The billing or financial department:
Much of the practice’s income depends on this department. This is the team in the organization that ensures that your money is tracked down and retrieved from the Payers and challenging patients. So how can we assist through technology and how can different solutions enable them to be more efficient.
Easy to look up EOB:
First we will start by implementing an open source OCR product Click here. That’s right 0$ solution that will reduce the look up time of an EOB by at least 50%. A billing staff member can locate a document simply by searching the DOS (Date of service) or simply the patient insurance id and with the results displayed in a Google fashion.
Post patient payments electronically:
Next stop is to reduce or even eliminate the need to manually post payments. Now this solution depends on the organization’s billing system whether the PMS or HIS supports electronic remit (X12N 835 format) or not. This is the format that payers return their EOB. Fortunately that format can be utilized to post patient payments as well that have been made electronically through a web portal or from processed check payments. This dramatically reduces overhead by requiring staff to spend less time doing data entry.
Deposit payments from your office:
Let’s be honest here, checks will be around for few more years, just like when we were told that with Check Cards checks will cease to exist. Well, I am sure checks will continue to survive for a little longer. So, let’s see how we can still be more efficient around them. How about reducing or eliminating the couriers services for check deposits. If you can today deposit a check simply by taking a picture of it through your phone(ImageNet Mobile Deposit(TM)), then medical practices have got to be able to use the remote deposit feature that’s offered with many of today's banks.
Elegability Check:
Ok, if a practice is still not utilizing these services that are offered by most clearing houses, then this is the appropriate time to try them out. It is a very powerful tool, especially when it reduces your claim denials and patient balances that end up going to collections with 20% of your potential revenue.
While there are many additional ways to create efficiencies through out the practice, the billing department is a great place to realize cost savings immediately without major adjustments. Whether you employ claim adjudication, document management or simply outsource statement printing, it is very important to continuously talk to your vendors and stay connected with what is the latest and greatest.. This will ensure that you are constantly evaluating and implementing what matters to your practice.
Tuesday, October 6, 2009
Tuesday, September 29, 2009
P4P Quality measure with CPT is not in our future
History
“The system is broke”, is a far more common phrase we continue to hear. Whether it is a politician eager to promote more support for healthcare reform, or a patient who is too frustrated due to the sheer volume of bills they get from 10 different entities, just to have one procedure for appendix removal. Even physicians who are penalized for using too many CPT codes or procedure count to treat a complex condition and get penalized from the payers for it under their P4P programs are saying it.
So this begs the question, is P4P Quality measures with CPT the right thing? We are seeing that many of these programs have not shown a tremendous adoption from physicians. Take the PQRI initiative, statistics have shown an average of $700.00 return per physician which is relatively low comparing it to the costs the practice has incur. This begs the question, is it worth looking at P4P programs and worrying about implementing them? Is the technology available to measure the outcomes of patient treatment over time?
Is it possible that physicians will be paid based on treatment outcome?
Well, if you review the ARRA and what 2015 will bring you will a clear indication as part of the meaningful Use goals to be“clinical outcome measures, efficiency measures and safety measures”, you will realize that there is a tremendous emphasis on outcome measures this might not mean that you care providers would be required to follow the recommendations, but it will mean that if CMS does make the outcome measure as a mean to reimburse you on patient treatment, then as we know Payers will usually just follow.
What are the current facts?
The good news this possible change would not affect the way physicians provide care. Many care providers do see and treat the patient based on some mental measurements and grading if the patient is or is not improving. But it does get sticky when a group needs to report on it on paper. Take for example a patient being treated for a broken wrist. We can measure the outcome of the treatment based on the level of Pain, we can track the range of movement of the wrist after the cast is done and we can measure the improvement on the amount of time it took to have the cast off. While in many cases the person’s body will dictate some of those results, but we can still benchmark the treatment outcome.
However, when you consider the patients with chronic disease such as End-Stage-Kidney disease then the complexity increases tremendously. During a recent presentation by CTG, they had a very interesting approach to this challenge. They basically created a Master Patient Complexity index that they can use measure the patient condition through well defined scientific measures such as: Age, Hemoglobin, Creatinine, Bun, BMI, Calcium, Potassium and so forth. With a plot as radar spokes as shown here(Values are based on fictitious data and do not represent actual patient information).
Result and the impact of this direction
This can potentially result in a shift of paradigm. Physicians may not be paid on how many procedures done, but the improvement of their patient’s overtime using a proven Master Patient Complexity index. The current recommended model by CTG looks very promising and may as well be a starting point. There have been implementations of similar models by other groups such as Mayo Clinic. This would also mean that EMR/PMS products would need to have a different approach to how payors are billed and properly display the progress or patient treatment outcome of time. It is just another fun day for BI (Business Intelligence) and health analytics.
Conclusion:
While physicians continue to focus on providing care to their patients one must remember that doctors do have to be compensated appropriately. Using CPT for a way to measure care quality is definitely not an acceptable method of measuring the improvement on quality care, so considering other approaches is a must, and looking for technology as a tool to facilitate makes more sense than ever. It also means that physicians must become more involved in product and measure development. This will ensure that future EMR products will answer to the providers needs, improved measures to assist patients with complex conditions and create an efficient reimbursement system.
“The system is broke”, is a far more common phrase we continue to hear. Whether it is a politician eager to promote more support for healthcare reform, or a patient who is too frustrated due to the sheer volume of bills they get from 10 different entities, just to have one procedure for appendix removal. Even physicians who are penalized for using too many CPT codes or procedure count to treat a complex condition and get penalized from the payers for it under their P4P programs are saying it.
So this begs the question, is P4P Quality measures with CPT the right thing? We are seeing that many of these programs have not shown a tremendous adoption from physicians. Take the PQRI initiative, statistics have shown an average of $700.00 return per physician which is relatively low comparing it to the costs the practice has incur. This begs the question, is it worth looking at P4P programs and worrying about implementing them? Is the technology available to measure the outcomes of patient treatment over time?
Is it possible that physicians will be paid based on treatment outcome?
Well, if you review the ARRA and what 2015 will bring you will a clear indication as part of the meaningful Use goals to be“clinical outcome measures, efficiency measures and safety measures”, you will realize that there is a tremendous emphasis on outcome measures this might not mean that you care providers would be required to follow the recommendations, but it will mean that if CMS does make the outcome measure as a mean to reimburse you on patient treatment, then as we know Payers will usually just follow.
What are the current facts?
The good news this possible change would not affect the way physicians provide care. Many care providers do see and treat the patient based on some mental measurements and grading if the patient is or is not improving. But it does get sticky when a group needs to report on it on paper. Take for example a patient being treated for a broken wrist. We can measure the outcome of the treatment based on the level of Pain, we can track the range of movement of the wrist after the cast is done and we can measure the improvement on the amount of time it took to have the cast off. While in many cases the person’s body will dictate some of those results, but we can still benchmark the treatment outcome.
However, when you consider the patients with chronic disease such as End-Stage-Kidney disease then the complexity increases tremendously. During a recent presentation by CTG, they had a very interesting approach to this challenge. They basically created a Master Patient Complexity index that they can use measure the patient condition through well defined scientific measures such as: Age, Hemoglobin, Creatinine, Bun, BMI, Calcium, Potassium and so forth. With a plot as radar spokes as shown here(Values are based on fictitious data and do not represent actual patient information).
Result and the impact of this direction
This can potentially result in a shift of paradigm. Physicians may not be paid on how many procedures done, but the improvement of their patient’s overtime using a proven Master Patient Complexity index. The current recommended model by CTG looks very promising and may as well be a starting point. There have been implementations of similar models by other groups such as Mayo Clinic. This would also mean that EMR/PMS products would need to have a different approach to how payors are billed and properly display the progress or patient treatment outcome of time. It is just another fun day for BI (Business Intelligence) and health analytics.
Conclusion:
While physicians continue to focus on providing care to their patients one must remember that doctors do have to be compensated appropriately. Using CPT for a way to measure care quality is definitely not an acceptable method of measuring the improvement on quality care, so considering other approaches is a must, and looking for technology as a tool to facilitate makes more sense than ever. It also means that physicians must become more involved in product and measure development. This will ensure that future EMR products will answer to the providers needs, improved measures to assist patients with complex conditions and create an efficient reimbursement system.
Monday, September 28, 2009
ARRA or stimulus Health IT calculator
The American Recovery and Reinvestment Act of 2009 (ARRA) has far-reaching effects in healthcare. Stakeholders affected range from patients, private physicians, and large hospital networks. The Act includes a planned expenditure of $34 billion for HIT, with $32 billion going to hospitals and physicians, as an incentive to adopt certified, interoperable Electronic Health Records (EHRs).
I have been getting a lot of requests to help calculate the potential incentives available for a practice. Many administrators and executives are asking if this pay for us to go paperless or pay for a full EMR implementation? Well, as easy as it may seem, you have to analyze your own numbers. As a lawyer told a colleague today about first home buyers. "You will get up to 8,000 dollars". The keyword there is "UP TO". So, for many practices the notion that each provider will get the max allowed amount will be depending on a lot of things. For many of the work I have been doing, I have developed a small cheat sheet or a calculator that can help shed some light on what dollars you may be getting based on Medicaid or Medicare provision. If you are interested feel free to email me the answer to the following questions and I will send you the results with some projections.
Email me or post a comment to this blog and I will respond.
A place to start:
For Medicare
____:Year when meaningful use
____:Number of MDs in your practice
____:#total allowable for Medicare Patients for 2008
For Medicaid
____:Year when meaningful use was
____:Number of MDs in your practice
____:%of patients with Medicaid
____:#Avg. Technology Costs
____:number of Midwives or PA or NP
____:Yearly maintenance and technology costs after implementation
I have been getting a lot of requests to help calculate the potential incentives available for a practice. Many administrators and executives are asking if this pay for us to go paperless or pay for a full EMR implementation? Well, as easy as it may seem, you have to analyze your own numbers. As a lawyer told a colleague today about first home buyers. "You will get up to 8,000 dollars". The keyword there is "UP TO". So, for many practices the notion that each provider will get the max allowed amount will be depending on a lot of things. For many of the work I have been doing, I have developed a small cheat sheet or a calculator that can help shed some light on what dollars you may be getting based on Medicaid or Medicare provision. If you are interested feel free to email me the answer to the following questions and I will send you the results with some projections.
Email me or post a comment to this blog and I will respond.
A place to start:
For Medicare
____:Year when meaningful use
____:Number of MDs in your practice
____:#total allowable for Medicare Patients for 2008
For Medicaid
____:Year when meaningful use was
____:Number of MDs in your practice
____:%of patients with Medicaid
____:#Avg. Technology Costs
____:number of Midwives or PA or NP
____:Yearly maintenance and technology costs after implementation
Friday, September 11, 2009
Are your patients' health information protected enough to save you from the FTC or the new HIPAA under ARRA rules
With the new burden of newer fines and higher penalties from the modified HIPAA under the ARRA, and the new FTC “Red Flag” regulations, now healthcare organizations must re evaluate their current security protocols and infrastructure to keep the HIPAA auditors at bay.
In today’s fast moving technology, it is very hard for anyone to ensure that the next web site they visit will not install harmful Trojans, that can potentially logged every key stroked, or simply steal some files from their computer that could contain private health information.
Everyday Americans fall victim to identity theft because of information being stolen from computers in healthcare environments. And that includes having their health records used or insurance information to obtain health services and procedures. We are accustomed to hearing that most data breaches occur at large scale operations such as the heartland breach that hackers had potential access to the personal data of 600 million or more cardholders, even few years before that, the story of the chain TJX that had more than 45 million customers data compromised. But all these are extremely hard to accomplished, and require sophisticated and most advanced hackers. But what if you were told that your doctor’s office would be the next target right now, right out of their parking lot? Or what If a simple URL can land one of your nurses on the wrong web site that will automatically install a Trojan, which in turn will gain access to health data.
There are several threats you should be aware of as a consumer or a healthcare administrator. Again, the intent of this article is not to force you completely get rid of your computers and wireless networks, but it is to provide you with information that can assist in understanding your environment and the potential areas that may need to be reviewed.
Internal Threats:
The internal threads to your patient data can be identified in many areas. Just to give you an example, last week I visit with few technicians over a medium healthcare office, and as we were going through the DR planning (Disaster Recovery Planning), I asked about the offsite back up. To my surprise I received the following statements “We are covered on that, I take the tapes with me home”, I did not put too much though into it as I asked the next question assuming that the answer would have been yes. “Well, I am sure the backups are password protected and you are encrypting it right!”. Wrong, I received the following reply “Why? They are already in a tape, you think a thief will know how to restore from a tape”. Puzzled and disappointed I began to explain that it would be wiser to find a more secure method to store the sensitive patient information, and explaining how that can really jeopardize the practice and potentially open the door for possible law suits. After I went back to the office, I did a simple search in Google for “How to restore from a tape” and found the following: Results 1 - 10 of about 3,720,000 for How to restore from a tape. (0.16 seconds) . It was clear to me that there was a disconnect between the IT and Privacy and Security requirements. It is critical that sensitive data must be secured, and should not be transported offsite on laptops, tapes or hard drives without the appropriate encryption and protection.
Another internal threat would be the viruses or Trojans that find their ways into computers that are either unprotected or simply have expired Antivirus. Many of these infections originate from web sites that the users visited by mistyping a URL or simply clicking on the wrong link from a personal email. This has been a commonly used method by hackers to gain access to private information on computers through Trojans, key loggers and other remote control methods.
In a world where there are all too many horror stories of scammers, we begin to hear about cases of patients using factitious identity or posing as someone else, and using their insurance cards to gain access to cosmetic or medical procedures where the victim becomes responsible for picking up the tab. We are in an environment where a patient rushing their child to be seen for an illness and they say “their spouse has the insurance card” while the front desk feels obligated to let them be seen, and later come to the realization that the practice now has to write-off the costs of the procedures and treatment after realizing that their insurance was terminated or was not even for the right person. An insurance card does not present the practice with a picture ID, and in many cases where a valid license is and can be a requirement for the patient, many seem to not require that verification and increase the risk of false identity. This becomes a bigger issue as much of the current proposed health reform where the practice will not be able to bill the victim for the balance nor their insurance for a case stolen of identity.
External:
For the most part all health organizations have some sort of firewall already established. This is the device that protects them from outside intruders. But without the right hardware, you are left with a firewall that a hacker can easily discover the default password to, and remotely gain access to your network, or even
With that being said, I have found numerous times where health organizations use a common tool that allows them to logon remotely to their servers such Microsoft Remote desktop (RDP) without VPN (Virtual private network). That means that the server is exposed to the internet through a specific port that hackers can attempt to use to gain access. Some cases Brute force is used (where a dictionary of password is used to try several combinations of passwords for the administrative user), others just a matter of a previous employee still having an active account can gain access, take the data and sell it for profit.
While the above two require fairly advanced knowledge of hacking, there are always few simple ones that can truly be a very easy way to tap into your system or infrastructure. Wireless!!! In many cases if you approach a hospital the wireless infrastructure is so advanced and robust that you can actually detect if there is any attempt to connect to the network without being on the safe list of devices allowed, you can even detect if someone plugs in a new wireless network within the hospital wireless range. But the challenge here again, is that we are discussing the vulnerability of some of our small to mid practices. The ones that simply can not justify the cost of a $800 or more for a single access point. These are the cases where a simple low cost access point, that you plug and play allows you to get on a “secured” wireless can easily be cracked. WEP (some of the commonly used encryption methods by small practices) has poor architecture, and has been identified in the hacker community you can find posts that show you “How To Crack 128-bit Wireless Networks In 60 Seconds”.
The consequences:
In previous years, the above threats would have most likely been considered urgent but not important. Let’s face it, there was no real threat out there to begin with. As a matter fact, even the office that was meant to enforce the HIPAA rules had not levied a single penalty against any HIPAA-covered entity in nearly five years since they began its implementation. What has changed that would force everyone to really take a good look on their current security and privacy readiness. Well, as part of the new ARRA few modifications to the law have been made under (Sections 13409-13411):
• Congress gave state attorneys general authorization to enforce the HIPAA thought civil enforcement actions
• It makes the business associates directly responsible for complying with key HIPAA privacy and security provisions. This meant that the cleaning crew, the third party IT support provider, software vendor, accountant and anyone that comes in contact with your infrastructure or medical and insurance information is sharing the responsibility and potentially liable.
• Fines have dramatically increased under the ARRA fines. You maybe imposed to pay up to 50,000 dollars per violation per calendar year and up to 1.5 million dollars.
• HHS is required to impose civil monetary penalties in circumstances where it finds that a HIPAA violation was willful.
• The criminal provisions were expressly made applicable to individuals.
• The HHS Secretary is now required to conduct periodic audits for compliance with the HIPAA Privacy and Security Rules.
Things to do to help you:
• Implement Password expiration and complexity policies
• Implement strict internet use policies for employees
• Ensure that your IT team properly secures your patient data repository services
• Run periodically security auditing tools
• Ensure that you are using antivirus on every piece of equipment that is connected to your network including cell phone as well.
• Ensure that your backups are password protected, encrypted and properly stored
• Ensure that your business associates agreements reflect the new changes and explain to your vendors what they mean and that their liability insurance covers the extent of the fines and costs that can be a result of data breach
• Ensure that your wireless is using stronger encryption method
• Require patients to present photo ID during registration and ensure you have a B&W copy of it (Color copies are illegal in NC).
• Use biometric check-in devices that ensure the identity of the patient if you are looking for a secure and fast way to identify and check-in patients
• Use network appliances that add an additional layer of protection against SPAM, email viruses and block unwanted traffic from web sites.
• Train and educate staff on proper internet use
Conclusion
Whether you are still using paper charts or completely paperless, patient privacy and security must be a high priority in your list, whether the ARRA enforces the new rules or not. Your clients your patient’s data protection must be addressed. It is like having health insurance, without it, you are taking major risks. There are several organizations that provide you with assistance or HIPAA audits. Some of which are freely available online. Your help desk and engineers need to understand the consequence as well as the importance of implementing the right technologies that are proactive in detecting intrusion as well as protecting all assets in your infrastructure.
Reda Chouffani
In today’s fast moving technology, it is very hard for anyone to ensure that the next web site they visit will not install harmful Trojans, that can potentially logged every key stroked, or simply steal some files from their computer that could contain private health information.
Everyday Americans fall victim to identity theft because of information being stolen from computers in healthcare environments. And that includes having their health records used or insurance information to obtain health services and procedures. We are accustomed to hearing that most data breaches occur at large scale operations such as the heartland breach that hackers had potential access to the personal data of 600 million or more cardholders, even few years before that, the story of the chain TJX that had more than 45 million customers data compromised. But all these are extremely hard to accomplished, and require sophisticated and most advanced hackers. But what if you were told that your doctor’s office would be the next target right now, right out of their parking lot? Or what If a simple URL can land one of your nurses on the wrong web site that will automatically install a Trojan, which in turn will gain access to health data.
There are several threats you should be aware of as a consumer or a healthcare administrator. Again, the intent of this article is not to force you completely get rid of your computers and wireless networks, but it is to provide you with information that can assist in understanding your environment and the potential areas that may need to be reviewed.
Internal Threats:
The internal threads to your patient data can be identified in many areas. Just to give you an example, last week I visit with few technicians over a medium healthcare office, and as we were going through the DR planning (Disaster Recovery Planning), I asked about the offsite back up. To my surprise I received the following statements “We are covered on that, I take the tapes with me home”, I did not put too much though into it as I asked the next question assuming that the answer would have been yes. “Well, I am sure the backups are password protected and you are encrypting it right!”. Wrong, I received the following reply “Why? They are already in a tape, you think a thief will know how to restore from a tape”. Puzzled and disappointed I began to explain that it would be wiser to find a more secure method to store the sensitive patient information, and explaining how that can really jeopardize the practice and potentially open the door for possible law suits. After I went back to the office, I did a simple search in Google for “How to restore from a tape” and found the following: Results 1 - 10 of about 3,720,000 for How to restore from a tape. (0.16 seconds) . It was clear to me that there was a disconnect between the IT and Privacy and Security requirements. It is critical that sensitive data must be secured, and should not be transported offsite on laptops, tapes or hard drives without the appropriate encryption and protection.
Another internal threat would be the viruses or Trojans that find their ways into computers that are either unprotected or simply have expired Antivirus. Many of these infections originate from web sites that the users visited by mistyping a URL or simply clicking on the wrong link from a personal email. This has been a commonly used method by hackers to gain access to private information on computers through Trojans, key loggers and other remote control methods.
In a world where there are all too many horror stories of scammers, we begin to hear about cases of patients using factitious identity or posing as someone else, and using their insurance cards to gain access to cosmetic or medical procedures where the victim becomes responsible for picking up the tab. We are in an environment where a patient rushing their child to be seen for an illness and they say “their spouse has the insurance card” while the front desk feels obligated to let them be seen, and later come to the realization that the practice now has to write-off the costs of the procedures and treatment after realizing that their insurance was terminated or was not even for the right person. An insurance card does not present the practice with a picture ID, and in many cases where a valid license is and can be a requirement for the patient, many seem to not require that verification and increase the risk of false identity. This becomes a bigger issue as much of the current proposed health reform where the practice will not be able to bill the victim for the balance nor their insurance for a case stolen of identity.
External:
For the most part all health organizations have some sort of firewall already established. This is the device that protects them from outside intruders. But without the right hardware, you are left with a firewall that a hacker can easily discover the default password to, and remotely gain access to your network, or even
With that being said, I have found numerous times where health organizations use a common tool that allows them to logon remotely to their servers such Microsoft Remote desktop (RDP) without VPN (Virtual private network). That means that the server is exposed to the internet through a specific port that hackers can attempt to use to gain access. Some cases Brute force is used (where a dictionary of password is used to try several combinations of passwords for the administrative user), others just a matter of a previous employee still having an active account can gain access, take the data and sell it for profit.
While the above two require fairly advanced knowledge of hacking, there are always few simple ones that can truly be a very easy way to tap into your system or infrastructure. Wireless!!! In many cases if you approach a hospital the wireless infrastructure is so advanced and robust that you can actually detect if there is any attempt to connect to the network without being on the safe list of devices allowed, you can even detect if someone plugs in a new wireless network within the hospital wireless range. But the challenge here again, is that we are discussing the vulnerability of some of our small to mid practices. The ones that simply can not justify the cost of a $800 or more for a single access point. These are the cases where a simple low cost access point, that you plug and play allows you to get on a “secured” wireless can easily be cracked. WEP (some of the commonly used encryption methods by small practices) has poor architecture, and has been identified in the hacker community you can find posts that show you “How To Crack 128-bit Wireless Networks In 60 Seconds”.
The consequences:
In previous years, the above threats would have most likely been considered urgent but not important. Let’s face it, there was no real threat out there to begin with. As a matter fact, even the office that was meant to enforce the HIPAA rules had not levied a single penalty against any HIPAA-covered entity in nearly five years since they began its implementation. What has changed that would force everyone to really take a good look on their current security and privacy readiness. Well, as part of the new ARRA few modifications to the law have been made under (Sections 13409-13411):
• Congress gave state attorneys general authorization to enforce the HIPAA thought civil enforcement actions
• It makes the business associates directly responsible for complying with key HIPAA privacy and security provisions. This meant that the cleaning crew, the third party IT support provider, software vendor, accountant and anyone that comes in contact with your infrastructure or medical and insurance information is sharing the responsibility and potentially liable.
• Fines have dramatically increased under the ARRA fines. You maybe imposed to pay up to 50,000 dollars per violation per calendar year and up to 1.5 million dollars.
• HHS is required to impose civil monetary penalties in circumstances where it finds that a HIPAA violation was willful.
• The criminal provisions were expressly made applicable to individuals.
• The HHS Secretary is now required to conduct periodic audits for compliance with the HIPAA Privacy and Security Rules.
Things to do to help you:
• Implement Password expiration and complexity policies
• Implement strict internet use policies for employees
• Ensure that your IT team properly secures your patient data repository services
• Run periodically security auditing tools
• Ensure that you are using antivirus on every piece of equipment that is connected to your network including cell phone as well.
• Ensure that your backups are password protected, encrypted and properly stored
• Ensure that your business associates agreements reflect the new changes and explain to your vendors what they mean and that their liability insurance covers the extent of the fines and costs that can be a result of data breach
• Ensure that your wireless is using stronger encryption method
• Require patients to present photo ID during registration and ensure you have a B&W copy of it (Color copies are illegal in NC).
• Use biometric check-in devices that ensure the identity of the patient if you are looking for a secure and fast way to identify and check-in patients
• Use network appliances that add an additional layer of protection against SPAM, email viruses and block unwanted traffic from web sites.
• Train and educate staff on proper internet use
Conclusion
Whether you are still using paper charts or completely paperless, patient privacy and security must be a high priority in your list, whether the ARRA enforces the new rules or not. Your clients your patient’s data protection must be addressed. It is like having health insurance, without it, you are taking major risks. There are several organizations that provide you with assistance or HIPAA audits. Some of which are freely available online. Your help desk and engineers need to understand the consequence as well as the importance of implementing the right technologies that are proactive in detecting intrusion as well as protecting all assets in your infrastructure.
Reda Chouffani
Thursday, August 13, 2009
ARRA summary
With a vision for change, and an advocacy for healthcare President Obama signed into law the American Recovery and Reinvestment Act of 2009 (ARRA). This authorizes more than 19$ billion dollars for Healthcare information technology. As this sets the stage much needed incentives for healthcare organization to shift gears to adopt Electronic Healthcare Records, but unfortunately has received significant skepticism from many physicians.
As part of this stimulus plan, there are four requirements: Certified EHR, Information Exchange, Meaningful Use, and Reporting on clinical quality measures.
“Certified EHR": It is believed that the CCHIT will be the certification method of choice. In a recent announcement made by CCHIT Chair Mark Leavitt, there will be three paths to certification for vendors and health organizations. Applications will adhere to one of the following: EHR Comprehensive EHR -C, Certified HER Module EHR-M, or Certified Site EHR -S. These certifications vary in requirements. For example, to become EHR-M or EHR-S certified, your system will be required to have patient-physician PHR communication capabilities as well as an ability to exchange data with a certified HIE (Health Information Exchange).
“Information Exchange: It is important to note that there has been a significant emphasis on data exchange in the certification process. The purpose is to reduce healthcare costs and medical errors by promoting care coordination. This means that for any services provided to a patient that would like there data to be shared across a community based HIE or National HIE, this information must be available to other participating health organizations with the appropriate access. This includes SSA, CMS and other federal or state entities.
The next requirement is “Meaningful Use”, while recently a document has been released with some outlines of the “Meaningful Use Matrix” from the HIT Policy Committee. Everyone is still awaiting a final definition of “Meaningful Use”. One thing to keep in mind regardless of the details of this requirement is that physicians may need to make few adjustments on how data is reported as well as recorded.
Finally, reporting on clinical quality measures is the last requirements in the ARRA. It is stated that the eligible professional must be able to submit clinical data in a form and manner specified by the Secretary, on such clinical quality measures and such other measures as selected by the Secretary.
Physicians and other health organization must thoroughly examine the ARRA in great details, and all the changing environments surrounding them. Many have already successfully adopted electronic prescription, computerized physician order entry CPOE, patients using online PHR and all the possible potential adjustments surrounding the insurance reform. Taking the right steps forward will require careful planning and assessment.
Tuesday, June 16, 2009
Meaningful use released
It is finally here. We now can review the initial details behind meaningful use. With the release of the matrix and Preamble we can have a good grasp on what would be needed from everyone to follow the ARRA requirements.
The matrix is very well organized. From looking at it, not only technical individuals can see exactly which standard/MDX queries to create, but also clinical staff will be able to identify what changes are needed in the data collection and work flow adjustments.
These measures would be completed in three different stages 2011, 2013, and 2015.
The matrix has the following headings:
I truly hope that while everyone is reading these requirements, vendors out there are starting to make adjustments and will enable their clients to easily report on these objectives. Every vendor who is "certified EHR" (to be defined soon) should begin to publish some of the queries and report files needed to the healthcare organizations. If not I will be more than happy to assist anyone with the appropriate database access permissions to accomplish the measures. ;) you will just need to ask!
Now, I will start connecting to few databases and see what queries I can start playing with!
Here is the matrix Click here, and the Preamble
The matrix is very well organized. From looking at it, not only technical individuals can see exactly which standard/MDX queries to create, but also clinical staff will be able to identify what changes are needed in the data collection and work flow adjustments.
These measures would be completed in three different stages 2011, 2013, and 2015.
The matrix has the following headings:
- Health Outcomes Policy Priorities
- Care Goals
- 2011 Objectives Goal is to electronically capture in coded format and to report health information and to use that information to track key clinical conditions
- 2011 Measures
- 2013 Objectives Goal is to guide and support care processes and care coordination
- 2013 Measures
- 2015 Objectives Goal is to achieve and improve performance and support care processes and on key health system outcomes
I truly hope that while everyone is reading these requirements, vendors out there are starting to make adjustments and will enable their clients to easily report on these objectives. Every vendor who is "certified EHR" (to be defined soon) should begin to publish some of the queries and report files needed to the healthcare organizations. If not I will be more than happy to assist anyone with the appropriate database access permissions to accomplish the measures. ;) you will just need to ask!
Now, I will start connecting to few databases and see what queries I can start playing with!
Here is the matrix Click here, and the Preamble
Tuesday, June 2, 2009
Healthcare RFID 360
Tonight, as I was playing with a new little gadget (RFID Reader) that allows you to logon to any windows workstation on network using RFID cards. This little device believe it or not was less than 50 dollars to purchase, it comes with an API Application Programming interface for in house programmers to create integrate with, and can be deployed in about an hour. While I would really prefer to use this with SSO (Single Sign On), but I did not mind settling for something small, simple and that can fit into a small budget. So, I experimented for a while with “TouchaTag" that a coworker recommended to me. At first, I did not see many uses of this RFID Reader on my desk, but as I dug deeper and started to see the simplicity and yet the power of using RFID, and the great potential it offers in the medical environment.
In most recent years, we are seeing a lot more use of RFID in the healthcare market place. Much of our common knowledge of the uses of RFID are usually limited to Asset Tracking, Real Time Patient/Asset location systems, and Patient identification systems.
But one challenge we face when planning to adopt the RFID technology has been the costly price tag. While in many cases the high ROI justifies the jump, it is still a huge project for any hospital to undertake. Traditionally you are required to have special RFID readers all over the place, and also the need to purchase Passive/Active tags for your assets. Interestingly there has been many new advancement in technology in the past years that not only lower the cost of acquiring these solutions, but also eliminate the need of expensive RFID readers spread all over the place and the cost of their installation.
Just imagine that you can start using Real-Time Location System (RTLS) tomorrow by only purchasing the TAGs, doing a site survey, get the software needed to running your assets/patients and voila! With the use of CCX (CISCO Certified Extensions), you can actually use the CISCO AP (Access Points) as your “RFID Antenas” to locate your Wi-Fi tags. This model allows you not only to maintain your existing CISCO Wireless infrastructure (which keeps the Executive team and budgeting team happy), but also allows for greater flexibility with the use of the many APIs that the vendors offer.
But what I am really interested in discussing today is another subject that I found very interesting. We all know that the US is few years behind Europe and some Asian countries when it comes to cell phone technology. When you are walking in downtown Paris, you can put your cell phone close to a movie poster and get all the show times for that movie, or when you are in the subway you can pay for your ticket using your cell phone. So, how is that possible, and what technology is that using, but most importantly, can that technology be useful in the healthcare environment and worth adopting.
Well, most of the new cell phones that are manufactured and shipped to Europe and Asia have a chip that provides them with NFC (Near Field Communication) capability. Believe it or not, it is using RFID technology as well. There is a number of these phones that allow you to use Near Field Communication technology that has a short-range high frequency wireless communication technology which allows you to read an RFID tag directly from your phone. Why this is important you may ask??? Well, first starters, if the technology is available, then it is only fair for us to have access to it so we can apply it to resolve different business challenges.
What I found out was that in the Nederland’s they are using this technology very effectively. Basically the home health nurse can take her cell phone and she touches the (patient's) card with it, then identification information about the patient is submitted (over the network) to the phone; contact persons, medical data, care arrangement, are exchanged between the phone and medical application on the Home health servers. Now, some may argue that it would be easier to use a laptop, access all that information on it, and use Wi-fi or Wireless Broadband to communicate, but unfortunately with the economy and high costs of this type of infrastructure makes it a less attractive option and not an impressive ROI.
So this Mobile phone technology can be applied in a hospital environment. It will be less expensive that the typical RFID installation and you will no longer be required to use the smart phones that come equipped with the bulky RFID reader anymore. Plus this technology is a simple extension of the ISO/IEC 14443 proximity-card standard. This means that care providers can identify patients and even medication details (if we tag medications with tags).
Examples of other healthcare technology companies in Europe such as Dutch electronic-monitoring company Elmo ICT Solutions introduced a similar NFC product recently and it was called MobiCare-EasyID. It has sold about 1,500 NFC phones made by Samsung.
NFC technology in mobile phone handsets can also be used to open locked doors, or to download a URL or other information from a separate NFC device, such as an NFC tag embedded in a smart movie poster.
I would like to think of a scenario that I can be walking down the street and come in contact with a lost done, use my cell phone to check a dog's embedded RFID tag to see who he belongs to and contact his/her owner.
In most recent years, we are seeing a lot more use of RFID in the healthcare market place. Much of our common knowledge of the uses of RFID are usually limited to Asset Tracking, Real Time Patient/Asset location systems, and Patient identification systems.
But one challenge we face when planning to adopt the RFID technology has been the costly price tag. While in many cases the high ROI justifies the jump, it is still a huge project for any hospital to undertake. Traditionally you are required to have special RFID readers all over the place, and also the need to purchase Passive/Active tags for your assets. Interestingly there has been many new advancement in technology in the past years that not only lower the cost of acquiring these solutions, but also eliminate the need of expensive RFID readers spread all over the place and the cost of their installation.
Just imagine that you can start using Real-Time Location System (RTLS) tomorrow by only purchasing the TAGs, doing a site survey, get the software needed to running your assets/patients and voila! With the use of CCX (CISCO Certified Extensions), you can actually use the CISCO AP (Access Points) as your “RFID Antenas” to locate your Wi-Fi tags. This model allows you not only to maintain your existing CISCO Wireless infrastructure (which keeps the Executive team and budgeting team happy), but also allows for greater flexibility with the use of the many APIs that the vendors offer.
But what I am really interested in discussing today is another subject that I found very interesting. We all know that the US is few years behind Europe and some Asian countries when it comes to cell phone technology. When you are walking in downtown Paris, you can put your cell phone close to a movie poster and get all the show times for that movie, or when you are in the subway you can pay for your ticket using your cell phone. So, how is that possible, and what technology is that using, but most importantly, can that technology be useful in the healthcare environment and worth adopting.
Well, most of the new cell phones that are manufactured and shipped to Europe and Asia have a chip that provides them with NFC (Near Field Communication) capability. Believe it or not, it is using RFID technology as well. There is a number of these phones that allow you to use Near Field Communication technology that has a short-range high frequency wireless communication technology which allows you to read an RFID tag directly from your phone. Why this is important you may ask??? Well, first starters, if the technology is available, then it is only fair for us to have access to it so we can apply it to resolve different business challenges.
What I found out was that in the Nederland’s they are using this technology very effectively. Basically the home health nurse can take her cell phone and she touches the (patient's) card with it, then identification information about the patient is submitted (over the network) to the phone; contact persons, medical data, care arrangement, are exchanged between the phone and medical application on the Home health servers. Now, some may argue that it would be easier to use a laptop, access all that information on it, and use Wi-fi or Wireless Broadband to communicate, but unfortunately with the economy and high costs of this type of infrastructure makes it a less attractive option and not an impressive ROI.
So this Mobile phone technology can be applied in a hospital environment. It will be less expensive that the typical RFID installation and you will no longer be required to use the smart phones that come equipped with the bulky RFID reader anymore. Plus this technology is a simple extension of the ISO/IEC 14443 proximity-card standard. This means that care providers can identify patients and even medication details (if we tag medications with tags).
Examples of other healthcare technology companies in Europe such as Dutch electronic-monitoring company Elmo ICT Solutions introduced a similar NFC product recently and it was called MobiCare-EasyID. It has sold about 1,500 NFC phones made by Samsung.
NFC technology in mobile phone handsets can also be used to open locked doors, or to download a URL or other information from a separate NFC device, such as an NFC tag embedded in a smart movie poster.
I would like to think of a scenario that I can be walking down the street and come in contact with a lost done, use my cell phone to check a dog's embedded RFID tag to see who he belongs to and contact his/her owner.
Subscribe to:
Posts (Atom)
Posts
