Dear Healthcare Professional,
Welcome to the February issue of the Indidge Advantage newsletter and by the way Happy Valentines Day. The Indidge Advantage is produced by Indidge Systems , a healthcare software solutions company specializing in Compliance and Risk Management solutions.
President Obama wants to include EMR investment as part of his economic stimulus package. Our first article is an excellent treatise on this very timely subject from a doctor's perspective.
by Robert R. Zaid, DO, Resident
Genesys Regional Medical Center, Grand Blanc, Mich, Intern/Resident Representative, American Osteopathic Association Technical, Advisory Bureau
A letter to the editor published in The Journal of the American Osteopathic Association JAOA, Vol. 108, No 2, February 2008
To the Editor: As a child, I spent many days watching my parents' computer technician solder chips onto a motherboard to repair various computer problems. I eventually realized that if I could learnhow to fix computers for the small business my parents owned, they would no longer need to pay someone else for the repairs.
Through the years, after experimenting with an assortment of computerized devices and software programs, I have learned that technology is generally beneficial - but not all new developments are worthwhile. In fact, some developments can make one's life more difficult.
During my years in medical school and, now, in my residency program, I have made a number of other observations about technology,including the following:
- There are countless opportunists who would like to cash in on physicians' perceived wealth, charging exorbitant fees for electronic products that may not be exactly what a physician needs.
- Many physicians want to embrace technologic innovations, but they hesitate to make decisions about which products to use. Physicians, for the most part, do not want to be technology pioneers.
- Many physicians are unable to communicate well with computer programmers because they do not understand the technical language used by programmers. As a result, physicians often do not use their computer systems to their fullest potential.
Physicians in family practice make complex decisions every day. Yet, we seem unable to decide which system of electronic medical records (EMRs) to use. One probable reason that physicians in family practice hesitate to select an EMR system is because they expect their parent hospitals will make that decision for them. However, it may not be in a physician's best interest to use the same system preferred by his or her parent hospital. In such institutions, the decision about which EMR systems to purchase are typically made by administrators who select the best program for general hospital purposes - not for the individual needs of any particular physician.
Furthermore, it is not essential for a physician to have the same EMR system used by his or her hospital. Most hospital computer record systems allow for remote access of patients' records by physicians. All EMR systems use a digital code language called HL7 (Health Level Seven Inc, Ann Arbor, Mich). Thus, as long as a physician's files are compatible with HL7, patients' data can be imported from electronic hospital databases by using the physician's own EMR system.
Of course, any new technological device or system is initially going to be a challenge to work with, and this is true for EMR systems. Nevertheless, I believe that there are many advantages for physicians in learning to use their own EMR systems. As requirements of Medicare and private insurance companies continue to generate increasing amounts of documentation for physicians - and as physician reimbursement continues to decline - physicians need to use patient - record systems that are as efficient as possible, that minimize errors, and that improve preventive care. By using the right EMR system, tailored for the specific needs of a physician's practice, these goals can be achieved. Thus, the selection of an EMR system must be based on sound judgment, considering the needs of a particular practice. In addition, physicians should maintain close relationships with computer programmers to help them keep abreast of future updates to software.
Genesys Regional Medical Center in Grand Blanc, Mich, where I am a third - year resident, has an excellent collection of electronic aides, records, and databases. However, not all of these electronic media are linked with one another to facilitate easy and complete access to all available data.
Since I began my residency at Genesys in 2005, I had heard about the center's plans to transition to paperless medical records and wanted to learn how to use an EMR system.
In October 2007, I attended an American Academy of Family Physicians conference in Chicago, Ill. This conference gave me the opportunity to visit with representatives from several software companies and ask them questions about their products.
I have since experimented with three EMR systems - Misys (Misys Healthcare Systems, London, England), AltaPoint (AltaPoint Data Systems, Midvale, Utah), and Amazing Charts (AmazingCharts.com Inc, Hope Valley, RI). My work with these EMR systems has led me to conclude that, though there are some differences among the systems, they all allow the user to accomplish many of the same tasks.
I decided to download Amazing Charts, which is free for the first 90 days of use. It has now been 3 months since I started using this system in my clinic. Each day, I learn something new. Because I am experimenting with this software on my own, the use of the program requires more work on my part than would normally be necessary, including typing up patient records, inputting vital data, and printing out copies of the data for the patients' records.
Using the EMR program was difficult and time - consuming at first, but after the fourth day of working with the new system, I became much more adept at using the electronic templates, and I began completing my charts before the other residents had completed their dictating. Although I need to type in data that would normally be typed in by a medical assistant, I have found that, by the second time I see a patient, the patient's record is almost complete - requiring less time than dictation. With the use of voice - recognition software, I have cut my record - compiling time in half.
Because, as a resident, I see only about 16 patients a day, I have had time to master the Amazing Charts software and to determine which software features are most useful and important to me. I have also submitted my ideas on improving this software program to the manufacturer. It is my hope that they can adapt the program to better meet the needs of physicians such as myself. Even if I later decide not to use Amazing Charts, I have developed the skills to work with an electronic medical chart on a computer - skills that are readily transferable to other EMR systems.
I strongly recommend that other residents take this matter into their own hands and learn how to use the EMR systems of their choice. While in residency programs, we learn from our preceptors how to practice medicine, but I believe that it is also essential for us to share our knowledge about computer technology during residencies. That two - way interaction is the only way to bridge the gap that exists between the practice of medicine and the use of computers. Understanding and using EMR programs is important if we want to move forward in the medical profession, which is increasingly dependent on technological developments.
Establishing electronic records for patients can be a huge task initially, and the first year of inputting data can be tiresome. Yet, once that information is placed into computer files, a physician's practice will likely operate much more efficiently. Physicians need to move from procrastination to action with EMRs.
What are you waiting for?
By Rebecca Herold, Contributor
From: SearchWinIT.com "The Web's best resource for Window admins and computing managers"
January 24, 2008
Many Windows managers still not realize the significance of maintaining detailed documentation to meet their compliance requirements. To keep their heads off the chopping block with auditors, and to meet
legal requirements, Windows managers must maintain compliance documentation and keep it up to date.
When I was a systems analyst building CICS regions for an IBM mainframe and creating the online applications change management system,most of the folks I worked with hated to create documentation for the systems and applications they supported. They seemed to think it was unnecessary when it was much easier to just talk directly to the analyst or programmer responsible when someone needed to know more about the applications or systems.
As a result, most of the documentation that did exist was poorly written and left out significant information. It was
confusing to read.
After that, I moved into IT auditing and began to realize the importance of documentation from an audit and compliance perspective. While reviewing systems and applications documentation, it took much longer to perform the audit when there wasn't good documentation. In addition, the areas I audited that had poor documentation invariably received bad audit reports because audit findings depend largely upon documentation.
Laws, regulations and contracts requiring documentation
Most, if not all, data protection laws and regulations require the organizations they cover to maintain documentation. Here are just a few of the U.S. laws:
- Sarbanes Oxley Act (SOX) - The Public Company Accounting Oversight Board, which oversees SOX compliance activity, repeatedly emphasizes the importance of documentation within its auditing standards. Those standards dictate, for example, that a Windows manager must maintain detailed documentation for account creation, changes and deletion.
- Health Insurance Portability and Accountability Act (HIPAA) - In the law's technical safeguards, it says that as part of standard audit controls, hardware, software and/or procedural mechanisms must be implemented that record and examine activity in information systems that contain or use electronic protected health information. In a Windows environment, this requires that all access to protected health information be logged.
- Federal Information Security Management Act (FISMA) - You must document system information, such as interconnections with other systems and implementation details for each security control, in the system security plan. For Windows shops, that includes Windows domain trust relationships and Active Directory universal groups. Systems hardware and software inventory and major applications, including hardware make and model numbers, software version numbers, patch levels and a functional description of the component -- such as each database, Web server, fileserver and directory server -- must also be documented.
You'll find similar audit and documentation requirements in international data protection laws, such as Canada's Personal Information Protection and Electronic Data Act and the European Union's Data Protection Directive 95/46/EC.
In addition to laws and regulations, you may be contractually obligated to maintain documentation. For example, if your organization processes credit card payments, you must comply with the documentation requirements of the Payment Card Industry Data Security Standard, or PCI DSS.
Basically, all of these laws and contractual agreements require that the operating systems upon which personally identifiable information, or PII, is collected, processed and/or stored must be well documented.
Don't assume that your organization's legal team knows how these requirements translate to compliance action items for IT. If none of your staff attorneys have any background or knowledge about how information systems actually work, chances are they will not even realize the importance of having documented procedures and technology in place to comply with data protection laws and regulations. Now is a good time to discuss these issues with your legal team.
What auditors look for
The primary ways in which auditors ensure control objectives are being met are by:
- Reviewing available documentation of your Windows environment in the form of logs, monitoring records and reports
- Reviewing written descriptions of your administrative activities
- Most auditors heavily rely on the Control Objectives for Information and related Technology, or COBIT, published by the IT Governance Institute, when performing audits. Download COBIT from www.isaca.org and look it over carefully to determine the additional documentation you should have for your own organization based upon your business activities.
When establishing your Windows documentation procedures, keep in mind that auditors are typically looking for documentation such as the following:
- Roles and responsibilities -- The roles and responsibilities for each person who works with applications and systems should be documented in detail. These citations should include an organizational chart, along with a documented chain of command.
- Procedures -- Each IT area should have documented procedures to support the corporate policies and standards. The procedures should be specific to the applications and systems that the area supports. The procedures should be detailed enough to allow someone to follow them in the event of a proverbial truck that runs over the administrator who usually performs the procedures.
- Meaningful and understandable details about the systems and/or applications for which you are responsible -- Include information about the business purpose of the systems or applications, changes and updates that have been made, when security patches were applied and so on.
- Detailed change information -- All changes to applications and systems should include the following:
- Name of the person making changes
- Date and time the changes were made
- Type of change
- Reasons why the changes were necessary
- Change success or failure
- List of impacted data files, systems, applications and other network resources
People who make changes to systems and applications must be held accountable for those changes from the point of view of not only the laws and regulations but also from the viewpoint of managers and auditors. Including the name of the person making changes also allows management and auditors to speak directly to the person if clarifications are necessary, if additional changes are needed or to assist with an investigation.
Ultimately, each organization must determine the extent of documentation to maintain based upon its own unique computer and network environments, along with its services, products, legal requirements and risks.
Rebecca Herold, CISSP, CISA, CISM, CIPP, FLMI, has more than 17 years of experience in IT, information security, privacy and compliance. She is owner and principal of Rebecca Herold, LLC. She is an adjunct professor for the Norwich University Master of Science in Information Assurance program and is writing her 11th book. Her articles can be found at www.privacyguidance.com and www.realtime-itcompliance.com.
January 6th, 2009
By Tony Chen
From hospitalimpact.org
2006 was the year of consumer - driven health care. Two years ago was the year of retail clinics. Last year was the year of health IT (with Google and Microsoft making big splash entries). So, what will 2009 bring ? Here are some predictions sure to go wrong:
1. The number of uninsured and underinsured will increase dramatically.
Think about it: Unemployment was once close to 5 percent. At some point in 2009, it could get up to 10 percent. Add to that the many businesses that will be cutting healthcare coverage for the sake of business survival, as well as the folks who will decide to forego buying individual health insurance to make ends meet.
2. Strong hospitals get stronger, weak hospitals get weaker and/or die.
For better or worse, this dynamic seems to be happening in every industry, and hospitals are no different. Well - managed, well - capitalized hospitals will see strategic opportunities in this market to acquire other hospitals, acquire land, obtain cheaper debt and strengthen their positioning. Weaker hospitals will be acquired and / or see already - precarious financials go further south. All of those big hospital chains will also shed underperforming hospitals and look for turnaround targets, making for an interesting M&A market in 2009.
Just think about the banking industry. Five years from now, my guess is the likes of U.S. Bank and JPMorgan Chase will be huge winners. Who will be the winners in your hospital market?
3. Hospitals will diversify further down the health care continuum.
In the new era, reimbursement will reward coordination of care and cost-avoidance. That means hospitals will become increasingly responsible for a patient's health (not just their health care). In fact, I sometimes wonder if this is our industry's dirty little secret, like credit default swaps for the financial industry. Okay, that's not a fair analogy, but it still makes me wonder. I think hospitals that are proactive in offering wellness and health management services will eventually be best positioned for the future.
4. Hospitals will focus (yet again) on physician integration.
As a corollary to the previous point, coordination between hospitals and physicians has never been more important, because bundled reimbursement is headed that way.
5. Legitimate health 2.0 companies will emerge as a new kind of competitor.
Follow Matthew Holt's The Health Care Blog for more on health 2.0. Social media and artificial intelligent technologies are developing very quickly and becoming more cheap to develop. I predict we'll see some really compelling and intriguing healthcare applications to those technologies in 2009. The main thrust of them will be better connecting patients with the information, providers, other patients and resources they need most.
6. The Obama Factor.
It still remains to be seen whether Obama will try to take advantage of his honeymoon period to address healthcare, or if healthcare falls too far down the list as economic and political crises are aplenty right now. Either way, a compelling pitch can be made: Without addressing health care, we are tying the hands of American businesses (Exhibit A: American automobile companies). $1,800 of healthcare cost in every Ford versus $200 for a Toyota. If the American business, big and small, is the engine of growth for the American economy, fixing healthcare is like finally changing the oil. My guess is if anything changes, it will be more symbolic in nature.
7. New (and old) competitors continue to innovate.
Specialized services will continue to be niched out into focused factories -- off - site cancer centers, wound-care centers, surgery centers and wellness centers. Retail clinics, while not popping up as quickly as we once thought, still number 1,000. While 97 to 99 percent of the American population has yet to visit a retail clinic, let's not forget that 1,000 clinics is a drop in the bucket compared to the number of physician offices. Specifically, Walgreen's seems to be repositioning itself deeper into healthcare services (anyone else see all the huge acquisitions they've made recently with worksite clinics).
What else do you see?
A guy walks into a post office one day to see a middle-aged, balding man standing at the counter methodically placing "Love" stamps on bright pink envelopes with hearts all over them. He then takes out a perfume bottle and starts spraying scent all over them.
His curiosity getting the better of him, he goes up to the balding man and asks him what he is doing. The man says, "I'm sending out one thousand Valentine cards signed, 'Guess who?'"
"But why?" asks the man.
"I'm a divorce lawyer," the man replies.
Dear Valentine, please make this year the time to improve efficiency and put an end to the "Post and Hope" mentality.
We have been at this for a while and we have a total package that includes implementation, training and support. We even load your existing policies into your new system for you and provide you with a box of chocolates during February!
Let us demonstrate why our policy and procedure system deserves a place in your budget for 2009 ! Send Tom Reid an email at tom.reid@indidge.com or call him now at (480) 829-0479 Ext. 138 to schedule a convenient web demo.
For a FREE educational webinar on "Where's That Policy?" join us Tuesday, February 3rd, 2009 from 11am - 12 Noon MST.