Paper Essay Guru
HIM 500 Healthcare Informatics
Module 9 – Final Project
By: Stephanie Shea
8/19/2017
Preparation for Consult
Key Historical Events
Electronic health records (EHRs) have evolved over the years which has allowed for
several advantages in the way health information is managed. The first EHR systems were
developed in the 1960s. At this point, many academic medical centers and universities were
developing their own systems. Lockheed Corporation developed a system (now part of
Allscripts), which influenced many other systems due to processing speed and multi-user
capabilities. The University of Utah also developed a system which was the first of its kind to
allow for clinical decision support systems. (Atherton, 2011).
In the 1970s and 80s, computerized medical records emphasized alerting systems,
physician orders, medical record administration, and progress notes. In the early 90s, the
Institute of Medicine released a report called “The Computer-based Patient Record: An Essential
Technology for Healthcare”. This report envisioned a computer based patient record (CPR) that
housed information from multiple episodes of care, different providers, and multiple facilities.
This was a key event because it allowed for a more comprehensive view of the patient’s medical
care as well as computerized decision support systems and other safety mechanisms (Green,
2015).
In the late 90s, the term electronic medical record (EMR) was introduced. The EMR was
initially used in the outpatient arena; however, some inpatient facilities used them as well. Early
EMR systems had limited capability for networking between inpatient and outpatient.
Two Presidents have endorsed the use of electronic medical records and advocated for
policy changes. In 2004, President George W. Bush signed an executive order to create a
National Coordinator of Health Information Technology within the Office of the Secretary of
HHS and in 2009, Congress, under President Obama, enacted the American Recovery and
Reinvestment Act. These actions promoted the use of EMRs to improve care and $19 billion
was invested to advance the health information technology field. One section of this legislation
is the Health Information Technology for Economic and Clinical Health Act which offers
financial incentives to institutions who meet the “meaningful use” objectives set by CMS
(Green, 2015).
Guidelines for Technology Use
EHRs are legal documents containing sensitive information. Therefore, there are
guidelines that Featherfall must follow to ensure governmental regulations are met. The CMS
EHR Incentive Program Stage 3 Objectives and Measures for 2017 offers some guidelines. For
example, the EHR must protect patient information through technical, administrative, and
physical safeguards. There must be computerized physician order entry (CPOE) and
transmission of electronic prescriptions. They must implement clinical decision support
interventions and optimize health information exchange through a summary of care record. The
patient also needs to be engaged in their care. The EHR should provide the patient (or caregiver)
with timely access to health records and education. Lastly, there should be public health
reporting using EHR technology (Medicaid, 2016).
Furthermore, the Health Insurance Portability and Accountability Act (HIPAA) passed in
1996 impacts how EHRs are used and sets the standard that only authorized healthcare
professionals specifically caring for the patient should have access to the individual’s medical
record. Routine monitoring of employees accessing records as well as HIPAA compliance
training should be completed.
Other standards and guidelines that should be used by Featherfall include ensuring the
use of International Classification of Diseases (ICD-10) codes provided by the World Health
Organization. Policies and procedures regarding healthcare information management should be
established by the institution and in line with state and national regulations. Lastly, standards set
by the Joint Commission (an accrediting agency) should be followed; for example, completing a
history and physical within 24 hours (AHIMA, 2013).
Standard Technologies
Some standard technologies currently used in the field of health information management
include accessing full medical histories for their patients, including laboratory tests and
radiology results which can be downloaded to the EHR, even if the patient is being followed by
several different providers. Computerized Physician Order Entry (CPOE) is another common
technology in use. Most EHRs also allow for alerts of potential drug interactions and allergies
and e-prescriptions which allows electronic transfer of prescriptions directly to a pharmacy
(Blumenthal, 2010).
The three most common electronic medical record keeping systems that I’ve come across
in my career are Cerner, Allscripts, and EPIC. These systems are all different from each other in
several ways. They can also be customized by the institution. For example, EPIC at one facility
may have different capabilities than EPIC at another facility.
Pertinent Roles
There are three main pertinent roles at Featherfall that would interact with the EHR: the
Health Information Management (HIM) team; the clinical staff; and administrative staff. The
health information management team is responsible for collecting and analyzing patient health
information and disseminating to appropriate parties such as doctors’ offices, insurance agencies,
hospitals, and research companies. They review documentation and ensure proper coding and
billing based on diagnosis and procedures performed during the encounter. They are also
responsible for making sure the information kept in a medical record is kept private and secure.
The clinical staff may consist of a variety of different disciplines. Each of these clinical
roles can interact with the EHR in different ways depending on their individual workflows. For
example, physicians will be responsible for using the CPOE, e-prescribing, and clinical
decision-making features. Bedside nurses will be responsible for entering vital signs, reviewing
and acknowledging physician orders, as well as documenting in the medication administration
record. Ancillary staff such as physical therapy, clinical nutrition, and respiratory therapy would
be responsible for assessing the patient, documenting in a progress note, and communicating
recommended care plans to physicians. Training on where various information is kept, how to
use the EHR, and documentation standards is necessary to meet regulatory guidelines.
The administrative staff is responsible for registering patient information such as name,
date of birth, contact information, and insurance provider. It may also require scheduling clinic
visits or transcribing physician dictated notes. Other administrative tasks, depending on the role,
may be monitoring outcomes, revenue, and quality data.
Evaluation of New Systems
HealthIT.gov offers great suggestions for evaluating new EHRs or any upgrading needs.
The first step I would use is a full analysis of the current state of practice. Interviewing front line
staff is a great way to further evaluate if current workflows and processes are efficient, well
organized, and what barriers exist. I would evaluate if staff is computer literate and able to speak
to current technology processes. I would evaluate the financial impact of upgrading or
implementing a new EHR. I would carefully plan my approach and select an appropriate EHR
upgrade. I would make sure to achieve meaningful use criteria set forth by CMS as well as
standards from Joint Commission and make sure all staff is knowledgeable on the changes.
Lastly, I would continue quality improvement and monitoring practices. (How to Implement,
2013).
I would have a strong focus on safety and privacy of patient information. HIPAA
requires that organizations must designate both a privacy and security officers (Privacy and
Security, 2013). There would be documentation of our security measures and how information is
monitored. I would conduct a risk analysis and action plan for current security measures using
the HHS Office for Civil Rights’ Guidance on Risk Analysis. Lastly, I would make sure to
provide ongoing training to staff.
Health Regulations and Laws Ramifications
Financial impact
The primary financial impact of not addressing these violations would be that it puts the
institution at risk for civil law suits due to security breaches and HIPAA violations. The hospital
could be found responsible for recovering damages in these cases. Not only would they require
to pay the impacted patient or patients, but regulating agencies may have additional fines that the
hospital may have to pay depending on the violation.
One example is Pinnacle Health, a 3-hospital system in Pennsylvania. This facility is
being held accountable for two incidences where a patient became hypotensive after being
discharged on the wrong medications and another where an MD was unable to place an order for
Vitamin K to prevent bleeding in a newborn. Pinnacle Health is among the first to make a
countersuit against the EMR system it was using at the time of these events. Such litigations can
be very costly and poor publicity (which can also lead to a financial impact) for the hospital
(Schencker, 2016).
Additionally, New York Presbyterian Hospital (NYP)/CUMC settled a lawsuit in 2014
for $4.8M dollars for HIPAA violations after a physician attempted to deactivate a personally
owned server on the NYP network containing electronic protected health information (PHI).
This resulted in PHI of 6,800 patients being leaked to Google in 2010. NYP is not unique and
the Office of Civil Rights has collected over $25 million in fines due to data security breaches.
In addition to the financial responsibilities associated with the courts, as well as the state/federal
fines, there are other associated financial costs. When data is breached, often the institution will
also offer free credit monitoring to the impacted patients (to look for fraud/identity theft),
outsourcing of hotline support, and forensic investigations. These fees can average around $2M
for each healthcare facility over the course of 2 years (McCann, 2014).
Continuing to ignore regulatory and governmental laws would eventually fall under the
category of “willful neglect”. Fines for intentionally ignoring these laws can start at $1,000 per
violation and go as high as $10,000. However, there is a cap on how much the institution would
have to pay. (Search Compliance, 2009).
Impact on Daily Operations
Daily operations can be significantly impacted if violations are not addressed in a timely
manner. As healthcare becomes more electronic and available on different devices such as
mobile applications and lap tops, there is a significant risk of data being stolen. Additionally, a
data breach can occur when information is not properly encrypted.
An article from Online Tech describes the negative operational impact of these security
breaches. These breaches can lead to diminished productivity, damaged reputation, and loss of
patient trust. (Pham, 2011). Additionally, health IT violations will likely lead to investigations
and more surveys by regulatory agencies which can be a very stressful time for everyone in the
hospital.
Furthermore, the Final Rule published by the Federal Register establishes what must be
done at a hospital after a security breach, which ultimately diverts resources from an operations
standpoint. For example, victims must be notified of the security breach within 60 days via first
class mail. The media must also be notified if the breach involves more than 500 patients.
Regulations and laws are put in place for a reason, namely to provide the best and safest
care for patients. If violations of health regulations and laws regarding technology are not
addressed, patient safety is at risk. Complications associated with errors in medication
administration is one example that could ultimately lead to patient death. Coding and billing
violations could put the provider’s license in jeopardy.
Impact of Security
The Health Information Technology for Economic and Clinical Health (HITECH) Act
under President Obama, expanded the reach of HIPAA and provided funding for better use of
health information technology. Just as laws and regulations for technology are put in place for
the safety of patients, they are also meant to establish the highest level of security for protected
health information. Security safeguards must be implemented to ensure that facilities,
equipment, and patient information are safe from damage, loss, tampering, theft, or unauthorized
access (Green, 2015). Additionally, patients must be notified of their security rights.
Technology System Recommendations
Needs of the Organization
Featherfall has several organizational needs when it comes to their health informatics
systems. First, there have been recent regulatory violations and the system is severely out of
date. Additionally, staff is not always aware of the technologies available to them and therefore,
the system is not being used to its full capacity. This has caused a significant financial drain on
the organization. Lastly, the needs of different clinical staff members were not taken in to
account and the system does not work for many users’ workflows.
Featherfall needs a major systems replacement to improve operations. The hospital needs
a system that securely transfers information, is password protected, and meets HIPAA standards.
Additionally, it requires the capability to adjust clinical documents and easily create new
templates based on the needs of different departments. There also needs to be a large amount of
training invested to all users of the system to ensure all practice standards and functionalities are
utilized. Employees organization wide need to be able to receive messaging about new
technology features. The ability to maintain patient records using agile and secure reporting
systems is also much needed. Lastly, given the financial losses from the previous system, the
new system will need to be cost effective for the organization.
Recommendations:
RFPs were completed by two vendors, Intel and Alert. After reviewing the needs of
Featherfall and completing an evaluation matrix for the two systems, my recommendation is to
implement the Intel (SOA Expressway for Healthcare). While this system does not meet all
needs of the organization in its current state, the system has substantial benefits. Additionally,
the next version coming out in 8 months will soon have many other features needed at
Featherfall.
The master patient index (MPI) module is preferred using Intel. An MPI links a patient’s
medical record number (MRN) with other common data elements (Green, 2015). According to
the AHIMA, the MPI serves as the most important element of an electronic medical record. It
allows for accurate identification and use of patient data. It also traces the individual’s activity
within the organization. (Demster, 2013). Intel can allow for aliases, look for former names,
maintain old MRNs, and merge duplicate MRNs. Additionally, the next version will meet
HIPAA standards which is vital from a regulatory and ethical perspective in maintaining patient
privacy. Lastly, there are high security standards associated with intel.
Intel will also help improve workflows, allow for custom builds of document templates,
and improve safety features such as monitoring for drug interactions and allergies. It offers
barcode scanning to improve medication administration documentation and quick access to
patient clinical information such as lab results.
Furthermore, Intel can message employees hospital wide as well as provide training to
staff. There is a cost associated with training and the cost is higher than other systems.
However, Intel is a widely used system by many larger organizations. The company has been in
place for 30 years and has a long history. There is significant benefit to using a larger, more
widely used company that outweighs cost.
Investing Financial Resources
A capital request would be needed to invest in a new technology system. To offset the
cost of changing the clinical system, Featherfall will need to effectively manage their financial
resources in other ways. Investing in technologies that will result in a cash flow would be
beneficial. Intel can help improve clinical decision making and documentation that will result in
improved coding and billing practices. Additionally, ensuring compliance to meaningful use
standards can improve government funding. If the decision to go with Intel moves forward,
Featherfall should also do further negotiating with the vendor with the help of legal. This may
result in decreased cost or other value added services that are free of charge.
Intel has strong ability to admit, discharge and transfer patients from various areas within
the organization (ED, outpatient, etc). It also helps calculate census statistics. Furthermore, the
next release will have better ability to notify housekeeping when a patient is discharged. These
features help improve patient flow, which ultimately will have a financial benefit to the
organization and offset some of the financial costs for implementing a new system.
Monitoring
There are several ways Featherfall can monitor the effectiveness of a new EMR. Prior to
the monitoring phase, Featherfall should develop SMART goals to determine what measures of
success they wish to monitor. For example, if a goal is to improve productivity by a certain
percentage, reports can be generated using user IDs and time spent to evaluate improvements.
Security controls can be implemented by monitoring log ins and determine whether staff are
sharing log ins or not logging in enough. Monitoring this can also help improve HIPAA
compliance and ethical management of protected health information. Evaluating log in patterns
is imperative.
After implementation, it would be important to monitor frequency of calls to the HELP
desk in the initial phase. If there are no calls, it could indicate the employees are finding work
arounds which is not ideal. If there are too many calls, it could indicate a training problem.
Over time, the number of calls to the HELP desk should decrease (HealthIT.gov, 2013).
Featherfall can also monitor how often alerts are being ignored or overridden. It is
important that alert fatigue does not set in with the clinical decision support features of Intel.
One study in BMC Medical Informatics & Decision Making, indicated that primary care
clinicians are less likely to receive alerts when they receive more of them. Ignoring these alerts
poses a patient safety risk, so monitoring these alerts is important. (Ancker, 2017).
Implementation
The University of Texas Health Science Center published about their experience
implementing an EHR. The article offers lessons learned which could be translated to
Featherfall’s implementation of a new heath information technology system. First, there should
be extensive efforts made to evaluate workflow and understand the needs of a new, redesigned
practice. Additionally, there should be willingness and trust to design protocols that allows
non-clinicians to safely deliver prescription related work. There certainly needs to be physician
champions, and ideally champions in all clinical areas, to participate in the implementation
phases. Featherfall should ensure ongoing training and IT support. There should be targeted
communication to all stakeholders early in the implementation phase. Lastly, there should be
ongoing efforts to monitor the system and offer continued improvements. (Jaen, 2011).
References
Atherton, J, MD. (2011). Development of the Electronic Medical Record. AMA Journal of
Ethics. Volume 13, Number 3: 186-189. Retrieved on July 9th, 2017 from:
http://journalofethics.ama-assn.org/2011/03/mhst1-1103.html
Green, M. A., & Bowie, M. J. (2015). Essentials of health information management: principles
and practices. Boston, MA: Cengage Learning.
Medicaid Eligible Professionals. EHR Incentive Program Stage 3 Objectives and Measures for
2017 (2016). Retrieved on July 9th, 2017 from:
https://www.cms.gov/Regulations-and
Guidance/Legislation/EHRIncentivePrograms/Downloads/TableofContents_EP_Medica
d_Stage3.pdf
AHIMA (2013). Standards: Required for Health Information Management. Retrieved on July
10th, 2017 from
http://journal.ahima.org/2013/04/01/standards-required-for-healthinformation-manageme
nt
Blumenthal, D. MD (2010). The Future of Health Care and Electronic Records. Retrieved on
July 10th, 2017 from:
https://www.healthit.gov/buzz-blog/electronic-health-and-medical
records/the-future-of-health-care-and-electronic-records/
How to Implement EHRs (2013). Retrieved on July 10th, 2017 from:
https://www.healthit.gov/providers-professionals/ehr-implementation-steps
Privacy & Security (2013). Retrieved on July 10th, 2017 from:
https://www.healthit.gov/providers-professionals/ehr-privacy-security/10-step-plan
Schencker, L. (2016). EHR Goes to Court. Retrieved on July 11th, 2017 from:
https://www.researchgate.net/profile/Kathrin_Cresswell/publication/51858562_Clinical_Decisio
n_Support_Systems_Could_Be_Modified_To_Reduce_'Alert_Fatigue'_While_Still_Mini
mizing_The_Risk_Of_Litigation/links/0deec51b6ea2099aba000000.pdf
McCann, E. (2014). Hospitals Fined $4.8M for HIPAA Violation. Retrieved on July 11th, 2017
from: http://www.healthcareitnews.com/news/hospitals-fined-48m-hipaa-violation
Search Compliance (2009). HITECH FAQ: What is the Impact of HITECH ACT on IT
Operations? Retrieved on July 13th, 2017 from:
http://searchcompliance.techtarget.com/feature/HITECH-FAQ-What-is-the-impact-of-the
-HITECH-Act-on-IT-operations
Pham, T. (2011). How a HIPAA Breach Can Negatively Impact Your Business. Retrieved on
July 11th, 2017 from:
http://resource.onlinetech.com/how-a-hipaa-breach-can-negatively
impact-your-business/
Demster, B. et al (2013). Managing the Master Patient Index in a Healthcare Environment
Resolution. AHIMA. Retrieved August 5th, 2017 from:
http://library.ahima.org/doc?oid=105783#.WYe3CIjyvIU
INTEL. (n.d.). Retrieved August 5th, 2017 from:
https://www.intel.com/content/www/us/en/healthcare-it/health-it.html
HealthIT.gov (2013). Monitoring Health IT and Goal Achievement. Retrieved August 5th, 2017
from:
https://www.healthit.gov/sites/default/files/monitoringhit_ehrgoalachievement_feb2014.p
df
Ancker, J (2017). Effects of Workload, Work Complexity, and Repeated Alerts on Alert Fatigue
in a Clinical Decision Support System. BMC Medical Informatics and Decision Making. 17:36
Jaen, C (2011). Successful Health Information Technology Implementation Requires Practice
and Healthcare System Transformation. Ann Fam Med September/October 2011 vol. 9 no. 5
388-389