So you wanted EHRs on your mobile device?

In our work with forward-thinking eye doctors, we commonly encounter questions like:

• Does your software run on the iPad?
• Can I use a tablet PC?
• Is e-prescribing connectivity available for my PDA?

While these are valid questions, they are often driven by a consumer mindset or perhaps by applications within healthcare that are more simplistic than what we encounter in the full scope of eye care. We've all seen the ads on TV about sending everything to the cloud and, of course, how dead simple it is to record all necessary health information on a tiny handheld device.

This week, we received a chilling reminder of the flip side of that magic and convenience: breach of ePHI through mobile devices. (See a link to the full story below.) 

"The Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Inc. (MEEI), will pay $1.5 million to the Department of Health and Human Services (HHS) for potential violations of the HIPAA Security Rule."

In the event ePHI is a new acronym, it means "electronic Protected Health Information". As we've discussed in recent posts, EHRs are doing a great job of helping us document patient health information, and the next step is to start communicating it among health care providers. Unfortunately, as acronyms go, it's easy to miss the fact that the P in PHI means "Protected" not simply "patient".

How well do you protect health information? Does your statement of HIPAA practices extend past that patient consent signature? Do your office computers have automatic log-offs? Are your mobile devices password protected? Do staff members use Instant Messenger for in-office or personal communications while at work?

At EMRlogic, since we have access to ePHI, we are held to the highest standards of accountability. Conducting annual HIPAA-HITECH security assessments and all-staff security awareness training is an expensive undertaking, one that can easily be allowed to slide. But oh what an economy relative to an ePHI violation, even a potential one!

How about your own business? Are you in good shape or running an uncalculated risk? Chances are high that you haven't gone far enough with the way you protect health information. May I humbly suggest you click here, read the full story on MEEI, think it through and, as they say, "if the shoe fits, wear it." Take steps this week to protect yourself as well as your patients.

Alistair Jackson, M.Ed.

Direct, how do I get it? (continued)

Continued from Monday ...

In addition to the two types of Direct solution - integrated and standalone - there are two license types: individual and organizational. One state mini-grant program was based on the Provider’s state license number, so the Direct addresses awarded were individual addresses. However, communications tend to be better received at an administrative level in the practice than by the individual doctor, especially if the practice is a multi-doctor office. It’s a staff member who will check, receive and route a Continuity of Care Document (CCD) to the doctor who’ll actually be seeing the patient.

This last point perhaps begs the question, “Why would doctors want an individual address and not just an organizational one?” The answer is the directory listing. If the doctor wants to be individually listed in the directory, then an individual address is required. The reasons why you may want an individual listing are many but e-prescribing once again offers a good analogy. 

We know that a Provider pays for an eRX license based on the NPI# and, in some states, DEA # as well. Any Provider can also have a Provider Agent and the Provider Agent does not pay. Strictly speaking, a practice could use one doctor for all prescriptions with every other doctor logging in as a Provider Agent. However, the Rx will be filled under the licensed Provider’s name. Most doctors don’t want the name of a partner doctor showing up on their prescriptions, therefore, they will purchase their own license. Similarly, doctors will want the option of having a PHI communication (Protected Health Information) sent to them individually not always to the practice’s admin address. 

Lastly, if you've been following our discussion around care teams, there’s the question of ECPs going to PCPs to establish the sharing of Summary of Care Records (SCR is the new term for CCD). In all likelihood, many PCPs will not know about Direct. If the PCP is tied into a health system, the process of beginning to share SCRs outside the health system or HIE may be very convoluted. We anticipate that ECPs will need to help PCPs “go Direct”. To facilitate this and remove the sales barrier of having to buy a Direct license, your HISP (as ours has done) may offer a 90-day free trial to the PCP. All going well and the value proven, the PCP will purchase a license at the conclusion of the 90-day trial period.

Wishing you the best as you pursue Direct and position yourself as a local leader and "must-have" eye care provider for care coordinators everywhere around you. Remember, if you need help along the way, that's what the National Eye Care Communications Project is all about. It's open for all. Learn more here and join us for a webinar or working session every 2nd and 4th Tuesday of the month, 8pm Eastern. 

Alistair Jackson, M.Ed.

Direct, how do I get it?

If we've done a half decent job of convincing you that you need to get your hands on Direct, you may still be wondering how you get access to these secure communications capabilities.

The first thing to note is that you must work with a Health Information Service Provider (HISP). In some cases, the HISP may be identified and accessed through your state office. For the state Health Information Exchange, there are usually several state-approved HISPs. More importantly, the state office may still have a grant program for which you can qualify. We know of some states that offered a mini-grant for a first year free license. However, as time passes, the incentive programs will expire and more and more we'll see HISPs that simply operate in all states.

Once you've identified a HISP (your software vendor may also be working with a preferred HISP, as we are) you'll find that Direct is available in two ways: one, as an integrated solution within your EHRs and, two, as a non-integrated solution. The latter is an online solution that you'll access through either a web portal or some sort of email client. Note that if you're getting Direct free through your state HIE, you're probably being offered a standalone solution as regards your own EHR. It may connect to the state HIE but it's only your software vendor that can embed the functionality into your eye care EHR. So, the integrated solution is only available if your software vendor has done the integration work.

So what are the advantages of an integrated solution versus a non-integrated or standalone one? An integrated solution through your vendor will offer significant workflow efficiencies, such as having the communications at your fingertips within the exam record.  A non-integrated portal will not give you such an embedded solution in your clinician workflow. Software vendors won’t likely interface directly with every state-based HIE or HISP so when states do provide a free portal, it is a non-integrated web-based portal.

Perhaps the best example I can give of free versus integrated would be e-prescribing. In the early days of the NEPSI program, we saw a free online solution. That was a 5-year pilot program that eventually became a paid service. More important, it was never an integrated solution and did not qualify most users for Meaningful Use. Certified Complete EHRs require a fully integrated eRX solution. Though Direct is not (yet) part of MU Attestation, the question of efficiency remains important for doctors, and embedded solutions mean greater efficiency.

To be continued ...

Alistair Jackson, M.Ed.

Does eRX History Violate HIPAA?

Does viewing your patients' e-prescribing history violate HIPAA? If this seems like a strange question, imagine the surprise of one of our clients, an optometrist in a retail setting, who was told he could not use his certified EHRs on the premises because its ability to show a patient's eRX history was a HIPAA violation ... and that, if he continued, his lease would be terminated! 

There are several questions here: Is this truly a HIPAA violation? Does it actually have anything to do with EHRs and Meaningful Use? From where does such misunderstanding emanate? 

HIPAA.

Your legitimacy in viewing a patient's eRX history is not a function of the ability of the EHR to show it, rather a function of your permission to do so.  If you have obtained the patient's consent through her/his signature of your statement of HIPAA privacy practices, there is no violation of HIPAA. The Privacy Rule (full text available on the HHS website) sets rules and limits on who can look at and receive a patient's health information. Here are two relevant points for this discussion:  

Your health information can be used and shared: (1) For your treatment and care coordination, and (2) To make sure doctors give good care and nursing homes are clean and safe.

Certified EHRs.

In the case under consideration, the management claimed other doctors had completed Meaningful Use Attestation and had not needed to view the patient's medication history.
While it is a true statement that no MU objective requires an Eligible Professional to look at a patient's eRx history, a certified Complete EHR must embed an e-prescribing solution. It is not acceptable to use a standalone e-prescribing solution when the EHR being used for Attestation is a Complete EHR. 

We must also ask the question, could an EHR be certified by the Office of the National Coordinator if its use constituted a HIPAA violation? 

Misunderstanding.
The management in question above further insisted that the doctor provide a statement of proof of necessity along the lines of "The doctor must attempt to get a patient's history of medications and allergies through the eRx software." 

In our opinion, this is a misunderstanding of the privacy rule, pitting HIPAA against MIPPA . Yes, it is valid to seek to protect patient privacy. However, as seen above in the HHS rule, health reform is about improving treatment and care coordination. A doctor can only be alerted to medication allergies and contraindications if other medications are known.

Protected Health Information is protected for a reason but "protecting" patients against those whom they have chosen to ensure their treatment and care coordination is indeed a misunderstanding of both the letter and the spirit of the health laws.

Alistair Jackson, M.Ed.
Jim Grue, O.D. 

One more cup please! (CPCI, Part 3)

Today is the third part of a series looking at the Comprehensive Primary Care Initiative. See Monday and Wednesday for parts 1 and 2.

The CPCI will test two models simultaneously: a service delivery model and a payment model.  For now, we'll look only at the payment model:

Payment Model. The payment model includes a monthly care management fee paid to the selected primary care practices on behalf of their fee-for-service Medicare beneficiaries and, in years 2-4 of the initiative, the potential to share in any savings to the Medicare program. Practices will also receive compensation from other payers participating in the initiative, including private insurance companies and other health plans, which will allow them to integrate multi-payer funding streams to strengthen their capacity to implement practice-wide quality improvement.

Of particular importance here are two things. The first is the care management fee. Do you think PCPs are motivated to take on care coordination? You bet they are! The second is the inclusion of private insurance companies. For those who do little by way of Medicare volume, it's essential to understand that health care reform is not about Medicare alone; it only starts there. The transformation is ubiquitous; it's for every patient, every provider and every payer.

Elsewhere, we'll learn about bundled payments, a new approach to reimbursement that is centered around coordinated care. Coordinated care and the patient-centered medical home are inextricably linked within the CPCI. So we must foresee that, as noted above, the service model and the payment model go hand in hand. Change one and you change the other. Are you preparing for the obsolescence of fee-for-service direct billing? Are you ready to participate in team-based care? Getting ready means EHRs, communications and showing your value as a health care provider to the primary care physicians in your patient catchment area. This is not about stimulus money; it's about scoring winning goals in the new health care game.

Alistair Jackson, M.Ed.
Jim Grue, O.D.  

More coffee anyone? (CPCI, Part 2)

We told you last day that we now know the names and locations of 500 primary care practices in seven states involved in the Comprehensive Primary Care Initiative. Understanding the significance of this announcement is tied to knowing something about the purpose of the initiative. Below, I've taken only two of six things the PCPs are being incentivized to do:

Deliver Preventive Care: Primary care practices will be able to proactively assess their patients to determine their needs and provide appropriate and timely preventive care. 

Coordinate Care Across the Medical Neighborhood: Primary care is the first point of contact for many patients, and takes the lead in coordinating care as the center of patients’ experiences with medical care. Under this initiative, primary care doctors and nurses will work together and with a patient’s other health care providers and the patient to make decisions as a team. Access to and meaningful use of electronic health records should be used to support these efforts.

The first point emphasizes preventive care, which Optometry in particular is all about. Prevention is a major tenet of healthcare reform because it lowers cost. Therefore, we should have no doubt that healthcare reform is relevant to Optometry.

Second, "other health care providers". That also includes you ... but provided you are plugged into the meaningful use of electronic health records. 

EHRs are not an end in themselves. You gather data in EHRs in order to share it. You share it in order to participate. Participate in what? Coordinated care. Why? As we'll see next day, coordinated care will become the predominant payment model. Without the ability to participate in team-based care delivery, you will lose access to your patients.

Alistair Jackson, M.Ed.
Jim Grue, O.D.

Good morning! Coffee anyone? (CPCI, Part 1)

On August 4th, we published a post entitled, "PCPs, your new best friends". We wrote about a health care pilot program called the Comprehensive Primary Care Initiative and its importance for eye care. Last week, while many of us were either taking part in or traveling to Vision Expo West, something significant happened: CMS published the names and addresses of every participating PCP practice.

There are 500 primary care practices participating in the CPC initiative, representing 2,144 providers serving an estimated 313,000 Medicare beneficiaries. 

Arkansas: Statewide
66 Primary Care Practices | 228 Providers | 4 Payers
Estimated 51,000 Beneficiaries Served 

Colorado: Statewide
73 Primary Care Practices | 335 Providers | 9 Payers
Estimated 41,000 Beneficiaries Served 

New Jersey: Statewide
73 Primary Care Practices | 252 Providers | 5 Payers
Estimated 42,000 Beneficiaries Served 

New York: Capital District-Hudson Valley Region
75 Primary Care Practices | 286 Providers | 6 Payers
Estimated 40,500 Beneficiaries Served 

Ohio & Kentucky: Cincinnati-Dayton Region
75 Primary Care Practices | 261 Providers | 10 Payers
Estimated 44,500 Beneficiaries Served 

Oklahoma: Greater Tulsa Region
68 Primary Care Practices | 265 Providers | 3 Payers
Estimated 45,000 Beneficiaries Served 

Oregon: Statewide
70 Primary Care Practices | 517 Providers | 6 Payers
Estimated 49,000 Beneficiaries Served

Why is this so significant? Because it spells out for us in clear terms where the transformation of health care is taking us. Join us next day for more details. Or, if you can't wait to learn more, read here.

Alistair Jackson, M.Ed.
Jim Grue, O.D.

Two words: Stage 2 (Part 3 of 3)

Today's post is a continuation from our last two days, a discussion of some highlights of Meaningful Use Stage 2 presented by Dr. Farzad Mostashari, ONC Director. Please see Part 1, published Monday, September 3 and Part 2, published on Wednesday, September 5, 2012. We are considering several key concepts in Meaningful Use Stage 2. These are not new concepts, rather concepts that have come into the limelight in Stage 2. 

Part 3 of 3.

Sharing "across vendor boundaries ... and with patients".
In various blog posts over recent months, we have been somewhat outspoken about large health systems. We believe there is significant resistance, especially on the part of health systems, to the open exchange of health information. We've observed massive efforts to create health data repositories - health information exchanges that readily accept data into the system but demand a query in order to get information back out. That's a control tactic, one that we believe is not in the interest of higher quality, lower cost. So, we say three cheers to this statement! "By 2014, providers will have to demonstrate, and vendors will have to support, the actual exchange of structured care summaries with other providers—including across vendor boundaries—and with patients." 

Let's not miss that last part ... "and with patients." The communications door is opening wide to include your patients. Again, no longer is it about giving patients a printed copy of their CCD; it's about sending them an electronic copy the same way you would to another provider - a secure electronic transmission. Can you say Direct? Or how about HealthVault? This is precisely why we have been such strong advocates of the Direct Project, why we have implemented Direct into our EHRs and why we are encouraging our providers to start using personal HealthVault accounts. It's the only way to be ready when your patients begin asking that their Summary of Care be sent to their HealthVault account.

Data silos and "walled gardens".
While I cannot put words into the mouth of the ONC Director, I believe - my opinion - he is addressing the above-mentioned reluctance of some large health systems and state HIEs to embrace the free and direct sharing of health information. This is leadership. This is a heads-up about the transformation of health care. One way or the others, folks, this is where we're going! "As we stated unequivocally in the final rule, we will pay close attention to whether the requirements in the rule are sufficient to make vendor-to-vendor exchange attainable for providers. If there is not sufficient progress or we continue to see barriers that create data silos or “walled gardens ,” we will revisit our meaningful use approach and consider other options to achieve our policy intent."

Nationwide health information exchange.
Let's be clear about the "policy intent". It's about nationwide not statewide health information exchange. It's about open access not controlled access. And it's about direct exchange not circuitous exchange.


Alistair Jackson, M.Ed.

To read Dr. Mostashari's full article, see Meaningful Use Stage 2: A Giant Leap in Data Exchange.

Two words: Stage 2 (Part 2 of 3)

Today's post is a continuation from last day, a discussion of the highlights of Meaningful Use Stage 2 by Dr. Farzad Mostashari, ONC Director. Please see Part 1, published Monday, September 3, 2012. We are considering several key concepts in Meaningful Use Stage 2, not new concepts, rather concepts that have come into the limelight in Stage 2. 

Part 2 of 3.

Common datasets, structured and coded data.
If you've done much reading up on Stage 2, you'll have seen these terms used frequently. What are common datasets? Consider that, over the course of your life as a physician, your every patient will see potentially hundreds of different doctors in a variety of settings: family physicians, dentists, eye care providers, hospital and emergency room physicians, and specialists of many descriptions. Since these many doctors will use a host of different software solutions, how do we have any hope of achieving the meaningful exchange of health information? The answer is datasets, data structured to share a common language. If you call it one thing and I call it another, it's the common dataset that tells us we mean the same thing.  ICD-10, SNOMED and LOINC codes are good examples of how information from disparate systems can be communicated effectively, even if the human languages are foreign to each other. 

Another example: as providers exchange CCDs or SCRs, the documents are validated against a NIST standard. It's this standard that allows one EHR to consume the data sent from another, creating a new patient file or adding to an existing one. This consumption of data marks a fundamental difference - that "giant leap" - between receiving then viewing a fax (the good ol' fashioned way) and seeing that new data entered automatically into your electronic health record, no keystrokes, no mouse-clicks (the new speed-you-up way). 

What about structured data? Structured is most easily understand in contrast against free- text. In a free-form field, you would type your notes. It's completely up to you what you type. If you use voice entry, same result. The problem with free text - or unstructured data - is that it is not searchable. New smart technologies are introducing the ability to structure free text but this is far from an available norm today. Structured data is basically organized in such a way that analytics tools can be used to make sense of the data, see trends, determine best outcomes and best practices, for example.

Datasets, structured and coded data remind us that EHRs are not simply about recording results in a neat, legible record, rather about sharing and analyzing data in order to improve healthcare. Core values in health reform: higher quality, lower cost, better patient outcomes.

To be continued ...

Alistair Jackson, M.Ed.

To read Dr. Mostashari's full article, see Meaningful Use Stage 2: A Giant Leap in Data Exchange.

Two words: Stage 2 (Part 1 of 3)

At an ONC-sponsored "summit" in late May in Washington, Director Farzad Mostashari, M.D. told the audience that many of the things we'd been looking forward to, needing, in order to move healthcare to where it must go, could be wrapped up in two words: "Stage 2". In my opinion, he has delivered as promised.

In Meaningful Use Stage 2: A Giant Leap in Data Exchange, Dr. Mostashari reflects on a number of the key concepts that both he and we have been discussing for some time now. But before we go there for a high-level review, let me re-state that our distinct purpose here on EMRlogic Live is to sift the greater reform discussion down to its eye care essentials. Here at least we are, and without apology, looking at the transformation of health care in terms of what it all means for eye care providers, whether optometrist or ophthalmologist. 

Let me also be clear in acknowledging that Meaningful Use per se, Stage 1 or Stage 2, has nothing to do with any specialty. MU distinguishes between the Eligible Professional (EP) and the Critical Access Hospital (CAH) but not between the primary care provider and the specialty care provider, at least not yet. Nevertheless, there are implications for primary care and specialty care. Those are of particular interest to us. We see those implications unfolding largely through pilot projects and new initiatives, all of which are part of the package we call "the transformation of healthcare".

Let's look at some key concepts that have been around for many years but which come now to the forefront, in the limelight of Meaningful Use Stage 2:

Exchange and interoperability.  
The discussion is no longer simply about "meaningful use" but now about "meaningful use and health information exchange". Meaningful use of EHRs, insofar as they involve the electronic documentation of health information, is now more or less assumed. Remember when software for your practice meant scheduling and billing software? Today, that's not what you go looking to buy. You're looking for EHRs and just assume they also do scheduling and billing, and a bunch more stuff as well. Same deal here. Of course EHRs gather the information you need! The new question is, "Can they communicate?" As of today, for most the answer is no. Stage 2 is about changing that answer to yes.

Summary of Care Records.
In Stage 1, we saw CCDs and CCRs. With some fine tuning, they're now essentially consolidated into SCRs, Summary of Care Records. "The Meaningful Use Stage 2 final rules define a common dataset for all summary of care records, including an impressive array of structured and coded data to be formatted uniformly and sent securely during transitions of care." In Stage 1, CCDs and CCRs were used for, respectively, patient-oriented and physician-oriented continuity of care. The focus on transitions of care has not changed; it's now just more doable, the higher standard now more achievable and, therefore, expected. So again, we're moving from documenting to communicating. It's time to internalize the idea that your EHRs are not about merely gathering but also exchanging health information. And to be clear, that's not about printing, faxing or emailing a traditional referral letter. The SCR is about the use of a common data set, a standardized interoperable document sent as a secure electronic transmission.

To be continued ...

Alistair Jackson, M.Ed.