Key Considerations for document management

According to John Kelly, the primary value of electronic document management is to create better access and control over information, and though not an EMR, it is still a digital record accessible via the provider network. Security and identity management are still a paramount concern whether it’s scanned paper and stored PDFs or the clinical data repository supporting an EMR.

Kelly says another consideration is the workflow applications associated with the repository, “because the access and control aspects are only as good as the processes associated with the intake and indexing. As with digital radiology systems, providers more often use only the result summary; they frequently don’t access the image. The upfront cost of including extensive metadata at the time of intake reduces the operational ROI in the medical records room, but can significantly increase the value of the system to overall provider networks. The better the workflow software for intake, the more efficient the system is for indexing.”

The scanning operation, software and hardware are also important factors, adds Kelly.

“Every institution is familiar with the level of effort and cost associated with supporting printers and fax machines. Though the number of operators for scanners is much less than the public printer, even industrial-strength scanners need regular maintenance,” he says. “Saving money up front on low-end scanners can prove costly in the long run. Right-sizing the machine to the volume is a critical decision as is carefully evaluating machine references and the services contract. Also, optical character recognition (OCR) software can help save money and increase the quality of the metadata, but OCR is highly error prone and difficult to use when the documents manifest a high level of heterogeneity.”

Regardless of how large or small a practice or care setting is, Kelly says managing paperwork can be inefficient, time consuming and expensive and that digital storage can be achieved either through an electronic document management system (EDMS) or via an electronic health record (EHR).

Greg White says there are some inherent differences between EDMS’, which focus on document management, and EHRs, which manage data. “Interoperability is another key issue to address. A handful of vendors within the marketplace take a single-vendor approach to their solutions and provide limited interoperability with the solutions offered by other vendors,” says White. “This approach can be problematic for organizations that are looking to benefit from information exchanges with other organizations within their community, region or state.”

Matt Peterson also notes that a document management system should be easy for end users to use as well as affordable. He says most software comes in subscription pricing which allows the cost of a software“purchase” to be amortized over time (usually with annual payments). But there are still higher-priced subscription solutions as well as traditional “purchase” solutions. The size of the department and its users usually dictates the pricing. All DMS software should be priced such that the department’s budget is not unduly taxed.

Michael Macaluso poses important questions that guide the selection process: Does the system provide integration points to the organization’s key systems and departments throughout the enterprise? And with today’s security and HIPAA concerns, does the system have the ability to enforce information governance principles across the enterprise? Will the technology employed allow for easy system support and upgrade?

“Some vendors also have a complete methodology to approach their implementations,” says Macaluso. “This methodology may include ways to minimize risk, maximize investments, reduce variability and increase client satisfaction. The methodology should include prescriptive workflows, preconfigured databases and clear timelines. Concentrating on these areas can help to ensure coordination across the healthcare continuum, mitigation of regulatory burdens, and revenue growth and efficiency across your organization.

At Allscripts, White says they are eager to investigate these areas with organizations and provide technology gap assessments built around these regulatory, financial and clinical efficiency, and patient engagement pillars.

Ongoing education from the vendor

White points out that education is a critical element of successful support programs and that top vendors usually offer ongoing education opportunities that may include webinars, meetings, tutorials, onsite programs, access to subject matter experts and an active network of existing clients that can share their experiences. He says user groups can offer insights into gaining the most benefit from the solutions, as well as highlighting potential pitfalls for organizations to avoid. Macaluso adds that the enterprise should also consider whether the system would require large amounts of end-user training.

Scalability and security

Mike Morper says some of the key success factors provider organizations need to consider when evaluating electronic document management software are the security, simplicity and scalability of the solution and how these capabilities can be easily extended to all organizations, systems and devices that access and exchange protected health information (PHI).

“To demonstrate Meaningful Use of electronic health re-cords, as required by the HITECH Act, providers must fulfill the seemingly contradictory mandates to increase the access and sharing of patient information while ensuring protected health information is kept secure,” he says. “There are too many touch points throughout the patient lifecycle that run the risk of
HIPAA violations in generating, using and sharing PHI.”

Morper says providers need to consider that the electronic document management software:

• Includes user authentication
• Provides complete control and access of workflows
• Contains data encryption on all devices, including multi-function devices (MFDs) and smart devices
• Provides an audit trail of all activity
• Securely distributes PHI into and out of critical provider systems such as EHRs, enterprise content management systems, fax servers, ERP systems, MFDs, etc.

“Additionally, it is important that the solution extends the same physical, technical and administrative safeguards to all provider MFDs in order to adhere to HIPAA,” Morper says. “Some providers may not be aware that the ONC recently announced that multi-function devices are now considered workstations that have the same HIPAA requirements as servers, desktop computers and mobile devices.”

Avoid selection mistakes

Kelly emphasizes that before launching the procurement effort, the provider should do extensive research including site visits to colleagues and business partners to get a good understanding of some benchmark document management systems, paying particular attention to the operations workflow and how it has evolved since initial implementation.

 “A detailed request for proposal or request for response (RFP or RFR) should be developed in conjunction with a structured rubric for evaluation,” Kelly says. ”Though this is good practice in general, experience has shown it can be a critical mistake for providers to underestimate the scope and impact of this kind of procurement and implementation.”

Outsourcing should be a serious consideration. “Many providers worry about loss of control and privacy, which are legitimate concerns,” says Kelly. “However, the potential economies of scale associated with a document management system are significant. Training and retaining staff, the cost of redundant scanners to maintain business continuity, creating efficient workspace for a high-volume scanning operation and managing a cost-effective, responsive archiving process for the original documents are all costly components. Document management systems require more specialized functions than a paper-based record room. Sharing the infrastructure across multiple customers can often result in a more secure and efficient operation.”

Peterson notes several pitfalls that can be barriers to successful implementation of document management systems:

• Failing to define and understand the goals of your DMS implementation. How will it affect your business processes? Make sure the requirements for your system are in line with your overall business goals. Appropriately analyzing your business’ needs, your IT infrastructure and your security requirements are integral to your success.
• Failure to understand and document processes. Before you begin, be sure you understand current processes and activities. What types of documents are your employees capturing and saving? What is happening with your invoices? How are confidential files handled? Who needs access, and where is it all kept? The better you understand your documentation processes, the better position you will be in to improve these processes during DMS implementation.
• Failure to fully understand legal, regulatory and compliance requirements.Keeping documents secure and compliant is more important than ever in today’s world. Nearly all documents that contain any kind of personally identifiable information are now required to be under access restrictions. The right DMS can be extremely helpful in managing the cumbersome and constantly changing compliance regulations.
• Failure to have a solid implementation plan. Perhaps the most important pitfall to avoid is the failure to put together a solid plan. A comprehensive, phased plan will help you to avoid significant interruptions to operations and important business activities. Prepare an overall communication strategy to properly communicate the changes and get buy-in from others, and have a schedule for implementation.

“According to AIIM.org, the top three reasons for failure in electronic content management implementation include underestimating the impact on business processes and organizational structure, improperly trained users and project derailment by internal politics,” says Peterson. “Appropriately addressing these points will help you to avoid these potential failures and to successfully implement a document management system.”

Furthermore, Morper points out that many providers rely on their EHR vendors to provide document management without evaluating other options. “All reputable EHR vendors offer extended applications, such as document management, that are tightly integrated into their proprietary EHR system,” he says. “However, these modules or applications do not offer the level of secure system integration and extended device support that providers require today and will continue to need in the future.

“Another common mistake is when provider organizations acquire and implement technology without considering all of the individuals and systems that need to interact with it across sites and systems,” Morper says. “HIMSS found that 83 percent of respondents in its 6th Annual Security Survey (published February 2014) said the risks that concerned them most were human-related factors such as employees losing devices, unintentionally disclosing information or actively circumventing or interfering with security access controls. Many of the document management software options available today do not address the inherent problems and risks associated with accessing and sharing PHI that are introduced at every touch point throughout the patient lifecycle, and today there are more touch points and handoffs than ever.”

Morper says theft or loss of mobile devices, laptops and portable media containing unencrypted PHI is the leading source of reported HIPAA data breaches, accounting for 45 percent of incidents and 83 percent of affected records. Over 20 percent of incidents involved unauthorized access, separate from hacking, often by employees or other insiders. This is in line with the reported incidence of theft, loss and unauthorized access.

Six trends to watch in data sharing

1. We can’t send an email without an address, and we can’t find patient data without an identifier. Standards around exchange participant identification and patient identification will become central to greater connectivity of exchanges.
2. Confidence in data ownership. Collaborative efforts to ensure data is used exclusively for care and not to inspire third-party sales and advertising is essential to winning community trust.
3. Further experimentation with cost-sharing for the benefit of all participants. Subscription models without transaction fees where payers, organizations and physician groups all leverage access incentivizes each to participate without greater bias to specific populations or exclusive ROI models.
4. National exchange standards need focus. FHIR from HL7 and others are bringing the Web to clinical and financial data models. The ONC may provide greater focus on what data to exchange, and here’s hoping standards organizations also focus their development accordingly.
5. Vendor successes with integration. Epic has a national (even international) framework for data sharing, along with Web tools and external EMR interface support for connectivity to exchanges. Will all vendors play along connecting third-party sandboxes to their networks?
6. 2015 will bring more experimentation, though it is unlikely we’ll see legislation or major national networks emerge. Instead, we’ll see greater vendor connectivity of their own customers, more Web API data exchanges, ONC debate over security/standards and third parties trying to get a piece of the pie. As patient portals continue to grow, patient engagement and expectations that we can take our health information with us anywhere will continue to put pressure on all.