By Ron Sterling
Sterling Solutions
The next twelve months present serious EHR scheduling challenges to medical practices. You need to manage and consider the critical path needed to maintain your EHR strategy and tactics. The key issues follow:
HIPAA Omnibus Compliant Security and Privacy – The HIPAA Omnibus rules must be implemented by September 23, 2013. HIPAA Omnibus requires significant adjustments to HIPAA Security and Privacy policies and procedures. Many practices have yet to address the required changes to avoid penalties and exposure. As important, practices will need to train their staff and doctors on these changes. In the event of a HIPAA Security or Privacy problem, the penalties could increase for those practices that did not make changes to comply with HIPAA Omnibus. For more on HIPAA Security and Privacy, click here.
Upgrade to Stage 2 Meaningful Use Version – Unfortunately, many vendors have yet to release the Stage 2 Meaningful Use version of their EHR. Of particular concern to many practices is the announced delivery dates in the fourth quarter of 2013 or even later for a wide array of EHR products. This late delivery is problematic for a number of reasons:
- Your practice will be competing with all of the other practices who need to attain Meaningful Use Stage 2 in 2014 (Any practice that first attested to Stage 1 in 2011 or 2012 must move to Stage 2 in 2014.) Many vendors lack the personnel and processes to support a rollout that has regulatory limitations for your practice.
- In 2014, the Medicaid EHR incentive program limits the 90 day period to quarters. Thereby, you only have 4 chances to attain the Meaningful Use measures in 2014. Eligible Providers who run into problems during their 90 day period in 2014 will have to wait until the next quarter to restart their 90 day period. In 2013, you can start a new 90 day period whenever you want.
- Stage 2 Meaningful Use Core Requirements include secured messaging with patients and providing patients access to their medical information. Each measure requires 5 percent of the unique patients for an Eligible Provider to participate (5 percent of Unique Patient must send a secure message to the Eligible Provider and 5 percent of Unique Patients must access their medical record information.) Most EHR products support these capabilities through a patient portal. Unlike the Stage 1 Measures, your practice will need time to “sell” patients on the patient portal concept and have them send messages and access information to meet the Meaningful Use Measure. Such an effort must be successful before you can practically start your 90 day period for Stage 2 in 2014.
Security Risk Analysis – Practices should carefully plan their 2013 Security Risk Analysis to make the best use of your time and avoid problems. The challenge for 2013 is to perform the Security Risk Analysis after the implementation of the HIPAA Omnibus and perhaps after the implementation of your EHR Stage 2 version. Note that even if you are not participating in the Meaningful Use based EHR incentive program, you are still required to perform a security risk analysis to verify compliance with the HIPAA Security Rules on an annual basis. The security risk analysis is updated for significant changes to your systems (like a new EHR version), business or HIPAA requirements (like HIPAA Omnibus). Click here for more information.
ICD10 Implementation – The extended schedule to implement ICD10 coding by October 1, 2014 is still holding. As discussed in our previous blog post on ICD10, ICD10 is not just a coding change, but could affect a variety of EHR features. Therefore, you could be looking at another significant upgrade to your EHR system in the second quarter of 2014 which would trigger another Security Risk Analysis and significant changes to how your EHR is used.
Each of these requirements is not just a change to your technology, but could trigger a change to your operational use of the EHR and your workflow. In order to manage these issues, keep a close eye on your EHR vendor moves to address these issues, and make sure that your organization allows enough time to manage these changes to protect the integrity of your patient records and your clinical operations.
This article was originally published on Avoid EHR Disasters. Ron Sterling is a nationally recognized expert on EHR implementation, Meaningful Use, and HIPAA Security. He is also host of The EHR Zone, an Internet radio program airing daily at 4 pm Eastern. For expert advice on HIPAA Security and Privacy, you can contact him at rbsterling@sterling-solutions.com or call Sterling Solutions at (800)967-3028.