Healthcare organizations need to add a layer of security and control to electronic and paper-based patient admissions and discharge processes to help minimize the manual work and decisions that invite human error, automatically mitigate the risk of non-compliance and avoid the fines, reputation damage and other costs of HIPAA violations and privacy breaches.
As hospitals are rapidly approaching an FY 2015 deadline for meaningful use, they must demonstrate their “meaningful use” of certified EHR technology, including the ability to protect patients’ health information, or face reduced Medicare payments. The recent HIMSS Analytics survey found that despite the vast majority of hospitals reporting progress toward Stage 2 EHR, barely half of them — just 54 percent — were yet capable of protecting electronic health information, a required Core Objective in Stage 1.
Acting under provisions of HITECH, the Department of Health and Human Services Office of Civil Rights issued new rules in 2013 that enhance patients’ privacy protections, expand individuals’ rights to their health information and strengthen the government’s ability to enforce the law. One new development from these rules is that a security risk assessment tool prepared by the Office of the National Coordinator for Health Information Technology (ONC) mentions copiers 15 times as being workstations where PHI must be protected with administrative, physical and technical safeguards that authenticate users, control access to workflows, encrypt data handled on the device and maintain an audit trail of all activity.
Hospitals also need to conduct a risk assessment to identify threats and vulnerabilities (including copiers), implement and train workers in data loss protection (DLP) technology and procedures, and establish security incident reporting.
Dr. Sol Lizerbram has been co-founder and chairman of the board of HealthFusion since its inception in 1998. HealthFusion develops web-based, cloud computing software for physicians, hospitals and medical billing services. HealthFusion’s fully integrated solution includes MediTouch EHR and MediTouch PM. Dr. Lizerbram was a co-founder of a national physician practice management company, and served as chairman of its board of Directors from 1986 through July 1998. Dr. Lizerbram has been in the healthcare industry for more than 35 years, received a degree in pharmacy in 1970 from Long Island University, School of Pharmacy, and was licensed as a registered pharmacist in the states of New York and Pennsylvania. He obtained a medical degree from the Philadelphia College of Osteopathic Medicine in 1977.
He is board certified in family practice and is licensed as an osteopathic physician and surgeon in the states of Pennsylvania and California. Dr. Lizerbram was recognized by NASDAQ/Ernst & Young as the 1996 Entrepreneur of the Year in the healthcare industry. He was a trustee of the US Olympic Committee and is active as a committee member in the Jewish National Fund. Dr. Lizerbram was appointed by the California Insurance Commissioner to the Governing Committee of the Workers’ Compensation Insurance Rating Bureau, and appointed by the California Governor as a Commissioner to the Health Policy and Data Advisory Commission.
Here, he discusses HealthFusion, the technology he helps develop and how it’s being used by physicians, the future of health IT, interoperability and the rise of consumerism and the cloud, the survival of EHR companies.
Tell me more about yourself and your background. Why healthcare?
I was a pharmacist prior to attending medical school in Philadelphia. After completion of my medical training I moved to San Diego, where I practiced as a board certified family physician. After several years in practice, I was appointed as the medical director of Prudential PruCare in San Diego. Soon after, I began to see the need for software that would assist doctors in improving the health of our population.
In 1998 I helped to found HealthFusion with Dr. Seth Flam, our CEO and a fellow family physician, to make the practice of medicine simpler for physicians and their staff by finding novel methods of utilizing the Internet.
Our job is to create the software tools used by physicians to further the health of their patients. We are honored that each day thousands of providers use our healthcare software to help make someone’s life a little better.
I come from a family with a strong healthcare orientation; my brother and six cousins are all physicians. As a result, I had an interest in helping people with their healthcare needs and found it very interesting.
What do you see as the sector’s biggest issues and, technologically, how can we solve them?
One of the biggest issues in healthcare right now is interoperability, the ability to seamlessly exchange patient data between physicians, hospitals, diagnostics centers, etc. This communication has been a challenge in healthcare because it needs to be accomplished between disparate systems, but it’s vital to garnering full value from digital healthcare information for patients, and for improving population health.
I’m glad to say that we are already accomplishing this with HealthFusion’s MediTouch; as an example, we provide data exchange successfully between Miami Children’s Hospital systems and MediTouch in the community doctors’ offices.
The little spacecraft that flew for 10 years crossing millions of miles in space, bounced on a comet hurtling 84,000 mph, transmits tons of data for 64 hours, finally tells its handlers that it needs to take a nap. Hitting any kind of target after 10 years in space is an amazing feat by itself, but this project had many hurdles and changes since its inception.
Healthcare is transforming at a rapid pace. In the past 10 years that the Rosetta orbiter traveled with the Philae lander strapped to its side, electronic health records have been implemented, meaningful use instituted, the diverse and multiple roads of interoperability have been examined, but progress has been slow.
The Rosetta project had to plan for executing tasks 10 years in advance. The team also had to anticipate the problems that it would find when Philae did something that had never been done before—landing on a comet. Nearly all projects on Earth have been done before but the nature of a project’s progression varies.
Here are three events that occurred on the Rosetta project that analogous Earth-bound healthcare projects also face.
Major change pre-launch. A problem was discovered that caused the launch to be delayed. This in turn caused the chosen comet to be abandoned because the orbit window was missed. Another comet whose gravity and other differences were not accounted for in the design of Philae was selected. Would the lander survive the descent? The craft would need to be put in a 3-year hibernation to conserve energy on the new flight plan.
Response: Adjust to the change. A large health insurance company discovered a security flaw in a new application to enroll customers during dry run tests. The problem would have caused multiple HIPAA violations and the company would be subject to expensive fines. The project had to be delayed until a fix was in place in spite of publicity of the go live date.
Major changes prior to the launch of a project are best addressed immediately. There is much better control in the early stages of a project. Changes may affect scheduled milestones, but it is better to adjust dates early in the project and explain changes to executive supporters.
Guest post by Michael Simpson is the CEO of Caradigm.
It’s been five years since the HITECH Act was enacted as part of ARRA, and while there’s still a lot of debate about the technical details, rules and timelines involved with electronic health record (EHR) adoption and meaningful use, it’s clear that the focus on EHRs – and incenting hospitals and professionals to use EHRs in a meaningful way – represents a critical, foundational step in transforming health care in this country.
After all, meaningful use targets the right goals – goals that every hospital, health system and healthcare professional supports, including improved quality, safety and efficiency of care; reduced disparities; more engaged patients and families as core members of the care team; improved care coordination and population health; and more secure patient health information.
More important, the stages of meaningful use drive a set of progressively more advanced capabilities that are fundamental to achieving those goals. Digitizing data was the first critical step, and the good news is that according to a recent HHS press release, about 60 percent of all hospitals have adopted an advanced EHR, leaving the paper world behind. The next steps are sharing that data – securely – among providers and patients, reporting on quality to understand and improve it, using clinical decision support at the point of care, and many other capabilities critical to transforming care and outcomes. If providers and professionals meet meaningful use requirements, we should see more transparency, greater efficiency, reduced waste and more healthy people in our communities over time.
Stage 2 Challenges
It’s a long and challenging journey, and while hospitals and health systems are making good progress against Stage 1 requirements, very few are prepared for Stage 2. In fact, according to survey data from the American Hospital Association, fewer than 6 percent of hospitals have met the criteria for Stage 2, and only 10 percent have met the requirement for patients to be able to view, download and transmit their health information online.
Why are providers getting stuck as they try to move to Stage 2? Because as the requirements become more demanding – e.g., using clinical decision support, generating patient lists, protecting patient health information, engaging patients – these organizations need a new set of technology capabilities to meet those requirements. These capabilities leverage and extend the functionality and benefits of the EHR.
Moreover, to reach the ultimate goals targeted by Meaningful Use — improved quality, efficiency, outcomes and population health — providers will need to aim even higher than meeting the requirements of meaningful use stages, strategically using data from EHRs and myriad other systems across the care continuum to enable a new level of capabilities.
Since the Health Information Technology for Economic and Clinical Health (HITECH) Act was signed into law in February 2009, rural, community and critical access hospitals are turning to electronic health record (EHR) systems to receive significant incentive payments based on meeting meaningful use regulations. However, the impact on workflow makes achieving a return on investment (ROI) after implementation challenging. Additionally, the burden is placed on these hospital’s small IT departments to meet federally mandated deadlines such as meaningful use.
According to a 2014 HIMSS Analytics survey, 83 percent of healthcare providers are using cloud services. Compared to server-based networks, the cloud is especially beneficial to rural hospitals because of the lower upfront, implementation and maintenance costs, resulting in increased ROI. The cloud system’s pay-as-you-use method removes the need for expensive hardware, and the accessibility and security of patient records improves efficiency and patient care, allowing hospitals to prove they are meaningfully using EHR technology.
Implementation and Maintenance
Because of budgetary restraints, rural hospitals typically have outdated technology and some areas do not even have computers. Recently, I visited a hospital with only one computer on each floor and no EHR system in place at all. Because of this, these hospitals must implement user-friendly healthcare technology that is easily implemented across the network– even for clinicians with limited or no experience in a high-tech environment. This type of easy-to-use EHR systems not only improves patient care, but also helps hospitals qualify for federal incentive payments. However, time is running out. Hospitals only have one more year to receive incentives for being MU compliant. After this timeframe they not only won’t receive payments, but they will be penalized financially for not meeting regulations, which is especially detrimental to smaller hospitals.
Cloud-based solutions allow hospitals to deploy EHR systems quickly and at a lower cost. While server-based EHR systems can cost $40, 000 or more, a cloud network does not require any hardware to be installed on-site. Therefore, upfront, implementation and maintenance costs are much lower than a server-based solution. Less hardware means less opportunity for failure – thus, maintenance costs decrease drastically as the lifespan of a cloud-based system is much longer than a physical server solution.
Healthcare leaders from across the nation are renewing calls for the Centers for Medicaid and Medicare Services (CMS) to shorten the meaningful use (MU) reporting period in 2015 and provide more program flexibility, citing concerns with lower-than-expected Medicare numbers and continued reports detailing nationwide difficulty in meeting federal guidelines for electronic health records (EHR) requirements.
According to newly released CMS numbers, less than 17 percent of the nation’s hospitals have demonstrated Stage 2 capabilities. Further, less than 38 percent of eligible hospitals (EHs) and critical access hospitals (CAHs) have met either stage of meaningful use in 2014, highlighting the difficulty of program requirements and foretelling continued struggles in 2015. And while eligible professionals (EPs) have until the end of February to report their progress, only 2 percent have demonstrated Stage 2 capabilities thus far.
Officials from the American Medical Association (AMA), College of Healthcare Information Management Executives (CHIME), Healthcare Information and Management Systems Society (HIMSS) and Medical Group Management Association (MGMA) called the results disappointing, yet predictable.
“Meaningful use participation data released today have validated the concerns of providers and IT leaders. These numbers continue to underscore the need for a sensible glide-path in 2015,” said CHIME president and CEO Russell P. Branzell, FCHIME, CHCIO. “Providers have struggled mightily in 2014, in many instances for reasons beyond their control. If nothing is done to help them get back on track in 2015, we will continue to see growing dissatisfaction with EHRs and disenchantment with meaningful use.”
CMS data required by Congress indicate that more than 3,900 hospitals must meet Stage 2 measures and objectives in 2015 and more than 260,000 eligible professionals (EPs) will need to be similarly positioned by January 1, 2015. Given the low attestation data for 2014 and the tremendous number of providers required, but likely unable to fulfill, Stage 2 for a full 365-days in 2015, healthcare leaders have pressed for a shortened reporting period in 2015, mirroring the policy of 2014.
Health IT pain points seem to be lingering long despite the never ending promises and hope eternal new technology innovation seems to offer. Every sector has its prickles, no doubt, and much is left to overcome in healthcare, but given the complexity and the copious amount of change and development here, it’s of little surprise that pain is being felt.
What may be surprising, though, is that like patient engagement, there seems to be a different type of pain, and severity of pain, depending on who you ask.
With that, for greater clarity, I decided to ask some of health IT industry insiders what they’re pain points were and why. Their responses follow:
Dr. Trishan Panch, chief medical officer, Wellframe
One of the biggest pain points for hospitals is that we’ve come across a health system’s inability to scale care management resources. They are effective in improving outcomes when patients are engaged, but because of limitations around existing models (i.e. human interaction via phone or in-person) only a small proportion of the patient population can be engaged. That’s why organizations are turning to technology solutions to scale care management resources to reach more people.
One of the biggest pain points for physicians today is the lack of interconnectivity between different IT systems. Participation in the meaningful use program has helped create some common standards for communication but, for a variety of reasons, these have not yet lead to widespread, effective clinical data sharing. Few physicians can operate in the ecosystem of a single electronic medical record, since they often work in systems that are different, from practice, various hospitals and other places of care.
Interoperability is a pain point in healthcare IT, particularly when it comes to transitions in senior care. Connecting the care delivery ecosystem to provide safer transitions of care is critical to long-term care. While some individuals may require short-term rehabilitative care, others may need home-based care, assisted living or long-term and hospice care. As seniors move through these different stages or between acute care and post-acute care, these transitions pose challenges for healthcare providers. Ideally, all the information that clinicians need to treat the individual will be available when he arrives at his new destination. However, this is not always the case. Healthcare providers, both long-term and acute, must invest in an infrastructure that supports seamless transitions of care; interoperability plays a vital role. Connecting healthcare providers across the care continuum will allow for better health outcomes, help reduce unnecessary hospital re-admissions, as well as keep healthcare costs down.
There are various statistics about the negative impact paperwork has upon providing healthcare. The AHA has estimated it adds at least 30 minutes to every hour of patient care provided. A main pain point continues to be the ability for IT to implement efficient EHR systems. At the core of any EHR system are its image capture capabilities. It must be simple to use throughout the workflow process. This includes image capture, editing, saving and sharing. The capture, or scanning, must be speedy. Editing features must be clear in how to use. This minimizes learning curves at the start. It also optimizes the speed of processing documents during the life of its use. Easy saving to local or network locations should also enable simple and secure sharing too. When one, some or all of these areas stall, it can cripple the realization of benefits from digital document management.
Guest post by Tom S. Lee, Ph.D., CEO & Founder, SA Ignite.
If the few years since the onset of meaningful use haven’t been proof enough, the speed and unpredictability of regulatory change in the last five months has cemented our field’s status as truly not-for-the-feint-of-heart.
Yesteryear’s glacial rate of change in healthcare IT regulation is nowhere to be seen. May 2014 brought both a CMS reset of the ICD-10 transition deadline to October 1, 2015, and a proposed meaningful use rule to enable the use of 2011 edition certified EHR technology (CEHRT) to meet compliance in 2014. The summer then ended with the August 29th finalization of the 2014 meaningful use final rule, the ensuing disappointment that the mandated start of Stage 2 was not delayed and then the swift Congressional response in the form of the September 15th proposed Flex-IT Act to introduce quarterly meaningful use reporting for 2015; enough to spin heads more than once around.
What’s happened in the field since the publication of the final rule among provider organizations bring the phrase “threading the needle” to mind. To further illustrate, we have culled some sample issues from our client base of more than 8,000 providers, across more than 15 EHR brands, and representing numerous combinations of meaningful use stage, payment year and program. These issues, none of which yet have universal and clean solutions, span three areas for provider organizations as seen in the field: 1) properly adhering to the requirements of the final rule, 2) working within the constraints of what EHR vendors can deliver per the final rule’s timeline, and 3) redirecting or pausing organizational momentum for change on short notice.
Regarding the first consideration, note that the final rule requires that an organization attest that it is “not able to fully implement” 2014 Edition technology because of “delays in 2014 Edition CEHRT availability.” Although the rule outlines what does not meet this eligibility test, provider organizations have a persistent question about what documentation and conditions are sufficient to satisfy the test.
If for no other reason, the following open letter seems worthy of publication. It was sent by HIMSS to HHS’ secretary Sylvia Mathews Burwell on Sept. 30, 2014. The four-page letter, published below for your review, lays out the organization’s professional and political goals for the near term.
HIMSS makes three specific recommendations to HHS, suggesting to the feds where their attention should focus. HIMSS’ recommends immediately pulling three key policy levers: the EHR incentive program, interoperability leading to secure electronic exchange of health information, and electronic reporting of clinical quality measures (CQMs).
HIMSS also makes the strong recommendation for one three-month reporting period in 2015 for meaningful use, as well as publicly reminding HHS that there continues to be support efforts for interoperability. The letter does little than offer a pat on the back to HHS for its efforts, and says that HIMSS offers its support for everything HHS is doing, but the letter also serves as a real reminder that HIMSS is willing to flex a little muscle on behalf of its members if HHS doesn’t listen up or do a little falling in line.
To be clear, I have nothing against HIMSS; if they can get away with telling a federal organization how it is, that’s admirable. However, the letter is soaked with arrogance and bullishness, as if HIMSS is intentionally telling all in healthcare just how big and powerful it is, dammit. No doubt, this is the type of thing that’s gone on for years. I understand how lobbyists work; in fact, I’ve worked with them and understand their game. This is probably just the first time in a while I’ve seen such a blatant outreach effort. After all, it’s not like HHS doesn’t know who or what HIMSS as an organization is, but it seems strong in a nuanced way.
Judge for yourself and read the letter below. Are you a HIMSS member? What do you think of the organization’s power push?
On Sept. 4, 2014, the Centers for Medicare and Medicaid Services (“CMS”) published a final rule that, effective Oct. 1, 2014, implements changes to the Medicare and Medicaid Electronic Health Record Incentive Program in light of industry-wide difficulties in transitioning to EHR technology certified to the 2014 Edition EHR certification criteria (“2014 Edition CEHRT”) during calendar year 2014 for eligible professionals and fiscal year 2014 for eligible hospitals and critical access hospitals. CMS makes no changes to the existing 2014 reporting periods or the requirement in future reporting periods to report for a full year. This final rule also extends Stage 2 for an additional year for those providers first demonstrating meaningful use in 2011 or 2012. Instead of starting Stage 3 in 2016, those providers will now start Stage 3 in 2017. The timeframe for Stage 3 implementation by providers that first demonstrated meaningful use after 2012 is unchanged by this final rule.
Prior to these changes, providers were required to use 2014 Edition CEHRT to demonstrate either Stage 1 or Stage 2 meaningful use in 2014. The shortened 2014 attestation periods implemented in the 2012 final rule were aimed at helping providers make the transition from 2011 Edition CEHRT to 2014 Edition CEHRT, but delays affecting the availability of, and the ability of providers to implement, 2014 Edition CEHRT meant that many providers still might be unable to demonstrate meaningful use, despite their best efforts.
To provide some additional flexibility, CMS will now provide three alternatives routes to demonstrate meaningful use in 2014 for providers facing such difficulties: (1) using 2011 Edition CEHRT only, (2) using a combination of 2011 and 2014 Edition CEHRT, or (3) using 2014 Edition CEHRT for Stage 1 objectives and measures in 2014 for providers scheduled to begin Stage 2. These alternatives will also provide some flexibility in the objectives and measures that providers must meet to demonstrate meaningful use, as summarized in the chart below.