The questions you should ask about your EHR/EMR

For years, healthcare organizations have been in search of the pot of gold on the other side of the technology-implementation rainbow. The good news is that many healthcare organizations are realizing improved quality of care, greater operational efficiencies and better financial performance. 

But they are not on easy street … yet. In fact, many healthcare leaders continue to struggle with a sense of buyers’ remorse, fearing that their EMRs will result in a financial drain and they will not be able to allocate resources to other initiatives. They are also confronted with unending “sticker shock”as they watch EMR implementation and maintenance costs rise. 

As a result, healthcare leaders must keep a watchful eye on the ongoing and rising costs associated with EMRs. But that doesn’t mean leaders should shift into complete penny-pincher mode. Instead, they need to strategically allocate resources, both financial and human, to get the most out of their EMRs. That means spending money when needed and pulling back on the purse strings when warranted. It is time to re-engage tactical and strategic IT planning with emphasis on projects that bring the greatest value to the organization.

To start, leaders should make sure they are actually allocating the dollars required to optimize the clinical, workflow and financial benefits associated with their EMRs. For example, it’s important to go beyond “cursory” clinical adoption and really get physicians, nurses and others to use all the functions of a system. As such, investing in the internal or external resources required to put robust computerized physician order entry initiatives in place is likely to be a good use of money. When physicians become fully engaged, EMRs are much more likely to produce those all-important clinical benefits that lead to improved patient outcomes. 

At the same time, leaders need to know when to pull back on the spending as well. For example, software vendors continually introduce upgrade after upgrade. For each of these instances, leaders need to discern if the new functionality – and all of the coordination and testing required to implement it – will actually be worth the investment. The ability to assess the technology and truly determine if it will result in additional worthwhile benefits is key and leaders need to hone this ability now more than ever before.

2. Security 

How are security credentials received?

Credentials are like the keys to the treasure chest. In the wrong hands, unauthorized persons could have full access to a wealth of private, valuable information. This is why it is best to have a thorough understanding of who has access and how it is granted. 

After an EHR system is installed, how are doctors, nurses, administrators and other EHR users receiving the information to log in? Credential assignment is one of the first opportunities for security compromise. In some cases, the EHR vendor will manage this process on behalf of the hospital. If that holds true, they are on the hook for verifying identities remotely. Because they are not at the company and familiar with who should and should not have access, hospital decision makers should not be shy about asking how the company verifies requests. ID provision is critical to establishing accountability for the doctors and medical staff using the EHR. Proper ID provision creates the trail mapping to how the EHR system is being used. 

Once users complete the ID provision process and are confirmed, it is important to know how they receive their credentials. Is the information given over the phone, through email or otherwise? By identifying how the credentials are received, an organization can identify any opportunities for credential theft. And if a username and password is compromised, is there a mechanism for protecting the credentials if they are lost or stolen? Be sure to look into the registration process for new users as well as password resets or renewals. 

Who is accessing the system?

Some doctors have not worked EHRs into their workflow and prefer to focus on the patient while an assistant, nurse, administrator or scribe handles the task of data entry during interactions with patients. Scribes can input information to the EHR in real time, cutting down on paperwork the doctor has to complete afterward and ensuring nothing is forgotten after the patient has left the hospital. With the use of scribes becoming increasingly common in care settings, concerns arise around credential sharing. 

To better understand who is accessing the system, each person should be using unique credentials. While a scribe or nurse might be entering patient data on behalf of a doctor, that person should use his or her own login to enter the EHR system. This is necessary for proper tracking and access to history logs, which is often how misconduct and breaches are identified. Determining who has access to the information is critical, and background checks should be conducted for all individuals in contact with patient data. 

How do I protect patient data in a mobile world?

As EHR applications become more prevalent, healthcare organizations must accept that mobility and bring-your-own-device (BYOD) instances will happen with or without support from IT.  A recent Gartner survey found that 45 percent of workers not required to use a personal device for work were doing so without their employer’s knowledge. Rather than locking down and restricting mobile devices on the network, which can cause hospitals to lose competitive ground, health IT professionals need to understand that security and mobility must exist in tandem.

Even though organizations already protect the infrastructure that mobile devices access, securing the individual device remains a necessity to avoid putting critical data at risk. Mobile device management (MDM) solutions enable IT professionals to set various device permissions for accessing data, while also restricting which apps employees can download on their devices.  When dealing with the highly fragmented mobile app market where not all developers implement the same security standards, MDM solutions ensure that employees only use EHR apps that have been vetted through the organization. In a worst-case scenario where a device containing patient data is lost or stolen, IT professionals can also use the MDM solution to remotely wipe the device, thus reducing the impact of the breach.

What organizational policies should I establish to ensure patient data is secure?

The best security technology in the world is only as effective as the personnel and policies that support it. A 70-page security policy – while entertaining for lawyers – has very little practical effect.  Simplicity is vital to ensure that employees “buy in” to your security policies.  A one-pager identifying EHR security strategies and tips will go much further in protecting personal health information. Reinforcing those security policies, healthcare organizations should also commit to continuing education and enforcement of employee standards.

Although many organizations prefer to think in the positive, it’s also wise – and realistic – to have a contingency plan in case a security breach does occur. After all, while complete data security is unrealistic, the ability to mitigate the risk, recognize the breach and react effectively can reduce damage by a meaningful margin. Risk mitigation starts with developing a comprehensive security response plan and clearly defining each IT employee’s role. 

Healthcare organizations certainly hope that such a plan is never needed, but like many things, it’s always better to be prepared.

Healthcare is experiencing a patient data explosion, and the industry is increasingly relying on EHR systems to catalog the mountains of data. Beyond EHRs, health information exchanges (HIEs) and affordable care organizations (ACOs) are influencing the healthcare data proliferation, in that data sharing is a critical component of provider eligibility for federal funding to meet Meaningful Use benchmarks. The ability to access and share patient data anytime, anywhere is paramount to the evolution of efficient and enhanced patient care. Backed by Meaningful Use criteria, this data portability can enable healthcare organizations to improve health outcomes and deliver a more personalized healthcare experience, but organizations must be sure to take the necessary precautions when managing patient data.  

Securing patient data – and the overall infrastructure – is not a one-time effort, but rather an ongoing process. Securing an EHR system starts with proper planning, is enhanced through effective technology and policies, and is maintained through constant vigilance and upgrades. As healthcare embraces EHRs and the next generation of health IT, staying one step ahead of security threats will help organizations realize the full operational and economic benefits of the latest technology. 

3. Integration

How do we map different terminologies within devices, hospitals and across the industry so EHR integration can be completed more efficiently and effectively?

The ability to deliver interfaces that are semantically interoperable has become much more complex in the last five to seven years. Therein lies a significant EHR integration challenge – the extensive terminology mapping process that has to take place at interface build time. We can no longer just build interface translations and simple maps to manipulate data in an HL7 message. That is not good enough. As the market matures and regulatory pressures increase, emerging goals and standards require hospitals to communicate data among EHRs and other systems in this new way. Due to this, integration tool sets and interface development are tremendously more complex.

The industry’s response to semantic interoperability has been the introduction of multiple coding systems, not only at the data level, but also the identifier level. Experts now need to know which codes to use and even the code value of the coding system being used – it quickly snowballs. Further complications arise because many EHR systems support localized coding, meaning one hospital can refer to a procedure or item as one name and another facility can use an entirely different name. If these organizations try to share EHR data within a connected community, the clashing codes would require significant resources to resolve.

Terminology isn’t comprehensively mapped within most hospitals, let alone across the industry, therefore EHR integration projects continue to be overly complex with an increasing number of moving parts. The lack of comprehensively mapped terminology means integration experts have to formulate additional plans, further straining project bandwidth.

How do we address and resolve the limited availability of integration experts that has resulted from the increasing integration complexities?

Integration resource and expert pools have grown especially thin due to recent hyperactivity around healthcare reform and government regulations, such as the HITECH Act. Further, new technologies brought to the market are great, but they continue to rapidly dilute the integration skill set, creating challenges for hospitals’ EHR integration projects.

Finding in-house integration experts with the knowledge, skills and bandwidth needed to complete all of a facility’s integration projects is nearly impossible. However, as is often the case, this demand has created supply in another area: outsourced integration services.

Healthcare organizations wanting to engage an outsourced integration company should focus on finding one that has delivered a multitude of various interface projects and possesses a solid coding system library. In addition, it’s important for an integration company to have dedicated staff working closely with regulatory and industry bodies to understand new regulations as they emerge.

4. EHR 2.0

Physicians sometimes focus more time on the electronic health record than on the patient. What will be done to make EHRs less time consuming?

In the 2014 Medscape EHR Report, the biggest concern expressed about EHRs was that they can decrease face-to-face time with patients. That concern is driving a great deal of innovation, and physicians should find EHRs much more second-nature in the future.

The challenge is that EHRs essentially ask the provider to capture patient information and diagnoses in a way that will be meaningful to other information systems. For quality reporting, that means capturing a greater level of documentation than in the past, and the trick is to do it with as little effort and friction as possible. Look for breakthroughs in the near future in four important areas:

1. Intuitive recording according to the physician’s documentation habits. In much the same way Google learns people’s Web-searching habits and tailors itself accordingly, EHRs will adjust automatically to the habits of each physician. Almost no two physicians do the same thing the same way, but for a routine problem, an individual physician commonly uses the same orders for a given diagnosis. EHRs will capitalize on that individual consistency.

2. Speech recognition and natural language processes. EHRs will become less dependent on screen inputs and more capable of capturing verbal information. Speech will allow more individualized documentation of the patient’s problems. The recognized speech will also be turned into codified data for ordering tests, medications and capturing billing information as well as quality reporting and population analytics upstream.

3. Having a common codified vocabulary. There are several major medical vocabularies covering different domains of medicine, such as RX Norm for medication, ICD for diagnoses, CPT for procedures, SNOMED, etc., but they have caused a challenge in capturing the essence of the patient’s true set of disease problems and state.  Achieving true interoperability regarding the patient’s medical state and needs between care providers will require a common codified electronic language. The EHR industry has been working hard on this, and the future looks bright in this area.

4. Cross-format documentation. Health records will work seamlessly across multiple formats and form factors – desktops, laptops, tablets and smartphones – in the not-so-distant future. Providers will be able to capture as much documentation as is appropriate in the exam room, then finish up after exam completion on the form factor of choice. Newer aspects of  Windows 8.1 and other technologies will contribute.

How will EHRs support physicians in the trend toward holding providers responsible for improvements in population health?

There is a tremendous amount of development going on in this area among innovative, third-party companies specializing in risk-management and care-coordination tools. The aim of these tools is to promote patient management within program parameters to minimize healthcare costs, improve the patient’s health and maximize the provider’s ability to earn value-based reimbursement revenue. This innovation is coming directly from the EHR vendors, as well as from emerging solutions that integrate meaningfully with EHRs to advance care coordination and improve population health.

In their most basic function, these tools track adherence for patients with such chronic conditions as diabetes and COPD. They typically include interfaces with leading EHRs that feature application programming interfaces (APIs) so they can exchange information that updates tracking information and informs physicians of additional interventions to manage these chronic disease states – including across the continuum of care within a managed care model. For example, if a patient makes an appointment to be treated for an unscheduled visit, the system can flag to the physician that the patient is diabetic and has an overdue HbA1c test or foot exam that can be administered during the same visit.

While that’s just one piece of the solution to improving population health, it’s an important one in which the EHR serves to provide meaningful information at the point of clinical decision-making regarding health considerations that go beyond the condition at hand.

What else lies ahead in EHR information sharing?

Our ability to leverage the EHR to promote better care will ultimately be limited only by the information that’s available and our imaginations. The entire world is going digital, and digital means liquid data in healthcare as in everything else. Patient data in the future will be recorded by an incredible number of devices that can all feed across the continuum of care for a more complete picture of patient conditions and needs.

Home mobile medical devices are now becoming more common, and with patients who have chronic diseases, such as diabetes, asthma or hypertension, having the ability to monitor themselves at home and transmit their health information to their care providers provides a real opportunity to limit the significant complications of these diseases. This puts the focus on keeping the patients as healthy as they can be and in their own environments – not in the hospital.

Bluetooth-enabled scales, blood pressure monitors, at-home glucose testers and similar health-enabled personal devices hold tremendous promise. In truth, we have more technology than solutions at this time, but the potential is there and will be realized in ways we can’t fully imagine today.

Two decades ago, few were predicting physicians coast to coast would be charting electronically. Reaching that stage was an amazing first step. Get ready for advances that will greatly eclipse phase 1 in the next decade.