Search Guidance for a Chief Medical Security Officer

A Business Case Model

By Richard J. Mata MD MS CIS

Dr. Mata

Join Our Mailing List

The Mighty-Soft Hospital is a futuristic 1,500 bed fortress-like facility operating with a state-of-the-art dual wired-wireless infrastructure complete with computerized physician order entry  system, radio frequency inventory device (RFID) control tags, and integrated electronic medical records (EMRs) that are the envy of its competitors and vendors, and offer a formidable strategic competitive advantage in the marketplace.

Now, imagine the potential liability, PR disaster and chagrin when its enfant terrible CEO is told of a massive security breach similar to the ChoicePoint and Lexis-Nexis fiascos.  The ID theft involves release of critically protected healthcare financial, employment, clinical, and contact information for all of its patients, employees, physicians, business associates, and affiliated medical personnel.

Suddenly, senior management is charged with the task of establishing the new position of Chief Medical Security Officer (CMSO) for Mighty-Soft, and navigating a crisis management dilemma never previously faced by the formerly HIPAA-compliant electronic giant.

The CMSO is to be a senior level management position responsible for championing institutional security.  Awareness of electronic and HIPAA policy and procedure developments, while working to ensure compliance with internal and external standards related to information security, is vital.  The CMSO is to report directly to the CEO and the CIO.

The Search Committee developed the following list of CMSO duties and responsibilities:

  • Chair the hospital’s Information Security and Privacy Committee in its policy development efforts to maintain the security and integrity of information assets in compliance with state and federal laws, and accreditation standards.
  • Provide project management and operational responsibility for the administration, coordination, and implementation of information security policies and procedures across the enterprise-wide hospital system.
  • Perform periodic information security risk assessments including disaster recovery and contingency planning, and coordinate internal audits to ensure that appropriate access to information assets is maintained.
  • Work with the financial division to coordinate a business recovery plan.
  • Serve as a central repository for information security-related issues and performance indicators.  Research security or database software for implementing the central repository, and note that a server based system could be useful for a Wide Area Network (WAN), so this information can be shared with the enterprise-wide hospital system.  Develop, implement, and administer a coordinated process for response to such issues.
  • Function when necessary as an approval authority for platform and/or application security and coordinate efforts to educate the hospital community in good information security practices.
  • Maintain a broad understanding of federal and state laws relating to information security and privacy, security policies, industry best practices, exposures, and their application to the healthcare information technology environment.
  • Make recommendations for short- and long-range security planning in response to future systems, new technology, and new organizational challenges.
  • Act as an advocate for security and privacy on internal and external committees as necessary.
  • Develop, maintain, and administer the security budget required to fulfill organizational information security expectations.
  • Demonstrate effectiveness with consensus building, policy development, and verbal and written communication skills.
  • Possess the clear ability to explain information technology concepts to audiences outside the field.
  • Become the public face for the Mighty-Soft Hospital’s legacy security system.

Minimum Qualifications:

  • MD, DO, DPM, DDS, DMD, with bachelor’s/master’s degree in computer science or related field or equivalent experience.
  • Three or more years of experience in the healthcare industry.
  • Five or more years of experience in information security.
  • Eight or more years of experience in information technology.
  • In-depth understanding of network and system security technology and practices across all major computing areas (mainframe, client/server, PC/LAN, telephony) with a special emphasis on Internet related technology.

Preferred Qualifications:

  • Experience with electronic medical devices.
  • Specific experiences in the healthcare industry.
  • Familiarity with legislation and standards for PHI and patient privacy.
  • Demonstrated successful project management expertise.
  • Professional certification, e.g., CISSP, CISA, PMP.
  • Experience with student record/higher education laws.

Key Issues:

  • What is your IT hardware infrastructure and how are security-related devices deployed?
  • What security requirements are imposed by federal and state authorities on your institution?
  • What would you consider the most important criteria for choosing a CMSO?
  • What relationship will the CMSO have with the CIO, CMIO and CEO?
  • What level of security education/training do you consider necessary for your hospital community?
  • What are the key security issues your CMSO will have to address?
  • What are the key privacy issues?
  • What are the key risk management issues?
  • What are the pros and cons of EHRs for your institution?
  • What do you see as the EHR priorities for your CMSO?
  • What are the security issues of EHRs for your institution?

Assessment

How would you select a CMSO?

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

   Product Details 

The Continuing Debate over Electronic Medical Records Systems

Join Our Mailing List

Are We There Yet? – In Healthcare Organizations

[By Richard J. Mata MD, MS]

Dr. Mata

Paper-based medical records have been in existence for centuries and their gradual replacement by computer-based records has been slowly underway for over twenty years in western healthcare systems.

Computerized information systems have not achieved the same degree of penetration in healthcare as is seen in other sectors such as finance, transportation, and the manufacturing and retail industries.

Further, deployment has varied greatly from country to country and from specialty to specialty and in many cases has revolved around local systems designed for local use.

The DHHS

In a 2005 DHHS study, national penetration of electronic health records (EHRs) may have reached over 90% in primary care practices in Norway, Sweden, and Denmark (2003), but has been limited to 17% of physician office practices in the U.S. (2001-2003). By 2011, and the ACA, this number may now be approaching 20-25% in the US but adoption may actually be slowing.

The ISMS Vision

According to the Illinois State Medical Society there is a “Sweeping Vision for EHRs”:

  • EHRs will provide a comprehensive view of all patient information
  • Quality of care will be improved.
  • Physicians will more easily be able to review the “complete” medical record.
  • An appropriately configured EHR system will provide “alerts” and “notices” to help health care providers incorporate best practices into patient treatments. Ideally clinical decision support should be built in and be evidence-based.

Medical errors can be reduced:

  • Treatment and administrative costs will be reduced.
  • Public health will be improved.

Defining Electronic Records Systems

The 2003 Institute of Medicine (IOM) Patient Safety Report describes an EHR as encompassing:

  • a longitudinal collection of electronic health information for and about persons;
  • [immediate] electronic access to person- and population-level information by authorized users;
  • provision of knowledge and decision-support systems [that enhance the quality, safety, and efficiency of patient care] and
  • support for efficient processes for health care delivery.

IOM Report

A 1997 IOM report, The Computer-Based Patient Record: An Essential Technology for Health Care provides a more extensive definition:

A patient record system is a type of clinical information system, which is dedicated to collecting, storing, manipulating, and making available clinical information important to the delivery of patient care. The central focus of such systems is clinical data and not financial or billing information. Such systems may be limited in their scope to a single area of clinical information (e.g., dedicated to laboratory data), or they may be comprehensive and cover virtually every facet of clinical information pertinent to patient care (e.g., computer-based patient record systems).

The EHR definitional model document developed by the Health Information and Management Systems Society (HIMSS, 2003) includes “a working definition of an EHR, attributes, key requirements to meet attributes, and measures or ‘evidence’ to assess the degree to which essential requirements have been met once EHR is implemented.”

IOM Re-Deux

In another IOM report, Key Capabilities of an Electronic Health Record System [Tang, 2003], identifies a set of eight core care delivery functions that EHR systems should be capable of performing in order to promote greater safety, quality and efficiency in health care delivery. The eight core capabilities that EHRs should possess are:

  1. Health information and data. Having immediate access to key information – such as patients’ diagnoses, allergies, lab test results, and medications – would improve caregivers’ ability to make sound clinical decisions in a timely manner.
  2. Result management. The ability for all providers participating in the care of a patient in multiple settings to quickly access new and past test results would increase patient safety and the effectiveness of care.
  3. Order management. The ability to enter and store orders for prescriptions, tests, and other services in a computer-based system should enhance legibility, reduce duplication, and improve the speed with which orders are executed.
  4. Decision support. Using reminders, prompts, and alerts, computerized decision-support systems would help improve compliance with best clinical practices, ensure regular screenings and other preventive practices, identify possible drug interactions, and facilitate diagnoses and treatments.
  5. Electronic communication and connectivity. Efficient, secure, and readily accessible communication among providers and patients would improve the continuity of care, increase the timeliness of diagnoses and treatments, and reduce the frequency of adverse events.
  6. Patient support. Tools that give patients access to their health records, provide interactive patient education, and help them carry out home monitoring and self-testing can improve control of chronic conditions, such as diabetes.
  7. Administrative processes. Computerized administrative tools, such as scheduling systems, would greatly improve hospitals’ and clinics’ efficiency and provide more timely service to patients.
  8. Reporting. Electronic data storage that employs uniform data standards will enable health care organizations to respond more quickly to federal, state, and private reporting requirements, including those that support patient safety and disease surveillance.”

Assessment

After reviewing the above, are we there yet in – 2011?

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

Product Details 

What is the Cost of eHRs?

Join Our Mailing List

A Retrospective Look-Back

By Richard J. Mata; MD CIS CMP™

Studies by the Organization for Economic Cooperation and Development (OECD) show that healthcare spending in the U.S. accounts for 16-17% of GDP, which is more than six-seven percentage points higher than the average of 8.9% in other OECD countries.  This translates into per capita health spending of $5,635 in the U.S. compared with median costs of $2,280 in other OECD countries.[1]  Suggestions as to the economic drivers of U.S. health spending include excessive service use, administrative complexity, population aging, threats of malpractice litigation, defensive medicine practices, and the lack of patient waiting lists.  In further comparisons with the OECD countries, it appears the U.S. overpays for physician visits, hospital stays, and pharmaceuticals.

In the Year 2004

A 2004 OECD paper suggested that one way of improving performance would be to move towards EHR:

Health systems should invest in automated health-data systems, including electronic medical records and systems to automate medication orders in hospitals. Better systems for recording and tracking data on patients, health and health care are needed to make major improvements in the quality of care.[2]

In the U.S., possible savings from the adoption of EHR have been projected to reach $142 billion in physician office visits, and $371 billion in hospital costs over a 15-year period.  These projections have not been validated by the experience in other OECD countries where the adoption movement is ahead of U.S. efforts by anything from four to thirteen years.

Nevertheless, the U.S. began its quest to move towards EHR in 2004 as medical software companies began actively marketing their systems, although funding for this endeavor did not come through until 2006.  In spite of this effort, the U.S. has the lowest percentage of physician providers using any EHR compared to Germany, Canada, United Kingdom, and Australia.  The U. S. physicians’ low adoption rate involves fear of the loss of productivity, lack of financial incentives, and high startup costs of as high as $40,000 per physician EHR adoption.

When spending on IT implementation in the healthcare system is compared on an international level, the U.S. lags dramatically behind the major OECD countries.  The U.S. spends $0.43 per capita compared to a high of $193 in the U.K.  This difference is even more dramatic when compared with the German experience, where IT adoption in the healthcare system is almost universal.  In thirteen years, Germany has spent $1.88 billion.  Their annual per capita cost has been $1.63.  The U.S. has reached only 25% of that expenditure so far.

Barriers to Adoption

The greatest barrier to adoption of EHR in most OECD countries has been the need to simplify the health insurance contracts payment structures with standard nomenclatures that can be adapted to EHR.  The major OECD countries also report that there must be a national adoption of IT standards in the healthcare system as well as a national effort to focus on privacy and confidentiality standards.  This assures better coordination of implementation and provides better strategies for adoptions through public incentives and grants.

 

Domestic 5 Year Costs

In the U.S., the five-year costs for a national IT healthcare network have been estimated to be as high as $103 billion in capital and $53 billion in interoperability.  Hospital costs for functionality were estimated to be $51 billion, skilled nursing facilities would bear $31 billion of costs, and physician offices would bear $18 billion of the costs. (Anderson, 2006)  EHR systems that have been implemented have been used mainly for administrative rather than clinical purposes.

In the Year 2005

A 2005 study by Richard Hillestad and colleagues at RAND[3] estimates that implementation of a nationwide EHR network would take about 15 years and cost hospitals about $98 billion and physicians about $17 billion.  Over the 15-year period, the average annual cost to hospitals would be $6.5 billion and the average annual cost to physicians would be $1.1 billion (CQ HealthBeat [1], 9/14). However, if 90% of providers adopted such a network, annual savings would total $81 billion, including $77 billion from improved efficiency and $4 billion from reduced medical errors, the RAND study found.  The study estimates that an EHR network would reduce adverse drug events in inpatient hospital settings by 200,000 annually and reduce such events in ambulatory settings by two million annually, saving $1 billion annually in hospitals and $3.5 billion in ambulatory settings.  For hospitals, about 60% of these savings would be from reduced adverse drug events in patients ages 65 and older, while 40% of savings to ambulatory practices from reduced medication errors would be in patients 65 and older (CQ HealthBeat [1], 9/14).

Assessment

In addition, the study estimates that a national EHR network would save Medicare about $23 billion annually and save private insurers about $31 billion annually.  The study projects that the estimated total annual savings of $81 billion would double if providers followed all checkup reminders and other prompts from the system (AP/Las Vegas Sun, 9/14).  Currently, about 20% to 25% of hospitals and 15% to 20% of physician offices have EHR systems, according to the study (CQ HealthBeat [1], 9/14).

But, what is the estimated cost in 2010?

Join Our Mailing List 

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

References:


[1]    For details of the report, see http://www.oecd.org/dataoecd/29/52/36960035.pdf.

[2]   OECD, Towards High-Performing Health Systems, see http://www.oecd.org/document/26/0,2340,en_2649_37407_31734042_1_1_1_37407,00.htm.

[3]   See http://www.rand.org/health/feature/2006/060414_shekelle.html.  The report is also discussed in some detail in Neergaard, AP/Las Vegas Sun, 9/14/05.  See http://www.ihealthbeat.org/index.cfm?Action=dspItem&itemID=114707.

Product DetailsProduct Details

Product Details

The Pros and Cons of eMRs

Join Our Mailing List

Delving Deeper into the Historic Origins of Debate

Dr. Mata

[By Richard J. Mata MD, CIS, CMP™]

Buy from Amazon

According to Wager, Ornstein, and Jenkins, in 2005, the perceived advantages of an EHR system include the following:

  •  Quality of the patient records (legible, complete, organized) — 86%
  •  Better access to patient records (available, convenient, fast) — 86%
  •  Improved documentation for patient care purposes — 93%
  •  Improved documentation of preventive services — 82%
  •  Improved documentation for quality improvement activities — 82%

Items viewed as an advantage by fewer respondents include the following:

  •  Administrative cost savings — 38%
  •  Improved efficiency — 61%
  •  Security of patient records — 64%

Nothing directly was said about cost savings or increased medical care quality. These topics have become more contentious issues during the past few years.

The Gurley Opinion

According to HIT expert Lori Gurley, in 2006, of the American Academy of Medical Administrators:

“The EHR provides the essential infrastructure required to enable the adoption and effective use of new healthcare modalities and information management tools such as integrated care,  evidenced-based medicine, computer-based decision support, care planning and pathways, and outcomes analysis” (Schloefell et al).  Although the benefits that support implementation of an EHR are clear, there are still barriers too, therefore the concept is still not accepted. “However, this could also be said of almost every other area of positive change and improvement within healthcare systems […]” (Schloefell et al).  There must be more involvement by the government and the private sector “to make changes where possible to instigate, motivate, and provide incentives to accelerate the development of solutions to overcome the barriers” (Young).

THINK: ARRA and HITECH, today. Of course, there are obviously advantages and disadvantages to both the paper medical record and the EHR.

Multi-Factorial Issues

Many factors must be considered before any healthcare organization or medical practice should implement an EHR.  The organization must first obtain as much information as possible about this new concept, and then the information must be carefully reviewed and the pros and cons discussed. Only then should the organization make their decision about this very important issue.

“The [EHR] as a part of a Clinical Information System (CIS) is a powerful tool which ties together documentation of the patient visit (clinical information), coding (diagnosis, and treatment procedures), which then translates into more accurate billing processes, reduces reprocessing of medical claims, and that translates into increased customer satisfaction with a provider” (Koeller). Although the technology is available, progress towards an EHR has been slower than expected. “Widespread use of [EHRs] would serve both private-and public-sector objectives to transform healthcare delivery in the United States” […] EHRs would also “enhance the health of citizens and reduce the costs of care” (Dick, Steen, and Detmer).

The MRI Study

According to a 2005-07 survey by the Medical Records Institute, the following factors are driving the push towards EHR systems within medical organizations:

Motivating Factors 2005 Ambulatory
The need to improve clinical processes or workflow efficiency. 89.3% 91.2%
The need to improve quality of care. 85.0% 85.3%
The need to share patient record information among healthcare practitioners and professionals. 81.1% 66.9%
The need to reduce medical errors (improve patient safety). 76.1% 69.1%
The need to provide access to patient records at remote locations. 67.9% 65.4%
The need to improve clinical documentation to support appropriate billing service levels. 67.1% 76.5%
The need to improve clinical data capture. 64.6% 61.0%
The need to facilitate clinical decision support. 60.7% 50.7%
The requirement to contain or reduce healthcare delivery costs. 54.6% 61.8%
The need to establish a more efficient and effective information infrastructure as a competitive advantage. 53.6% 53.7%
The need to meet the requirements of legal, regulatory, or accreditation standards. 50.0% 44.1%
Other 5.7% 5.1%
Totals 280 136
Margin of Error +/- 5.8% +/- 8.4%

Now, compare this with the results of the 2007 survey that focused on the factors driving hospitals to expand their use of EHR.

Driving Factors in a Hospital 2007
Efficiency and convenience, e.g., better networking to the medical community and patients and remote access 57.8%
Satisfaction of physicians and clinician employees 42.2%
The need to survive and thrive in a much more competitive, interconnected world. 41.0%
Regulatory requirements of JCAHO or NCQA. 35.6%
Savings in the Medical Record Department and elsewhere, including transcription. 24.0%
Value-based purchasing/pay for performance 17.7%
Pressure from payer groups, such as Leapfrog Group 15.2%
Possibility of subsidized purchase of HER, e-prescribing systems, etc. by purchasers/payers/large health systems. 8.8%
Totals 329
Margin of Error +/- 5.4%

Assessment

How have these motivating and driving factors changed today; have they really changed in 2010?

Does this deeper dive reveal any other truths; political, social, business or economic? Is this historical review helpful in understanding the reluctance or eagerness for EMR acceptance, or not?

Join Our Mailing List 

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

   Product Details 

About Regional Health Information Organizations

Join Our Mailing List

The RHIO Concept – Defined

Dr. Mata

[By Richard J. Mata MD, CIS, CMP™]

Regional Health Information Organizations (RHIOs), or data exchanges, are multi-stakeholder organizations.  They might include groups of hospitals, medical societies, payers, major employers, and other healthcare organizations.

Generally, these stakeholders are developing RHIOs with the goal of affecting the safety, quality, and efficiency of healthcare as well as improving access to healthcare by expanding the use of health information technology.  It is expected that RHIOs will be responsible for motivating and causing integration and information exchange in the nation’s revamped healthcare system

Assessment

Regions in the U.S. continue to use various definitions of “multi-stakeholder organizations.”  For instance, in Wichita, Kansas, the Clinics Patient Index is a software architecture as well as support environment that facilitates integration among outpatient clinics and hospital emergency departments.

And, what will be the affect of [HR 3590], or the Patient Protection and Affordable Care Act, on RHIOs?

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

 

Defining Electronic Medical Record Systems

Join Our Mailing List

Does Linguistic Obfuscation Exacerbate our Use Ambivalence?

[By Dr. Richard J. Mata; CIS, CMP™]

[By Dr. David E. Marcinko; MBA, CMP™]

The 2003 Institute of Medicine (IOM) Patient Safety Report [1] described an EHR [2] as encompassing:

  • a longitudinal collection of electronic health information for and about persons;
  • [immediate] electronic access to person- and population-level information by authorized users;
  • provision of knowledge and decision-support systems [that enhance the quality, safety, and;
  • efficiency of patient care] with support for efficient processes for health care delivery.

The IOM Report

A 1997 IOM report, The Computer-Based Patient Record: An Essential Technology for Health Care, provides a more extensive definition:

A patient record system is a type of clinical information system, which is dedicated to collecting, storing, manipulating, and making available clinical information important to the delivery of patient care. The central focus of such systems is clinical data and not financial or billing information. Such systems may be limited in their scope to a single area of clinical information (e.g., dedicated to laboratory data), or they may be comprehensive and cover virtually every facet of clinical information pertinent to patient care (e.g., computer-based patient record systems).

The HIMSS Model

The EHR definitional model document developed by the Health Information and Management Systems Society (HIMSS, 2003) includes:

“a working definition of an EHR, attributes, key requirements to meet attributes, and measures or ‘evidence’ to assess the degree to which essential requirements have been met once EHR is implemented.”

 

The IOM Model

Another IOM report, Key Capabilities of an Electronic Health Record System [Tang, 2003], identifies a set of eight core care delivery functions that EHR systems should be capable of performing in order to promote greater safety, quality and efficiency in health care delivery:

8 Core Principles

Today, we realize that the eight core capabilities that Electronic Health [Medical] Records should possess are:

  1. — Health information and data. Having immediate access to key information – such as patients’ diagnoses, allergies, lab test results, and medications – would improve caregivers’ ability to make sound clinical decisions in a timely manner.
  2. — Result management. The ability for all providers participating in the care of a patient in multiple settings to quickly access new and past test results would increase patient safety and the effectiveness of care.
  3. — Order management. The ability to enter and store orders for prescriptions, tests, and other services in a computer-based system should enhance legibility, reduce duplication, and improve the speed with which orders are executed.
  4. — Decision support. Using reminders, prompts, and alerts, computerized decision-support systems would help improve compliance with best clinical practices, ensure regular screenings and other preventive practices, identify possible drug interactions, and facilitate diagnoses and treatments.
  5. — Electronic communication and connectivity. Efficient, secure, and readily accessible communication among providers and patients would improve the continuity of care, increase the timeliness of diagnoses and treatments, and reduce the frequency of adverse events.
  6. — Patient support. Tools that give patients access to their health records, provide interactive patient education, and help them carry out home monitoring and self-testing can improve control of chronic conditions, such as diabetes.
  7. — Administrative processes. Computerized administrative tools, such as scheduling systems, would greatly improve hospitals’ and clinics’ efficiency and provide more timely service to patients.
  8. — Reporting. Electronic data storage that employs uniform data standards will enable health care organizations to respond more quickly to federal, state, and private reporting requirements, including those that support patient safety and disease surveillance.” [3]

Assessment

With all the confusion surrounding terms like quality improvement and “meaningful use” which can mean major Federal dollars to the coffers of a medical practice, clinic or hospital; are we still confused about basic definitional terms?

And, does eMR linguistic obfuscation exacerbate our use ambivalence and encourage physician/dentist eMR avoidance?

Conclusion

Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, be sure to subscribe. It is fast, free and secure.

References:

[1]   See http://www.himss.org/content/files/PatientSafetyFinalReport8252003.pdf.

[2]   EHR (electronic health record) is often used interchangeably with EMR (electronic medical record).  In this discussion, EHR will be used consistently.

[3]   See http://www.iom.edu/.

Product DetailsProduct DetailsProduct Details

What is a HIT Security Firewall?

Understanding Concepts and Terms

By Dr. Richard J. Mata; MIS

www.HealthcareFinancials.com

Firewalls are devices or systems that control the flow of health information network traffic between networks or between a host and a network. A firewall acts as a protective barrier because it is the single point through which communications pass. Internal information that is being sent can be forced to pass through a firewall as it leaves a network or host. Incoming data can enter only through the firewall.

www.HealthDictionarySeries.com

The Federal publication NIST Special Publication 800-41, Guidelines on Firewalls and Firewall Policy provides details of firewalls and firewall product selection that are beyond the scope of this post.

Implications Beyond Internet Connectivity

While firewalls and firewall environments are often discussed in the context of Internet connectivity, firewalls have applicability in network environments beyond Internet connectivity.

For example, many corporate healthcare enterprise intranets employ firewalls to restrict connectivity to and from internal networks servicing more sensitive functions, such as the accounting or personnel department. By employing firewalls to control connectivity to these areas, an organization can prevent unauthorized access to the respective systems and resources within the more sensitive areas. The inclusion of an internal firewall environment can therefore provide an additional layer of security that would not otherwise be available.

Imperfect Security

Although firewalls afford protection of certain resources within an organization, there are some threats that firewalls cannot protect against: connections that bypass the firewall, new threats that have not yet been identified, and viruses that have been injected into the internal network.

Assessment

It is important to remember these shortcomings because considerations will have to be made in addition to the firewall in order to counter these additional threats and provide a more comprehensive security solution.

Conclusion

Join Our Mailing List

So, tell us what you think about this information. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, be sure to subscribe to the ME-P. It is fast, free and secure.

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Health Administration Terms: www.HealthDictionarySeries.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed

And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Promoting the “Minimum Necessary” Rule

Understanding HIPAA Security Standards

By Richard J. Mata; MD, MS

www.HealthcareFinancials.com

One concept that is stressed by HIPAA is the “minimum necessary” rule, which states the minimum use of personal health information [PHI] that can be used to identify a person, such as a social security number, home address, or phone number. Only the essential elements are to be used in transferring information from the patient record to anyone else that needs this information. This is especially important when financial information is being addressed. Only the minimum codes necessary to determine the cost should be provided to the financial department. No other information should be accessed by that department. Many institutions have systems where a registration or accounting clerk can pull up as much information as a doctor or nurse, but this is now against HIPAA policy and subject to penalties.  The “minimum necessary” rule is also changing the way software is set up and vendor access is provided. 

Chain of Custody

Another challenging task is keeping up with the number of people who access PHI, because the privacy regulations allow a patient to receive an accounting of anyone who has accessed their information, both internally [within your hospital, Emerging Health Organization, or medical practice) and externally [such as through your business associates]. The patient has the right to know who in the lengthy data chain has seen their PHI. This sets up an audit challenge for the medical organization, especially if the accountability is programmed internally.  When other business associates use this PHI without documenting access to a specific patient’s PHI, no one would be accountable for a breach in privacy.

Enter the Designated Record Set

One way to track access is through a designated record set, which contains medical or mixed billing records, and any other information that a physician and/or medical practice utilizes for making decisions about a patient.  It is up to the hospital, EHO, medical practice, or healthcare organization to define which set of information comprises “protected health information” and which does not, though logically this should not differ from locale to locale. 

Assessment

Overlaps from the privacy regulations that are also addressed in the security regulations are access controls, audit trails, policies on e-mail and fax transmissions, contingency planning, configuration management, entity and personal authentication, and network controls.  For more information about the Security Standards final rule, reference the Federal Register.

Conclusion

In the age of Twitter, IMing, blogging and texting, some young doctors are forgetting the basic fundamentals of patient privacy. And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, be sure to subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com 

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Health Administration Terms: www.HealthDictionarySeries.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed

And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Notice of Healthcare Privacy Practices Explained

Join Our Mailing List

NPP “Game Changer” Replaced Use of Consents

Dr. Mata

[By Richard J. Mata; MD, MS]

In its most visible change, the privacy regulations of HIPAA require covered health entities to provide patients with a Notice of Privacy Practices (NPP).

The NPP replaces the use of consents, which are now optional, although they are recommended.

The NPP outlines how PHI is to be regulated, which gives the patient far-reaching authority and ownership of their PHI, and must describe, in general terms, how organizations will protect health information.

THE NPP Specifics

The NPP specifies the patient’s right to the following:

  • gain access to and, if desired, obtain a copy of his or her own health records;
  • request corrections of errors that the patient finds (or include the patient’s statement of disagreement if the institution believes the information is correct);
  • receive an accounting of how their information has been used (including a list of the persons and institutions to whom/which it has been disclosed);
  • request limits on access to, and additional protections for, particularly sensitive information;
  • request confidential communications (by alternative means or at alternative locations) of particularly sensitive information;
  • complain to the facility’s Privacy Officer if there are problems; and
  • pursue the complaint with DHHS’s Office of Civil Rights if the problems are not satisfactorily resolved.

A copy of the NPP must be provided the first time a patient sees a direct treatment medical provider, and any time thereafter when requested or when the NPP is changed. On that first visit, treatment providers must also make a good faith effort to obtain a written acknowledgement, confirming that a copy of the NPP was obtained. Health plans and insurers must also provide periodic Notices to their customers, but do not need to secure any acknowledgement. Most Health Information Management departments that oversee the clinical coding of medical records also manage the NPP documentations and deadlines, but this may vary from hospital to hospital, or office to office.

Assessment

HIPAA requires no other documentation from the patient in order for information to be used or disclosed for basic functions, like treatment and payment, or for a broad range of other core healthcare operations. State laws may nonetheless require some kind of consent/authorization form from the patient for these purposes [It is common for institutions to claim, incorrectly, that HIPAA does].

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

On Healthcare Intranets and Extranets

Join Our Mailing List

A Primer for Physicians and Medical Executives

Dr. Mata

By Richard J. Mata; MD, MS, CMP™ [Hon]

According to the “Dictionary of Heath Information and Technology”,

“An intranet is a private network that uses Internet Protocols, network connectivity, and possibly the public telecommunication system to securely share part of an organization’s information or operations with its employees”.

Sometimes the term refers only to the most visible service, the internal website.  The same concepts and technologies of the Internet, such as clients and servers running on the Internet protocol suite, are used to build an intranet.

Uses in Healthcare

An intranet is commonly used to provide communication and application services.  The advantages of using an intranet in the healthcare setting include the following:

  • Medical Workforce productivity: Intranets can help employees quickly find and view information and applications relevant to their roles and responsibilities.  Via a simple-to-use web browser interface, users can access data held in any database the organization wants to make available, anytime and  subject to security provisions — from anywhere, increasing employees’ ability to perform their jobs faster, more accurately, and with confidence that they have the right information.
  • Time: With intranets, healthcare organizations can make more information available to employees on a “pull” basis (i.e., employees can link to relevant information at a time that suits them) rather than being deluged indiscriminately by e-mails.
  • Communication: Intranets can serve as powerful tools for communication within a healthcare organization; vertically and horizontally.

Vulnerability and Security Protection

Intranets, like other IT systems, need to be protected by security systems. Any intranet is vulnerable to attack by people intent on destruction or on stealing corporate data. The open nature of the Internet and TCP/IP protocols expose a corporation to attack.  Intranets require a variety of security measures, including hardware and software combinations that provide control of traffic; encryption and passwords to validate users; and software tools to prevent and cure viruses, block objectionable sites, and monitor traffic.

Multiple Lines of Defense

The first line of defense is a firewall and these are commonly set up using proxy servers, which allow system administrators to track all traffic coming in and out of an intranet. Another layer of sophistication is added by using a bastion server firewall, configured to withstand and prevent unauthorized access or services. It is typically segmented from the rest of the intranet in its own subnet or perimeter network. In this way, if the server is broken into, the rest of the intranet won’t be compromised.

Authentication Systems

Authentication systems are an important part of any intranet security scheme. They are used to ensure that anyone trying to log into the intranet or any of its resources is the person they claim to be. Authentication systems typically use user names, passwords, fingerprints and iris scans, and various encryption systems.

Protection and Monitoring

Server-based software is used to protect an intranet and its data. Virus-checking software can check every file coming into the intranet to make sure that it is virus-free, and site-blocking software can bar people on the intranet from getting objectionable material. Monitoring software tracks where people have gone and what services they have used, such as HTTP for Web access.

Filtering Systems and Routers

One way of ensuring that the wrong people or erroneous data can’t get into the intranet is to use a filtering router. This is a special kind of router that examines the IP address and header information in every packet coming into the network, and allows in only those packets that have addresses or other data, like e-mail, that the system administrator has decided should be allowed into the intranet. Increasingly, intranets are being used to deliver tools and applications, e.g., collaboration (to facilitate working in groups and for teleconferences) or sophisticated corporate directories, sales and customer relationship management (CRM) tools, project management, etc, to advance productivity. Intranets are also being used as Health 2.0 culture change platforms

Metrics

Intranet traffic, like public-facing website traffic, is better understood by using web metrics software to track overall activity, as well as through surveys of users. Intranet User experience, editorial, and technology teams work together to produce in-house sites. Most commonly, intranets are owned by the communications, HR or IT areas of large healthcare organizations, or some combination of the three.

Assessment

When part of an intranet is made accessible to customers, partners, suppliers, patients, or others outside the healthcare organization – that part becomes part of an extranet.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct DetailsProduct Details

Product DetailsProduct Details

***

Understanding the PHI “Minimum Necessary” Rule

Join Our Mailing List

Protected Health Information and HIPAA

By Richard J. Mata; MD, MIS, CMP™ [Hon]

Dr. Mata

One important concept of the Health Insurance Portability and Accountability Act [HIPAA] is the “minimum necessary” rule, which states the minimum use of Protected Health Information [PHI] to identify a person, such as a social security number, home address, or phone number.

Only the essential elements are to be used in transferring information from the patient record to anyone else that needs this information.

Financial Information Included

This is especially important when financial information is being addressed. Only the minimum codes necessary to determine the cost should be provided to the financial department. No other information should be accessed by that department. Many institutions have systems where a registration or accounting clerk can pull up as much information as a doctor or nurse, but this is now against HIPAA policy and subject to penalties. The “minimum necessary” rule is also changing the way software is set up and vendor access is provided.

Human Resources

Another challenging task is keeping up with the number of people who access PHI, because the privacy regulations allow a patient to receive an accounting of anyone who has accessed their information, both internally (within your hospital, Emerging Healthcare Organization, or medical entity) and externally (such as through your business associates).  The patient has the right to know who in the lengthy data chain has seen their PHI.  This sets up an audit challenge for the medical organization, especially if the accountability is programmed internally.  When other business associates use this PHI without documenting access to a specific patient’s PHI, no one would be accountable for a breach in privacy.

http://www.findbookprices.com/author/Hope_Hetico

One way to track access is through a designated record set, which contains medical or mixed billing records, and any other information that a physician and/or medical practice utilizes for making decisions about a patient.  It is up to the hospital, EHO, or healthcare organization to define which set of information comprises “protected health information” and which does not, though logically this should not differ from locale to locale.

Assessment

Overlaps from the privacy regulations that are also addressed in the security regulations are access controls, audit trails, policies on e-mail and fax transmissions, contingency planning, configuration management, entity and personal authentication, and network controls. For more information about the Security Standards final rule; reference the Federal Register.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product DetailsProduct DetailsProduct Details

Product DetailsProduct Details

Product Details

Medical Coding and Billing Vocabulary

Join Our Mailing List

Basic HIT Nomenclature and HIPAA

[By Richard J. Mata; MD, MIS, CMP™ [Hon]

For the Health Information Technology [HIT] department of a hospital, clinic or medical practice and its coders, the following medical vocabularies are mandated by the Health Insurance Portability and Accountability Act [HIPAA].

Diseases 

For diseases: the 9th or 10th International Classification of Diseases (ICD) Clinical Modification should be used.  ICD9-CM is maintained by the Centers for Disease Control National Center for Health Statistics, while ICD-10 is maintained by the World Health Organization.

Procedures

For medical procedures: a combination of ICD-9-CM, Current Procedural Terminology maintained by the American Medical Association, the Current Dental Terminology maintained by the American Dental Association, and Healthcare Common Procedure Coding System (HCPCS) maintained by CMS, which is also used for medical devices.

Pharmaceuticals

For drugs: these should be coded according to their National Drug Code classification.

Assessment

“A recent change to Medicare policy made by the Centers for Medicare & Medicaid Services (CMS) helps ensure claims processing isn’t delayed when the only missing information on the CMS-1490S form is the provider or supplier’s National Provider Identifier (NPI).

CMS Transmittal 1747, Change Request 6434, issued May 22, notifies A/B Medicare Administrative Contractors (MAC) and carriers of editorial changes to Medicare policy in Pub. 100-04, Medicare Claims Processing Manual, chapter 1 regarding the monitoring of claims submission violations and the handling of incomplete or invalid claims.

In either case, as stated in the transmittal, “If the beneficiary furnishes all other information but fails to supply the provider or supplier’s NPI, the contractor shall not return the claim but rather look up the provider or supplier’s NPI using the NPI registry.”

http://www.aapc.com/news/index.php/2009/06/missing-npi-no-reason-to-deny-says-cms/

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

 

Product DetailsProduct DetailsProduct Details

Allscript’s Glenn Tullman is Video Interviewed

Join Our Mailing List

Video Clip from the HIMSS Meeting

By Ann Miller; RN, MHA

[Executive-Director]

stk323168rknThere is a major controversy in the modern healthcare community over eMRs and how to pay for them; or even if they are effective in improving medical outcomes. Of course, by eMRs we mean interoperable medical records that span the pan-healthcare ecosystem; and not just the stand-alone digital records that many, if not most, physicians use in their daily practices to some degree or another.

Link: https://healthcarefinancials.wordpress.com/2009/03/10/on-the-hitech-act-of-2009/

Proponents

As readers of the ME-P are aware, one vocal camp supports certification and eMR industry mandates, standards, and governmental initiatives, etc. The recent $20 billion taxpayer input from the Obama Administration, courtesy of HITECH, further emboldens CCHIT and related wonks.

Opponents

One the other hand, one vocal ME-P opponent is dentist Darrell Pruitt. He and many others believe that current eMRs may be too expensive, unwieldy, and counter-productive. This camp advocates a mix of other data sources, technology processes and doctor/patient education to get us where we need to be in terms of improving medial outcomes; quicker and less expensively.

Assessment

Rather than read, research and write more on this controversy, which was apparently a red-hot topic at the recent HIMSS meeting, we have embedded a video link of Glen Tullman [CEO of Allscripts] and Mark Leavitt, [Chair of CCHIT], below.

Link: https://healthcarefinancials.wordpress.com/2009/03/02/cchit-is-prejudiced-and-lacks-diversity-%e2%80%93-an-indictment/

It even includes a clip of Jonathan Bush, CEO of AthenaHealth. And, although they don’t all agree; some common ground may be developing in this controversial issue.

Source: This link originally appeared on The Health Care Blog [THCB], by Matthew Holt.

Link: http://www.thehealthcareblog.com/the_health_care_blog/2009/04/cats-and-dogs-on-film–tullman-leavitt-bush.html#comments

Disclaimer:We are members of AHIMA, HIMSS, MS-HUG and SUNSHINE. We just released the Dictionary of Health Information Technology and Security, with Foreword by Chief Medical Information Officer Richard J. Mata; MD MS MS-CIS, of Johns Hopkins University; and the second edition of the Business of Medical Practice with Foreword by Ahmad Hashem; MD PhD, who was the Global Productivity Manager for the Microsoft Healthcare Solutions Group at the time.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

 

Product Details 

Video: Protecting Protected Health Information

Join Our Mailing List

The eEHR Privacy Debate Continues

[By Staff Reporters]

According to our colleague Richard Mata; MD, MIS, writing in the premium print-journal Healthcare Organizations [Financial Management Strategies], a critical feature of any healthcare information system [HIS] is compliance with privacy requirements. Of course, the most important compliance regulation is the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

The key here is to have computer systems, terminals, workstations, servers and hand-held systems fully in communication with each other — including the ability to send data outside the fire-walls of the institution; interoperability as needed — while ensuring the confidentiality of protected health information (PHI), which is health information where the person to whom it belongs is identifiable

Federal Privacy Regulations

The federal government required hospital and healthcare entity compliance with HIPAA security regulations since April 2005. Briefly, the following are features of HIPAA which concern HIS:

·         HIPAA presents a unique opportunity for automation of information since it is easier to protect secure information electronically as compared to having a paper chart that can be lost or open in front of patients and visitors.

·         Secure password protection must be in place at multiple levels to ensure that access to PHI is restricted to those who need the information at that time.

·         Appropriate encryption of data is essential for transmission between systems in order to prevent the interception of data.

National Spotlight

Yet, in this video clip, CNN’s Campbell Brown and Elizabeth Cohen examined how easy it is for someone to obtain private medical information online by simply using someone’s Social Security number and date of birth www.HealthDictionarySeries.com

Assessment

Whenever the subject of proliferating eHRs catches the national spotlight, you can bet that debates about privacy aren’t far behind. Indeed the privacy issue has already started to gain some traction in the media with the above video, and more.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product DetailsProduct Details

CCHIT is Prejudiced and Lacks Diversity – An Indictment Until Proven Otherwise

Join Our Mailing List

Searching for “The Lost Medical Providers”

[By Dr. David Edward Marcinko; FACFAS, MBA, former CPHQ™, CMP™]

[Publisher-in-Chief]

[Hope Rachel Hetico; RN, MHA, former CPHQ™, CMP™]

[Managing Editor]

dave-and-hope6Right up! Let us state that, sans increased transparency and requested information to the contrary, we believe that CCHIT is a prejudiced and seriously non-diverse outfit. No. we don’t mean racial prejudice or any lacking in ethnic or gender diversity – We mean professional diversity. Why and how did this happen – we don’t know, but please allow us to explain our thought process in arriving at this opinion and formal indictment?

CCHIT Website

According to its website, the Certification Commission for Healthcare Information Technology [CCHIT] was founded to help physicians answer key questions about eHR software, such as: a) what components should be included, b) where do you begin with over 200 products in the ambulatory eHR market?

Link: http://www.cchit.org/index.asp

Certification Commission Composition

CCHIT is a private nonprofit organization accelerating the adoption of robust, interoperable health information technology [HIT] by creating a credible, efficient certification process.

The Commission is made up of at least two representatives each from the provider, payer, and vendor stakeholder groups, and others from stakeholder groups that include safety net providers, health care consumers, public health agencies, quality improvement organizations, clinical researchers, standards development and informatics experts and government agencies.

Currently, CHIT is composed of these commissioners, serving in two-year staggered terms:

  • Mark Leavitt, MD, PhD [Chairman]
  • Abha Agrawal, MD, FACP
  • Steve Arnold, MD, MS, MBA, CPE
  • Karen Bell, MD
  • Richard Benoit
  • Sarah T. Corley, MD, FACP
  • John F. Derr, RPh
  • Linda Hogan
  • Michael L. Kappel
  • Joy G. Keeler, MBA, FHIMSS
  • Jennifer Laughlin, MBA, RHIA
  • Christopher MacManus
  • David Merritt
  • Susan R. Miller, RN, FACMPE
  • James Morrow, MD
  • Rick Ratliff
  • David A. Ross, ScD
  • Don Rucker, MD
  • Michael Ubl
  • Jon White, MD
  • Andrew Wiesenthal, MD

What about the “Others”

Now, here’s the rub; what about the other medical professionals? The list above contains allopathic physicians, a nurse and a pharmacist; and that’s fine. But, where are the DDSs, DPMs, DOs and ODs? Should these folks assume they are included as CCHIT stakeholders, as most all dentists and even the ADA seemingly – and apparently erroneously – believed?

Link: www.HealthcareFinancials.com

See CCHIT’s answer below, when one intrepid [fearless or naïve] dentist inquired about his profession’s inclusion in the CCHIT initiative.

Dr. Pruitt,

“As noted in my email to you, the Commission has not yet taken up the development of certification for software products used in dentistry. While one cannot deny the value of dental information in the management of health, it is not currently within the scope of the Commission’s work to undertake the development of criteria and test scripts that inspect the data compatibility between physician office eHRs and dentistry records. As our work progresses, it may become a future consideration.”

Regards

-S

CCHIT 

Link: https://healthcarefinancials.wordpress.com/2008/12/19/the-case-against-inter-operable-ehrs/#comments

According to our best estimates, CCHIT left out input from these medical professionals:

  • Osteopaths: 50,000
  • Dentists: 150,000
  • Podiatrists: 10,000
  • Optometrists: 40,000

And so, we ask, where are the:

”two representatives each from the provider … groups”

 as stated and mandated, in their own CCHIT charter? Where is the outrage from the American Osteopathic Association [AOA], American Podiatric Medical Association [APMA], American Optometric Association [AOA], and the American Dental Association [ADA]? Are these folks disenfranchised; and do they know it, or not?

Board of Governors – Public Comments Desired

The CCHIT website does list Dr. Brian Foresman; DO, MS as a physician juror in 2006. And, the complete list is included below for your review: 

The CCHIT regularly requests public comment. The public comment period for ePrescribing Security, for example, is currently open until March 4, 2009.

Industry Indignation Index: 65

Hopefully, we can shame – “flame with emails” – CCHIT into finally including dentists, podiatrists, more osteopaths and optometrists in this initiative and in their larger enterprise wide goals, objectives and plans.

Link: http://www.cchit.org/participate/public-comment

Conclusion

And so, your thoughts and comments on this Medical Executive-Post are appreciated. Please call, write, fax, email or send in your opinions to CCHIT and tell them what you think! Mark, we give you benefit-of-doubt and are on your side, but what did we miss; do tell? What sort of bureaucrat apparently overlooked these full, and limited-licensed, medical practitioners with their special skills; or do they actually have direct-indirect input? Don’t they count for anything? Where is the diversity? Where is the outrage? Stop the prejudice! Call us, let’s do lunch and discuss.

Full disclosure: We are members of AHIMA, HIMSS, MS-HUG and SUNSHINE. We just released the Dictionary of Health Information Technology and Security, with Foreword by Chief Medical Information Officer Richard J. Mata; MD MS MS-CIS, of Johns Hopkins University and the second edition of the Business of Medical Practice with Foreword by Ahmad Hashem; MD PhD, who was the Global Productivity Manager for the Microsoft Healthcare Solutions Group at the time: www.MedicalBusinessAdvisors.com

Additional References

1. Getting “the CCHIT Question” Wrong, by

Link: http://www.thehealthcareblog.com/the_health_care_blog/2009/02/getting-the-cchit-question-wrong.html#comments

2. CCHIT dissolved involuntarily in April 2008 for failure to file annual report in Illinois.

Link: http://www.hcrenewal.blogspot.com/2009/02/cchit-dissolved-involuntarily-in-april.html

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product DetailsProduct DetailsProduct Details

Product Details  Product Details

   Product Details 

New-Wave Medical Quality Resources

Beyond Traditional Administrative Databases

Staff Reporters

ho-journal15Physician blogger, and Harvard University CTO, John Halamka MD recently opined about some emerging new medical quality data sources for the industry.

Traditional Sources

As all ME-P subscribers know, traditional data sources are derived from, and usually include, administrative claims data information aggregated from many sources and silos.

www.HealthcareFinancials.com

Emerging Sources

But, newer sources of data for medical quality analysis go beyond administrative data and includes electronic repositories like eHRs, PHRs, eMRs and Healthcare Information Exchange [HIE] resources, where available.

www.HealthDictionarySeries.com

Assessment

For a few more examples:

Link: http://www.thehealthcareblog.com/the_health_care_blog/2009/02/index.html

Conclusion

And so, your thoughts and comments on this Medical Executive-Post, and original post, are appreciated.

Are these database silos secure, and do patients know that, or how, their hopefully blinded information is redacted and used?  Will the health insurance industry use this information to further “slice and dice” ratings levels for their insured’s? Will it then be securitized, re-aggregated and resold again for non-healthcare related purposes like home, auto or life insurance; or other yet to be developed risk-management products and services?

Is this transparent and fair to patients? What are the legal and ethical implications, if any? Thought leaders please opine?

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com  or Bio: www.stpub.com/pubs/authors/MARCINKO.htm

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Health Administration Terms: www.HealthDictionarySeries.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Get our Widget: Get this widget!

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest E-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Wi-Max 2 the Medical-Max

An HIT Report from the Inner City Trenches

By Dr. David Edward Marcinko; MBA, CMP™

[Publisher-in-Chief]dr-david-marcinko4

While not an IT guru by any means, I am a prudent fan of health IT where appropriate, and have always been a bit on the curious side.

A Bit about Me

OK; I am a member of the American Health Information Management Association (AHIMA) and the Healthcare Information and Management Systems Society (HIMSS). I am also a beta-tester for the Microsoft Corporation, a member of the Microsoft Health User’s Group (MS-HUG) and the Sun Executive Boardroom program sponsored by CEO Jonathan Schwartz; as well as SUNSHINE [Solutions for Healthcare Information, Networking and Education [NASD/FINRA-JAVA]. I also was fortunate to just finish editing the Dictionary of Health Information Technology and Security, with Foreword by Chief Medical Information Officer Richard J. Mata; MD MS MS-CIS of Johns Hopkins University.

And, I was incredibly lucky to have  my colleague Ahmad Hashem; MD PhD, who was the Global Productivity Manager for the Microsoft Healthcare Solutions Group at the time, to pen the Foreword to the second edition of my book, the Business of Medical Practice

And so, it was with the pleasure of potential intellectual satiety that goaded me into testing the airwaves, so to speak, on my recent visit to my home town of Bal’more. Thus, this exclusive ME-P report follows.

Location … Location … Location

If you lived in San Francisco a few years ago, during the ill-fated and costly WiFi experiment, you have my sincere condolences. If you live in Baltimore however, and want to have fast, wireless Internet speeds, then congratulations because you’ve chosen your place of residence wisely. Me, I’m an ex-patriot who was ecstatic when Sprint announced in October 2008, that Baltimore would be the first US city to have access to its new Wi-Max mobile data network; known as Xohm. I visit my home town 3-4 times, annually.

About the Wireless Xohm Data Network

Xohm is a wireless data service which, thanks to its WiMax capability, reportedly provides broadband-like speeds on a wireless PC. With this, as long as you have a WiMAX adapter and can pay for the service, the Internet should be available anywhere within the city. For home use, service for WiMAX costs $25 per month for six months, and $35 per month after that. Laptop access was to be $30 per month for the first six months. If you’re just visiting the city, single day access will cost $10, which is a bit steep, but not bad compared to the price of Wi-Fi access in some airports. Or, their unsecure networks were purported free; anywhere in the city. This was the object of my informal beta-testing activities.

computer-hardware2

City of Baltimore

My neighborhood, in Baltimore, is known as the historic Fell’s Point District. It was founded in 1670 by William Cole who bought 550 acres on the Inner Harbor, downtown. English Quaker, William Fell then bought land he named “Fell’s Prospect”. The land was also known as “Long Island Point” and “Copus Harbor”.

This area was the ideal hostile site for the Wi-Max experiment. The surrounding neighborhoods are composed of many dense, old-brick and stone-masonry buildings, with abundant large expanses of Chesapeake Bay with its related estuaries and inlets. Local gossip about the experiment suggested that if it was successful in this hostile Baltimore environment, it would like be successful in more modern American cities.

Link: http://www.fellspoint.us/history.html

Test-Laptop Specifications

I used my daughter’s [age 12, eighth-grade] Dell Latitude D600 laptop PC, running a Windows XP professional downgrade, with an Intel® P4 micro-processor [1.4 GHZ, 512 MB, 30 GIG CD with 24X CD-RW/DVD] for data only. It was originally purchased used – not new – for a few hundred bucks and badly in need of some upgrades. For the test, we added 512 MB LT DDR PC-3200, and a wireless LINKSYS PCMCIA card [WPC54GX].

Network Results

First, set up was a snap. While the network is expansive, it was not exactly blazingly fast, at least not for unsecure roaming access. The network can provide “download speeds of 2 to 4 megabits per second“. While, it is faster than most cellular networks, the service is nothing compared to some home internet connections. Although, the option to use it on a laptop is useful, the 4 Mbps is good enough for checking email or other smaller, lower bandwidth internet surfing usages. It’s hard to say if these estimates actually hold up with a lot of people using the network at once, especially if you are far from a broadcast tower – or in a funky part of the city – which is everywhere. But, they seemed to work quite well. My daughter, wife and I were suitably impressed.

Of Medical PACS

Of course, we also talked to local town folk about their free unsecured use. All were pleased with the Baltimore experience. We found business, law, nursing and graduate school students who were ferocious users. We even found medical students using open network wireless PCAS. To the uninitiated, picture archiving and communication systems (PACS) are computers or networks dedicated to the storage, retrieval, distribution and presentation of digital radiology images. The medical images are stored in an independent format. The most common format for image storage is Digital Imaging and Communications in Medicine [DICOM].

Roll-Put in Other Cities

Apparently, Sprint plans on releasing Xohm WiMAX networks in Chicago and Washington DC, this year.  While they are both major cities, it is hard to speak for just how well the WiMAX works when you’re sitting in Atlanta, GA. Should these networks actually get some decent use, perhaps the service will be released in more markets. I just don’t know.

About NETGEAR

Local Baltimore provider NETGEAR has been a worldwide leader of technologically advanced, branded networking products since 1996. Their mission is to be the preferred customer-driven provider of innovative networking solutions for small businesses and homes.

Link: federal@netgear.com

Assessment

As an old city, Baltimore has a rich medical heritage. There is the University of Maryland School of Medicine, Dentistry, Nursing and Pharmacy. Up the street from the Inner Harbor are the famed Johns Hospital School of Medicine and the Kennedy School of Public Health. It is here where I played stickball, as a child, in the parking lot. Nevertheless, given the high demands of business networking security and emerging network management in the local, State and Federal space today, NETGEAR is reported to have an end-to-end solution to meet most agency needs. This did seem to be the case in my ad-hoc experiment. We always found an open channel, and dropped links were few and far between; usually while mobile or riding in an automobile, bus, train or high-rail transportation system.

Link: http://www.freewimaxservice.net

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product DetailsProduct Details

%d bloggers like this: