The challenges of EHR to EHR migrations and data conversions will also be covered, including the use of the unethical practice of data blocking used as a tactic by some vendors to hold data hostage. Further, we explore innovations related to interoperability, cloud computing, cyber security, and electronic patient/consumer engagement.
Finally, this book will deal with what to do with aging technology and databases, which is an issue rarely considered in any of the early publications on healthcare technology. What is the proper way to retire a legacy system, and what are the legal obligations of data archiving?
Though a lot has changed since the 2011 edition, many of the fundamentals remain the same and will serve as a foundation for the next generation of EHR adopters and/or those moving on to their second, third, fourth, and beyond EHRs.
Trusted by 375,005 students
Access to over 1.5 million titles for a fair monthly price.
According to the Office of the National Coordinator (ONC), the term “health information technology” (health IT) refers to the electronic systems healthcare professionals – and, increasingly, patients – use to store, share and analyze health information. Health IT includes electronic health records (EHRs), but it can be much more comprehensive.1 For these reasons, it will be helpful first to understand the current state of the healthcare IT (HCIT) market and how it drives new applications that go beyond the way we use EHRs today.
The most notable state of our current HCIT market has to do with incentives and penalties for the use and adoption of certified EHRs. This matter will be covered in more detail later in the book. Still, for a quick contrast and comparison, the original EHR incentive program started under the American Recovery and Reinvestment Act of 2009 during the Obama administration. Our economy was teetering on the brink of a second Great Depression, and we desperately needed incentives to stimulate the economy. One of the largest benefactors of this bill was the healthcare IT sector. Over $20 billion in incentive money was allocated to encourage the adoption of a certified EHR.2
Prior to Obama, the Stark Laws were relaxed under the Bush administration during his second term to allow hospitals to subsidize the cost of EHRs for their medical staff. These combined, back-to-back efforts jumpstarted the adoption of EHRs. The program developed under the Affordable Care Act was mostly based on adoption and selecting a vendor with certified features and functions. (Note: The Patient Protection and Affordable Care Act, also the Affordable Care Act or colloquially known as Obamacare, is a United States federal statute enacted by the 111th United States Congress and signed into law by President Barack Obama on March 23, 2010.) To be eligible, doctors and hospitals only had to pick a certified vendor and attest to using the basic features of the EHR. There were no major conditions or attempts to verify. This created a mass explosion of new vendors rushing to get their share of these funds. At the apex, there were over 600 certified EHRs in the market. Most of these vendors no longer exist and/or have since merged with other vendors to remain viable.
Today, the incentive programs are more comprehensive and require some demonstrated outcomes. Table 1.1 gives a quick side-by-side comparison of the incentives. Figures 1.1 and 1.2 recap the first calendar year for which the EP receives an incentive payment.
Table 1.1 Original and Current Incentives Compared
Original EHR Incentives
Current EHR Incentives
The vendor must be certified by the Certification Commission for Healthcare Information Technology (CCHIT).
The Certification Commission for Healthcare Information Technology (CCHIT).
Meet Meaningful Use (MU) standards
MU was based on five main objectives, according to the Centers for Disease Control and Prevention. They were:
(1) Improve quality
(2) Safety
(3) Efficiency
(4) Reduce health disparities
(5) Increase patient engagement
Meaningful Use +++
MU has now shifted to a Merit-Based Incentive Payment System and is combined with the Medicare Access and CHIP Reauthorization Act (MACRA); the Medicare EHR Incentive Program, commonly referred to as Meaningful Use, was transitioned to become one of the four components of the new Merit-Based Incentive Payment System (MIPS), which itself is part of MACRA.
MIPS harmonizes existing CMS quality programs (including Meaningful Use), the Physician Quality Reporting System and Value-Based Payment Modifiers. MIPS consolidates multiple quality programs into a single program to improve quality care.
Compensation
The payout was over 5 stages with phase one starting with 15 core requirements and 10 menu requirements. All core requirements are mandatory. Additional core requirements were added each year by CMS. There were two payout tracks.
1. Medicare Track: Eligible providers could receive up to $44,000 if all stages for all years were met. (See Figure 1.1.)
2. Medicaid Track: Eligible providers could receive up to $63,750. The only requirement for phase one was a signed contract with a certified vendor. The requirements for Medicaid were lower because Medicaid practices have less access to capital. To qualify for the Medicaid track, the provider would have to have a minimum of 30% Medicaid patients. (See Figure 1.2.)
Compensation as an up or down adjustment to the provider’s Medicare payments.
The first year started at a plus or minus of 4%, and it is set to go up to plus or minus 9% by 2021. Additional incentives can be gained through alternative payment models, but the risk is higher.
Figure 1.1 Original MU payout – Medicare. Source: CMS.
Figure 1.2 Original MU Medicaid payout. Source: CMS.
Fast forward to 2020, MIPS and MACRA have replaced Meaningful Use, and there is increased scrutiny and auditing of both vendors and providers who benefited from the former incentive programs. Most notably, three major vendors were hit with major false claim violations from the DOJ, resulting in a multimillion-dollar settlement with the government. Providers and hospitals are being asked to submit documentation demonstrating they complied with all the conditions sworn to during the attestation process. (Note: Attestation is a process of making a claim/statement without the requirement of submitting supporting documentation to validate these claims/statements. The government accepts these statements without verification but reserves the right to audit at any time to ensure the statements are accurate.)
Those who cannot produce the documentation are forced to return the incentive money. CMS will deduct the funds from future reimbursement and/or may impose additional fines for failing to comply. One of the conditions most frequently missed is the security risk analysis (SRA).3 (Note: Measure: Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1), including addressing the security (including encryption) of data created or maintained by CEHRT in accordance with requirements under 45 CFR 164.312(a)(2)(iv) and 45.)
This SRA is a pass/fail measure, so it is a manageable condition for HHS to audit. Practices that do not produce evidence of performing an annual SRA are generally asked to return the incentive money. The practice, to pass an SRA, must have all its HIPAA privacy and security policies current and provide evidence of staff training and TESTING of their knowledge. Table 1.2 outlines instructions to help you conduct a risk analysis that is appropriate for your organization. Extensive information is available at www.hhs.gov/hipaa/for-professionals/security/index.html.
Table 1.2 Checklist for Conducting a HIPAA Security Rule Risk Analysis
Task
Completed
Define the scope of the risk analysis and collect data regarding the ePHI pertinent to the defined scope.
Identify potential threats and vulnerabilities to patient privacy and to the security of your practice’s ePHI.
Assess the effectiveness of implemented security measures in protecting against the identified threats and vulnerabilities.
Determine the likelihood a particular threat will occur and the impact such an occurrence would have on the confidentiality, integrity and availability of ePHI.
Determine and assign risk levels based on the likelihood and impact of a threat occurrence.
Prioritize the remediation or mitigation of identified risks based on the severity of their impact on your patients and practice.
Document your risk analysis, including information from the steps above, as well as the risk analysis results.
Review and update your risk analysis periodically.
Conducting a HIPAA Security Rule Risk Analysis
The first requirement of the HIPAA Security Rule is a risk analysis (updated in 2013 by the Omnibus Rule). Per 164.308(a)(1)(ii)(A), a CE or BA must “conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (ePHI) held by the covered entity or business associate.”3
While there is no preferred approach, most risk analysis and risk management processes have steps in common. In concurrence with CMS, Table 1.2 is a checklist of recommended actions....
Table of contents
Cover
Half-Title
Title
Copyright
Contents
Foreword
Preface
About the Authors
Acronyms
Introduction
1 The Current State of the Healthcare IT Market
2 Cloud Computing
3 Cybersecurity Threats beyond EHR
4 Health Information Technology Compliance
5 Using Artificial Intelligence in Healthcare
6 Improving Patient Engagement with Technology
7 EHRs and Telemedicine
8 Advanced Analytics and Dashboard Reporting
9 Interoperability
10 Vendor Contracting and Negotiations
11 Implementation and Project Management
12 Future Healthcare Information Trends and the Internet of Things
13 Tools and Policies
Index
Frequently asked questions
Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.5M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1.5 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go. Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Beyond EHR by Jeffery P. Daigrepont, EFPM, CAPPM,Jeffery Daigrepont, EFPM, CAPPM in PDF and/or ePUB format, as well as other popular books in Negocios y empresa & Gestión de la información. We have over 1.5 million books available in our catalogue for you to explore.
