PODCAST: Farzad Mostashari MD and “Aledade”Primary Care

Posted on November 13, 2024 by Dr. David Edward Marcinko MBA MEd CMP™

By Shahid N Shah

***

***

Our guest on this episode is Dr. Farzad Mostashari. Farzad is the co-founder and CEO of Aledade, a primary care enablement company that partners with independent PCPs to transition to value-based care and, as a result, maintain their independence.

Founded in 2014, Aledade works with 11,000 physicians across 40 states and DC, accounting for 1.7M patients under management in Medicare, Medicare Advantage, Commercial and Medicaid contracts. Farzad previously served as the National Coordinator for Health IT in the Department of Health and Human Services, he completed medical school at the Yale School of Medicine and a Master’s in Population Health from Harvard’s T.H. Chan School of Public Health. Earlier this year, Aledade raised a $123M Series E round of funding led by OMERS Growth Equity.

***

In this episode, colleague Shahid N. Shah will discuss with Farzad about (1) his journey to starting Aledade and the role policy expertise and evidence have played in the company’s success (2) why he and the company are betting on independent physicians as the drivers of change in value-based care and (3) how Aledade became the rare profitable health tech company.

-Dr. David Edward Marcinko MBA MEd

PODCAST: https://soundcloud.com/wharton-pulse-podcast/mostashari-aledade

***

ORDER: https://www.amazon.com/Dictionary-Health-Information-Technology-Security/dp/0826149952/ref=sr_1_5?ie=UTF8&s=books&qid=1254413315&sr=1-5

***

ORDER: https://www.amazon.com/Business-Medical-Practice-Transformational-Doctors/dp/0826105750/ref=sr_1_9?ie=UTF8&qid=1448163039&sr=8-9&keywords=david+marcinko

COMMENTS APPRECIATED

Thank You

***

Filed under: "Advisors Only", "Doctors Only", Alternative Investments, Career Development, Experts Invited, Health Economics, Healthcare Finance, Information Technology, Interviews, Op-Editorials, Practice Management, Research & Development, Videos | Tagged: , , , , , , | 1 Comment »

UNDERSTANDING MEDICAL PRACTICE CYBER SECURITY RISKS

Posted on June 17, 2015 by Dr. David Edward Marcinko MBA MEd CMP™

Join Our Mailing List 

A SPECIAL ME-P REPORT

Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™

Mitigations for the Digital Health Era

Shahid N. Shah MS

[By Shahid N. Shah MS]

There has been a tremendous explosion of information technology (IT) in healthcare caused by billions of dollars of government incentives for usage of digital healthcare tools.

But, IT systems face threats with significant adverse impacts on institutional assets, patients, and partners if sensitive data is ever compromised. Every health enterprise is required to confidentiality, integrity and availability of its information assets (this is called “information assurance” or IA). Confidentiality means private or confidential information must not be disclosed to unauthorized persons. Integrity means that the information can be changed only in an authorized manner so as to maintain the correctness of the information. Availability defines the characteristic that information systems work as intended and all services are available to its users whenever necessary.

It is well known that healthcare organizations face and have been mitigating many risks such as investment risk, budgetary risk, program management risk, safety risk, and inventory risk for many years. What’s new in the last decade or so is that organizations must now manage information assurance risks related to operating its information systems because information systems. IT is now just as a critical an asset as most other infrastructure managed by health systems. It is important that information security risks are given the same or more importance and priority as given to other organizational risks.

As health records move from paper native to digital native, it’s vital that organizations have information risk management programs and security procedures that woven into the culture of the organization. For this to happen, basic requirements of information security must be defined and implemented as part of both the operational and management processes. A framework that provides guidance on how to perform these activities, and the co-ordination required between these activities is needed.

***

hacker

[Black Hat Medical Hacker]

***

INTRODUCTION

The Risk Management Framework (RMF), supported by the National Institute of Standards and Technology (NIST) provides this framework. The NIST 800 series publications provide a structured approach to achieve risk management. It provides broad guidance and not necessarily all the prescriptions, which means it can be tailored to meet the organization’s specific needs and providing the flexibility needed for the different organizations. Using the NIST RMF helps organizations with risk management not only in a repeatable manner, but also with greater efficiency and effectiveness. Healthcare information assurance is complex and without a framework that takes into account a broad risk management approach, it is difficult to consider all the intricacies involved.

The NIST Risk Management Framework consists of a six step process designed to guide organizations in managing the risks in their information systems.

The various steps as defined in the NIST specifications are the following:

  • Categorize the information system and the information processed, stored, and transmitted by that system based on an impact analysis.
  • Select an initial set of baseline security controls for the information system based on the security categorization; tailoring and supplementing the security control baseline as needed based on an organizational assessment of risk and local conditions
  • Implement the security controls and describe how the controls are employed within the information system and its environment of operation.
  • Assess the security controls using appropriate assessment procedures to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
  • Authorize information system operation based on a determination of the risk to organizational operations and assets, individuals, other organizations, and the Nation resulting from the operation of the information system and the decision that this risk is acceptable.
  • Monitor the security controls in the information system on an ongoing basis including assessing control effectiveness, documenting changes to the system or its environment of operation, conducting security impact analyses of the associated changes, and reporting the security state of the system to designated organizational officials.

All information systems process, store and transmit information. What is the possible impact if a worst case scenario occurs that causes endangers this information? A structured way to find out the potential impact on the confidentiality, integrity and availability of information can be done through the first step of NIST RMP, the categorization of information systems.

***

keyboard

[Triple Redundant Passwords and Encryption]

***

The NIST SP 800-60 [1, 2, 3 4] provides such guidance. The potential impact is assigned qualitative values – low, moderate, or high. Based on these impact levels for each of the information type contained in the system, the high water mark level is calculated, that helps in selecting the appropriate controls in the subsequent steps.

Organizations need to mitigate risks adequately by selecting an appropriate set of controls that would work effectively. In the selection of security controls step, the set of controls are chosen based on the categorization of the information system, the high water mark and the goals of the organizations.

These baseline controls are selected from NIST SP 800-53 [5] specification, one of three sets of baseline controls, corresponding to low, moderate, high impact rating of the information system. These baseline controls can be modified to meet specific business needs and organization goals. These tailored controls can be supplemented with additional controls, if needed, to meet unique organizational policies and environment factors and its security requirements and its risk appetite. The minimum assurance requirements need to be specified here.

All the activities necessary for having the selected controls in place, is done in the implementation of security controls step. The implementation of the selected security controls will have an impact on the organization risks and its effects. NIST SP 800-70 [6, 7] can be used as guidance for the implementation. An implementation strategy has to be planned and the actions have to be defined and the implementation plan needs to be reviewed and approved, before the implementation is done.

Once the controls are implemented, then the assessment of security controls is done to find out whether the controls have been correctly implemented, working as intended, and giving the desired output with respect to the security requirements. In short, whether the applied security controls are indeed the right ones, done in the right way, giving the right outcome. NIST SP 800-53 [5], NIST 800-53A [6], NIST 800-115 [8-11] can provide the necessary guidance, here. 

***

md-defeated-

[Frustrated Physician]

***

The authorization of information systems is an official management decision, authorizing that the information system can be made operational, with the identified risks mitigated and the residual risks accepted, and is accountable for any adverse impacts on the confidentiality, integrity and availability of information systems. If the authorizing personnel find that the risks are not mitigated and hence can compromise the sensitive information, they can deny authorizing the information system. NIST SP 800-37 [2] provides guidance on authorization. The authorizing personnel are to be involved actively throughout the risk management process.

Risk management is not one-time process, that once it is done, it is forgotten. It is a continuous process, to be integrated with day-to-day activities. One of the key aspects of any risk management is the monitoring of security controls to check whether the controls are performing as intended. The main focus of monitoring security controls is to know whether the controls are still effective over a period time, given the changes that occur in the information systems — the changes in hardware, software and firmware, the changes in environment factors, operating conditions etc. NIST SP 800-37 [2] provides guidance about this. And, if the security controls are found to be ineffective, the cycle starts again, with either re-categorization or selecting another set of baseline controls, or assessing the effectiveness of the controls once more etc.

Regardless, in all the steps in risk management framework, one of the important aspects is communication. Appropriate documents needed to be generated in all the steps, reviewed and kept up-to-date.

Organizational risk management provides great benefits to the organization because it helps to prioritize the resources, increase interoperability, and reduce costs incurred due to the adverse effects. It helps to prevent unauthorized access to personally identifiable information which will lead to security breaches. 

Channel Surfing

Have you visited our other topic channels? Established to facilitate idea exchange and link our community together, the value of these topics is dependent upon your input. Please take a minute to visit. And, to prevent that annoying spam, we ask that you register.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

ABOUT 

Mr. Shahid N. Shah is an internationally recognized healthcare thought-leader across the Internet. He is a consultant to various federal agencies on technology matters and winner of Federal Computer Week’s coveted “Fed 100″ Award, in 2009. Over a twenty year career, he built multiple clinical solutions and helped design-deploy an electronic health record solution for the American Red Cross and two web-based eMRs used by hundreds of physicians with many large groupware and collaboration sites. As ex-CTO for a billion dollar division of CardinalHealth, he helped design advanced clinical interfaces for medical devices and hospitals. Mr. Shah is senior technology strategy advisor to NIH’s SBIR/STTR program helping small businesses commercialize healthcare applications. He runs four successful blogs: At http://shahid.shah.org he writes about architecture issues; at http://www.healthcareguy.com he provides valuable insights on applying technology in health care; at http://www.federalarchitect.com he advises senior federal technologists; and at http://www.hitsphere.com he gives a glimpse of HIT as an aggregator. Mr. Shah is a Microsoft MVP (Solutions Architect) Award Winner for 2007, and a Microsoft MVP (Solutions Architect) Award Winner for 2006. He also served as a HIMSS Enterprise IT Committee Member. Mr. Shah received a BS in computer science from the Pennsylvania State University and MS in Technology Management from the University of Maryland. 

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

***

Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™

***

READINGS

[1] National Institute of Standards and Technology Special Publication 800-30 Revision 1, Guide for Conducting Risk Assessments, http://csrc.nist.gov/publications/nistpubs/800-30-rev1/sp800_30_r1.pdf

[2] National Institute of Standards and Technology Special Publication 800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems, http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-rev1-final.pdf

[3] National Institute of Standards and Technology Special Publication 800-60 Volume I Revision 1, Guide for Mapping Types of Information and Information Systems to Security Categories, http://csrc.nist.gov/publications/nistpubs/800-60-rev1/SP800-60_Vol1-Rev1.pdf

[4] National Institute of Standards and Technology Special Publication 800-60 Volume II Revision 1,  Appendices to Guide for Mapping Types of Information and Information Systems to Security Categories, http://csrc.nist.gov/publications/nistpubs/800-60-rev1/SP800-60_Vol2-Rev1.pdf

[5] National Institute of Standards and Technology Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf

[6] National Institute of Standards and Technology Special Publication 800-53A Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations, http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53Ar4.pdf

[7] National Institute of Standards and Technology Special Publication 800-70 Revision 2, National Checklist Program – Guidelines for Checklist Users and Developers Recommendations of the National Institute of Standards and Technology for IT Products, http://csrc.nist.gov/publications/nistpubs/800-70-rev2/SP800-70-rev2.pdf

[8] National Institute of Standards and Technology Special Publication 800-115, Technical Guide to Information Security Testing and Assessment, http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf

[9] National Institute of Standards and Technology Special Publication 800-137, Information Security, http://csrc.nist.gov/publications/nistpubs/800-137/SP800-137-Final.pdf

[10] U.S. Department of Health and Human Services, HIPAA Security Series, Security Standards: Technical Safeguards, http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/techsafeguards.pdf

[11] U.S. Department of Health and Human Services, HIPAA Security Series, Security Standards: Physical Safeguards, http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/physsafeguards.pdf

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™8Comprehensive Financial Planning Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™

Filed under: Information Technology, Retirement and Benefits, Risk Management | Tagged: , , , , , , | 7 Comments »

Before You Jump to a Full-Fledged EMR Check Out Other Options [Part 2]

Posted on February 5, 2014 by Dr. David Edward Marcinko MBA MEd CMP™

Join Our Mailing List

HIT: PART TWO

By Shahid Shah MS

Shahid N. ShahWowsa!

What a year [2013] in the HIT business?

Because of all the talk about EMRs and medical records software you’ll have many reasons to start immediately looking for an EMR vendor.

Try to resist that urge and look at broader non-EMR solutions that can help remove some of the non-clinical burdens from your staff in 2014:

  • Fax Server – a fax server allows you to centrally manage all incoming and outgoing faxes. Since most medical practices live on fax, this is one of the fastest investments you can recoup.
  • Shared drives – start using shared drives either using your existing software or you can purchase inexpensive “network disks” for a few hundred dollars to share business forms, online directories, reports, scanned charts, and many other files.
  • Online backups and Internet PACS storage – there are online tools like JungleDisk.com that allow you to store gigabytes of encrypted data into the Internet “cloud” for just a few dollars a month.
  • E-mail (beware of HIPAA, though) – internal office messaging and email is a great place to start. If you haven’t started your office automation journey here you should. If you’re going to use it for patient communications you’ll need to make sure you have patient approvals and appropriate encryption. If you’re on Gmail today and you want to have customers immediately be able to communicate with you on Gmail, that’s generally HIPAA compliant because communications between two Gmail accounts stays within the Google data center and is not sent unencrypted over the Internet.
  • E-Prescribing – e-prescribing is a great place to start your automation journey because it’s a fast way to realize how much slower the digital process is in capturing clinical data. If e-prescribing alone makes you slower in your job, EMRs will likely affect you even more. If you’re productive with e-prescribing then EMRs in general will make you more productive too.
  • Office Online and Google Apps (scheduling, document sharing) – Google and Microsoft® have some very nice online tools for managing contacts (your patients are contacts), scheduling (appointments), dirt simple document management, and getting everyone in the office “on the same page”. Before you jump into full-fledged EMRs see if these basic free tools can do the job for you.
  • Modular clinical groupware – this is a new category of software that allows you to collaborate with colleagues on your most time-consuming or most-needy patients and leave the remainder of them as-is. By automating what’s taking the most of your time you don’t worry about the majority of patients who aren’t.
  • Patient registry and CCR bulletin boards – if you’re just looking for basic patient population management and not detailed office automation then patient registries and CCR databases are a great start. These don’t help with workflow but they do manage patient summaries.
  • Document imaging – scanning and storing your paper documents is something that affects everyone; all scanners come with some basic imaging software that you can use for free. Once you’re good at scanning and paper digitization you can move to “medical grade” document managements that can improve productivity even more.
  • Clinical content repository (CMS) – open source systems like DrupalModules.com and Joomla.org do a great job of content management and they can be adapted to do clinical content management.
  • Electronic lab reporting – if labs are taking up most of your time, you can automate that pretty easily with web-based lab reporting systems.
  • Electronic transcription – if clinical note taking is taking most of your time, you can automate that by using electronic transcribing.
  • Speech recognition – another “point solution” to helping with capturing clinical notes; you can get a system up and running for under $250.
  • Instant Messaging (IM) – IM gives you the ability to connect directly with multiple rooms within your office using free software; if you want, you can also connect with patients and other physicians during work hours.

working with computer

Assessment

Can you think of any others?

Part One: Before you Jump to a Full-Fledged EMR Check out Other Options [Part 1]

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product DetailsProduct Details

Filed under: iMBA, Inc., Information Technology | Tagged: , , | Leave a comment »

Before you Jump to a Full-Fledged EMR Check out Other Options [Part 1]

Posted on January 30, 2014 by Dr. David Edward Marcinko MBA MEd CMP™

Join Our Mailing List

HIT: PART ONE … OF TWO PARTS

By Shahid Shah MS

Shahid N. Shah MSWowsa!

What a year [2013] in the HIT business?

Because of all the talk about EMRs and medical records software you’ll have many reasons to start immediately looking for an EMR vendor.

Try to resist that urge and look at broader non-EMR solutions that can help remove some of the non-clinical burdens from your staff in 2014:

  • Using Microsoft Office Outlook® or an online calendaring system like Google to maintain patient schedules. While most vendors of clinical scheduling will tell you that medical scheduling is too complex to be handled by non-medical scheduling systems, most small and medium sized physician practices can easily get by with free or very inexpensive and non-specialized scheduling tools. By using general-purpose scheduling tools you will find that you can use less expensive consultants or IT help to manage your patient scheduling technology needs.
  • Using off-the-shelf address book software such as those built into Microsoft Office®, the Windows® and Macintosh® operating systems, or online tools such as Google apps you can maintain complete patient and contact registries for managing your patient lists. While a patient registry may not give you all of the features and functions you need immediately they can grow to a system that will meet your needs over time.
  • Using physician practice management systems you can remove much of the financial bookkeeping and insurance record-keeping burdens from your staff. Unlike calendaring or address book functionality which can be adapted from non-medical systems, insurance claims and related bookkeeping is an area where you should choose specific software based on how your practice earns its revenue. For example if a majority of your claims are Medicare related, then you should choose software that is specifically geared towards government claims management. If however your revenue comes less from insurance and more from traditional cash or related means you can easily use small business accounting software like Quicken® or Microsoft accounting.
  • Using computer telephony technology you can integrate automatic call in and call out the services that can be tied to your phone system so that you can track phone calls or send out call reminders.
  • Using integrated medical devices that can capture, collect, and transmit physiological patient data you can reduce paper capture of vital signs and other clinical data so that your staff are freed to do other work.
  • Using e-mail, instant messaging, social networking, and other online advanced tools you can reduce the number of phone calls that your practice receives and needs to return and yet continue to improve the patient physician communication process. One of the most time-consuming parts of any office is the back-and-forth phone calls so any reduction in phone calls will yield significant productivity increases.

eHRs

Assessment

Can you think of any other work-arounds?

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product DetailsProduct Details

Filed under: Information Technology | Tagged: , , | 2 Comments »

What’s Next for Healthcare Information Technology Innovation?

Posted on January 2, 2013 by Dr. David Edward Marcinko MBA MEd CMP™

Join Our Mailing List

A Video Panel Discussion

By Shahid N. Shah MS

Dr. David Edward Marcinko MBA

http://www.healthcareguy.com/

Shahid N. Shah MSIn Nashville a few weeks ago, at the Vanderbilt Healthcare Conference, I gave a short talk on a panel focused on the question “What’s next for healthcare information technology innovation?”

The Key Questions

The talk focused on answering a couple of key questions:

  • What does innovation in healthcare mean?
  • Where are the major areas in healthcare where innovation is required?

The Take-Aways

And it had a few key takeaways:

  • Understand health tech buyer fallacies
  • Understand PBU: Payer vs. Benefiter vs. User
  • Understand why healthcare businesses buy stuff so you can build the right thing

Assessment

My speaker deck is found below (if you’re reading this through a feed reader you should click into the blog so that it is visible). You can download the PDF here. After you’ve flipped through it, let me know what you think by dropping some comments below.

Editor’s Note: Mr. Shah is a ME-P thought-leader and an internationally recognized enterprise software analyst that specializes in healthcare IT with an emphasis on e-health, EHR/EMR, Meaningful Use, data integration, medical device connectivity, health informatics, and legacy modernization. He contributed CH 13 to: www.BusinessofMedicalPractice.com and Chapter 13: IT, eMRs & GroupWare

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

DICTIONARIES: http://www.springerpub.com/Search/marcinko
PHYSICIANS: www.MedicalBusinessAdvisors.com
PRACTICES: www.BusinessofMedicalPractice.com
HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
CLINICS: http://www.crcpress.com/product/isbn/9781439879900
BLOG: www.MedicalExecutivePost.com
FINANCE: Financial Planning for Physicians and Advisors
INSURANCE: Risk Management and Insurance Strategies for Physicians and Advisors

Product Details

Filed under: Information Technology, Videos | Tagged: , , , , , , | 9 Comments »

“Meaningful Use” for Ambulatory Care Medical Practices

Posted on June 3, 2011 by Dr. David Edward Marcinko MBA MEd CMP™

Join Our Mailing List

EHR Objectives and Measures

By Shahid N. Shah MS  

For ambulatory care practices and physicians there are about 25 objectives and measures that must be met to become a “meaningful user”. Keep in mind that meaningful use is not tied to a certified EHR alone; in fact, unless you use the EHR properly and in all the ways the government wants you to, you will not be a “meaningful user”.

Don’t be fooled by EHR vendors guaranteeing that they will make you a “meaningful user” – no vendor’s software, no matter how nice, can get your staff to use the software in the way the government wants. You, as the CIO of your practice, are the only one that can guarantee that. In fact, you don’t even need an EHR from a vendor to meet the requirements – you can even roll your own, use open source, or find any other means.

Fear and Promises

In general, as long as you can attest and send data to the government that they require you can do it in any way that you want. Be aware that some unscrupulous vendors are scaring practices and making promises that they cannot keep.

Final MU Rules

The final Meaningful Use (MU) Rule was published by HHS on July 13, 2010. It defines 24 objectives for and measures eligible hospitals that could be met to become a meaningful user and qualify for incentive funding. There is a “core set” that must be met by all institutions and a “menu set” of from which organizations must implement at least 5 objectives.

Core Set Objectives

These are the “core set” of 14 objectives that must be met by all institutions and a “menu set” of 10 from which organizations must implement at least 5 objectives (at least 1 public health objective must be chosen from that set).

  1. Use Computer Provider Order Entry (CPOE).
  2. Implement drug-drug, drug-allergy, and drug-formulary checks.
  3. Record demographics.
  4. Implement one clinical decision support rule.
  5. Maintain an up-to-date problem list of current and active diagnoses based on ICD-9-CM or SNOMED CT.
  6. Maintain active medication list.
  7. Maintain active medication allergy list.
  8. Record and chart changes in vital signs.
  9. Record smoking status for patients 13 years or older.
  10. Report hospital clinical quality measures to CMS or States.
  11. Provide patients with an electronic copy of their health information, upon request.
  12. Provide patients with an electronic copy of their discharge instructions at time of discharge, upon request.
  13. Capability to exchange key clinical information among providers of care and patient-authorized entities electronically.
  14. Protect electronic health information.

Menu Set Objectives

These are the “menu set” of 10 objectives from which organizations must implement at least 5. At least one public health objective must be chosen from this set as well (numbers 8 or 9). Drug-formulary checks.

  1. Record advanced directives for patients 65 years or older.
  2. Incorporate clinical lab test results as structured data.
  3. Generate lists of patients by specific conditions.
  4. Use certified EHR technology to identify patient-specific education resources and provide to patient, if appropriate.
  5. Medication reconciliation.
  6. Summary of care record for each transition of care/referrals.
  7. Capability to submit electronic data to immunization registries/systems.
  8. Capability to provide electronic submission of reportable lab results to public health agencies.
  9. Capability to provide electronic syndromic surveillance data to public health agencies.

Government Agencies and Participants Involved in MU

As you can see in the Figure, the Office of the National Coordinator for Healthcare IT (ONCHIT) is a component of the Department of Health and Human Services (HHS). ONCHIT, usually abbreviated just ONC, is the principal policy group of the Federal Government that defines and manages NHIN.

Figure Link: Figure 

* ONC is responsible for coordinating with the Department of Commerce’s National Institute of Standards and Technology (NIST) on the specifications for the NHIN standards.

* The HIT Policy and HIT Standards Committees are the working groups that advise ONC on what to put in the standards.

* NIST is responsible for coming up with the test materials (assertions, procedures, methods, tools, data, and so on) that will be used to certify working systems 

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details 

Filed under: Information Technology | Tagged: , , , , , , , , , , | 7 Comments »

Not so Fast – Examining eMR Options and Alternatives

Posted on March 16, 2011 by Dr. David Edward Marcinko MBA MEd CMP™

Look Before you Leap

By Shahid N. Shah MS

Because of all the talk about electronic medical records [EMRs] and medical records software, doctors have many reasons to start immediately looking for an EMR vendor.

But, try to resist that urge and look at broader non-EMR solutions that can help remove some of the non-clinical burdens from your staff.

Here are some examples from Chapter 13, in our new book: www.BusinessofMedicalPractice.com

  • Using Microsoft Office Outlook® or an online calendaring system like Google to maintain patient schedules. While most vendors of clinical scheduling will tell you that medical scheduling is too complex to be handled by non-medical scheduling systems, most small and medium sized physician practices can easily get by with free or very inexpensive and non-specialized scheduling tools. By using general-purpose scheduling tools you will find that you can use less expensive consultants or IT help to manage your patient scheduling technology needs.
  • Using off-the-shelf address book software such as those built into Microsoft Office®, the Windows® and Macintosh® operating systems, or online tools such as Google apps you can maintain complete patient and contact registries for managing your patient lists. While a patient registry may not give you all of the features and functions you need immediately they can grow to a system that will meet your needs over time.
  • Using physician practice management systems you can remove much of the financial bookkeeping and insurance record-keeping burdens from your staff. Unlike calendaring or address book functionality which can be adapted from non-medical systems, insurance claims and related bookkeeping is an area where you should choose specific software based on how your practice earns its revenue. For example if a majority of your claims are Medicare related, then you should choose software that is specifically geared towards government claims management. If however your revenue comes less from insurance and more from traditional cash or related means you can easily use small business accounting software like Quicken® or Microsoft accounting.
  • Using computer telephony technology you can integrate automatic call in and call out the services that can be tied to your phone system so that you can track phone calls or send out call reminders.
  • Using integrated medical devices that can capture, collect, and transmit physiological patient data you can reduce paper capture of vital signs and other clinical data so that your staff are freed to do other work.
  • Using e-mail, instant messaging, social networking, and other online advanced tools you can reduce the number of phone calls that your practice receives and needs to return and yet continue to improve the patient physician communication process. One of the most time-consuming parts of any office is the back-and-forth phone calls so any reduction in phone calls will yield significant productivity increases.

Assessment

Any other ideas?

Link: Front Matter BoMP – 3

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com and http://www.springerpub.com/Search/marcinko

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product Details 

Filed under: Book Reviews, Information Technology | Tagged: , , , , , | 3 Comments »

Brief Summary of “Meaningful-Use” for eHRs

Posted on October 21, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

Objectives Listed

By Shahid N. Shah MS

www.BusinessofMedicalPractice.com

In 2009, the ARRA HITECH bill coined the term “meaningful use” and was a game-changer in the healthcare IT industry. In a series of regulations, the Recovery Act specifically required the following.

Summary of MU

Here are the substantive Meaningful Use objectives of the new ARRA HITECH bill:

  • Use Computer Provider Order Entry (CPOE).
  • Implement drug-drug, drug-allergy, drug-formulary checks.
  • Maintain an up-to-date problem list of current and active diagnoses based on ICD-9-CM or SNOMED CT®.
  • Maintain active medication list.
  • Maintain active medication allergy list.
  • Record demographics.
  • Record and chart changes in vital signs.
  • Record smoking status for patients 13 years and older.
  • Incorporate clinical lab-test results into EHR as structured data.
  • Generate lists of patients by specific conditions to use for quality improvement, reduction of disparities, and outreach. This is a common feature in EHRs.
  • Report ambulatory quality measures to CMS or the States.
  • Implement 5 clinical decision support rules relevant to specialty or high clinical priority, including diagnostic test ordering, along with the ability to track compliance with those rules.
  • Check insurance eligibility electronically from public and private payers.
  • Submit claims electronically to public and private payers.
  • Provide patients with an electronic copy of their health information upon request.
  • Capability to electronically exchange key clinical information among providers of care and patient-authorized entities.
  • Perform medication reconciliation at relevant encounters and each transition of care.
  • Provide summary care record for each transition of care and referral.
  • Capability to submit electronic data to immunization registries and actual submission where required and accepted.
  • Capability to provide electronic syndromic surveillance data to public health agencies and actual transmission according to applicable law and practice.
  • Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities
  • Generate and transmit permissible prescriptions electronically.
  • Send reminders to patients per patient preference for preventive/follow-up care.
  • Provide patients with timely electronic access to their health information within 96 hours of information being available to the EP.
  • Provide clinical summaries for patients for each office visit.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

 

Product DetailsProduct DetailsProduct Details

Filed under: Information Technology, Practice Management | Tagged: , , , , , , , , , | 7 Comments »

Content Exchange and Vocabulary Standards for eMRs

Posted on October 14, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

Understanding Terms and Definitions

By Shahid N. Shah MS

As per the HHS rules, vocabulary standards are standardized nomenclatures and e-code sets used to describe clinical problems and procedures, medications, and allergies for eMRs. Some commons terms and definitions are listed below:

Terms and Definitions

  • ASTM’s CCR – for most of your basic patient summary exchange needs the CCR will meet your needs. If you’re moving from low or no interoperability today to some interoperable capabilities then CCR is your best starting place.
  • International Classification of Diseases, 9th Revision, Clinical Modifications (ICD-9- CM) or SNOMED CT® should populate a problem list. If you’re not familiar with both standards and are unsure where to start, go with ICD-9 for problem lists. SNOMED is not commonly supported in the broad EMR industry but ICD-9 support is quite common so start there.
  • Health Level Seven (HL7) Clinical Document Architecture (CDA) Release 2 (R2) Level 2 CCD – for more advanced patient summary exchange needs the HL7 CDA is recommended. If you’re already supporting CCR exchange and it’s not meeting your needs then HL7 CDA is the next logical place to go.
  • For patient summary exchanges, HHS expect the following fields to be populated: problem list; medication list; medication allergy list; procedures; vital signs; units of measure; lab orders and results; and, where appropriate, discharge summary.
  • ICD-9-CM [ACD-10] or American Medical Association (AMA) Current Procedural Terminology (CPT®) Fourth Edition (CPT–4) to populate information related to procedures. Both of these standards are support broadly by most existing vendors so going with either or both is good.
  • For medication lists, HHS requires the use of codes from a drug vocabulary the National Library of Medicine has identified as an RxNorm drug data source provider with a complete data set integrated within RxNorm.
  • For lab results, HHS requires the use of LOINC® to populate information in a patient summary record related to lab orders and results when LOINC® codes have been received from a laboratory and are retained and subsequently available in your EMR. HHS states that in instances where LOINC® codes have not been received from a laboratory, the use of any local or proprietary code is permitted. HHS does not require these local or proprietary codes to be converted to LOINC® codes in order to populate a patient summary record.
  • For the purposes of electronic prescribing, your vendor must be capable of using NCPDP SCRIPT 8.1 or NCPDP SCRIPT 8.1 and 10.6. With respect to a vocabulary standard, your vendor must use codes from a drug vocabulary currently integrated into the NLM’s RxNorm. For the purposes of performing a drug formulary check, your vendor must be capable of using NCPDP Formulary & Benefits Standard 1.0 adopted by HHS (73 FR 18918).
  • There are standards required for insurance data like eligibility checking and submissions of claims. ASC X12N and NCPDP standards (Versions 4010/4010A and 5010 and Versions 5.1 and D.0, respectively) should be used for these transactions. It’s important to realize that Version 4010 is being phased out in favor of Version 5010 so your vendors need to support both at this time and must be able to move exclusively to Version 5010 in the future.
  • For the purposes of electronically submitting calculated quality measures required by CMS or by States, your vendor must be capable of using the CMS PQRI 2008 Registry XML Specification. Going forward, HL7 Quality Reporting Document Architecture (QRDA) Implementation Guide based on HL7 CDA Release 2 may be allowed but for now focus on the CMS PQRI requirements until HHS provides more guidance in the future.
  • For the purposes of submitting lab results to public health agencies, your vendor must be capable of using HL7 2.5.1.
  • For the purposes of electronically submitting information to public health agencies for surveillance and reporting, your vendor must be capable of using HL7 2.3.1 or HL7 2.5.1 as a content exchange standard. At this time HHS not required adverse event reporting nor have they adopted a specific vocabulary standard for submitting information to public health agencies for surveillance and reporting.
  • For the purposes of electronically submitting information to immunization registries your vendor must be capable of using HL7 2.3.1 or HL7 2.5.1 as a content exchange standard and the CDC maintained HL7 standard code set CVX -Vaccines Administered18 as the vocabulary standard.

Assessment

www.BusinessofMedicalPractice.com

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.  

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com and http://www.springerpub.com/Search/marcinko

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Health Dictionary Series: http://www.springerpub.com/Search/marcinko 

Practice Management: http://www.springerpub.com/product/9780826105752

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Product DetailsProduct DetailsProduct Details       

Filed under: CMP Program, Information Technology, Practice Management | Tagged: , , , , , , , , , , , , , , , | 3 Comments »

More About Regional Extension Centers

Posted on September 23, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

RECs Explained

By Shahid N. Shah; MS 

www.BusinessofMedicalPractice.com

The Meaningful Use and Certification requirements along with the myriad of government regulations around Medicare and Medicaid reimbursements will be too complicated for most physicians to understand and manage on their own. To help out small practices, one of the interesting things funded by the HITECH Act was the creation of the Health Information Technology Extension Program. Via that program, the Department of Health and Human Services is required to invest in Regional Extension Centers (called “RECs” and pronounced like “wrecks”). RECs are designed to offer consulting and technical support to physicians in order to help accelerate adoption of Electronic Health Records (EHRs).

Purpose

The purpose of the RECs is to provide guidance on which products to buy, help reduce prices of software through group purchase agreements, and give technical assistance on implementation and deployment. These services will be free of charge to physicians. However, keep in mind that all RECs are non-profit organizations and most have little or no inherent knowledge about EMRs, EHRs, implementations, deployments, computer skills, etc.; initially they are groups that responded to the grant request in a manner that fulfilled documentation required by the government and will be provided government money to help Physicians become meaningful users [MUs].

No Cost Advice

In the short run no RECs will be very good because they will all be inexperienced. Over the long run, some RECs will become very good at their jobs while other RECs will be mediocre or not good at all; only time will tell which ones will be superb and helpful vs. not. Since RECs will be paid by the government for each physician they sign up, RECs will be very eager to approach and conduct outreach to sign you up. And, it will not cost you anything to sign up and the advice and assistance will be free to MDs.

Assessment

Keep in mind, though, that whenever something is free to you, always think about why it’s free. What does the organization get out of providing you free advice, assistance, knowledge, etc. – in the case of RECs, it’s is money from the government. The good news is that RECs are being told by the government that will only be paid if you become a “meaningful user.” However, the bad news is that some RECs will not be able to do a good job and may give you bad advice.

Conclusion

And so, your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Get our Widget: Get this widget!

Our Other Print Books and Related Information Sources:

Practice Management: http://www.springerpub.com/prod.aspx?prod_id=23759

Physician Financial Planning: http://www.jbpub.com/catalog/0763745790

Medical Risk Management: http://www.jbpub.com/catalog/9780763733421

Healthcare Organizations: www.HealthcareFinancials.com

Physician Advisors: www.CertifiedMedicalPlanner.com

Subscribe Now: Did you like this Medical Executive-Post, or find it helpful, interesting and informative? Want to get the latest ME-Ps delivered to your email box each morning? Just subscribe using the link below. You can unsubscribe at any time. Security is assured.

Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos

Sponsors Welcomed: And, credible sponsors and like-minded advertisers are always welcomed.

Link: https://healthcarefinancials.wordpress.com/2007/11/11/advertise

Filed under: Information Technology, Practice Management | Tagged: , , , , , , , | 5 Comments »

More on the Meaningful Use of eMRs

Posted on September 3, 2010 by Dr. David Edward Marcinko MBA MEd CMP™

Join Our Mailing List

Final Meaningful Use Rules Released by HHS on July 13, 2010.

[By Shahid N. Shah MS]

Link: http://shahid.shah.org

For ambulatory care practices and physicians there are about 25 objectives and measures that must be met to become a “meaningful user”. Keep in mind that meaningful use is not tied to a certified EHR alone; in fact, unless you use the EHR properly and in all the ways the government wants you to, you will not be a “meaningful user”. Don’t be fooled by EHR vendors guaranteeing that they will make you a “meaningful user” – no vendor’s software, no matter how nice, can get your staff to use the software in the way the government wants. You, as the CIO of your practice, are the only one that can guarantee that. In fact, you don’t even need an EHR from a vendor to meet the requirements – you can even roll your own, use open source, or find any other means. But, in general, as long as you can attest and send data to the government that they require you can do it in any way that you want. Be aware that some unscrupulous vendors are scaring practices and making promises that they cannot keep.

Final MU Rules

The final Meaningful Use (MU) Rule was published by HHS on July 13, 2010. It defines 24 objectives for and measures eligible hospitals that could be met to become a meaningful user and qualify for incentive funding. There is a “core set” that must be met by all institutions and a “menu set” of from which organizations must implement at least 5 objectives.

Core Set Objectives

These are the “core set” of 14 objectives that must be met by all institutions and a “menu set” of 10 from which organizations must implement at least 5 objectives (at least 1 public health objective must be chosen from that set).

  1. Use Computer Provider Order Entry (CPOE).
  2. Implement drug-drug, drug-allergy, and drug-formulary checks.
  3. Record demographics.
  4. Implement one clinical decision support rule.
  5. Maintain a problem list of current and active Dxs based on ICD-9-CM or SNOMED CT.
  6. Maintain active medication list.
  7. Maintain active medication allergy list.
  8. Record and chart changes in vital signs.
  9. Record smoking status for patients 13 years or older.
  10. Report hospital clinical quality measures to CMS or States.
  11. Provide patients with an electronic copy of their health information, upon request.
  12. Provide patients an e-copy of discharge instructions at time of discharge, upon request.
  13. Exchange key clinical e-information among providers and patient-authorized entities.
  14. Protect electronic health information.

Menu Set Objectives

These are the “menu set” of 10 objectives from which organizations must implement at least 5. At least one public health objective must be chosen from this set as well (numbers 8, 9, or 10).

  1. Drug-formulary checks.
  2. Record advanced directives for patients 65 years or older.
  3. Incorporate clinical lab test results as structured data.
  4. Generate lists of patients by specific conditions.
  5. Use certified eHR technology to identify patient-specific education resources and provide to patient, if appropriate.
  6. Medication reconciliation.
  7. Summary of care record for each transition of care/referrals.
  8. Capability to submit electronic data to immunization registries/systems.
  9. Capability to provide electronic submission of reportable lab results to public health agencies.
  10. Capability to provide electronic syndromic surveillance data to public health agencies.

Assessment

As can be seen in the link below, the Office of the National Coordinator for Healthcare IT (ONCHIT) is a component of the Department of Health and Human Services (HHS). ONCHIT, usually abbreviated just ONC, is the principal policy group of the Federal Government that defines and manages NHIN.

  • ONC is responsible for coordinating with the Department of Commerce’s National Institute of Standards and Technology (NIST) on the specifications for the NHIN standards.
  • The HIT Policy and HIT Standards Committees are the working groups that advise ONC on what to put in the standards.
  • NIST is responsible for coming up with the test materials (assertions, procedures, methods, tools, data, and so on) that will be used to certify working systems.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

Product Details 

Filed under: Book Reviews, Information Technology, Practice Management | Tagged: , , , , , , , , , , , , , , , , , | 7 Comments »