Hospitals and eligible professionals that have yet to meet their meaningful use requirements are facing a good news/bad news scenario. First the bad news: The clock is ticking, as major deadlines loom. The good news: It’s not too late to hop aboard the MU train, although some running might be required. If you’re among those seeking MU attestation this year, here are key points you need to know.
2014 Certified?
Before you take one more step, make sure your technology vendor is 2014 certified. Regardless of whether you are attesting to meaningful use Stage 1 or Stage 2, all eligible professionals (EPs) and eligible hospitals (EHs)/Critical Access Hospitals (CAHs) are now required to use an ONC 2014 Edition Certified technology to successfully attest to both MU1 and MU2.
You might have been under the impression that Stage 1 corresponds with the 2011 Edition and Stage 2 corresponds to the 2014 Edition. This is not the case, but your confusion is understandable.
What happened? When meaningful use was first introduced, the Centers for Medicare and Medicaid Services (CMS) published MU Stage 1 and the Office of the National Coordinator for Health Information Technology (ONC) published the 2011 Edition Certification; then MU Stage 2 and the 2014 Edition Certification Criteria were released within days of one another.
Two entities have paid the U.S. Department of Health and Human Services Office for Civil Rights (OCR) $1,975,220 collectively to resolve potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. These major enforcement actions underscore the significant risk to the security of patient information posed by unencrypted laptop computers and other mobile devices.
“Covered entities and business associates must understand that mobile device security is their obligation,” said Susan McAndrew, OCR’s deputy director of health information privacy. “Our message to these organizations is simple: encryption is your best defense against these incidents.”
OCR opened a compliance review of Concentra Health Services (Concentra) upon receiving a breach report that an unencrypted laptop was stolen from one of its facilities, the Springfield Missouri Physical Therapy Center. OCR’s investigation revealed that Concentra had previously recognized in multiple risk analyses that a lack of encryption on its laptops, desktop computers, medical equipment, tablets and other devices containing electronic protected health information (ePHI) was a critical risk.
While steps were taken to begin encryption, Concentra’s efforts were incomplete and inconsistent over time leaving patient PHI vulnerable throughout the organization. OCR’s investigation further found Concentra had insufficient security management processes in place to safeguard patient information. Concentra has agreed to pay OCR $1,725,220 to settle potential violations and will adopt a corrective action plan to evidence their remediation of these findings.
With a flourish of congressional shenanigans lifted almost word for word from the teleplay of Netflix’s House of Cards, the HHS-mandated 2014 transition to use of the ICD-10 coding classification was brought to a screeching one year “delay.” We are left, once again, with “at least” another year of collecting healthcare information via ICD-9, an awful but omnipresent healthcare coding system. And more concerning, we are left with the impression that diligent and expensive work to comply with rules in a host of other areas, such as meaningful use of electronic health records, could become abruptly irrelevant. The result of the delay is that not only do we have a significant number of long-time objectors to the change to ICD-10, but they are also joined by a surge of rightfully angry and dubious ‘compliers’ who put in time and investment dollars to meet the deadline. But there are also some additional considerations given the amount of time that has passed as we prepare to make the trip.
Is this trip still worth the aggravation and expense?
The major underlying rationale of moving to ICD-10 remains laudable: to provide greater clarity to our understanding of healthcare practices through the use of better industry standard, diagnosis codes. With more granular, relevant and precise core codes at the foundation, medical quality and effectiveness studies utilizing these codes for analysis and program development were to have benefitted dramatically.
Given that our desire to advance healthcare value and improve outcomes through accountable care practices (‘fee-for-value’) we must acknowledge our dependence on much better information collection for analysis than is possible from ICD-9[1]. Significant questions remain however, as to whether the move to ICD-10, using codes predominantly still entrenched to support fee-for-service billing processes will get us where we want to go. While we can hope the enhanced and detailed nature of ICD-10 might yield greater insight into the real value of our activities, this remains a particularly frail hope in light of the way we use the codes as revenue cycle fuel.
Maintaining blood supplies to meet the needs of the hospitals in the region is a key mandate for the Rhode Island Blood Center. The Center collects 250 pints of blood from donors to meet this commitment. To make it easy for donors, more than 3,000 mobile blood drives are held annually throughout the community.
While we have nurses and lab technicians to take care of the donors’ physical needs, it is my job as the IT Systems Manager at Rhode Island Blood Center to take care of their personal information. We gather this information from each donor at the mobile clinics and store it on laptops, so it is essential that we have safeguards in place to ensure the data is properly secured.
Data security is a key concern for the majority of healthcare organizations in the US. And like most organizations, Rhode Island Blood Center must follow regulatory guidelines and protect patient data.
My department is responsible for the IT and telecommunications equipment used at the remote blood drives and the six Center locations. The typical set-up includes a large number of Center-owned laptops where donor information is stored.
While most people arrive at a clinic and see the positive results of a community coming together and helping each other – all I see are laptops loaded with confidential information for which Rhode Island Blood Center is ultimately responsible. I know if even one laptop is lost or stolen, confidential donor information could be at risk.
Data at Risk
Reviewing daily healthcare news, it is clear that data breaches are a huge issue for healthcare organizations across the US, but bad press isn’t the only issue – many organizations face large non-compliance fines and damage to their reputation that can never be restored.
Guest post by Judy Chan, president, HealthPro Consulting.
Burgeoning EHR implementations nationwide attributable to the meaningful use incentive program have created a surge in HIO and electronic health information exchange (eHIE).
Having health information available for electronic exchange is generally accepted as beneficial to patients, providers and payers. Providers can access patient information from other providers when they need it where they need it. Providers are able to avoid duplicating lab tests, scans and x-rays that save the payers dollars. Additionally, patients don’t need to remember what treatments were administered or drugs prescribed and can avoid unnecessary exposure to radiation.
In emergency situations, the benefits of having a patient’s health information available to emergency room staff are obvious. Patients who have experienced referrals in the course of diagnosis and treatment also readily see the advantage of not having to hand-carry all of their medical records from one doctor’s office to the next. The electronic exchange of health information among providers eliminates faxes, paper work and phone calls.
Patient’s perspective
What makes the exchange of health information frightening to patients?
1. Your health information is available to others who have a legitimate need.
2. Consent must be given by the patient to share their information
3. You must trust the distributor of your information
4. You should monitor your data on a regular basis and make corrections when necessary
5. Information could be accidentally released without your permission.
6. Your consent is electronically recorded by multiple systems.
Do these risks sound familiar? They should because they are not very different from the risks that credit rating agencies that have recorded your financial transactions for years.
A recent study by mobile engagement provider Mobiquity, Inc has found that while 70 percent of people use mobile apps on a daily basis to track calorie intake and monitor physical activities, only 40 percent share data and insights with their doctors.
Working with an independent research firm, Mobiquity’s “Get Mobile, Get Healthy: The Appification of Health & Fitness” study reveals the opportunity for healthcare professionals and organizations to leverage mobile to drive positive behavior change and healthier patient outcomes. According to the survey, 34 percent of mobile health and fitness app users said they would increase their use of apps if their doctors actively recommended it.
According to Mobiquity’s research,73 percent of people claim to be healthier by using a smartphone and apps to track their health and fitness. Fifty three percent discovered they were eating more calories than they realized. Sixty-three percent intend to continue, and even increase, their mobile health tracking in the next five years; 55 percent of today’s mobile health app users also plan to introduce wearable devices like pedometers, wristbands and smartwatches to their health monitoring in coming years.
Smartphone health tracking trumps social networking
For many, using a smartphone to track their health and fitness is more important to them than using their phone for social networking (69 percent), mobile shopping (68 percent), listening to music (60 percent) and making/receiving phone calls (30 percent).
But there’s room for improvement
What’s stopping people from using their health and fitness apps more? Doctor recommendations would be a big motivator, said 34 percent. Privacy was also a concern for 61 percent. But the chief reason people quit using these apps is simply because they forget – something that could and should be addressed by app developers to ensure health apps are less disposable.
“Our study shows there’s a huge opportunity for medical professionals, pharmaceutical companies and health organizations to use mobile to drive positive behavior change and, as a result, better patient outcomes,” said Scott Snyder, president and chief strategy officer at Mobiquity. “The gap will be closed by those who design mobile health solutions that are indispensable and laser-focused on users’ goals, and that carefully balance data collection with user control and privacy.”
Mobiquity commissioned independent research firm Research Now to survey 1,000 consumers who use, or plan to use, health and fitness mobile apps. The study was conducted between March 5-11, 2014.
Guest post by Darin VanderWell, Director of Product, DocuTAP.
Rumors about the next phase of the Centers for Medicare and Medicaid Services (CMS) EHR Incentive Program has prompted concern among healthcare providers. To truly understand meaningful use Stage 3 and its impact, it is important to differentiate between the rumors and the truth.
The final rule for meaningful use Stage 3 has yet to be published, so discussion on its effects are based on available drafts. Even those drafts are in question since the December 2013 announcement that Stage 3 would be delayed until 2017. One reason cited was to allow more time to research the impacts of Stage 2 before finalizing Stage 3. The delay will be particularly important for that research, since compared to Stage 1, 2011 Edition, there are so few Stage 2 vendors certified currently.
As for what is expected, the attention turns from data capture and access (Stage 1) and information exchange (Stage 2) to improved outcomes in Stage 3. One expected goal is to simplify and reduce the reporting requirements on those attesting. Some of that change can be achieved by consolidating the program’s current objectives, which I expect hospitals and providers will welcome, provided it truly reduces the reporting burden and does not coincide with other, new objectives and reporting requirements.
Stage 3’s goal of improving outcomes will be incredibly interesting – through November 2013, CMS had disbursed nearly $18 billion in incentive payments. Until now, the program’s success has been judged by the number of participants adopting certified EHRs. At some point during Stage 3 (or thereafter), we will know whether those payments have truly improved outcomes.
For physicians’ practices in the 21st century, connectivity is the buzzword. Getting doctors connected to data, patients connected to healthcare providers, and practices connected to networks are just a few of the web-fueled scenarios coming down the pike.
The Health Information Technology for Economic and Clinical Health (HITECH) Act is a game changer and affects just about every aspect of modern medical care. HITECH, part of the American Recovery and Reinvestment Act of 2009, promotes the adoption and meaningful use of health information technology.
As is often the case with a shift this monumental, there are both benefits and challenges of connected healthcare that practice groups will have to address. First, let’s take a look at some of the benefits.
1. Join the Digital Revolution. Just as other industries that went digital years ago, healthcare benefits from the streamlining offered by a networked environment. Clinical interoperability of healthcare IT lowers costs and enhances efficiency by facilitating the comprehensive exchange of health information between care providers, hospitals and patients. The trend is toward innovation in healthcare as the industry as a whole responds to consumer demands and government reforms.
2. Safety in Numbers. As of 2013, more than 323,000 American medical practices and hospitals adopted EHRs and attested as meaningful users, indicating a 266 percent increase over 2012, according to CMS statistics. However, even with this upsurge in participation, those numbers represent only a small percentage of US hospitals that currently keep electronic records and contribute to the health information exchange. So, while the risk of being an early adopter is largely gone, your practice group could still be near the front of the adoption wave.
3. It’s easier. As you can see from the statistics in the previous point, healthcare IT adoption is in an early phase, and for most practices, there is a lack of centralization. To help elucidate the complexity of the system, look no further than the state of Florida, where there are at least 672 EHR vendors. Connecting health information digitally creates a central database that greatly simplifies the process of storing and retrieving all patient data. It’s like finding the needle in the haystack every time.
A recent study by mobile engagement provider 