Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Are Changes to Meaningful Use Certification Coming?

Posted on February 10, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’d been meaning to write about the now infamous letter from the AMA and 20 other associations and organizations to Karen DeSalvo (ONC Chair and Assistant HHS Secretary). I’ve put a list of the organizations and associations that co-signed the letter at the bottom of this post. It’s quite the list.

In the letter they make these recommended changes to the EHR certification program:

1. Decouple EHR certification from the Meaningful Use program;
2. Re-consider alternative software testing methods;
3. Establish greater transparency and uniformity on UCD testing and process results;
4. Incorporate exception handling into EHR certification;
5. Develop C-CDA guidance and tests to support exchange;
6. Seek further stakeholder feedback; and
7. Increase education on EHR implementation.

Unfortunately, I don’t think that many of these suggestions can be done by Karen and ONC. For example, I believe it will take an act of Congress in order to decouple EHR certification from the meaningful use program. I don’t think ONC has the authority to just change that since they’re bound by legislation.

What I do think they could do is dramatically simplify the EHR certification requirements. Some might try to spin it as making the EHR certification irrelevant, but it would actually make the EHR certification more relevant. If it was focused on just a few important things that actually tested the EHR properly for those things, then people would be much more interested in the EHR certification and it’s success. As it is now, most people just see EHR certification as a way to get EHR incentive money.

I’ll be interested to see if we see any changes in EHR certification. Unfortunately, the government rarely does things to decrease regulation. In some ways, if ONC decreases what EHR certification means, then they’re putting their colleagues out of a job. My only glimmer of hope is that meaningful use stage 3 will become much more simpler and because of that, EHR certification that matches MU stage 3 will be simpler as well. Although, I’m not holding my breathe.

What do you think will happen to EHR certification going forward?

Organizations and Associations that Signed the Letter:
American Medical Association
AMDA – The Society for Post-Acute and Long-Term Care Medicine
American Academy of Allergy, Asthma and Immunology
American Academy of Dermatology Association
American Academy of Facial Plastic
American Academy of Family Physicians
American Academy of Home Care Medicine
American Academy of Neurology
American Academy of Ophthalmology
American Academy of Otolaryngology—Head and Neck Surgery
American Academy of Physical Medicine and Rehabilitation
American Association of Clinical Endocrinologists
American Association of Neurological Surgeons
American Association of Orthopaedic Surgeons
American College of Allergy, Asthma and Immunology
American College of Emergency Physicians
American College of Osteopathic Surgeons
American College of Physicians
American College of Surgeons
American Congress of Obstetricians and Gynecologists
American Osteopathic Association
American Society for Radiology and Oncology
American Society of Anesthesiologists
American Society of Cataract and Refractive Surgery and Reconstructive Surgery
American Society of Clinical Oncology
American Society of Nephrology
College of Healthcare Information Management Executives
Congress of Neurological Surgeons
Heart Rhythm Society
Joint Council on Allergy, Asthma and Immunology
Medical Group Management Association
National Association of Spine Specialists
Renal Physicians Association
Society for Cardiovascular Angiography and Interventions
Society for Vascular Surgery

Meaningful Use Audit Advice

Posted on January 30, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

In response to my post on Meaningful Use Audits and the Inconsistent Appeals Process, Todd Searls. Executive Director at Wide River LLC, offered this interesting meaningful use audit advice on LinkedIn:

We’ve assisted numerous clinics and hospitals through their audits, and you’re absolutely correct John. Those clinics that have the people and processes already in place, this ends up (most of the time), being a non -issue, just time consuming. However, we have clients that have undergone significant changes since 2011 and now that they are being audited, the changes are coming back to haunt them since tracking MU documentation through the changes may not have been the highest priority.

Even those clinics that have the right documentation are now finding that they shouldn’t just mail the documents in bulk to the auditors unless they’ve spent time creating a good summary document which clearly defines each and every appendix document being sent. Case in point, we had one clinic call us to help them with their appeal for a failed audit. When we engaged we spent a few hours trying to determine why they failed the audit since the documents they had on file to support their attestation were excellent. Then we reviewed how they sent them in (in just one mass mailing with no cover letter or explanation beyond a title for each document (ie, In Reference to Measure 2)).

Once we created a clear cover letter and resubmitted, they were notified very quickly that their appeal was successful. The clinic had mixed feelings – great that they passed, but unhappy about having to ‘mind-read’ the preferred format that the auditor was looking for. Right or wrong, many clinics are in the same place – frustrated with the process.

I don’t know anyone who enjoys an audit. However, an audit can at least be bearable if it’s clear what’s expected in the audit. I think we’re going to have a lot more stories about meaningful use audits coming down the pipe. Hopefully Todd’s advice helps some who run into a meaningful use audit.

CMS Listens to Those Calling for a 90 Day Meaningful Use Reporting Period

Posted on January 29, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I think that most of us in the industry figured this was just a matter of time, but it’s nice that we were right and CMS is working to modify the requirements and reporting periods for meaningful use. I imagine they heard all the many voices that were calling for a change to meaningful use stage 2 and it’s just taken them this long to work through the government process to make it a reality.

Before I act like this change is already in place, CMS was very specific in the wording of their announcement about their “intent to modify requirements for meaningful use” and their “intent to engage in rulemaking” in order to make these “intended” changes. Basically they’re saying that they can just change the rules. They have to go through the rule making process for these changes to go into effect. That said, I don’t think anyone doubts that this will make it through the rule making process.

Here’s the modifications that they’re proposing:

  1. Shortening the 2015 reporting period to 90 days to address provider concerns about their ability to fully deploy 2014 Edition software
  2. Realigning hospital reporting periods to the calendar year to allow eligible hospitals more time to incorporate 2014 Edition software into their workflows and to better align with other quality programs
  3. Modifying other aspects of the programs to match long-term goals, reduce complexity, and lessen providers’ reporting burden

They also added this interesting clarification and information about the meaningful use stage 3 proposed rule:

To clarify, we are working on multiple tracks right now to realign the program to reflect the progress toward program goals and be responsive to stakeholder input. Today’s announcement that we intend to pursue the changes to meaningful use beginning in 2015 through rulemaking, is separate from the forthcoming Stage 3 proposed rule that is expected to be released by early March. CMS intends to limit the scope of the Stage 3 proposed rule to the requirements and criteria for meaningful use in 2017 and subsequent years.

I think everyone will welcome a dramatic simplification of the meaningful use program. The above 3 changes will be welcome by everyone I know.

In the email announcement for this, they provided an explanation for why they’re doing these changes:

These proposed changes reflect the Department of Health and Human Services’ commitment to creating a health information technology infrastructure that:

  • Elevates patient-centered care
  • Improves health outcomes
  • Supports the providers who care for patients

Personally, I think they saw the writing on the wall and it wasn’t pretty. Many organizations were going to opt out of meaningful use stage 2. These changes were needed and necessary for many organizations to continue participating in meaningful use. They believe meaningful use will elevate patient-centered care, improve health outcomes, and support the providers who care for patients. I’m glad they finally chose to start the rulemaking process to make the changes. I think many that started meaningful use can still benefit from the rest of the incentive money and will be even happier to avoid the penalties.

A Meaningful Use Update

Posted on November 6, 2014 I Written By

The following is a guest post by Barry Haitoff, CEO of Medical Management Corporation of America.
Barry Haitoff
We’re deep in the heart of meaningful use. Every organization has likely evaluated their participation in meaningful use and knows their path forward. While the meaningful use program is quite mature, the regulations are still shifting as various organization push forward their agendas. It’s important to keep an eye on these shifts so you can plan appropriately for your organization. Here are three meaningful use items you should keep an eye on since they could have a significant impact on your clinic:

Flex-IT Act – For those not familiar with this act, it would change the attestation period for meaningful use stage 2 from 365 days to only 90 days. This act is being backed by some very strong healthcare organizations including a call from the AMA, CHIME, HIMSS, and MGMA to make this change. As is noted by these organizations, very few hospitals have attested to meaningful use stage 2 and only 2 percent of eligible providers have attested to meaningful use stage 2 so far (they do have until the end of February).

If the meaningful use stage 2 numbers continue on this trend, CMS will need to do something or risk having the program be labeled a failure. It’s hard to predict what will happen (or not happen) in Washington, but the pressure to change the meaningful use stage 2 reporting periods to 90 days is growing. Poor meaningful use stage 2 attestation numbers could very well push this issue over the edge.

EHR Penalty Hardship Exemption – In case you missed it, CMS reopened the meaningful use hardship exception period. Originally you had to file for a meaningful use hardship exception by July 1, 2014, but you now have until November 30, 2014 to apply for an exception. This is a big deal for those who likely didn’t know they’d need an exception for meaningful use.

While this exception is related to the EHR certification flexibility (ie. your EHR vendor software isn’t ready for you to implement and attest), many have wondered if we won’t see more ways for organizations to avoid the coming meaningful use penalties. These prognosticators suggest that if meaningful use stage 2 numbers continue to be as awful as what’s described above, it’s possible that the government will provide some relief from the meaningful use penalties. As of now, the meaningful use penalties are coming, so you better be prepared.

AMA’s Meaningful Use Letter – The AMA has a strong political voice in Washington and they’ve recently decided to tackle meaningful use head on. They’ve put their efforts into a Meaningful Use Blueprint that calls for more flexibility in the meaningful use program. Without going into all the line by line details, the AMA is asking CMS to:

  • Adopt a More Flexible Approach to Meaningful Use and move away from the current All or Nothing approach to Meaningful Use
  • Align the quality measures, reporting burden and overlapping penalties that exist across programs (Meaningful Use, PQRS, Value Based Reimbursement, etc)
  • Focus Meaningful Use and EHR certification on key areas like Interoperability

None of these issues have been put into action by CMS or ONC yet, but I believe this blueprint provides the framework for the AMA’s lobbying efforts. Therefore, it’s a strong indicator of where the meaningful use program might be going. I expect the majority of these suggestions would be welcome by doctors unless they’ve already gone off the meaningful use deep end and given up on meaningful use altogether. However, you don’t want to be caught flat footed if and when changes to the meaningful use program occur.

Security Risk Assessment
This is not really a change to meaningful use, but a reminder that many organizations have not paid appropriate attention to the HIPAA security risk assessment which is required as part of meaningful use. Far too many organizations check this check box during their meaningful use attestation without actually doing a proper security risk assessment. This is coming back to haunt many organizations during their meaningful use audit.

In case you missed it, you might want to start with the Security Risk Analysis Myths and Facts that EMR and HIPAA posted previously. It covers such topics as security risk analysis’ being optional (they’re not) and your installed certified EHR takes care of your risk analysis (more is required). This CMS FAQ offers more details on what needs to be done to meet this meaningful use requirement. For example, you need to do a security risk analysis ever year you attest to meaningful use. Make sure you take the time to do an appropriate risk assessment of your organization.

What other meaningful use trends and changes do you see on the horizon? What other things should we be considering as we plan our meaningful use future?

Medical Management Corporation of America, a leading provider of medical billing services, is a proud sponsor of EMR and HIPAA.

RIP CCHIT

Posted on October 29, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

CCHIT announced that it was ending 10 years of service.

Today, the Certification Commission for Health Information Technology (CCHIT) announced that it is winding down all operations beginning immediately. All customers and business colleagues have been notified, CCHIT staff is assisting in transitions, and all work will be ended by November 14, 2014.

Alisa Ray made these comments in the announcement:

“We are concluding our operations with pride in what has been accomplished”, said Alisa Ray, CCHIT executive director. “For the past decade CCHIT has been the leader in certification services, supported by our loyal volunteers, the contribution of our boards of trustees and commissioners, and our dedicated staff. We have worked effectively in the private and public sectors to advance our mission of accelerating the adoption of robust, interoperable health information technology. We have served hundreds of health IT developers and provided valuable education to our healthcare provider stakeholders.”

“Though CCHIT attained self-sustainability as a private independent certification body and continued to thrive as an authorized ONC testing and certification body, the slowing of the pace of ONC 2014 Edition certification and the unreliable timing of future federal health IT program requirements made program and business planning for new services uncertain. CCHIT’s trustees decided that, in the current environment, operations should be carefully brought to a close”, said Ray.

The announcement also said that CCHIT would be donating its remaining assets to the HIMSS Foundation. Makes sense since HIMSS kind of gave them a partial home the past few months as they tried to save the jobs of the many who worked at CCHIT. Credit should go to Alisa Ray for all she did to try and give those who worked at CCHIT a soft landing.

Long, long time readers of this blog will remember my long blog posts talking about CCHIT and the lack of value that they provided the EHR industry. I believed then and even now that EHR certification was more of a tax on the industry than it was something that provided value to the market. They told me it provided some assurance to the purchaser of the EHR, but I never saw such assurances.

Once EHR certification was made part of meaningful use and the HITECH act, it basically made CCHIT irrelevant. Although, I still think that EHR certification in its current state doesn’t provide value to organizations and I’d love to see it go away. Sadly, there’s some legislation which is pushing the opposite direction.

While I disagreed with CCHIT’s approach to EHR certification and the value they provided, I do think there were good people who worked there that had good intentions even if we disagreed on the approach. I hope they all land somewhere great.

CMS’ HIPAA Risk Analysis Myths and Truths

Posted on October 21, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’ve been writing about the need to do a HIPAA Risk Assessment since it was included as part of meaningful use. Many organizations have been really confused by this requirement and no doubt it will be an issue for many organizations that get a meaningful use audit. It’s a little ironic since this really isn’t anything that wasn’t already part of the HIPAA security rule. Although, that illustrates how well we’re doing at complying with the HIPAA security rule.

It seems that CMS has taken note of this confusion around the HIPAA risk assessment as well. Today, they sent out some more guidance, tools and resources to hopefully help organizations better understand the Security Risk Analysis requirement. Here’s a portion of that email that provides some important clarification:

A security risk analysis needs to be conducted or reviewed during each program year for Stage 1 and Stage 2. These steps may be completed outside OR during the EHR reporting period timeframe, but must take place no earlier than the start of the reporting year and no later than the end of the reporting year.

For example, an eligible professional who is reporting for a 90-day EHR reporting period in 2014 may complete the appropriate security risk analysis requirements outside of this 90-day period as long as it is completed between January 1st and December 31st in 2014. Fore more information, read this FAQ.

Please note:
*Conducting a security risk analysis is required when certified EHR technology is adopted in the first reporting year.
*In subsequent reporting years, or when changes to the practice or electronic systems occur, a review must be conducted.

CMS also created this Security Risk Analysis Tipsheet that has a lot of good information including these myths and facts which address many of the issues I’ve seen and heard:
CMS HIPAA Security Risk Analysis Myths and Facts

Finally, it’s worth reminding people that the HIPAA Security Risk Analysis is not just for your tech systems. Check out this overview of security areas and example measures to secure them to see what I mean:
CMS HIPAA Security Risk Analysis Overview

Have you done your HIPAA Risk Assessment for your organization?

Meaningful Use Hardship Exceptions Reopened

Posted on October 8, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

CMS has announced its intent to reopen the Meaningful Use Hardship Exceptions filing period and set the new deadline for MU hardship exceptions to November 30, 2014. With the new hardship exception extension, providers can now choose from a number of reasons why they were unable to attest in time. Here’s the details from the CMS announcement:

This reopened hardship exception application submission period is for eligible professionals and eligible hospitals that:
* Have been unable to fully implement 2014 Edition CEHRT due to delays in 2014 Edition
CEHRT availability; AND
* Eligible professionals who were unable to attest by October 1, 2014 and eligible hospitals that were unable to attest by July 1, 2014 using the flexibility options provided in the CMS 2014 CEHRT Flexibility Rule.

These are the only circumstances that will be considered for this reopened hardship exception
application submission period.

This is a big move since the meaningful use hardship exceptions deadline for hospitals was April 1, 2014 and July 1, 2014 for eligible professionals. I imagine there are many organizations that will benefit from this extension. Although, there are probably quite a few organizations that wish they’d known about this exception before now or that think the exceptions are too narrow (ie. they can’t benefit from them).

What are your thoughts on this extension?

What If Meaningful Use Were Created by Doctors?

Posted on September 17, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

It’s safe to say that meaningful use is growing through its challenges right now. My post yesterday about killing meaningful use and the new Flex-IT Act should be illustration enough. While it’s easy to play Monday Morning Quarterback on meaningful use, I think it’s also valuable to consider what meaningful use could have been and then use that to consider how we can still get there from where we are today.

Many of you might have read my post on The Purpose of the EHR Incentive Program Accordign to CMS. CMS clearly stats that the purpose of the EHR incentive money and meaningful use is to move providers towards advanced use of health IT to:

  • Support Reductions in Cost
  • Increase Access
  • Improve Outcomes for Patients

This has very clearly been CMS’ goal and it’s reflected in what we now know today as meaningful use. Let’s think about those from a physician perspective.

Support Reductions in Cost – So, you’re going to pay me less for doing the same work?

Increase Access – So, you’re going to send me patients who can’t pay their bill? Or does this mean I have to do more work making my records accessible?

Improve Outcomes for Patients – Every doctor can support this. However, many are skeptical (with good reason) that the various elements of meaningful use really do improve outcomes for patients.

If I were to step back and think what a doctor might consider meaningful use of an EHR system, this might be what they’d list (in no particular order):

  • More Efficient
  • Improved Care
  • Increased Revenue

More Efficient – Will the technology help me see patients more efficiently? Will it allow me to spend more time with the patient?

Improved Care – Will the technology help me be a better doctor? Will the technology help me make better use of my time with the patient?

Increased Revenue – Will the technology help me get paid more? Will the technology lower the cost of my malpractice insurance and reduce that risk? Will the technology create new revenue streams beyond just churning patient visits?

I’m sure there are other things that could be listed as well, but I think the list is directionally accurate. When you look at these two lists, there’s very clearly a major disconnect between what end users want and what meaningful use requires. With a lot of the EHR incentive money already paid out, this divide has become a major issue.

Killing Meaningful Use and Proposals to Change It

Posted on September 16, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Isn’t it nice that National Health IT Week brings people together to complain about meaningful use? Ok, that’s only partially in jest. Marc Probst, CIO of Intermountain and a member of the original meaningful use/EHR Certification committee (I lost track of the formal name), is making a strong statement as quoted by Don Fluckinger above.

Marc Probst is right that the majority of healthcare would be really happy to put a knife in meaningful use and move on from it. That’s kind of what I proposed when I suggested blowing up meaningful use. Not to mention my comments that meaningful use is on shaky ground. Comments from people like Marc Probst are proof of this fact.

In a related move, CHIME, AMDIS and 15 other healthcare organizations sent a letter to the HHS Secretary calling for immediate action to amend the 2015 meaningful use reporting period. These organizations believed that the final rule on meaningful use flexibility would change the reporting period, but it did not. It seems like they’re coming out guns blazing.

In even bigger news (albeit probably related), Congresswoman Renee Ellmers (R-NC) and Congressman Jim Matheson (D-UT) just introduced the Flexibility in Health IT Reporting (Flex-IT) act. This act would “allow providers to report their Health IT upgrades in 2015 through a 90-day reporting period as opposed to a full year.” I have yet to see any prediction on whether this act has enough support in Congress to get passed, but we could once again see congress act when CMS chose a different course of action like they did with ICD-10.

This story is definitely evolving and the pressure to change the reporting period to 90 days is on. My own personal prediction is that CMS will have to make the change. I’d love to hear your thoughts.

Happy National Health IT Week!

Unfinished Business: More HIPAA Guidelines to Come

Posted on August 4, 2014 I Written By

The following is a guest blog post by Rita Bowen, Sr. Vice President of HIM and Privacy Officer at HealthPort.

After all of the hullabaloo since the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) release of the HIPAA Omnibus, it’s humbling to realize that the work is not complete. While the Omnibus covered a lot of territory in providing new guidelines for the privacy and security of electronic health records, the Final Rule failed to address three key pieces of legislation that are of great relevance to healthcare providers.

The three areas include the “minimum necessary” standard; whistleblower compensation; and revised parameters for electronic health information (EHI) access logs. No specific timetable has been provided for the release of revised legislation.

Minimum Necessary

The minimum necessary standard requires providers to “take reasonable steps to limit the use or disclosure of, and requests for, protected health information to the minimum necessary to accomplish the intended purpose.”

This requires that the intent of the request and the review of the health information be matched to assure that only the minimum information intended for the authorized release be provided. To date, HHS has conducted a variety of evaluations and is in the process of assessing that data.

Whistleblower Compensation

The second bit of unfinished legislation is a proposed rule being considered by HHS that would dramatically increase the payment to Medicare fraud whistleblowers. If adopted, the program, called the Medicare Incentive Reward Program (IRP), will raise payments from a current maximum of $1,000 to nearly $10 million.

I believe that the added incentive will create heightened sensitivity to fraud and that more individuals will be motivated to act. People are cognizant of fraudulent situations but they have lacked the incentive to report, unless they are deeply disgruntled.

Per the proposed plan, reports of fraud can be made by simply making a phone call to the correct reporting agency which should facilitate whistleblowing.

Access Logs

The third, and most contentious, area of concern is with EHI access logs. The proposed legislation calls for a single log to be created and provided to the patient, that would contain all instances of access to the patient’s EHI, no matter the system or situation.

From a patient perspective, the log would be unwieldy, cumbersome and extremely difficult to decipher for the patient’s needs. An even more worrisome aspect is that of the privacy of healthcare workers.

Employees sense that their own privacy would be invaded if regulations require that their information, including their names and other personal identifiers, are shared as part of the accessed record.  Many healthcare workers have raised concern regarding their own safety if this information is openly made available. This topic has received a tremendous amount of attention.

In discussion are alternate plans that would negotiate the content of access logs, tailoring them to contain appropriate data regarding the person in question by the patient while still satisfying patients and protecting the privacy of providers.

The Value of Data Governance

Most of my conversations circle back to the value of information (or data) governance. This situation of unfinished EHI design and management is no different. Once released the new legislation for the “minimum necessary” standard, whistleblower compensation and revised parameters for medical access logs must be woven into your existing information governance plan.

Information governance is authority and control—the planning, monitoring and enforcement—of your data assets, which could be compromised if all of the dots are not connected. Organizations should be using this time to build the appropriate foundation to their EHI.

About the Author:
Rita Bowen, MA, RHIA, CHPS, SSGB

Ms. Bowen is a distinguished professional with 20+ years of experience in the health information management industry.  She serves as the Sr. Vice President of HIM and Privacy Officer of HealthPort where she is responsible for acting as an internal customer advocate.  Most recently, Ms. Bowen served as the Enterprise Director of HIM Services for Erlanger Health System for 13 years, where she received commendation from the hospital county authority for outstanding leadership.  Ms. Bowen is the recipient of Mentor FORE Triumph Award and Distinguished Member of AHIMA’s Quality Management Section.  She has served as the AHIMA President and Board Chair in 2010, a member of AHIMA’s Board of Directors (2006-2011), the Council on Certification (2003-2005) and various task groups including CHP exam and AHIMA’s liaison to HIMSS for the CHS exam construction (2002).

Ms. Bowen is an established speaker on diverse HIM topics and an active author on privacy and legal health records.  She served on the CCHIT security and reliability workgroup and as Chair of Regional Committees East-Tennessee HIMSS and co-chair of Tennessee’s e-HIM group.  She is an adjunct faculty member of the Chattanooga State HIM program and UT Memphis HIM Master’s program.  She also serves on the advisory board for Care Communications based in Chicago, Illinois.