According to Surescripts, e-prescribing increases the likelihood that patients will pick up their prescriptions. Patients whose providers use electronic prescribing are seven percentage points more likely to fill their medications compared with the old paper system. Surescripts provides the infrastructure for nearly all electronic prescribing in the United States.

E-Prescribing offers a number of benefits over the old paper system. First, they are sent via secure internet connection. This makes it much less likely the prescription will be lost or stolen en route. Second, electronic prescriptions makes illegible handwriting a thing of the past. Pharmacists save time trying to decipher the correct medication, dosage, and no longer have to call the physician for clarification.

Electronic prescribing software also has built-in safeguards that help improve patient care. Most systems will check formularies and notify physicians if they prescribe a drug that is not covered by the patient’s insurance. In addition, the software normally checks for potentially harmful or fatal drug-drug and drug-allergy interactions.

It is no coincidence that e-prescribing, formulary checking, and drug-drug and drug-allergy interaction checking are required by the HITECH stimulus program. HITECH will reimburse eligible providers up to $44,000 under Medicare or $64,000 under Medicaid for implementing certified electronic health records (EHR) software. Physicians have to meet the guidelines known as meaningful use (MU). MU requires providers to send more than 40% of permissible prescriptions electronically.

In addition to HITECH, the Centers for Medicare and Medicaid Services (CMS) is offering a separate e-prescribing incentive separate from the HITECH program. Providers who have sent a certain number of electronic prescriptions during 2011 are eligible for a reimbursement equal to 1% of their Medicare charges. Providers who do not meet the minimum criteria may suffer a 1% penalty.

If you are interested in more information about electronic prescribing, please feel free to contact us at info@xlemr.com, or visit our website at http://www.xlemr.com. We will be happy to provide you with a free consultation regarding your HITECH or E-rx incentive eligibility. You can read more about our electronic prescribing system here: http://www.xlemr.com/e-prescribe.html.

Blue Cross & Blue Shield of Rhode Island (BCBSRI) recently completed a multi-year pilot program aiming to increase the use of electronic health records (EHR). Results point to a clear improvement in care among practices using EHR. In addition, the pilot program showed a reduction in healthcare costs for EHR adopters.

Participating members saved between 17 and 33 percent compared to practices without EHR systems. EHR allows practices to keep track of health information more easily. It is also easier to share with other care givers, which helps eliminate duplicate tests. Duplicate and unnecessary testing is a major contributor to the cost of health care. Providers without EHR may have to pull many paper results and files to track the effectiveness of a given treatment. With EHR, a provider can track performance at a glance using built-in charts or reports.

EHR also helps providers give better care. Dr. Gus Manocchia, senior vice president and chief medical officer at BCBSRI states that “using EHR makes it easier for us to… manage chronic conditions.” Dr. Pablo Rodriguez, Board Chairman of the Health Care Alliance and CEO of Women’s Care, Inc. elaborates, “every provider believes that they deliver excellent care, but it wasn’t until we looked at the EHR data that we realized… our profession wasn’t meeting the expectation. You can’t improve what you don’t measure, and while paper is very forgiving, software never forgets.”

If your practice hasn’t switched to EHR yet, you are forgoing many benefits. While improving the quality and reducing the cost of care should be at the top of anyone’s list, the federal HITECH incentive program means there’s no better time to switch than now. The HITECH ACT will reimburse physicians up to $44,000 under Medicare or $64,000 under Medicaid for implementing a certified EHR system. If you have questions about how you can improve patient care, reduce costs, or participate in the HITECH incentive program, please contact us at info@xlemr.com.

2011 is drawing to a close, and many physicians and medical practices are considering their plans for 2012. Whether or not they will adopt electronic health records (EHR) rank among the chief concerns for 2012. Converting to EHR is a big decision; physicians must consider many factors and issues.

However, “questions on whether incentive money is being paid out on Meaningful Use SHOULD NOT be one of them,” according to Todd Greenberg of GSG Capital. GSG Capital is the health care industry’s foremost source of financing for EHR and related software. Their ability to offer low interest rates and rapid closing makes them a favorite of medical practices and EHR vendors. As a result, they have helped many physicians participate in HITECH Stimulus program.

The Centers for Medicare and Medicaid Services (CMS) recently announced that over 150,000 physicians and hospitals have registered for the program, as of the end of November. In addition, CMS paid out approximately $1.8 billion to participating physicians and hospitals. Payments to Medicare participants total $920 million. Those who qualified for Medicaid have received $916 million to date.

The HITECH Stimulus program reimburses eligible providers up to $44,000 under Medicare and $64,000 under Medicaid for implementing certified EHR systems. Medicare providers must meet the meaningful use requirements for 90 days to receive their money. Medicaid is easier, and only requires participants to adopt, implement, or upgrade to a certified system during stage one.

Although the EHR market was by and large slow during 2011, CMS paid out nearly one billion of the $1.8 billion during October and November. Analysts predict that the EHR market will move more rapidly in 2012, with many practices trying to complete stage one by the end of the first quarter. Additionally, many practices are moving towards last-minute deals so they can take advantage of Tax Code 179 for 2011.

Tax Code 179 lets businesses deduct the entire cost of capital goods, up to $500,000, during the year in which the goods were purchased. This effectively reduces the purchase price of EHR systems, and helps practices keep more money in the bank. GSG Capital includes a Tax Code 179 analysis with each financing proposal.

Many of our clients have already received stimulus, or are just finishing up their attestation periods now. Now is a great time to get started on your EHR implementation so you can receive stimulus money early in 2012. If you have questions about financing your EHR purchase, feel free to contact Todd Greenberg at 877-270-8306 ex 953. You can contact us via the XLEMR website at http://www.xlemr.com, or send us an email at info@xlemr.com.

Electronic Protected Health Information (ePHI) is at high risk, according to a new study by the Ponemon Institute. This is the second time Ponemon has conducted its annual benchmark study. It is conducted by interviewing healthcare professionals in hospitals and independent practices.

The study reports data breaches have increased by 32% since last year. Instead of hackers or malicious software, the study finds employee negligence is the primary cause of breaches. The report also states that over half the survey respondents do not protect mobile devices. Data breaches cost the healthcare industry an average of $6.5 billion per year.

In addition, the study reports that federal regulations have not had a measurable impact in reducing the frequency of breaches. Professionals cite lack of budget to implement federal policies. Policies may also not be very effective; personnel do not understand the importance of policies, or willfully disregard them.

Data breaches lead to medical identity theft, according to the study. Perpetrators of medical ID theft typically pose as an individual with adequate medical coverage and then use their stolen insurance for surgeries or other medical procedures. Only 25% of organizations that experience data breaches offer credit monitoring to their patients.

How can practices safeguard their data? The best way to get started is to conduct a standards-based risk assessment. Conducting or reviewing a risk assessment also happens to be the first requirement for HIPAA security rule compliance, in addition to one of the core meaningful use measures.

Risk assessments should cover all aspects of the practice including policies, procedures, and training. Many practices mistakenly focus on computer systems. After completing a risk assessment, a practice should use its resources to address inadequacies that pose the highest risk. Typically, these are policies, training, and backup and disaster recovery plans.

If your practice is interested in learning how to guard against data breaches, please let us know. We would be happy to conduct a standards-based risk assessment to help you qualify for meaningful use. You can reach us at http://www.xlemr.com/contact.html.

Rheumatologists may lag behind other specialties when it comes to progressive use of imaging, according to an article on Rheumatology News. However, there are some signs of progress. Abhijit Chaudhari, Ph.D., won this year’s “Image of the Year” contest at the American College of Rheumatology’s annual scientific meeting.

Dr. Chaudhari won the contest for his innovative use of combined PET-CT images of finger joints from patients afflicted with psoriatic arthritis. His group built a special piece of hardware that is able to scan extremities and produce three-dimensional positron emission tomography (PET) fused with a 3D anatomical CT image. His practice uses the machine to assess metabolic activity in RA, PsA, and OA of the hand.

How has your practice integrated digital imaging into your care plan? A few of the offices we speak with have in-house digital x-rays, MRI, or ultrasound machines. Others, however, prefer to refer their patients to the local hospital for imaging studies.

There are many advantages to performing image studies in-house. First and foremost, the image machines act as a revenue center for your practice. Second, electronic health records (EHR) allows many possibilities for direct integration with digital images. Integration can save you time in diagnosing your patient and producing the requisite documentation.

We would love to hear how your practice uses digital imaging. Please let us know if you have questions concerning digital imaging and EHR integration. Please visit our website for more information at http://www.xlemr.com.

Although we live in uncertain times, one thing is certain: Medical practices have a lot of changes coming their way. Meaningful use, ICD-10, and HIPAA 5010 will change the medical landscape. Each of them are important, but HIPAA 5010 requires your immediate attention. Is your practice ready to make the transition?

HIPAA 5010 is the new billing information standard that will replace 4010. It is necessary because 4010 does not support ICD-10, which will be required in 2013. The Department of Health and Human Services (HHS) requires health plans, health clearinghouses, and healthcare providers to switch over to 5010 on January 1, 2012.

5010 requires different data elements than 4010, so the transition will not be automatic. For instance, 5010 requires a physical address for the place of service. For more specific requirements, please see the official CMS educational resources page.

Practices should check with their billing service or software vendor to make sure they are ready for the transition. If your practice is not ready, it could result in CMS rejecting your claims and lead to a loss of revenue. Next, work with insurance companies to test 5010 claims submission. If there are issues, you do not want to find out after January 1st.

If you find out your billing software is not 5010 ready, you will need to upgrade or acquire new software as soon as possible. We can recommend a variety of billing software solutions to fit your practice. Please let us know if you would like any additional information about the 5010 conversion.

Tablet computers have become very popular over the last few years. You may be ready for a new computer, and perhaps you have thought of purchasing a tablet instead of a traditional laptop computer. How do you decide which model is right for you? Determine which is best by asking yourself how you plan to use the device.

Many of our clients have asked us if our EHR software will run on tablet PCs. For now, the answer is no. Our development team has played around with a free EHR system for the iPad. The first thing they noticed is that it was difficult for them to even enter the wireless encryption key. Experimenting further, they found that the typical data entry required in a medical setting was cumbersome and slow on a tablet.

Does this mean that tablet PCs are useless, or unsuited to the medical industry? No. Most IT experts say tablets are great for consuming data (i.e. passively looking at images, reading text, or watching videos). Many providers love to use tablet PCs to review X-rays, ultrasounds, or other digital images with their patients. Tablets are also great for reviewing charts and notes on the go.

What about the casual user? Casual users should apply the same principles. Leisure activities, like watching videos, playing games, or browsing Facebook work well on tablets. More complex tasks, such as writing reports, working with spreadsheets, or anything requiring complex data entry are best left to traditional laptops.

If you are contemplating a new computer, don’t limit yourself to laptops or tablets. There are many different types of computers suited to home and office use. Check out our hardware page for a more detailed discussion of computers and their price points. Please feel free to contact us if you have any questions.

The American Health Care System is a diverse landscape, with many different specialties. In addition to assorted specialties, there are also many different types of practices. The US healthcare system includes solo-practitioners, small groups, large groups, and hospital systems.

With all of the diversity in our healthcare system, should it come as a shock that most Electronic Health Records (EHR) software sold is relatively uniform across specialty and practice size? There are over 900 certified EHR vendors. To be fair, some do focus more on certain specialties or certain practice sizes. However, EHR companies know that they can best take advantage of economies of scale and scope by selling many units of similar products.

Let’s compare the EHR and Automotive industries. Despite the large number of certified EHR vendors, there are a few large companies that dominate the EHR market. They will offer some amount of customization in their software, just like how major auto companies will have different choices for color, interior, audio systems, and other options packages.

Just like most cars today, these EHRs are good products that most physicians could use with some degree of success. However, they may not be the overall best fit. Perhaps there is not enough headroom. The turning radius might not be tight enough to park in urban areas. There may be too much cargo capacity, or not enough.

There are probably thousands of variables providers should consider when test driving an EHR. While they may be able to “drive across town” in a mass-produced EHR, it may not be the best fit for their practice. Enter the custom-engineered EHR. XLEMR is like a hot rod shop. We focus on smaller volume, custom EHR software designed to meet our clients’ needs and go fast.

We forge an intimate, long-term relationship with our clients to produce a custom EHR solution that meets their needs from day one. We consult heavily with our client on the design; many times we incorporate forms from their own paper charts. We hold their hand through the implementation and training phase. We work with them like partners to achieve meaningful use funds.

One size does not fit all. If your practice is a specialty neglected by the big EHR vendors, please contact us. We would love to hear from you. If you work for a more common specialty, and have not been able to find the right EHR, we would love to hear from you also.

GE recently notified users of two Centricity products about meaningful use reporting issues that could prevent successful attestation. The HITECH Act offers financial reimbursements to medical practices and hospitals that adopt certified Electronic Health Records (EHR). Practices must meet meaningful use guidelines in order to qualify for the money.

The issue GE discovered affects Centricity’s ability to log and report compliance with certain meaningful use measures. According to articles on the topic, issues exist with race, ethnicity, smoking status, and educational resources. Reporting problems may prevent successful attestation.

GE recommends their clients double-check their numbers to make sure they are accurate, and to refrain from attesting until after GE deploys updates. GE instructs users who have already attested to run reports once the updates are in place. GE users should also check in with their Regional Extension Center (REC) representatives for further recommendations.

GE is a respected company with quality software; even they are susceptible to errors. I have been working with the developers here at XLEMR on our meaningful use reporting module. I can testify that the calculations involved are numerous and complex. Any practices attesting meaningful use should check and double-check their reports regardless of their EHR vendor.

EHR users should be in constant communication with their REC. Interpretation of some requirements, such as clinical summaries, seems to change over time and vary between states. With the amount of money at stake, up to $18,000 for stage one, practices should go over each measure with their REC and make sure their attestation plans will work.

Please feel free to contact us if you have any questions about meaningful use, reporting, or how you can participate in the HITECH stimulus package.

The Office of Inspector General at the Department of Health and Human Services is gearing up to examine practices that receive meaningful use payments. Their 2012 plan targets fraud and abuse within the HITECH incentive program. Specifically, the OIG wants to ensure any practice receiving payments actually met all the meaningful use criteria.

The HITECH Stimulus package reimburses physicians for purchasing and implementing certified electronic health record (EHR) technology. Physicians under the Medicare program can receive up to $44,000 with $18,000 in the first year. The Medicaid program offers a total of $64,000 per provider, with $20,000 in the first year. The OIG feels that practices may be tempted to cheat with this much money at stake.

Providers should make sure their EHR tracks their meaningful use measure compliance. It is a good idea to run compliance reports daily, so you can identify any shortfalls and correct for them immediately. Store your meaningful use reports in a safe place in case you hear from one of the OIG auditors.

In addition, OIG will continue to review evaluation and management (E&M) service payments to providers. Providers select appropriate E&M codes based on the complexity of their patient’s condition and the extent of their treatment. Documentation, whether paper or electronic, must be able to support the E&M code selected.

Cloned records, or documentation that is the same across multiple encounters, are one of the main problems the OIG faces. EHR software may make it easy to produce clone records if data entered persists from visit to visit. Providers must be careful to change items that no longer apply to the current visit.

EHRs are great tools, but providers should make sure they are complying with meaningful use and E&M requirements. Documentation is the key to compliance. If you have questions about EHR documentation, meaningful use, or E&M requirements, please feel free to contact us.

You may have heard the term “telemedicine” lately in the blogs and news articles. In case you are wondering, “telemedicine is the ability to provide interactive healthcare using modern technology and communications.” Today we will discuss some modes of operation and benefits of telemedicine.

Telemedicine typically has two modes of operation, those being real-time or store and forward. Real-time treatment is the most common. All parties are present and communicate at the same time. Real-time treatment may be used for in or outpatient specialty consultations or supervision of physician assistants or nurse practitioners.

Store and forward is the other way to use telemedicine. Physicians use this mode when all parties are either not available or not required to be present at the same time. Still images, video, voice and text are recorded and then transmitted to the remote provider for analysis at a later time.

Telemedicine has many benefits, but chief among them are the ability to decrease the cost of care and increase the convenience of treatment. Rural practices benefit from telemedicine by connecting with specialists or other providers without having to fax or mail paper charts or refer patients to distant offices. Likewise, benefit because their access to care is more immediate, without having to travel a long way.

However, many providers have rejected telemedicine because they were unsure how to bill for services rendered in this manner. According to CMS, you can bill for telemedicine services the same way you would bill for a normal in-office procedure or consultation. The difference is that you will need to add a “GT” modifier to indicate the service was performed remotely. The originating facility may also bill for a facility fee. Please download these PDF files for more billing information from CMS: http://www.cms.hhs.gov/Transmittals/downloads/R43BP.pdf, http://www.cms.hhs.gov/Transmittals/downloads/R790CP.pdf

We are excited about telemedicine. We feel that it can benefit many specialties, but may be particularly useful to those in the long term care and home health industries. If you are interested in learning more about telemedicine and how it may be able to help your practice, please let us know. We would love to hear from you.

Today’s post is inspired by John Lynn’s blog EMR and EHR. Yesterday, his staff posted a blog about data breaches and cited some interesting examples of related stories in the news. Due to the increased HIPAA fines and risk exposure, it is a topic that is worth repeating.

The blog made two points we wish to re-iterate. First, most breaches are due to theft or human error, not mysterious hackers. Second, breaches of paper records are much worse than electronic breaches.

Theft or human error causes the majority of data breaches. If you take a look ONC’s wall of shame website, you will see that is the case. Basically, this means that thousands of dollars of security software can easily be made useless without adequate education, training and policies.

Training is important because it educates employees on their roles, responsibilities, and procedures. Better training could have prevented at least one recent breach where a hospital contractor posted protected data to a website designed to help college students with their homework.

Encryption is an important tool to protect mobile devices. Laptops, tablets, and smart phones are at high risk for loss or theft. Using standards-based encryption to protect your mobile devices will prevent your data from falling into the wrong hands.

Paper records are much more vulnerable than electronic records. This seems counter-intuitive for a couple of reasons. First, electronic data breaches get all the press. Second, electronic data is much easier to copy. However, electronic data is also much easier to protect with access controls, encryption and other means. Paper records, on the other hand, are not easily protected. They also do not require any special hardware or software to read. Most of the time, paper records are not even stored in a locking cabinet.

Data breaches are a serious issue. Practices should be sure to exercise due diligence to prevent data breaches and avoid fines for HIPAA non-compliance. Technology, policy, and education work hand in hand to keep your practice secure.

I was asked today by a practice manager if the Drop-Downs that control the language on the History Note make notes look "too similar" and if this is an Audit Risk? Do you have any experience with this kind of issue?

The Centers for Medicare and Medicaid (CMS) required physicians to submit at least 25 electronic prescriptions between January 1 and June 30th. Approximately 100,000 physicians complied with the requirement. However, there were about 100,000 other physicians who failed to submit enough prescriptions.

Physicians who did not submit enough electronic prescriptions during the reporting period will be subject to a 1% pay decrease in 2012. CMS extended the deadline until November 1st to apply for a hardship waiver. The extension does not give physicians additional time to e-prescribe, only additional time to apply for a waiver.

The waiver gives physicians a pass if they work in an area without access to high-speed internet, or if local pharmacies do not accept electronic prescriptions. CMS has created new exemptions for physicians registered to participate in the HITECH stimulus program, physicians unable to e-prescribe due to local, federal, or state law, write a limited number of prescriptions, or have insufficient numbers of eligible patient visits during the reporting period.

Physicians wishing to apply for an exemption must register online with CMS. Keep in mind, CMS will not notify practices in advance if they are subject to penalties. The practice manger must keep track. The application process is different for individual physicians and group practices. Click this link to the AMA website for details: http://www.ama-assn.org/amednews/2011/09/12/gvl10912.htm#s3

Monday, October 3rd was the last day for 2011 that physicians and eligible professionals can begin their meaningful use attestation for the Medicare track of the HITECH Stimulus Program. The Medicare track pays eligible providers up to $44,000 each, and requires a 90-day attestation period where providers must meet all of the meaningful use criteria.

If you missed the deadline, don’t panic. You can still participate in the Medicare stimulus track. However, your attestation period will roll over into 2012, and you will receive your payments once your attestation period is over. Payment for the first year of Medicare is $18,000.

However, if your practice sees any Medicaid patients, you may be able to qualify for the Medicaid track. Your practice must see 30% Medicaid patients by volume. So far, most states allow Medicaid as primary, secondary, and tertiary insurance. You should have your billing staff run reports and see if you are close to 30%.

Medicaid does not require a 90-day attestation period. Instead, you just have to purchase or otherwise acquire a certified EHR system. Once your Regional Extension Center (REC) representative approves, you will receive payment in a few weeks. Payment for the first year of Medicaid is $20,000.

If you would like more information on Medicare or Medicaid stimulus, or EHR systems, please contact us at info@xlemr.com.

We just got back from a great weekend at the National Organization of Rheumatology Managers (NORM) Annual Conference. We had fun visiting with our current clients, meeting new prospects, networking, and eating. Rheumatology meetings are always well catered; if you ever attend one, be sure to bring your appetite. Amy Dee-Kristensen, a part-time nurse and motivational speaker, kicked off the first session with her speech entitled “Wave the White Flag – Surrender to and Embrace Change.”

Although not strictly clinical, she shared many humorous anecdotes from her own life that illustrated the need to embrace change. She promoted two basic philosophies: at least one good thing always comes from change, and our reaction to change depends upon our mental attitudes, which we control. Therefore, we should welcome change and focus on the positive aspects.

Amy’s message is exactly what those of us in healthcare need to hear. One thing is certain: between ICD-10, HIPAA 5010, Obamacare, and Meaningful Use, the healthcare industry is in store for a large dose of change. While not all of these changes will be positive, most experts agree that meaningful use and the push towards electronic health records will benefit patients and providers alike.

Implementing electronic health records will change your practice workflows, at least to a degree. Your practice will be rewarded with many benefits as a result. EHR can increase patient safety. For example, e-prescribing reduces medication errors through improved legibility, drug-drug, and drug-allergy interaction checking. Lab interfaces help track diagnostic test results and alert providers of abnormal tests. Automated reminders help follow up with patients for tests, procedures, and preventative screenings.

EHR benefits are not just clinical; many practices under-code to stay off the audit radar. Practices that switch to EHR see a 20% increase in revenue due to built-in code calculators that help providers bill at appropriate levels. This has allowed many of our physicians to work fewer hours while maintaining or even improving on their current revenues. Speaking of audits, EHR systems can be extremely helpful during an audit. Instead of scouring through pounds of paper charts, auditors can simply review your history notes. In many cases, you may not even need to print or copy anything.

If your practice has not yet implemented EHR, now is the time to wave the white flag and surrender to change. The government is offering money to practices willing to take the plunge. You could collect $18 to $20,000 in the first year alone for purchasing a certified EHR system. Right now there are close to 800 certified EHR systems on the market. Never before has there been so much competition amongst certified systems.

These market conditions will not last forever. Practices should get started soon to take advantage of the full stimulus money. Be sure to consider a custom EHR system that can grow with your practice and adapt to your needs as they change. Please let us know if we can help you in any way.

The HITECH stimulus program reimburses physicians up to $44,000 under the Medicare program and up to $64,000 under the Medicaid programs for purchasing and implementing Electronic Health Records (EHR). Meaningful Use (MU) is a set of standards that applies to the use of EHR software. Eligible professionals (EPs) must meet MU standards in stage one of the Medicare program and stage two of the Medicaid program.

MU standards guarantee EPs must actually use their EHR software instead of just buying it and shelving it in order to obtain stimulus funds. EPs have 25 objectives, 15 core which they must meet in stage one, and ten menu objectives, of which they can choose five. They range from simple tasks, like capturing race, ethnicity, and preferred language, to more complicated items like computerized provider order entry (CPOE), electronic prescribing, and submitting electronic data to immunization registries.

The objectives have two parts: a function and a measure. Some of the requirements are calculated as a percentage. For instance, the CPOE measure requires the EP to enter medications for more than 30% of all their unique patients. The percentage is calculated based on a numerator and denominator. The denominator consists of the number of unique patients with at least one medication in their medication list during the reporting period. The numerator is the number of patients in the denominator which have at least one medication entered by CPOE.

Does this sound confusing? It certainly can be. 16 of the 25 measures compute using a numerator, denominator, and resulting percentage. The remaining measures compute using a simple yes/no response. Medicare participants must use their EHR according to the measures for a period of 90 days. EPs must comply with all of the measures in order to receive payment. The incentive reimbursements are all-or-nothing. EPs that fail even one of the measures will have to restart their 90 day reporting period and try again.

It is critical to track compliance with the measures. We recommend a one-week MU pretest. If your practice can fulfill the requirements for one week, there should be no problem with the 90 day reporting period. Certified EHRs are required report your MU measure compliance. We strongly recommend reviewing your reports on a daily basis. That way, if you notice that one of your providers is slipping, you should have ample time to correct the issue.

XLEMR produces a daily score card that lists each provider and their compliance with the 16 calculated measures. Our EHR software creates the report automatically and emails it to the practice manager along with each of the providers. You can view an example of our MU score card at: http://www.xlemr.com/content/mu_scorecard.pdf. Please let us know if you have any questions about meaningful use measures or compliance.

If your practice is like most of our clients, your finances follow a strict budget. It is no secret that implementing Electronic Health Records (EHR) can be a short term strain on your budget. Although there are many different kinds of EHR systems, they all require a solid foundation of workstations, local area wireless and wired networking, routers, servers, and other gadgets. Collectively, this is known as Information Technology (IT) infrastructure.

Chances are you have at least some IT infrastructure in place already. If you have a billing service or practice management software, you will most likely have a couple of workstations, a local network, and an internet connection. Most practices moving to an EHR for the first time need to purchase more workstations. You can go with mobile devices like tablets or laptops for each staff member, or have a workstation in each exam room. You may also need to purchase a server and backup systems.

Even if you choose a web-based EHR with a monthly service fee, you can’t neglect your IT infrastructure. Although web-based or Software-as-a-Service (SaaS) EHR vendors love to claim that their system does not require a substantial hardware investment, at a minimum you will need a workstation for each staff member or exam room. You also may need to upgrade your internet connection to commercial cable, as well as purchase more robust routers and related equipment.

Be sure to allow room in your budget for IT infrastructure, not just the EHR software. Many practices who spend hundreds or thousands a month on EHR software are tempted to skimp on their IT infrastructure. This is like purchasing an expensive house, only to find out later that the foundation is sub-standard once the walls start cracking.

Many EHR implementations are delayed or scrapped because of poor IT infrastructure. Chances are, end users will not know the difference between issues caused by the EHR software, the workstation, the local network, the internet, or the server. All they know is that something is not working. Frustration builds quickly in a busy practice.

How can you know your IT infrastructure is sound? Does your practice need to spend thousands, or tens-of-thousands on the latest cutting-edge gear and equipment? Not necessarily, but it always makes sense to purchase good-quality equipment. Our clients have had good success with refurbished or used equipment. Although there are some risks, refurbished goods retail at a fraction of the price of new gear.

Look carefully at your system requirements. For instance, If your system is web or client-server based, you do not need to splurge on workstations with large hard drives. In some cases, it may make more sense to let your infrastructure grow organically and acquire items as needed, rather than splurging on an expensive set up that will last you for the next ten years. Whatever your purchasing strategy, make sure your IT infrastructure will be a firm foundation for your EHR.

Providers that do not currently have an EHR face a difficult challenge. They must decide between the 400 + certified EHR systems. Performance should be the deciding factor when it comes to purchasing an EHR. After all, you may have an inexpensive or even free system, but if it does not perform well, you did not get a good deal.

Availability is the foundation of performance. An unavailable system performs poorly by definition. Complexity is a key factor in availability. The more complex a system is, the more potential points of failure it has. The more points of failure, the more likely your system will fail.

We designed XLEMR to be as simple as possible. XLEMR requires three things in order to see patients: a Windows computer with Microsoft Office 2002 or later, access to patient records, and power. Patient records is a system of folders under Windows Explorer that contains patient data in MS Word, Excel, and XML format. In an office, this is typically shared from a server. In our “stand alone” architecture, this is stored on the local machine.

The “stand alone” architecture runs XLEMR from a single computer. We do not need an internet connection to see patients. We also do not need any database software or LAN infrastructure. In a disaster recovery situation, we simply copy patient data from the server, on-site backup, or remote backup to any working computer. We usually accomplish this by USB flash drive or external hard drive.

Compare this to the infrastructure and long list of technologies needed for a SaaS solution. Even a relatively simple solution like an air card depends on infrastructure like cell towers, routers, switches, cables, data centers and servers. Recently, we played around with an EMR solution for the iPad called Dr. Chrono.

We received several errors from Dr. Chrono stating that the server was not available. Once we verified our own internet connection, we had no idea what point in the long chain of infrastructure caused our error. Furthermore, we have no access or authority to address any connection issues once the signal leaves our building. Limiting our critical infrastructure helps avoid connection-related issues over which we ultimately have no control.

Many SaaS vendors will advertise 99.999% uptime. What they mean is that their resources, such as their data centers and servers will be available. Just like our experiments with Dr. Chrono, once the signal leaves their building, they really have no control over the infrastructure needed to provide you service. If an issue occurs in between your office and their data center, it is up to your ISP or some third party to fix. We all know how frustrating dealing with ISPs can be.

If you have not yet purchased an EHR, narrow your search down to simple solutions. Ask prospective vendors what infrastructure they require. If you are considering a SaaS EHR, pay close attention to the availability guaranteed both by your vendor and your ISP.

We would like to thank everyone who participated in our stimulus webinar yesterday. Dr. James Jewell of Rock Hill, South Carolina practices geriatric medicine in and around Charlotte, North Carolina. Dr. Jewell shared his personal experiences attesting for meaningful use.

Dr. Jewell works with three nurse practitioners. A long time user of XLEMR, Dr. Jewell began working towards meaningful use earlier this year. Once he upgraded to the meaningful use certified version of XLEMR, the Regional Extension Center (REC) for the Carolinas worked closely with him to begin attestation.

The REC approved Dr. Jewell for the Medicaid stimulus track. The Medicaid track pays providers up to $64,000 to implement and use a certified EHR system. In order to qualify, a practice must have at least 30% Medicaid patients for a period of 90 days. Rules for Medicaid vary from state to state, so anyone who is interested should check with their respective REC for details.

Unlike Medicare, Medicaid only requires that eligible providers (EPs) purchase and install a certified system. They do not have to begin meeting the meaningful use measures until stage two. Stage one offers approximately $20,000 per provider. Dr. Jewell has already collected the stage one payments for himself and his providers.

You can download Dr. Jewell’s presentation on our website at http://www.xlemr.com/webinar.html. You can also go here for a direct download: http://www.xlemr.com/videos/110713_Stimulus_Webinar.wmv. The presentation runs approximately one hour. For best results, download the file to your computer before attempting to play. If you would like to speak with Dr. Jewell privately, please call us at 678-908-3543 or write to info@xlemr.com.

The iPad has generated a lot of buzz in the health IT scene lately. Physicians seem to naturally gravitate towards iPhones and other smart phones, so it seems natural that they would also enjoy using the iPad. Despite the buzz, it is not clear just how useful an iPads or similar devices would be within a medical context.

The iPad is a neat device, although most of us at XLEMR do not own one, we can appreciate its sleek design and easy portability. Many people love the easy touch screen interface the iPad offers. We look forward to where the technology will evolve in the near future.

That being said, we are dubious about the value the iPad offers the healthcare market. Most health IT experts like the iPad for consuming data. Looking up data, reviewing medical images with patients, or otherwise passively accessing information seems to be the iPad’s best use-case.

Data entry is where the iPad becomes less useful. Typing anything more involved than a quick tweet becomes cumbersome and frustrating. Using an iPad for the amount of data entry required by EMR could really slow down physicians.

Speed is the critical factor in judging EMR systems. The main complaint physicians have against EMR is that it slows them down. Slowing down a physician’s workflow results in lower patient volumes, and in turn, less revenue for the practice.

Navigation, training, and cost are other factors physicians should consider if they want to use an iPad-based EMR. Navigation closely relates to the speed issue. Users become easily frustrated if they can not access parts of the record in an efficient manner.

Training will still be necessary, whether a physician selects a native iPad EMR or purchases an interface to his existing system. Many people believe that Apple’s graphic user interfaces are easier to learn than Windows interfaces. That may or may not be true, but staff will still need training.

Finally, cost will be something physicians should consider. Apple hardware tends to be a good bit more expensive than equivalent Windows machines. As for the EMR application itself, pricing will likely depend upon whether the EMR is designed for use on the iPad from the ground up, or whether it is an interface to a standard system.

In short, the jury is still out on the iPad. Although many experts suggest the iPad may be of limited use with EMR, we are considering developing an interface. Please stay tuned to our blog for more information. In the meantime, you may want to check out Jonathan Wofford’s blog about the iPad.

Wednesday July 13th, 2011 5:00 PM

The Centers for Medicare and Medicaid Services recently announced that stimulus funds totaling $75 Million were paid to approximately 300 providers who have attested in the last three weeks.

One of XLEMR’s clients, Dr. James Jewell from Rock Hill, South Carolina, has just received payment for stage one under the Medicaid track. Dr. Jewell has already received approximately $60,000.

Please join us for a one-time webinar interview session with Dr. Jewell. He will discuss the process for signing up for the program, implementing a certified EHR system, attestation, and receiving payments from CMS.

Dr. James Lee Jewell MD graduated at Wright State University in Dayton Ohio in 1982. Family practice residency at FAHEC in Fayetteville NC 1982-1985. Private practice in Rock Hill, SC 1985 to present. Board certified in Family Practice, added qualifications in Geriatrics, Hospice, and Pallative Care Medicine. Practice in 6 nursing homes, medical director of 4.

To RSVP, please call or email Ryan Ricks at 678-908-3543 or ryan.ricks@xlemr.com. You can also signup on the web. This event is open to all doctors, clinical, and administrative staff.

The Centers for Medicare and Medicaid Services recently announced that stimulus funds totaling $75 Million were paid to approximately 300 providers who have attested in the last three weeks. For those of you who are unfamiliar with the program, the HITECH Act was signed into law as part of the American Reinvestment and Recovery Act. The goal of HITECH is to promote EHR adoption among physicians and hospitals by reimbursing them for purchasing certified electronic health records software.

HITECH has separate programs for Medicare and Medicaid. Providers who wish to participate in the Medicare track could receive up to $44,000 per provider. The amount awarded will depend upon the allowable charges a physician bills to Medicare each year. Under Medicaid, providers can receive up to $63,750 per provider, assuming their patient base is at least 30% Medicaid. Medicaid rules vary by state; you will want to consult with your Regional Extension Center for details. In each case, a physician must meet the eligibility requirements and purchase a certified EHR.

The Medicare track is more difficult, because providers must meet 15 core criteria and may choose five of ten menu requirements to implement. Examples of the criteria include recording demographics and vital signs for more than 50% of all patient encounters; maintaining an active medication list for more than 80% of patients; and issuing electronic prescriptions for more than 40% of your encounters. Waivers for certain requirements may be available if the measure is not relevant to the practice.

The Medicaid track is much easier, because providers only have to purchase and install a certified EHR system in order to qualify for stage one. They do not have to meet any meaningful use measures. One of XLEMR’s clients, Dr. James Jewell from Rock Hill, South Carolina, has just received payment for stage one under the Medicaid track. Dr. Jewell has already received approximately $40,000, and he expects another $20,000 within the next week.

Dr. Jewell specializes in geriatric care; He and three nurse practitioners travel to nursing homes and other facilities to care for their patients. Dr. Jewell has been using XLEMR for several years, but was unsure if he would qualify for stimulus money due to the structure of the geriatric environment. He consulted with a representative from his Regional Extension Center, who informed Dr. Jewell that he would qualify for the Medicaid track.

Tripp Weeks, president and founder of XLEMR, recently spoke with Dr. Jewell about the meaningful use attestation process. The conversation is available on our website here as a direct download, or you can go to our stimulus payment page and download it from there. The file is in MP3 format, approximately 3 MB, and runs about 18 minutes. We hope you will enjoy the candid insight Dr. Jewell provides. Please feel free to contact us if you have any questions about meaningful use, certified EHRs, or the attestation process.

XLEMR would like to thank everyone who attended our disaster recovery webinar on Friday, June 3rd. Our presenters offered great information on backup technology, backup strategies, expected hardware life, and disaster recovery policy and planning as it relates to HIPAA law. For those of you who were unable to attend, we have made a recording available on our website.

Please click here for a direct download, or go to our webinar page here. The presentation runs about 50 minutes. The file is in Windows Media Player format and is approximately 40 MB. For best results, please download the file to your computer before viewing.

Backups and disaster recovery are critical to protect your patients’ data. If you have any questions, please feel free to contact Ryan Ricks at 678-908-3543 or ryan.ricks@xlemr.com. You may contact our presenters directly by clicking on the webinar link above.

Follow me on twitter @ryan_ricks for live updates from the floor of the annual Georgia Society of Rheumatology meeting at Callaway Gardens, Pine Mountain, GA.

Dr. James Jewell of Rock Hill, SC reports two Medicaid stimulus payments arrived today and two more are pending!

In this weeks Mercom Market Intellegence Report I saw a very interesting quote. "Software developers emphasized the need for systems to follow routine conventions such as adopting a Microsoft Windows-like interface. ". This makes perfect sense because so many users are comfortable with MS Windows and MS Office products that the learning can focus on the EHR instead of the Graphical User Interface (GUI).

Six percent of all Personal Computers (PCs) will suffer data loss in a given year. That amounts to 4.6 million episodes of data loss, based on the number of computers used in business during 1998. What is your practice doing to guard against data loss? Do you have a comprehensive disaster recovery plan that will protect your data?

Data loss due to failed hard drives or other disasters is a serious problem with severe consequences for your practice. 34% of companies fail to test their tape backups, and 77% of those that do test their tape backups found failures. 31% of PC users have lost all of their files due to events beyond their control. Ultimately, 60% of companies that lose their data will shut down within six months of the disaster.

If you lose data due to a crashed hard drive, sometimes it is possible to recover the data. However, using a data recovery specialist is expensive. Diagnostic fees can be as much as $500. Costs for actually recovering the data typically start around $1000 and can skyrocket up to $25,000.

As a general rule of thumb, your IT provider should recommend replacing PCs every three years and servers every five years. Hard drives should be exchanged every two years when possible. External hard drives, which are popular for onsite backups, should be replaced every year. External hard drives, like laptop hard drives, are more susceptible to failure because of constant use and heat buildup. You should supplement hard drive rotation with on and offsite backups.

Although many practices still rely on paper charts, over 90% of practices use some form of electronic billing. Any provider or office manager will tell you that billing is the life blood of their practice. Losing electronic claims would be disastrous for any medical practice. The stakes will become even higher as practices make the inevitable switch to Electronic Health Records (EHR).

Did you know that the HIPAA Security Rule requires you to have a disaster recovery plan? Section 1.7 requires a data backup, disaster recovery, and emergency mode operation plans. In addition, the Health Information Technology for Economic and Clinical Health (HITECH) Act amended HIPAA law to increase the fines to $50,000 per incident, up to a maximum of $1.5 million if your practice is found to be in willful neglect.

Your practice is required by law to take disaster recovery seriously. If you do not currently have a disaster recovery plan, your practice could be liable for fines up to $1.5 million. Please feel free to contact us if you want more information about data loss, disaster recovery, or the HIPAA security rule.

----------------------------

This blog was written in association with Jonathan Wofford of B & J Computers, inc.

We must take responsibility for our own privacy. Asking the government or other unknown 3rd Parties to be responsible is never going to work.

See the full article.

Check out our solution.

Debra Steen found this site: http://www.softwareadvice.com/medical/

It's nice. You select from the top 10 most recommended systems or a list of other systems and you can request a Demo or a Price Quote by clicking on a button.

Q1) Has anyone used this on-line system for EHR vendor selection for your practice or your clients? I would be very interested to learn of your impressions.

Q2) Why are there now 436 or so ONC Certified EHR's to choose from? I think that the answer is obvious, at least 436 doctors could not find a system that worked for them, so they went about creating a system that did. They needed a system that could change daily to meet their specific needs.

Q3) Why is price so important? I think it's like buying a house. Realtors do not want to waste time showing houses that the prospective buyers can't afford. So its very important as an EHR buyer to have a budget. Prices range from Free (Practice Fusion) to Billions of dollars (Vista) so if price is your driver pick a number you can afford and restrict your search on this criteria.

BOTTOM LINE: My experience tells me that it's not Price or a Fancy Demo that's important in EHR selection, instead it's a systems ability to change/improve/customize on a daily basis to constantly adapt to the changing needs of your practice and the unique needs of the individual providers. To me this is by far the most important criteria in EHR selection. So make sure that you demand that in the demonstration of each system you personally can change the system to accommodated a few specific needs you have in your practice. Examples include Infusion Management, Imagery Device Interfaces, even simple WebCam interface for pictures of your patients...

Wouldn't it be nice if there were and Easy Button for your EMR/EHR search? Just click the Link above and request price quotes from the top 10 most frequently referred systems... your done right?

No, Your practice is unique, these systems were created for someone else's practice. XLEMR builds certified EMR/EHR systems to meet the unique needs of your practice.

The HITECH Meaningful Use program was designed to improve patient care and modernize America’s health care industry by promoting the adoption of Electronic Health Records (EHR). The HITECH program offers Eligible Providers (EP) up to $44,000 over five years for the Medicare track, or up to $64,000 per provider over six years for the Medicaid track. To qualify, physicians must meet the eligibility requirements for Medicare or Medicaid; they must purchase a certified EHR system; and they must use the system according to the 25 meaningful use criteria.

Medicare payments are broken up over five years for a total of $44,000, assuming a practice meets the minimum allowable charges threshold. EPs can get started in 2011 or 2012 and still receive the full stimulus amount. EPs who start in 2013 will only be able to receive $39,000; those who start in 2014 will only receive $24,000. EPs who start in 2015 or later will receive no stimulus, and may be subject to penalties.

EPs must meet the meaningful use guidelines for 90 days before they begin receiving payments. The first quarter of 2011 and the first 90 day reporting period is almost over. EPs who got started with EHR in 2010 and were able to meet the requirements starting on January 1, 2010 could receive their first incentive payments in late April or early May of 2011. October 1 is the last day to begin a reporting period for 2011.

Practices will not be able to simply purchase an EHR and immediately start their reporting periods. Those who hope to begin reporting this year need to have an EHR purchased and installed no later than June or July. Implementing EHR is non-trivial; it takes time to acquire the hardware you need, install the software, train the staff, and become comfortable and efficient with the new workflow. Practices that hope to start in 2012 need to purchase and begin implementation by September or October of this year.

Anyone considering EHR should make an informed business decision and consider the many benefits EHR can bring, and not simply focus on the costs. Practices should consider a custom solution that will minimize training time and workflow reorganization. High-volume specialists should be wary of traditional point-and-click EHR systems because they may lead to reduced productivity and revenue. Practices like these should look for certified EHRs that work with voice recognition or dictation.

That being said, any practice that qualifies for the incentives and does not currently have EHR should seriously consider participating in the HITECH program. EHR systems offer many benefits that will improve office efficiencies and patient care. Electronic charting is the future of health care. Evolution tells us that those who are not able to adapt to their changing environment will not have a bright outlook. The HITECH program is a one-time deal. The government has never before, nor will likely again offer financial assistance to help medical practices invest in EHR. As they say, it is best to “strike while the iron is hot.”

Electronic Health Records (EHRs) based on the Application Service Provider (ASP) or Software As A Service (SAAS) model are very popular, and with good reason. ASP systems offer many benefits to practices of all sizes. However, there are hidden costs and drawbacks with ASP systems that your vendor probably will not mention.

What are ASP systems are so popular? First, they require minimal hardware and infrastructure, because the EHR is web-based and runs from a web-server locked away in a remote data center. Practices using ASP EHRs typically do not have to invest tens-of-thousands into servers, backups, and other gear.

ASP EHR systems are attractive because of their pricing model. Many ASP systems retail for approximately $400 - $600 per provider per month. Rather than buying an EHR that requires cash up front or financing, ASP pricing structures are more like your cable or internet bill. You simply pay a monthly fee as long as you use the service.

What are the drawbacks to ASP systems? The first drawback is the pricing structure. While many practices prefer a fee-for-service to an outright purchase, they will lose money in the long run. A small practice with three providers would spend about $1200 - $1800 a month on their EMR, which comes out to $72,000 - $108,000 over five years. Compare this to purchasing a system outright for $25,000 to $60,000. If you buy a system, you may also be able to sell the licenses if you retire and sell your practice. This is the classic rent-vs.-buy debate; you should consider which will be best for your practice.

Remember, ASP systems run over the internet. Your practice will need a commercial-grade high speed internet connection. Many of these systems may require a T1 connection. A T1 connection offers 1.5 Megabits per second of dedicated bandwidth, and typically runs anywhere from $500 to $1000 per month. This adds up to anywhere from $30,000 to $60,000 over five years. If we add that to our EMR fees, you will spend around $102,000 to $168,000 over five years.

Performance is another thing to consider. T1 connections do offer dedicated bandwidth, unlike cable internet, but they can still slowdown or drop. Remember, an ASP EHR system runs over the web. If your connection slows down, your EHR slows down. Have you ever been frustrated waiting for a web page to load? Imagine if your practice and cash flows depended on that web page. What happens if your internet goes down? You will be unable to see patients, and you will either have to revert to paper-based charting, or you will have a waiting room full of angry patients. Just like your home internet, there is no way to tell if your service will be back on in a few minutes, a few hours, or a few days.

ASP EHRs could be a good choice for some practices, but you should carefully consider the benefits and drawbacks before signing on the dotted line.

Media Contact: Debra Steen
866-208-4308
debra.steen@xlemr.com

Atlanta, February 18, 2011 - XLEMR, a developer of custom electronic health records (EHR) that focuses on practices that seek a simple, mobile, and efficient solution, announced today that its EHR software has achieved certification as a Complete Ambulatory EHR under the Office of the National Coordinator’s (ONC) certification program.

Testing was performed by InfoGard Laboratories, an ONC-designated Authorized Testing and Certification Body ONC-ATCB for EHR systems, on January 26th and 27th, 2011. During the test, XLEMR demonstrated their software meets the requirements for meaningful use. Eligible providers can now use XLEMR to qualify for HITECH stimulus funds, which can result in up to $44,000 per provider under Medicare or $64,000 under Medicaid.

“XLEMR offers a unique solution to medical providers that want a simple, custom solution,” says Tripp Weeks, President of XLEMR. “Most other EMR systems are rigid and complex, but XLEMR is built on Microsoft Office, which allows us to create simple, easy solutions that we can tailor to our clients’ needs.”

Providers using XLEMR’s certified product will have the benefit of the familiar interface in addition to all the features required by meaningful use. For example, providers can take advantage of XLEMR’s interface to Microsoft Health Vault, which allows information sharing between the health record, the patient, and any other care givers authorized by the patient.

E-prescribing is another important feature that allows providers to check drug interactions, medicinal allergies, and formulary compliance. Sending prescriptions electronically is more efficient than script pads or faxes; it also helps reduce fraud. XLEMR’s unique approach to e-prescribing allows providers to enjoy all the benefits without additional monthly fees.

“One of the challenges for any vendor is how to incorporate the meaningful use functionality into a system without making it slow or difficult to navigate. Complexity is one of the things medical professionals fear most in an EHR system. Many providers hesitate to implement EHR, because they fear the software will be confusing and negatively impact productivity. XLEMR’s architecture allows us to include all of the meaningful use requirements, while still maintaining our trademark simple interface,” Tripp elaborates.
Providers that want to participate in the stimulus program must first meet eligibility requirements under the Medicare or Medicaid program. Next, providers must purchase an EHR system certified by an ONC-ATCB. Finally, providers must use their software according to the measures outlined in the meaningful use rules to qualify for the stimulus funds.

About XLEMR, LLC
XLEMR, LLC is a leading developer of simple, mobile, and efficient electronic health records. XLEMR focuses on a custom, hand-holding approach to implementation and development that allows their clients to experience a comfortable transition to EHR. Their core product is based on Microsoft Office which provides an interface familiar to most users. This architecture allows providers to be mobile without needing an internet connection or wireless data plan. XLEMR provides efficiency by incorporating existing paper forms into the EHR to minimize training requirements. For more about XLEMR visit www.xlemr.com.

We talk to many physicians, practice mangers, and others associated with the medical industries, that ask us about the “EMR Mandate.” Many people are under the assumption that there is a law that requires medical practices to adopt EMR. As of yet, Congress has not passed any laws that require EMR adoption. However, the HITECH stimulus act does threaten non-adopters with cuts in their Medicare reimbursements. The cuts would begin in 2015 and increase to a maximum of 5% of the reimbursements. Think of the HITECH act as an “encouragement,” not a mandate or law requiring EMR adoption.

However, the free market may have its own EMR “mandate” in the near future. NORC at the University of Chicago published a study late last month which found wide popular support for EMR adoption. Among the findings, the report states 78% of Americans believe EMR could prove patient care. 59% believe EMR could reduce health care costs. 72% support interoperability and information sharing. 80% support e-prescribing, and 79% thought personal health records could benefit patient care. Perhaps the most interesting statistic claims that 64% think the benefits of EMR systems outweigh the associated privacy concerns.

The survey makes it clear that there is broad popular support for electronic health records. However, despite the “carrot and stick” approach of the HITECH Act, many physicians and medical practices are reluctant to invest in EMR systems. The public will gain more exposure to EHR systems over the next few years as those practices who are participating in HITECH come online.

Patients will see the benefits of EMR systems, which should include things like filling out less paperwork, easier visit check-in, online access to their medical records, the ability to easily share their records between multiple caregivers, less hassle with insurance formularies, and many other benefits. We can imagine that patients will come to enjoy and expect these features from their doctors. There will likely be such a large difference in the quality of service that patients will tend to avoid practices still using paper records in favor of those who have switched to EMR.

Although there is no law that requires EMR adoption, market pressures may force practices to make the switch or risk losing a large percentage of their patients. Think of the places you shop. Almost every retailer out there, from giants like Target and Wal-Mart, all the way down small mom and pop boutique stores use electronic point of sale systems. We are so used to seeing these systems, that we take it for granted. It can be surprising to wander into small store that only accepts cash or worse yet, figures sales tax using pencil and paper. In time, medical practices that use paper charts will be quaint relics like the ancient small town general store that still figures sales tax with pencil and paper. If your practice is has not switched, consider all the benefits it can bring to your patients. It is better to change now while the federal government is offering incentives than to wait until your reimbursements are cut and your schedule is empty. Please let us know if you would like information about how you can participate in the HITECH Act.

Our last newsletter went into some detail about risk assessments. We discussed important terms and the nine steps of a risk assessment. However, one of our readers asked for clarification about risk assessments and how they relate to EMR and IT contractors. This is an important topic in and of itself.

I am sure there are many of you who have the same question. Who is responsible for conducting your risk assessment, and how does it relate to your EMR and IT department? The short answer is that it will depend upon the different contracts and agreements you have in place with your EMR vendor, IT provider, or other business associate.

Risk assessments touch many different areas of your practice. There is an IT component that addresses the configuration and security of your computers, mobile devices, digital media, and your network. Your EMR falls in this category, as it typically involves hardware and software that runs under your control. Even if your EMR is web-based, you are still ultimately responsible for its security.

If your EMR vendor is also your IT provider, then your job is easy. In this case, it should be their responsibility to make sure the hardware and software in your practice is setup and configured securely. If you have an IT provider that is separate from your EMR vendor, you will need to carefully review your contracts to understand each party’s responsibilities. The EMR vendor typically will only support their software, and it is up to your IT provider to support all of your hardware and other software.

However, you should keep in mind that a risk assessment addresses far more than just your computers and software. The HIPAA Security Rule calls for administrative, physical, and technical safeguards. Administrative safeguards involve things like policies, procedures, and training. These are typically not the responsibility of your EMR vendor or your IT provider. If you have a compliance officer or a HIPAA consultant, it is their job to make sure your policies, procedures, and training are managed appropriately.

Physical safeguards deal with things like door locks, security alarms, and sprinkler systems. These are most often the responsibility of your facility manager, property owner, or land lord. They work hand-in-hand with your administrative and technical safeguards to protect your data and keep you compliant. You may have great policies and the best firewall on the market, but if your server room isn’t locked, you are not well protected.

A good risk assessment will touch on administrative, physical, and technical controls in your practice. You will probably have to consult with your EMR vendor and your IT provider to complete an assessment, but you will also have to explore administrative and physical controls which are not their responsibility. It is a good idea to hire a HIPAA consultant to review your policies, procedures, and physical controls. Regardless of the agreements you have in place, the physician or practice owner is ultimately responsible for the risk assessment.

We have talked a good deal in our newsletters and blogs about risk assessments and how they are critical to comply with meaningful use and the HIPAA security rule. I wanted to take this time to explain a little more about what is involved in a risk assessment. Whether you choose to do your own risk assessment, or contract with a third party, you should keep this information in mind.

First and foremost, the HIPAA Security Rule (45 C.F.R. §§ 164.302 – 318) requires covered entities to conduct and review a risk assessment at least annually (§ 164.308(a)(1)(ii)(A)). The risk assessment is the foundation of compliance and security. It helps covered entities identify and implement safeguards necessary for security and compliance. It is also required to qualify for meaningful use stage one.

There are a few terms associated with risk assessments that you should understand. A vulnerability is “a flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised… and result in a security breach…” (NIST SP 800-30). A threat is “the potential for a person or thing to exercise… a specific vulnerability” (NIST SP 800-30). Finally, risk is the “…impact considering (1) the probability that a particular threat will exercise a particular vulnerability and (2) the resulting impact if this should occur” (NIST SP 800-30).

Risks come from legal liability or the inability to continue business operations due to: (1) “unauthorized disclosure, modification, or destruction of information; (2) unintentional errors and omissions; (3) IT disruptions due to natural or man-made disasters; or (4) failure to exercise due care and diligence in the implementation and operation of the IT system” (NIST SP 800-30).

A risk assessment should have nine basic steps: (1) Determine the scope of your system; (2) identify potential threats; (3) identify potential vulnerabilities; (4) analyze your current controls; (5) determine the probability a threat will exploit a vulnerability; (6) analyze the impact of a successful vulnerability exploit; (7) determine risk based on probability and impact; (8) recommend controls to reduce risk; and (9) document the results.

Note that it is not enough to conduct a risk assessment and forget about it. Your risk assessment needs to be periodically reviewed and updated at least annually. Once your assessment is complete, you need to formulate a plan of action to reduce your risks and achieve compliance, beginning with highest-risk items. Finally, be sure to document your plan and update it regularly, each time you complete a project.

Please contact us if you have any questions about risk assessments, or how they relate to the HIPAA security rule or meaningful use. We host weekly webinars addressing risk assessments. You can sign up on the web at www.xlemr.com.

2011 is here, and the first meaningful use reporting period is under way. Does your practice plan to take advantage of the stimulus money? Just to remind you, the HITECH Act will reimburse eligible professionals (EPs) up to $44,000 under Medicare or $64,000 under Medicaid for implementing a certified electronic health record (EHR) and utilizing it according to the meaningful use guidelines. EPs wishing to participate should be aware of the following developments.

Meaningful Use registration is now open. EPs can register their practice on the web at https://ehrincentives.cms.gov/hitech/login.action. You will need to register as soon as possible if you plan to participate. You can register even if you do not yet have EHR or if your EHR is not yet certified. Also, please be sure to register as an eligible professional, unless you are a hospital administrator. Medicaid registration is now open in select states, however, everyone can register for the Medicare program at this time.

EPs must purchase all meaningful use software up front. HHS recently clarified that EPs or eligible hospitals must purchase all of the functionality required by meaningful use in order to qualify for stage one. There are 25 components required for stage one: 15 of them are “core” requirements. Ten of them are “menu” requirements; EPs are allowed to pick five of the ten to implement over stage one. However, EPs must purchase all of the menu requirements for stage one, regardless of whether they choose to implement them or not.

There are currently five approved testing and certification bodies. HHS has approved five bodies to certify EHR systems for meaningful use compliance. They are ICSA Labs, SLI Global Solutions, InfoGard Laboratories, CCHIT, and the Drummond Group. 200 complete EHR and EHR modules have been certified to date. Multiple certification bodies will ensure EHRs are certified quickly and keep costs down so they are not passed on to consumers.

HIPAA Security Risk Analysis is still required for stage one. The HIPAA security rule, 45 CFR 164.308 (a)(1), requires covered entities to conduct and review a security risk assessment at least annually. Core requirement 14 states that EPs must “implement systems to protect privacy and security of patient data in the EHR,” and the measurement further clarifies that EPs must “conduct or review a security risk analysis, implement security updates as necessary, and correct identified security deficiencies.” Risk analyses are typically not part of EHR systems, so EPs will need to contract with a third party to ensure they meet this requirement.

Please let us know if you have any questions about meaningful use or risk analyses. Conducting a risk analysis can take time, so you should begin immediately if you want to qualify for meaningful use during the first reporting period. We offer a simple easy risk analysis solution. Please let us know if we can help.