Technology

By Julie Mann

The recent consumer press and clinical research on electronic health records (EHRs) are, too put it mildly, not great. Apart from being lambasted in Fortune and the New Yorker, the technology has also been linked to physician and nurse burnout, worsening clinician-and-patient relationships and creating twice as much work for providers. 

The real problem, however, isn’t solely the EHRs themselves. Rather, as pointed out in these articles, the challenge facing providers is that a single EHR system rarely contains all the information providers need to deliver optimal care. Relevant, actionable data could be in another health system’s EHR, a web-based payer portal, a data analytics application or health information exchange (HIE), to name a few of the many other locations. Technically, a provider can find this information at the point and time of care, but it requires multiple clicks, numerous logins to various other systems; then scanning, searching and toggling between interfaces, causing frustration and contributing to administrative burden.

By Iliana L. Peters, JD, LLM, CISSP, and Katherine Keefe

Last year, the federal government announced the largest settlement to date for potential violations of the Health Insurance Portability and Accountability Act (HIPAA) in what it described as “the largest U.S. health data breach in history.” On October 15, 2018, the Office for Civil Rights (OCR), the agency within the Department of Health and Human Services responsible for civil enforcement of HIPAA, announced that Anthem, Inc., had agreed to pay OCR $16 million to settle potential HIPAA violations “after a series of cyberattacks exposed the electronic protected health information [ePHI] of almost 79 million people.” In addition to the breach of ePHI, OCR also highlighted Anthem’s failure to conduct an enterprise-wide risk analysis. As part of the settlement, Anthem also agreed to take substantial corrective action.

When HIPAA covered entities and business associates try to decide how to invest their limited compliance resources on data privacy and security, they often ask: What is the most often-cited potential violation of the HIPAA Rules? Importantly, the answer is risk analysis. This is an exercise that’s often referred to as a “risk assessment” in other sectors of the U.S. economy. While the Anthem breach and settlement were the largest to date, failure to conduct an enterprise-wide risk analysis is a potential violation that is present in more than 80% of the HIPAA Security Rule cases in which OCR enters into settlement agreement or issues a civil money penalty. It’s critical that HIPAA covered entities and their business associates understand the HIPAA Security Rule’s requirement regarding risk analysis, and how to invest in the best possible risk analysis, not only to protect against legal risks but also to be good data stewards and ensure the reasonable and appropriate security safeguards for sensitive personal information. 

By Michael Church

Healthcare, like the rest of many industries today, is continuing to become more reliant on information technology. The myriad solutions that are available in the current market present unique opportunities and their own challenges. Many service lines have reached a point where utilizing a boutique technology solution to manage their specific data needs is expected. Cardiovascular Information Systems (CVIS), for instance, have been around for decades now, with dozens of options available. Part of this is driven by the requirements to submit information. Currently, approximately half of the states in the country have regulations in place specifically governing how and where certain cardiovascular services can be provided, often including a provision that key data is reported to an entity such as the National Cardiovascular Data Registry (NCDR) or Society of Thoracic Surgeons (STS). 

Interestingly, regulations related to stroke and neurosciences seem to be expanding, yet there has not been a surge of programs looking to manage data in a different way. Most regulations for stroke are based on bypass protocols for EMS, which state that patients suspected of having a stroke must be taken to a certified stroke center for treatment.  For example, in Corazon’s home state of Pennsylvania, this bypass is required by law and in states like Texas and Washington, there are established networks of care to promote better stroke care with more rapid access. In both scenarios, accurate and timely data is necessary. Most certifying bodies, including The Joint Commission (TJC), Healthcare Facilities Accreditation Program (HFAP), and Det Norske Veritas (DNV), require some level of data for the stroke program accreditation or certification process. Of course, many stroke programs also submit data to the Get With The Guidelines®-Stroke (GWTG) registry (1,656 hospitals since its inception in 2003).² While the GWTG registry does provide value to hospitals, it can often be a time and resource intensive process to maintain. 

By Shlomo Matityaho

So, you’ve invested in technology, trained the medical staff, upgraded to an EHR system, updated the hospital SKUs – and still the compliance rate of usage reporting inside the operating room is low, the reports are inaccurate, the charges are missing, and countless coding errors occur. This means that the hospital has trouble meeting FDA requirements regarding digital updates to the patient’s file, its inventory isn’t efficiently managed, and it is losing money, a lot of money – needlessly so.

Many hospitals attempt to deal with these challenges by purchasing supply chain management software. By 2026, the healthcare information industry is forecasted to grow by 8.2%. It seems that wherever we turn, we hear terms like Data Mining, Data Analysis, Big Data. Hospitals utilize advanced software solutions to improve processes, streamline workflow, and optimize resources. Yet while these solutions specialize in data management and analysis procurement processes, they are not suited to the specific needs and work conditions in hospitals, resulting in deficient data collection.

Any effective solution must answer the changing and exclusive needs of operating rooms, which differ greatly from other work areas.

For instance, the process of dispensing of items is carried out in the OR by the medical staff, which does not specialize in supply management. In many ways, this process diverges from that of other logistics systems, in which the dispensing is done in a dedicated area such as the cashier or in the warehouse, against a receipt or a delivery request.