HMT1001 Industry Watch
EMRs Challenging for Small Practices
The use of electronic medical records (EMRs) in small and midsize ambulatory practices can result in many of the same benefits as in large practices, including migration from paper charts, electronic ordering, charge capture, and improvements to patient safety and quality of care as a result of features such as clinical decision support. According to Judy Hanover, research manager with IDC, however, small practices do not see the economies of scale that accrue with process efficiencies upon EMR introduction in larger practices, making the ROI questionable for many small practices. “For small practices, selecting the right EMR and choosing functionality that meets the practice’s needs, without creating unnecessary complexity or support costs, are critical,” she says.
With stimulus funding in the mix, the outlook for ambulatory EMR adoption had never looked brighter than it did in 2009, Hanover contends. Although adoption of EMR among all practices is currently estimated to be below 10 percent, various industry estimates predict that 50 percent to 60 percent of all U.S. providers will take advantage of stimulus funding to install EMRs by 2016.
Historically, goals for early-adopter practices implementing EMRs have centered around changing their practices and providing better, safer, and more-efficient care, specifically including return on investment, improved documentation, going paperless, lowering costs, and creating improvements to the quality of care and preventing medical errors.
“Going forward, providers will implement ambulatory EMRs with the goal of not only changing their practices, but also receiving stimulus payments,” Hanover says. “Meeting federally defined meaningful-use criteria is a primary objective for providers that will rely on the stimulus payment to make their EMR investment financially feasible.
“The expectation is that vendors going forward will focus on providing functionality to meet the meaningful-use criteria, or that in addition to acquiring EMRs, physician practices will also have to invest in other technologies (specifically health-information exchanges, or HIE) to meet the objectives set forth in the final rule.”
Smaller practices may be strained to make these additional investments, she adds, and may incur costs far beyond the level of the stimulus subsidy. For this reason, she expects these small practices will prefer EMR vendors that incorporate more functionality into their core products that accomplish the full set of meaningful-use objectives, including interoperability with HIE.
“Small practices will also be pressed to make EMR investments in the time frame for the ARRA subsidies, select and implement products, and evolve their clinical and business work flows to meet the criteria,” Hanover contends. “This is a tall hurdle for practices that heretofore were paper based only.
“To meet all of the challenges of EMR adoption and get to meaningful use, it is clear that ambulatory providers need integrated solutions that address not only the total cost of ownership for the technology, but also the technology, work-flow and human-factor issues associated with EMRs,” she says. “Addressing as many issues as possible in the solution will help to accelerate EMR adoption for providers and drive users toward both meaningful use and the quality and efficiency goals associated with EMR.”
Many users surveyed by IDC indicate an approach to lessen the amount of process and work-flow change required is to carefully configure the EMR to the existing clinical-practice patterns. This approach has both advantages and drawbacks, Hanover explains. “While it may be advantageous for building acceptance of the technology initially, in the long term, failing to examine business processes can reduce the benefits from the EMR,” she says. “Whether implementing new technology or not, it is beneficial for businesses to conduct periodic assessments of their processes and to seek out new efficiencies, and adjust processes to changes in their customers, requirements and the environment in which their business operates.
“Practices that do not re-evaluate at least some portion of their processes at the time of EMR implementation risk simply automating broken systems,” she adds. “While they may gain some efficiency simply from the automation, there may be additional benefits that are foregone by failing to look holistically at the entire process.”
Security: Employees Are Key
Since January 2008, more than 110 healthcare organizations have reported the loss of sensitive PII, according to the Open Security Foundation, affecting in excess of 5.3 million individuals. More than 46 percent of these reported data-loss incidents were caused by theft (stolen laptops, computers or media/tapes). The remaining 24 percent were the result of loss or negligence by staff or third parties, 12 percent were caused by malicious insiders and 12 percent were caused by Web exposure.
With data moving in, out and around a healthcare organization, Kroll Health Solutions advises that the burden of protection includes data at rest (in an electronic record or on a paper chart), data in use (accessed at the point of care) and data in motion (transferred from one location to the next). Stored data also frequently contains inactive patient information, as well as patients who are difficult to notify in the event of a breach, such as minors or decedents.
At the most basic level, healthcare organizations should inventory and map patient data flow, Kroll says, as well as coordinate and develop processes and procedures for sharing and protecting this data both internally and externally. One place to start is by assessing various departments within the organization – ask basic data questions of employees within IT (e.g., human resources and the billing department) and catalog the responses to get a comprehensive picture. Encourage staff to detail the ways in which data is used, retained or accessed to provide insight. This will help in identifying poor practices within the organization, such as collection of unnecessary data, inconsistency in data handling and improper storage.
As employees of healthcare organizations have widely varying responsibilities and touch points with patient data, constructing a training program that is relevant to job function and level of sensitive data handling is important, Kroll adds. The goal should be to make necessary pre- and post-breach training a part of the overall program. For healthcare organizations, the primary focus should be on privacy and security-breach prevention and detection.
Healthcare employees should be trained to detect and report a breach as the notification 60-day “stopwatch” starts, when they knew or “reasonably should have known” that a breach occurred. Furthermore, to encourage detection and escalation of an incident, a “whistleblower” hotline can facilitate and expedite breach reporting.