By: Eric Egnet, CIO

Hospitals and medical centers now have even more reason to be concerned about privacy and security as the new rulings, released last week, go into effect. Healthcare CIO’s need to heighten the attention they place on the protection of sensitive patient information as it pertains to access, storage, and transmission. This will need to be done in conjunction with their new focus on “meaningful use” which includes, CPOE and EHR upgrades and installations, clinical documentation, quality measures, and interoperability.

On Wednesday August 19th, HHS issued their “interim final” ruling that requires healthcare providers and health plans to alert individuals of unauthorized access to their unsecured electronic protected health information (PHI). This came just two days after a FTC rule was released which outlined similar requirements for personal health record (PHR) vendors, related PHR entities and third-party service providers.

Both of these interim rulings have been mandated by the very stringent privacy and security requirements outlined in the ARRA for HIPAA covered entities and business associates and certain non-HIPAA-covered entities. Try saying that fast five times!

The HHS and FTC worked collaboratively to make sure that the rules were in sync and written in such a way that they complimented one another. Requirements include:

• All entities that are covered by either of these rulings have 60 days to notify any individuals whose information was accessed without the proper authorization.
• If a large breach occurred, falling within the PHI rules, and 500 or more people involved, those entities must alert the press and media and either HHS or FTC, depending on which of the rulings they are subject to.
• If the size of the breach involved less than 500 people, those entities must record and log the incident and then contact and submit the breach findings to either HHS or FTC at the end of the year.

These “interim final” regulations will be in effect for 30 days after publication in the Federal Register on August 24th.

The HHS “interim final” regulations are available at http://www.federalregister.gov/OFRUpload/OFRData/2009-20169_PI.pdf.

The FTC “interim final” regulations are online at http://www.ftc.gov/os/2009/08/R911002hbn.pdf.

Read Eric's industry blog, InTheKnowCIO.

By: Eric Egnet, CIO

Healthcare CIO’s are all facing the new reality of HITECH. They are now or they soon will be assessing what needs to happen in order to bring their current EHR’s and existing systems’ interoperability up to the “meaningful use” guidelines.

There is a sense of urgency because “meaningful use” is set to be made into policy by early next year. From a healthcare perspective, that means tomorrow. Hospitals and physician practices who demonstrate meaningful use will qualify for some of the billions of dollars in incentives coming from the government, but CIO’s cannot wait for the “black and white” definition of meaningful use. They must start now if they hope to achieve meaningful use.

The definition of meaningful use is going to break down into four main categories: CPOE, clinical documentation, quality reporting, and system interoperability. CIO’s must assess their current and planned system implementations determining the best approach and/or combination while factoring in security, privacy, and HIPAA compliance.

All this must be accomplished during trying economic times. Plus, once the fuse is lit, resourcing these projects nationally will become a big challenge. The best thing Healthcare CIO’s can do is to be as proactive as possible and get their strategies, plans and projects in place while getting their C-Level Peers on board.

This is, after all, not only an IT initiative, but a directive for the entire organization, where every C-Level must be involved and will be held accountable.

The budget and execution of the HITECH compliance initiatives will transcend the entire organization. The key to accomplishing set goals will be measures. The measure of quality, system interoperability, and patient outcomes will be the true test of compliance. This coupled with the necessary security, privacy, and HIPPA standards, makes compliance a complex initiative at all levels.

Are all your colleagues ready to face “meaningful use” and all that it entails? What are you doing to prepare?

Has some of the “fog” lifted surrounding meaningful use and certification?

On August 14^th a slew of new recommendations were approved by the HIT Policy Committee including timelines for development and certification, the use of CPOE by providers, reported quality measures, etc. (from here). Among some of the concerns voiced in the article and within the comments of this summary, from CCHIT, is the seemingly rushed timeline that was adopted.

Do you think the government is moving too fast in the process of trying to enable healthcare enterprises across the US with EHRs?

“At the heart of this revolution, next to electronic medical records systems, sits the seemingly innocuous concept of computerized physician order entry. It's regarded as a way to improve patient safety while also upgrading provider organization operating efficiency.” – Bill Briggs in The Top 10 CPOE Challenges

A CPOE is one of the corner stones to healthcare information technology, so why is it so hard to get them implemented and accepted? Read about how physician resistance, top-down commitment, cost, changing workflow, developing order sets, time to enter orders, technology limits, measuring success, training, and managing expectations all play a role here .

To learn from one of our own VCSers , click here, and read about making the transition a little bit easier by standardizing your workflow process.

Do you have any tips or tricks for dealing with CPOE?

Right up there, in the top 10 healthcare IT catch phrases that are most popular right now is certification. Specifically, EHR certification. Certification goes beyond being a simple catch word or hot topic though. Hospitals and Ambulatory facilities will continue to shop for EHR systems that are “certified” in order to realize any benefit from HITech.

Currently, the only organization recognized by HHS that can issue certifications is the Certification Commission for Health Information Technology or CCHIT. The CCHIT is under close scrutiny now that there is $34 Billion dollars on the table…read about the challenges they face and what has been done or is going to be done to rectify those concerns.

The scheduled meetings for the HIT Policy Committee and the HIT Standards Committee are August 14^th and August 20^th, consecutively. While we’re all waiting with bated breath for their updated recommendations, let’s figure out what the difference is between the two committees.

According to the official HIT for HHS site (healthit.hhs.gov):

The Policy Committee “will make recommendations to the National Coordinator for Health Information Technology (HIT) on a policy framework for the development and adoption of a nationwide health information infrastructure, including standards for the exchange of patient medical information.”

The Standards Committee “is charged with making recommendations to the National Coordinator for Health Information Technology (HIT) on standards, implementation specifications, and certification criteria for the electronic exchange and use of health information.”

The meaning is in their names (how clever): Policy equals recommendations for government policies and Standards equals recommendations on certification.

What does make an EHR user friendly? From nine basic principles (such as simplicity, consistency, forgiveness and feedback) to methodologies behind evaluation and rating systems, the HIMSS EHR Usability Task Force produced an easy to follow guide: Defining and Testing EHR Usability.

In the interest of full disclosure, and to exercise our well deserved bragging rights: one of our Project Managers was on the task force and lent a hand behind the scenes for this much anticipated publication.

Do you want to know what's going on behind the scenes as the HIT Standards Committee refines their initial recommendations so that the ONC and CMS can include them in the interim final rule? Read this post by John Halamka, MD, CIO, CareGroup Health System, Harvard Medical School.

By: Marlene McCurdy PhD, PMP®, Practice Manager

A brief review of the HITECH Act of ARRA:

• February, 2009, President Obama signed the ARRA to improve the nation’s health care through HIT by promoting meaningful use of electronic health technology
• On July 16, 2009 the HIT Policy Committee (a part of DHHS) adopted a definition of “meaningful use” and recommended high level criteria for the certification process. On July 21, 2009 the HIT Standards Committee met and discussed the differences between the requirements for “meaningful use” and for “certification.” Now, the Office of the National Coordinator for Health Information Technology (ONC) and the Centers for Medicare and Medicaid Services (CMS) will consider the recommendations from both committees and draft regulations that will be released in December, 2009.
• As part of the President’s Stimulus Plan, funding for those providers (hospitals and individual providers) will become available beginning in 2011 through 2015 for those who are able to demonstrate meaningful use for a year prior to eligibility for funding. For example, to obtain funding in 2010, the provider must show meaningful use in 2009.
• It is estimated that an average of $4M to $6M will be available for hospitals; and $44,000 per individual provider in a provider practice (excluding the care provided primarily in hospital). Funding will be front-loaded, meaning that more dollars will be provided to eligible hospitals/providers in earlier years, with decelerating payments through 2015. If providers/hospitals are not compliant with meaningful use by 2015, CMS (Centers for Medicare and Medicaid Services) will impose financial penalties by reducing reimbursements. (Chart credited to John Lynn at www.emrandhipaa.com).

Example of Individual Physician Reimbursements Available Per Year

Example of Hospital Reimbursements Available Per Year

More details on the comprehensive act can be reviewed at www.cms.hhs.gov.

Financial Incentives for Acting Now

There is a financial incentive for hospitals and physician practices to move ahead now to establish meaningful use of their HIT well ahead of the 2010 deadline. You may be curious, though, of how providers can move forward with information technology while the definition of meaningful use is still in flux. Although the definition is not final, the HIT Policy Committee published initial recommendations, identifying 22 objectives that will qualify as meaningful use. (Source: www.HealthIT.hhs.gov) Among those recommendations are several broad areas that can be acted upon immediately, regardless of the final definition since it is clear that aspects of these must be implemented and in use to be eligible for ARRA funding.

• Use of a Certification Commission for HIT (CCHIT) Electronic Medical Record (EMR) application. Many vendors are upgrading their releases to meet certification standards.
• Ability to share information outside of the hospital/physician practice (referred to as Health Information Exchange – HIE – technology). For example, funding will be considered based on the organization’s ability to send information to national registries for quality comparisons.
• Ability to measure and report on patient safety, quality and outcomes. Although the ruling is not yet available on how healthcare providers obtain funding, it will likely be based on these factors.
• Full implementation of CPOE, with which many of us are very familiar. Seemingly, an obvious prerequisite given patient safety and quality thought to be inherent in CPOE environments, hospitals are still slow to adopt the practice. According to the HIMSS Analytics™ Database^© 2009, only 2.5% of hospitals have adopted CPOE and Clinical Decision Support as of 2008, primarily leaving ancillaries (lab, radiology, pharmacy), data repositories, medical vocabularies, document imaging and, to a lesser extent, minimal clinical documentation, accounting for most of the clinical automation statistics.

How Can Vitalize Consulting Solutions Create Value Now for Hospitals Who Wish to Take Advantage of ARRA Funding? Contact us at vcs@getvitalized.com or 610.444.1233 to find out.

Are you attending Siemens Innovations in Philly this week? 

After you attend the "Straight from the Hill… an Update on ARRA and Healthcare Reform" presentation by Mark Esherick, Director, Government Affairs, Siemens Healthcare...Don't forget to stop by our booth # 802.