Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

AMA’s Digital Health ‘Snake Oil’ Claim Creates Needless Conflict

Posted on June 22, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Earlier this month, the head of the American Medical Association issued a challenge which should resonate for years to come. At this year’s annual meeting, Dr. James Madara argued that many direct-to-consumer digital health products, apps and even EMRs were “the digital snake oil of the early 21st century,” and that doctors will need to serve as gatekeepers to the industry.

His comments, which have been controversial, weren’t quite as immoderate as some critics have suggested. He argued that some digital health tools were “potentially magnificent,” and called on doctors to separate useful products from “so-called advancements that don’t have an appropriate evidence base, or that just don’t work that well – or that actually impede care, confuse patients, and waste our time.”

It certainly makes sense to sort the digital wheat from the chaff. After all, as of late last year there were more than 165,000 mobile health apps on the market, more than double that available in 2013, according to a study by IMS Institute for Healthcare Informatics. And despite the increasing proliferation of wearable health trackers, there is little research available to suggest that they offer concrete health benefits or promote sustainable behavior change.

That being said, the term “snake oil” has a loaded historical meaning, and we should hold Dr. Madara accountable for using it. According to Wikipedia, “snake oil” is an expression associated with products that offer questionable or unverifiable quality or benefits – which may or may not be fair. But let’s take things a bit further. In the same entry, Wikipedia defines a snake oil salesman “is someone who knowingly sells fraudulent goods or who is themselves a fraud, quack or charlatan.” And that’s a pretty harsh way to describe digital health entrepreneurs.

Ultimately, though, the issue isn’t whether Dr. Madara hurt someone’s feelings. What troubles me about his comments is they create conflict where none needs to exist.

Back in the 1850s, when what can charitably be called “entrepreneurs” were selling useless or toxic elixirs, many were doubtless aware that the products they sold had no benefit or might even harm consumers. And if what I’ve read about that era is true, I doubt they cared.

But today’s digital health entrepreneurs, in contrast, desperately want to get it right. These innovators – and digital health product line leaders within firms like Samsung and Apple – are very open to working with clinicians. In fact, most if not all work directly with both staff doctors and clinicians in community practice, and are always open to getting guidance on how to support the practice of medicine.

So while Dr. Madara’s comments aren’t precisely wrong, they suggest a fear and distrust of technology which doesn’t become any 21st century professional organization.

Think I’m wrong? Well, then why didn’t the AMA leader announce the formation of an investment fund to back the “potentially magnificent” advances he admits exist? If the AMA did that, it would demonstrate that even a 169-year-old organization can adapt and grow. But otherwise, his words suggest that the venerable trade group still holds disappointingly Luddite views better suited for the dustbin of history.

Securing IoT Devices Calls For New Ways Of Doing Business

Posted on June 8, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

While new Internet-connected devices can expose healthcare organizations to security threats in much the same way as a desktop PC or laptop, they aren’t always procured, monitored or maintained the same way. This can lead to potentially major ePHI breaches, as one renowned health system recently found out.

According a piece in SearchHealtlhIT, executives at Intermountain Healthcare recently went through something of a panic when connected audiology device went missing. According to Intermountain CISO Karl West, the device had come into the hospital via a different channel than most of the system’s other devices. For that reason, West told the site, his team couldn’t verify what operating system the audiology device had, how it had come into the hospital and what its lifecycle management status was.

Not only did Intermountain lack some key configuration and operating system data on the device, they didn’t know how to prevent the exposure of stored patient information the device had on board. And because the data was persistent over time, the audiology device had information on multiple patients — in fact, every patient that had used the device. When the device was eventually located, was discovered that it held two-and-a-half years worth of stored patient data.

After this incident, West realized that Intermountain needed to improve on how it managed Internet of Things devices. Specifically, the team decided that simply taking inventory of all devices and applications was far from sufficient to protect the security of IoT medical devices.

To prevent such problems from occurring again, West and his team created a data dictionary, designed to let them know where data originates, how it moves and where it resides. The group is also documenting what each IoT device’s transmission capabilities are, West told SearchHealthIT.

A huge vulnerability

Unfortunately, Intermountain isn’t the first and won’t be the last health system to face problems in managing IoT device security. Such devices can be a huge vulnerability, as they are seldom documented and maintained in the same way that traditional network devices are. In fact, this lack of oversight is almost a given when you consider where they come from.

Sure, some connected devices arrive via traditional medical device channels — such as, for example, connected infusion pumps — but a growing number of network-connected devices are coming through consumer channels. For example, though the problem is well understood these days, healthcare organizations continue to grapple with security issues created by staff-owned smart phones and tablets.

The next wave of smart, connected devices may pose even bigger problems. While operating systems running mobile devices are well understood, and can be maintained and secured using enterprise-level processes,  new connected devices are throwing the entire healthcare industry a curveball.  After all, the smart watch a patient brings into your facility doesn’t turn up on your procurement schedule, may use nonstandard software and its operating system and applications may not be patched. And that’s just one example.

Redesigning processes

While there’s no single solution to this rapidly-growing problem, one thing seems to be clear. As the Intermountain example demonstrates, healthcare organizations must redefine their processes for tracking and securing devices in the face of the IoT security threat.

First and foremost, medical device teams and the IT department must come together to create a comprehensive connected device strategy. Both teams need to know what devices are using the network, how and why. And whatever policy is set for managing IoT devices has to embrace everyone. This is no time for a turf war — it’s time to hunker down and manage this serious threat.

Efforts like Intermountain’s may not work for every organization, but the key is to take a step forward. As the number of IoT network nodes grow to a nearly infinite level, healthcare organizations will have to re-think their entire philosophy on how and why networked devices should interact. Otherwise, a catastrophic breach is nearly guaranteed.

FHIR Product Director Speaks Out On FHIR Hype

Posted on June 6, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

To date, all signs suggest that the FHIR standard set has tremendous promise, and that FHIR adoption is growing by leaps and bounds. In fact, one well-connected developer I spoke with recently argues that FHIR will be integrated into ONC’s EHR certification standards by 2017, when MACRA demands its much ballyhooed “widespread interoperability.”

However, like any other new technology or standard, FHIR is susceptible to being over-hyped. And when the one suggesting that FHIR fandom is getting out of control is Grahame Grieve, FHIR product director, his arguments definitely deserve a listen.

In a recent blog post, Grieve notes that the Gartner hype cycle predicts that a new technology will keep generating enthusiasm until it hits the peak of inflated expectations. Only after falling into te trough of disillusionment and climbing the slope of enlightenment does it reach the plateau of productivity, the Gartner model suggests.

Now, a guy who’s driving FHIR’s development could be forgiven for sucking up the praise and excitement around the emerging standard and enjoying the moment. Instead, though, it seems that Grieve thinks people are getting ahead of themselves.

To his way of thinking, the rate of hype speech around FHIR continues to expand. As he sees it, people are “[making] wildly inflated claims about what is possible, (wilfully) misunderstanding the limitations of the technology, and evangelizing the technology for all sorts of ill judged applications.”

As Grieve sees it, the biggest cloud of smoke around FHIR is that it will “solve interoperability.” And, he flatly states, it’s not going to do that, and can’t:

FHIR is two things: a technology, and a culture. I’m proud of both of those things…But people who think that [interoperability] will be solved anytime soon don’t understand the constraints we work under…We have severely limited ability to standardise the practice of healthcare or medicine. We just have to accept them as they are. So we can’t provide prescriptive information models. We can’t force vendors or institutions to do things the same way. We can’t force them to share particular kinds of information at particular times. All we can do is describe a common way to do it, if people want to do it.

The reality is that while FHIR works as a means of sharing information out of an EHR, it can’t force different stakeholders (such as departments, vendors or governments) to cooperate successfully on sharing data, he notes. So while the FHIR culture can help get things done, the FHIR standard — like other standards efforts — is just a tool.

To be sure, FHIR seems to have legs, and efforts like the Argonaut Project — which is working to develop a first-generation FHIR-based API and Core Data Services specification — are likely to keep moving full steam ahead.

But as Grieve sees it, it’s important to keep the pace of FHIR work deliberate and keep fundamentals like solid processes and well-tested specifications in mind: “If we can get that right — and it’s a work in process — then the trough of despair won’t be as deep as it might.”

Vendors Bring Heart And Lung Sounds To EHR

Posted on June 3, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

In what they say is a first, a group of technology vendors has teamed up to add heart and lung sounds to an EMR. The current effort extends only to the drchrono EHR, but if this rollout works, it seems likely that other vendors will follow, as adding multimedia content to patient medical records is a very logical step.

Urgent care provider Direct Urgent Care, a Berkeley, CA-based urgent care provider with 30,000 patients, is rolling out the Eko Core Digital Stethoscope for use by physicians. The heart and lung sounds will be recorded by the digital stethoscope, then transmitted wirelessly to a phone- or tablet-based mobile app. The app, in turn, uploads the audio files to the drchrono HR.

Ordinarily, I’d see this as an early experiment in managing multimedia health data and leave it at that. But two things make it more interesting.

One is that the Eko Core sells for a relatively modest $299, which is not bad for an FDA-cleared device. (Eko also sells an attachment for $199 which digitizes and records sounds captured by traditional analog stethoscopes, as well as streaming those files to the Eko app.) The other is that the recorded sounds can be shared with remote specialists such as cardiologists and pulmonologists, which seems valuable on its face even if the data doesn’t get stored within an EMR.

Not only that, this rollout underscores a problem just been given too little attention. At present, what I’ve seen, few EMRs incorporated anything beyond text. Even radiology images, which have been digital for ages (and managed by sophisticated PACS platforms) typically aren’t accessible to the EMR interface. In fact, my understanding is that PACS data is another silo that needs to be broken down.

Meanwhile, medical practices and hospitals are increasingly generating data that doesn’t fit into the existing EMR template, from sources such as wearables, health apps and video consults. Neither EMR developers nor standards organizations seem to have kept up with the influx of emerging non-text data, so virtually none of it is being integrated into patient records yet.

In other words, not only is it interesting to note that an EMR vendor is incorporating audio into medical records, at a modest cost, it’s worth taking stock of what it can teach us about enriching digital patient records overall.

Eventually, after all, patients will be able to capture — with some degree of accuracy — multimedia content that includes not only audio, but also ultrasound recordings, EKG charts and more. Of course, these self-administered tests and will never replace a consult by a skilled clinician, but there certainly are situations in which this data will be relevant.

When you also bear in mind that the number of telemedicine consults being conducted is growing dramatically, and that these, too, offer insights that could become part of a patient’s chart, the need to go beyond text-based EMRs becomes even more evident.

So maybe the Eko/drchrono partnership will work out, and maybe it won’t. But what they’re doing matters nonetheless.

E-Patient Update: Using Digital Health For Collaborative Medication Management

Posted on June 1, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Recently, I had a medical visit which brought home the gap between how doctors and patients approach to medications. While the physician and his staff seemed focused on updating a checklist of meds, I wanted med education and a chance to ask in-depth self-management questions. And though digital health tools and services could help me achieve these goals, they didn’t seem to be on the medical group’s radar.

At this visit, as I waited to see the doctor, a nurse entered with a laptop on a cart. Consulting her screen, she read off my medication list and item by item, asked me to confirm whether I took the given medication. Then, she asked me to supply the name and dosage of any drugs that weren’t included on the list. Given that I have a few chronic conditions, and take as many as a dozen meds a day, this was an awkward exercise. But I complied as best I could. When a physician saw me later, we discussed only the medication he planned to add to the mix.

While I felt quite comfortable with both the nurse and doctor, I wasn’t satisfied with the way the medication list update was handled. At best, the process was clumsy, and at worst, it might have passed over important information on drug history, interactions and compliance. Also, at least for me, discussing medications was difficult without being able to see the list.

But at least in theory, digital health technology could go a long way toward addressing these issues. For example:

  • If one is available, the practice could use a medication management app which syncs with the EMR it uses. That way, clinicians could see my updates and ask questions as appropriate.
  • Alternatively, the patient should have the opportunity to review their medication list while waiting to be seen, perhaps by using a specialized patient login for an EMR portal. This could be done using a laptop or tablet on a cart similar to what clinicians use.
  • When reviewing their medication list, patients could select medications about which they have questions, delete medications they no longer take and enter meds they’ve started since their last visit.
  • At least for complex cases, patients should have an opportunity to do a telehealth consult with a pharmacist if requested. This would be especially helpful prior to adding new drugs to a patient’s regimen. (I don’t know if such services exist but my interest in them stands.)

To me, using digital health options to help patients manage their meds makes tremendous sense. Now that such tools are available, physicians can loop patients into the med management discussion without having to spend a lot of extra time or money. What’s more, collaboration helps patients manage their own care more effectively over the long term, which will be critical under value-based care. But it may not be easy to convince them that this is a good idea.

Unfortunately, many physicians see sharing any form of patient data as a loss of control. After all, in the past a chart was for doctors, not patients, and in my experience, that dynamic has carried over into the digital world. I have struggled against this — in part by simply asking to look at the EMR screen — but my sense is that many clinicians are afraid I’ll see something untoward, misinterpret a data point or engage in some other form of mischief.

Still, I have vowed to take better control of my medications, and I’m going to ask every physician that treats me to consider digital med management tools. I need them to know that this is what I need. Let’s see if I get anywhere!

Healthcare Execs Want To Collect More From Patients

Posted on May 26, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Every healthcare provider wants to get paid, of course. However, collecting the ever-growing portion of revenue that patients owe is tough, and getting tougher. That being said, the majority of providers recognize that they have a big problem and are working to boost the volume and speed of patient payments, a new study finds.

The study, which is sponsored by claims management and patient payments vendor Navicure in affiliation with Porter Research, connected with 300 of professionals, including practice administrators (36%), C-suite executives (25%) and billing managers (35%). Forty-one percent of organizations had 1 to 10 providers, 31% had 11 to 50 providers, 12% had 51 to 100 providers and 17% had more than 100 providers.

In responding to the survey, 63% of survey respondents said that patient payment processes were a high priority for their leadership teams. Their challenges in collecting from patients included patients’ inability to pay (31%), difficulty educating patients about the financial responsibility (26%) and slow-paying patients (25%).

It’s not surprising that collecting patient payments is a priority for many organizations. The study found that patient payment revenue made up 11% to 20% of total revenue for almost a third of organizations that responded. Twenty percent of organizations said patient payments accounted for 21% to 30% of total revenue, and for 23%, patient payments accounted for more than 31% of total revenue.

More than half (57%) of respondents said they educate patients about their financial responsibility, but only 42% said they always estimate the patient’s cost at the time of service. What’s more, few have implemented steps that might streamline payment. Sixty-two percent do not offer credit card on file programs, 52% don’t have automated payment plans in place, and 57% don’t send electronic statements to patients.

To address these issues, Navicure recommends that providers make several changes in their patient payment processes. These include viewing patients’ eligibility information prior to or at the time of service, collecting copays and outstanding balances, creating care estimates and enrolling patients in any available payment plans.

While the survey doesn’t address this issue directly, it also doesn’t hurt to make bills more readable. I’ve read accounts of some hospital billing departments and medical office staffers spending hours on the phone with patients going over charges. Not only does this frustrate the patients, and undermine their relationship with your organization, it wastes a lot of time. Cleaning up bill formats can go a long way toward smoothing out routine payment issues.

On that note, it probably makes sense to roll out patient-friendly billing technologies. More than 70% of respondents who have replaced paper statements with online bill payment and e-statements would recommend this technology to a peer, and 42% of respondents using automated payment plans were very or completely satisfied.

Ultimately, however, collecting more from patients probably calls for changes in policy, the research suggests. While 35% ask for a partial deposit before service, and 26% collect all of what a patient owes before service, 18% of respondents said they didn’t collect anything before prior to service, and 21% said they didn’t charge until claims were processed.

Steps In Integrating Patient-Generated Health Data

Posted on May 24, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

As the number of connected health devices in use has expanded, healthcare leaders have grappled with how to best leverage the data they generate. However, aside from a few largely experimental attempts, few providers are making active use of such data.

Part of the reason is that the connected health market is still maturing. With health tracking wearables, remote monitoring set-ups, mobile apps and more joining the chorus, it might be too soon to try and normalize all this data, much less harvest it for clinical use. Also, few healthcare organizations seem to have a mature strategy in place for digital health.

But technical issues may be the least of our problems. It’s important to note that providers have serious concerns around patient-generated health data (PGHD), ranging from questions about its validity to fears that such data will overwhelm them.

However, it’s possible to calm these fears, argues Christina Caraballo, senior healthcare strategist at Get Real Health.  Here’s her list of the top five concerns she’s heard from providers, with responses that may help put providers at ease:

  • Fear they’ll miss something in the flood of data. Add disclaimers, consent forms, video clips or easy-to-digest graphics clarifying what consumers can and can’t expect, explicitly limiting provider liability.
  • Worries over data privacy and security: Give consumers back some of the risk, by emphasizing that no medium is perfectly secure, including paper health records, and that they must determine whether the benefits of using digital health devices outweigh the risks.
  • Questions about data integrity and standardization: Emphasize that while the industry has made great process and standardization, interoperability, authentication, data provenance, reliability, validity, clinical value and even workflow, the bottom line is that the data still comes from patients, who don’t always report everything regardless of how you collect the data.
  • Concerns about impact on workflow: Underscore that if the data is presented in the right framework, it will be digestible in much the same way as other electronic medical data.
  • Resistance to pressure from consumers: Don’t demand that providers leverage PGHD out of the gate; instead, move incrementally into the PGHD management by letting patients collect data electronically, and then incorporate data into clinical systems once all stakeholders are on board.

Now, I’m not totally uncritical of Ms. Caraballo’s article. In particular, I take issue with her assertion that providers who balk at using PGHD are “naysayers” who “simply don’t want to change.” While there are always a few folks fitting this description in any profession, the concerns she outlines aren’t trivial, and brushing them off with vague reassurances won’t work.

Truthfully, if I were a provider I doubt I would be comfortable relying on PGHD, especially biometric data. As Ingrid Oakley-Girvan of Medable notes, wearables giant Fitbit was hit with a lawsuit earlier this year alleging that its heart rate monitoring technology is inaccurate, and I wouldn’t be surprised other such suits arise. Digital health trackers and apps have transitioned from novelty to quasi-official medical device very quickly — some might say too quickly – and being cautious about their output just makes sense.

Nonetheless, PGHD will play a role in patient care and management at some point in the future, and it makes sense to keep providers in the loop as these technologies progress. But rushing them into using such data would not be wise. Let’s make sure such technologies are vetted before they assume a routine role in care.

Joint Commission Now Allows Texting Of Orders

Posted on May 17, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

For a long time, it was common for clinicians to share private patient information with each other via standard text messages, despite the fact that the information was in the clear, and could theoretically be intercepted and read (which this along with other factors makes SMS texts a HIPAA violation in most cases). To my knowledge, there have been no major cases based on theft of clinically-oriented texts, but it certainly could’ve happened.

Over the past few years, however, a number of vendors have sprung up to provide HIPAA-compliant text messaging.  And apparently, these vendors have evolved approaches which satisfy the stringent demands of The Joint Commission. The hospital accreditation group had previously prohibited hospitals from sanctioning the texting of orders for patient care, treatment or services, but has now given it the go-ahead under certain circumstances.

This represents an about-face from 2011, when the group had deemed the texting of orders “not acceptable.” At the time, the Joint Commission said, technology available didn’t provide the safety and security necessary to adequately support the use of texted orders. But now that several HIPAA-compliant text-messaging apps are available, the game has changed, according to the accrediting body.

Prescribers may now text such orders to hospitals and other healthcare settings if they meet the Commissioin’s Medication Management Standard MM.04.01.01. In addition, the app prescribers use to text the orders must provide for a secure sign-on process, encrypted messaging, delivery and read receipts, date and time stamp, customized message retention time frames and a specified contact list for individuals authorized to receive and record orders.

I see this is a welcome development. After all, it’s better to guide and control key aspects of a process rather than letting it continue on underneath the surface. Also, the reality is that healthcare entities need to keep adapting to and building upon the way providers actually communicate. Failing to do so can only add layers to a system already fraught with inefficiencies.

That being said, treating provider-to-provider texts as official communications generates some technical issues that haven’t been addressed yet so far as I know.

Most particularly, if clinicians are going to be texting orders — as well as sharing PHI via text — with the full knowledge and consent of hospitals and other healthcare organizations — it’s time to look at what it takes manage that information more efficiently. When used this way, texts go from informal communication to extensions of the medical record, and organizations should address that reality.

At the very least, healthcare players need to develop policies for saving and managing texts, and more importantly, for mining the data found within these texts. And that brings up many questions. For example, should texts be stored as a searchable file? Should they be appended to the medical records of the patients referenced, and if so, how should that be accomplished technically? How should texted information be integrated into a healthcare organization’s data mining efforts?

I don’t have the answers to all of these questions, but I’d argue that if texts are now vehicles for day-to-day clinical communication, we need to establish some best practices for text management. It just makes sense.

OCR Cracking Down On Business Associate Security

Posted on May 13, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

For most patients, a data breach is a data breach. While it may make a big difference to a healthcare organization whether the source of a security vulnerability was outside its direct control, most consumers aren’t as picky. Once you have to disclose to them that the data has been hacked, they aren’t likely be more forgiving if one of your business associates served as the leak.

Just as importantly, federal regulators seem to be growing increasingly frustrated that healthcare organizations aren’t doing a good job of managing business associate security. It’s little wonder, given that about 20% of the 1,542 healthcare data breaches affecting 500 more individuals reported since 2009 involve business associates. (This is probably a conservative estimate, as reports to OCR by covered entities don’t always mention the involvement of a business associate.)

To this point, the HHS Office for Civil Rights has recently issued a cyber-alert stressing the urgency of addressing these issues. The alert, which was issued by OCR earlier this month, noted that a “large percentage” of covered entities assume they will not be notified of security breaches or cyberattacks experienced by the business associates. That, folks, is pretty weak sauce.

Healthcare organizations also believe that it’s difficult to manage security incidents involving business associates, and impossible to determine whether data safeguards and security policies and procedures at the business associates are adequate. Instead, it seems, many covered entities operate on the “keeping our fingers crossed” system, providing little or no business associate security oversight.

However, that is more than unwise, given that the number of major breaches have taken place because of an oversight by business associates. For example, in 2011 information on 4.9 million individuals was exposed when unencrypted backup computer tapes are stolen from the car of a Science Applications International Corp. employee, who was transporting tapes on behalf of military health program, TRICARE.

The solution to this problem is straightforward, if complex to implement, the alert suggests. “Covered entities and business associates should consider how they will confront a breach at their business associates or subcontractors,” and make detailed plans as to how they’ll address and report on security incidents among these group, OCR suggests.

Of course, in theory business associates are required to put their own policies and procedures in place to prevent, detect, contain and correct security violations under HIPAA regs. But that will be no consolation if your data is exposed because they weren’t holding their feet to the fire.

Besides, OCR isn’t just sending out vaguely threatening emails. In March, OCR began Phase 2 of its HIPAA privacy and security audits of covered entities and business associates. These audits will “review the policies and procedures adopted and employed by covered entities and their business associates to meet selected standard interpretation specifications of the Privacy, Security, and Breach Notification Rules,” OCR said at the time.

Time To Leverage EHR Data Analytics

Posted on May 5, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

For many healthcare organizations, implementing an EHR has been one of the largest IT projects they’ve ever undertaken. And during that implementation, most have decided to focus on meeting Meaningful Use requirements, while keeping their projects on time and on budget.

But it’s not good to stay in emergency mode forever. So at least for providers that have finished the bulk of their initial implementation, it may be time to pay attention to issues that were left behind in the rush to complete the EHR rollout.

According to a recent report by PricewaterhouseCoopers’ Advanced Risk & Compliance Analytics practice, it’s time for healthcare organizations to focus on a new set of EHR data analytics approaches. PwC argues that there is significant opportunity to boost the value of EHR implementations by using advanced analytics for pre-live testing and post-live monitoring. Steps it suggests include the following:

  • Go beyond sample testing: While typical EHR implementation testing strategies look at the underlying systems build and all records, that may not be enough, as build efforts may remain incomplete. Also, end-user workflow specific testing may be occurring simultaneously. Consider using new data mining, visualization analytics tools to conduct more thorough tests and spot trends.
  • Conduct real-time surveillance: Use data analytics programs to review upstream and downstream EHR workflows to find gaps, inefficiencies and other issues. This allows providers to design analytic programs using existing technology architecture.
  • Find RCM inefficiencies: Rather than relying on static EHR revenue cycle reports, which make it hard to identify root causes of trends and concerns, conduct interactive assessment of RCM issues. By creating dashboards with drill-down capabilities, providers can increase collections by scoring patients invoices, prioritizing patient invoices with the highest scores and calculating the bottom-line impact of missing payments.
  • Build a continuously-monitored compliance program: Use a risk-based approach to data sampling and drill-down testing. Analytics tools can allow providers to review multiple data sources under one dashboard identify high-risk patterns in critical areas such as billing.

It’s worth noting, at this point, that while these goals seem worthy, only a small percentage of providers have the resources to create and manage such programs. Sure, vendors will probably tell you that they can pop a solution in place that will get all the work done, but that’s seldom the case in reality. Not only that, a surprising number of providers are still unhappy with their existing EHR, and are now living in replacing those systems despite the cost. So we’re hardly at the “stop and take a breath” stage in most cases.

That being said, it’s certainly time for providers to get out of whatever defensive crouch they’ve been in and get proactive. For example, it certainly would be great to leverage EHRs as tools for revenue cycle enhancement, rather than the absolute revenue drain they’ve been in the past. PwC’s suggestions certainly offer a useful look on where to go from here. That is, if providers’ efforts don’t get hijacked by MACRA.