program, passing a resolution in January 2012 guaranteeing each full-time employee $500 if the organization successfully attested for MU Stage 1 by the end of the calendar year. By making this tangible commitment, the board set the stage for the MU eff ort, reinforced its importance and got everyone working together to achieve success.
Marc Perlman, global VP, healthcare, life sciences, Oracle Healthcare At the intersection of MU and patient engagement T ere is little disagreement that the Stage 1 MU foundation is fi rmly in place, with CMS
announcing that the federal government met its 2013 goal for participation in the EHR MU program. T e next two stages will bring a new level of sophistication to the use of health information technology (HIT) to improve care. We have seen several calls for pause as we approach the onset of Stage 2 requirements. First, CMS announced in March that it would not complete Stage 3 rulemaking in 2013 as anticipated, in order to assess the program’s success to date. In April, six Republican U.S. senators proposed reexamining current procedures put in place to safeguard and ensure MU of EHRs prior to forging ahead with Stages 2 and 3. In May, the College of Health Information Management Executives (CHIME) called for a one-year extension to MU Stage 2 to “maximize the opportunity of program success.” Patient engagement is nearing a tipping point as three
important developments converge – awareness of the need for action to reduce overall healthcare spend, HIT advances and HITECH Act funding. T ese events have the potential to position patient engagement to make a signifi cant impact nationwide on treatment outcomes, help reduce costs and provide patients with a greater sense of empowerment around their care. T e MU program has moved the ball forward, but to
achieve the vision requires a roadmap that clearly outlines the characteristics of the transformative system and how to measure progress. What might a potential MU delay mean for advances in patient engagement, and, more broadly, its impact on the pace of HIT innovation, especially in the area of mHealth? Time will tell.
of m Mike Zayed, Redwood Software
Automated document, report management key to MU While there are many benefi ts to EMRs, simply digitizing your patient data doesn’t mean that you’ll meet the MU mandate. MU
means that you’re using your digital records in a way that provides improved patient care – not just that you’ve moved from paper fi les to computer fi les. T e best way to improve patient care is to make sure that your medical staff always has the right information at the right time. Automated document and report management are key components to achieving MU. One major hospital system we work with, which pro-
cesses over 175,000 raw reports in an average month, relies heavily on their document and report management solution to extract the information they need from those reports and convert it into other formats for distribution. Users throughout the healthcare system have access to exactly the information they need in the format that is most usable. Many hospital systems have millions of mission-critical
reports in their systems. For this digital information to be really useful, it has to be organized into meaningful parts and distributed securely. With streamlined, automated document storage and distribution you can capture docu- ments from any platform or application. T en, you can break it into separate reports, bundle it together and securely deliver it wherever it’s needed. For the best results, healthcare systems must connect
records across departments, technologies and locations to generate meaningful and accurate reports quickly. Don’t just stop at digitizing data. It’s how you manage it that makes a meaningful diff erence.
Bruce Gnatowski, senior director, cybersecurity consulting, SecureInfo As security improves,
data breach premiums will decrease MU is like the car dad promised when you turned 16. You got something for free
d M you t
in return for getting a license and insurance. But just as driver’s ed doesn’t prepare one for the harsh realities of the road, the information security mandates of HIPAA and HITECH’s MU won’t guarantee you’re protected from data breaches and loss. In fact, they only set a minimal fl oor for security. Often missing for organizations looking to drive the EHR highway are the nuts-and-bolts guidance on how to secure their technical systems and data. T at’s exactly where the HITRUST Common Security Framework comes in. Devised by the HITRUST Alliance, a consortium of healthcare players and cyber security experts, it provides a cost-eff ective, best-practice set of security controls that fulfi lls both compliance and system hardening. It scales to the size and complexity whether you’re a hospital, insurer, cloud service provider or lab.
So, just as auto insurers charge teen drivers more costly
premiums based on their novice status, information security will be made more meaningful in healthcare when there’s a rate that’s linked to security risks. Insurers are beginning to off er a variety of cyber coverages, which will only get more expensive as medical breaches escalate in frequency and severity. But as healthcare organizations improve their security posture, and demonstrate a higher Health Infor- mation Trust Alliance (HITRUST) Program Review for Information Security Management Assistance (PRISMA) score (based on the National Institute of Standards and Technology security measurement standard), they will see their data breach premiums go down. With those risk-cost metrics linked, we will then know we have more meaningful security in healthcare.
HMT HEALTH MANAGEMENT TECHNOLOGY August 2013 11