Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and EHR for FREE!

Interview with ICSA Labs About EHR Certification

After hearing the news about CCHIT shutting down it’s EHR certification business, I thought it would be interesting to interview ICSA Labs, the EHR Certification body that CCHIT recommended to its users. The following is an interview with George Japak, Managing Director at ICSA Labs.

Is there a backlog of EHR vendors that want to schedule test dates with ICSA labs?  

A: There is no backlog. Since ICSA Labs received its ONC authorization, it has been our intent to grow our healthcare programs and offer the best testing and certification program in the industry. Over time we have ramped up our testing team and we have a deep pool of very experienced testers on staff. We have been getting a steady stream of news customers and inquiries and expect the CCHIT announcement will accelerate the pace.  At this point we have the capacity to test applicants as they are prepared to do so.

Is ICSA Labs able to support the onslaught of EHR companies that will come over from CCHIT?  Will that cause any delays on getting EHRs certified?

A: ICSA Labs at this point does not anticipate any delays. The ONC program was designed so that vendors and product developers would have a choice when it came to testing and certification. We were not the first lab to be authorized, but we knew that given the opportunity we would be able to deliver a program where customers would experience high satisfaction.

In my post, I suggested that the economics of EHR certification aren’t all that great.  Especially if you have a legacy cost structure like CCHIT.  Is the secret to ICSA’s success having a broader certification business beyond just EHR?

A: ICSA Labs has been in business since 1989, we have a number of accreditations to support an array of certification and testing programs, such as the IHE USA Certification program which just kicked off its second year at the 2014 IHE North American Connectathon. Our business is diverse and we leverage our capabilities across our business. We are used to doing business in competitive markets, so it has always been important for our programs and cost structure to emphasize efficiency and effectiveness and those benefits are passed onto our customers. Our testing and certification programs have always been competitively priced and efficient yet rigorous and done superior quality.

How much more complex is 2014 EHR certification compared with 2011 from an ONC-ACB perspective? 

A: As any recently certified company can attest to, the 2014 Edition criteria are significantly more complicated than the 2011 Edition. There are more test tools to maintain; more test data sets to review; frequent revisions and updates to the criteria and additional types of attestation to review. The time to complete testing has close to doubled and there are more requirements as they pertain to surveillance. After the 2011 Edition criteria, ICSA Labs asked for ONC to raise the bar, and they did. For ICSA Labs the added complexity was not unexpected.

The timelines for meaningful use stage 2 are starting to get squeezed.  Will the majority of EHR vendors be 2014 certified and ready in time?

A: There will always be stragglers, but I believe a majority of EHR vendors will be 2014 certified and ready in time for Meaningful Use 2. There has been an uptick in the vendors getting certified over the last few months. Providers and hospitals however are a different story, and they may feel the squeeze in terms of the timeline to purchase, implement and begin meaningfully using their EHR system. ONC extended the Stage 2 timeline to relieve some of that pressure.

I’ve heard that in some cases the ONC-CPHL has been slow at putting up newly certified EHRs.  Have you seen this?  Do you have a bunch of 2014 certified EHR vendors that haven’t been listed on ONC-CPHL yet?

A: The ONC-CHPL is generally responsive to our concerns and we work with them as they continue to refine new features like links to the public test results summary.

January 31, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 5000 articles with John having written over 2000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 9.3 million times. John also recently launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus.

HHS Releases Health IT Safety Plan

HHS has released a plan designed to strengthen health IT-related patient safety efforts, offering “specific and tangible” advice for stakeholders across the healthcare industry spectrum as to how they can participate.

The Health IT Patient Safety Action and Surveillance Plan builds on an earlier effort by the Institute of Medicine which examined how to make health IT-assisted care safer.  This Plan breaks down further how key health system players such as patients, providers, technology companies and healthcare safety oversight bodies can take appropriate steps to improve health IT safety.

The Plan also spells out the steps HHS believes it should take to make sure knowledge of best practices in health IT are leveraged to make a difference.  The following offers a few examples of what the agency expects to do:

Use Meaningful Use and the National Quality Strategy to advance health IT safety:  HHS plans to use knowledge of health IT safety risks and trends, and focus that knowledge on clinical areas where there’s already safety issues (such as surgical site infections). ONC, for its part, is going to establish a public-private mechanism for developing health IT-related patient safety measures and targets. And HHS also plans to incorporate these improvement priorities into the Meaningful Use program.

Incorporate safety into certification criteria for health IT products:  ONC expects to update its certification criteria for health IT products — including EMRs — to address safety concerns.  ONC  has already incorporated safety principles for software and design principles in its 2014 final rule, but just two such requirements  Expect more to come.

Support R&D of testing, user tools, and best practices related to health IT safety:   HHS and its federal partners are supporting R&D of evidence-based tools and interventions for health IT developers, implementers, clinical staff and PSOs.  This year, ONC will begin disseminating a new class of health IT safety tools designed to help health IT implementers and users assess patient safety and leverage the latest applied knowledge of health IT safety.

*  Incorporate health IT safety into education and training for healthcare pros:  Through its Workforce Development Program, ONC awarded grants to universities and community colleges to develop health IT programs. This effort will continue, but will add up-to-the-minute information on health IT-related safety to the schools’ programs.

*  Investigate and take corrective action addressing serious adverse events or hazards involving health IT:  HHS plans to work with private sector organizations which have the capacity to address such events or hazards, including The Joint Commission.

This is a meaty report, and I’ve barely skimmed the surface of what it has to say. I recommend you review it yourself. But if you’re looking for a quick takeaway, just know that HHS is entering a new era with its focus on health IT safety, and if the agency gets half of what it plans done, there are likely to be some serious ripple effects.

July 3, 2013 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @annezieger on Twitter.

What Really Differentiates EHR Companies?

My post yesterday on EMR and HIPAA called “Does Spending More on EHR Mean You Get More?” started me thinking what does differentiate one EHR company from another. I think there’s a real disconnect between what most people selecting an EHR use to differentiate EHR companies with what really matters to the users of an EHR.

First let’s take a look at some of the many ways that I see doctors and hospital CIO’s using to differentiate EHR companies. Many use price as an indicator of quality. Hopefully this post puts that to bed. Price matters, but it’s not a great indicator of EHR success. Many are swayed by great sales and marketing by EHR companies. It’s hard to deny that seeing an EHR vendor with a full HIMSS booth doesn’t have some effect on what you think of that EHR vendor. Going along with this is having the big, well branded name recognition. Although, what’s in a name if the EHR software doesn’t meet your specific needs?

Another differentiator that many use is KLAS or other ratings. When I’ve dug into all of the various EHR rating and ranking systems, there are flaws in all of them. Some lack enough data to really draw conclusions. Some use bias methods for collecting data. Some EHR ranking services don’t use data at all. It’s amazing how interested we get in a list that may or may not have any legitimate value. Every EHR vendor has some flashy numbers to share with you. Just remember that numbers can lie. You can make them appear any way you want.

I’m a little torn on the idea of EHR certification and access to EHR incentive money being a point of differentiation for EHR vendors. There are so few that can’t get you there, that it’s almost a non-issue. Sure, if you really want to get the EHR incentive money, you could and should talk to the users of that EHR that have gotten the EHR incentive money. However, because almost every EHR vendor is a certified EHR that can get you to meaningful use, not being certified might actually be a more exciting. The story is reasonable: our EHR focused on what doctors care about in an EHR as opposed to some random government requirements. Could be a compelling message. Especially for those doctors who don’t qualify for the EHR incentive money.

What should be used to differentiate EHR companies?

The number one thing that I think doctors should look for in an EHR is efficiency. A large part of the coming Physician EHR revolt is due EHR software’s impact on physician efficiency. Yet, most doctors selecting an EHR pay little attention to the effect of an EHR on efficiency. This data is harder to get, but a good survey of existing EHR users can usually get you some good information in this regard.

Another area of differentiation with EHR companies should be around their EHR support and training. How quickly an EHR vendor answers support requests and how well an EHR gets you up and running on an EHR is extremely important. As someone on LinkedIn mentioned today, EHR is not plug-n-play software. There’s more to an EHR implementation than just plugging it in and going. It requires some configuration and learning in order to use an EHR in the most effective way.

How come we don’t use the quality of care that an EHR provides as a method of differentiating EHRs? The answer is probably because it’s a really hard thing to measure. I wonder if any EHR has found a way to show that their EHR provides better care. There’s plenty of anecdotal examples, but I wonder if anyone has more data on this.

Another point of differentiation that I think matters is how an EHR company approaches its relationship with the users. Does the doctor, practice and hospital feel like a partner of the EHR company or are they a distant customer. You can imagine which situation is better than the other. This relationship will matter deeply as you run into problems that are unique to your environment. I assure you that this problems will come.

I also see technology approach as a really important factor for EHR companies. When I say this, I think most people start to think about SaaS EHR vs Client Server EHR. Certainly that is one major component to this idea, but it should go much deeper. You can tell by the way an EHR’s technology approach if they’re focused on the right things. Do they take shortcuts when they implement technology? Are they thoughtful about what really matters to the EHR user? Do they implement something on a whim or do they think deeply about the impact of a feature? While every EHR company has limits on what they can put out in a release, they can still provide a great roadmap of the current release and their plans for future releases which shows that they understand the needs of the users.

I’m sure there are many more good ways to differentiate an EHR company. I look forward to hearing more of them in the comments. We just need to expand the discussion to things that really matter as opposed to basing our EHR decisions on vanity metrics.

February 8, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 5000 articles with John having written over 2000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 9.3 million times. John also recently launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus.

EHR Vendors Using EHR Certification Excuse

As most of you have probably figured out by now, I’m not really a fan of EHR certification because I believe there is very little value provided by EHR certification. An interesting additional problem that comes from EHR certification and meaningful use has to do with how EHR vendors are using this as an excuse for why their EHR sucks doesn’t work the way doctors want it to work.

Don’t just think that I’m making this idea up. I first thought about this idea when a doctor wrote me about his experience with an EHR vendor that used EHR certification as an excuse for why their EHR software’s workflow was terrible.

The interaction went something like this:
Doctor: Why do I have to do these extra 5 clicks?
EHR Vendor: That’s required by EHR certification.
Doctor: That provides no value to the care I provide a patient.
EHR Vendor: Sorry, we have to do that for EHR certification.
Doctor: What about this other prompt I get in your EHR? Why does that come up and disrupt my workflow?
EHR Vendor: That’s another EHR certification and meaningful use requirement.

You’ll notice that I made the complaints generic, because they likely could apply to almost any measure in meaningful use and EHR certification requirement.

I’ve seen first hand the efforts that some EHR vendors have put forward to try and make sure that their doctors don’t have this discussion with them. You can be sure it takes a lot of time, energy, and skilled professionals to make meaningful use and EHR certification a seamless part of a practitioner’s EHR experience.

The problem is that many many EHR vendors just ran the EHR certification race and in an attempt to win that race they just slapped something together to meet the requirements. This I want to be the “first” EHR vendor certified mentality is causing many doctors to pay the price today.

Is it any wonder that many doctors look at meaningful use and are upset by the way it’s changing the way they practice medicine?

October 11, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 5000 articles with John having written over 2000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 9.3 million times. John also recently launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus.

Switching EMR and EHR Software

I’ve long been concerned about the challenge of switching EHR software. I’ve recently got into some discussions with people asking why EHR certification and meaningful use didn’t require EHR data portability as part of the requirement.

I’d forgotten that Jerome Carter had pointed out in a previous EHR switching post where HHS asked for comments on EHR data portability in the proposed certification rule for EHR (PDF) under the section “Request for Additional Comments”. Here’s his comment with the page number that addresses it:

John, this series of posts on changing EHR systems is interesting. The data issues that arise when switching EHRs can catch providers off guard. In reading through the proposed certification rules for EHRs, I found a section on data portability that you might find interesting. It is on page 13872.

Link: http://www.gpo.gov/fdsys/pkg/FR-2012-03-07/pdf/2012-4430.pdf

It’s an interesting section to read. The key is that they acknowledge the need to have some EHR data portability if you’re a doctor. Then, they look at these 4 questions:
1. Is the consolidated CDA enough?
2. How much EHR data do you need to move to the new EHR?
3. Could they start with an incremental approach that could expand later?
4. What are the security issues of being able to easily export you EHR data?

These are all good questions. I’d answer them simply:
1. Is the consolidated CDA enough?
No, you need more.

2. How much EHR data do you need to move to the new EHR?
All. Otherwise, you have to keep the old EHR running and what if that old EHR is GONE.

3. Could they start with an incremental approach that could expand later?
I think they need to go all in with this. The consolidated CDA is basically an incremental approach already.

4. What are the security issues of being able to easily export you EHR data?
I always love to follow it with the opposite, what are the issues of not having this EHR data portability available? You do have to be careful when you can export all of your EHR data, but the security is manageable.

What are your thoughts on EHR data portability? I’d still love to find a way to help solve this problem. It’s a big one that would provide amazing value.

August 16, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 5000 articles with John having written over 2000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 9.3 million times. John also recently launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus.

Will Rip and Replace EHR Software Ever Be a Thing of the Past?

I heard an interesting statistic a few days ago during a very informative webinar – “The Future of Meaningful Use, EHRs and Accountable Care” – hosted by Greenway Medical’s Justin Barnes. He shared a huge amount of information during the hour-long presentation, but the fact that most stood out to me was that, according to Barnes, between 35 and 50 percent of EMRs will eventually be replaced after just one year of use. (Don’t quote him on the “year,” but I’m pretty sure that’s what he said.) His point being, of course, that providers need to think long and hard about what type of solution they need to fit their workflows before they spend time and money implementing an EMR.

This sentiment was echoed by Kimberly Harding of BCBS Florida in a panel at the iHT2 Summit in Atlanta. As part of a greater discussion on Meaningful Use, she made the comment that just because a healthcare IT product is certified doesn’t mean it’s the best fit for a particular facility.

My takeaway from both of these statements is that providers looking to adopt new healthcare IT tools like EMRs need to take a long, hard look at what their current needs are and what their future needs might be before they even think about demoing products.

They also need to adopt technologies that fit their workflows, not necessarily technologies that have a ton of bells and whistles. Added features won’t do anyone any good if they’re never used properly, never used at all, or used to the detriment of a physician’s productivity.

I kept this sentiment in mind when I read the results of a recent study of 250 hospitals and healthcare systems by consulting firm KPMG. The survey found that “71% of respondents’ organizations are more than 50% finished with their EHR adoptions. Will this 71% be satisfied with their EMRs once fully installed and adopted? How many will realize their product of choice wasn’t the right call? If we apply the Greenway statistic, that could be as many as 125 facilities!

So where is the disconnect? Why are providers making poor choices with presumably the best of intentions? Why has the term “rip and replace” become so well known in healthcare? Are physicians misinformed, or not educated enough? Are they feeling so rushed by Meaningful Use deadlines that they don’t perform proper due diligence? Are vendors part of the problem? If so, shouldn’t they be part of the solution? What role do regional extension centers have to play in all this?

If you have answers, please let me know in the comments below.

April 25, 2012 I Written By

As Social Marketing Director at Billian, Jennifer Dennard is responsible for the continuing development and implementation of the company's social media strategies for Billian's HealthDATA and Porter Research. She is a regular contributor to a number of healthcare blogs and currently manages social marketing channels for the Health IT Leadership Summit and Technology Association of Georgia’s Health Society. You can find her on Twitter @JennDennard.

Meaningful Use Solidifies EHR as the Database of Healthcare

Earlier this month I wrote a post describing EHR as the Database of Healthcare. I believe this is a powerful and important thing to understand. It also led to some good conversation in the comments. As an entrepreneur I’m always interested to see the trends in the industry to hopefully better understand what is going to happen in the future. I think that this is one of those trends.

Just to make the case clearer, consider the effects of meaningful use on EHR software. Meaningful use stage 1 and EHR certification has already hijacked at least one EHR development cycle and you can be sure that meaningful use stage 2 and stage 3 will be hijacking another couple EHR development cycles. You heard me right. In order to meet the EHR certification and meaningful use requirements, most EHR vendors have to put a whole development team focused just on meeting those government requirements.

Meaningful use has codified EHRs into a box.

Instead of allowing EHR software to create innovative solutions it requires standards be met for storing and accessing info. Sure it also adds in security and tries to work towards interoperability, but those aren’t innovations that doctors want to see.

I expect many of the best healthcare innovators will build on top of the EHR base, not try and build the base again.

March 20, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 5000 articles with John having written over 2000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 9.3 million times. John also recently launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus.

Intermediaries for Meaningful Use Stage 1 – Prime Opportunity?

John’s recent post about ONC trained participants finding it difficult to find jobs struck a chord. A different post over at HIMSS had me thinking in overdrive.

Dr. Noam Arzt has a post on Meaningful Use and public health reporting. In it he discusses the problems faced by providers in submitting health information to public health bodies in ways that are also Meaningful Use Stage 1 compliant.

Health records in provider offices are sometimes stored in disparate silos that are cannot/do not communicate with one another. As Dr. Arzt explains with an immunization records example, there is no demonstrable Meaningful Use if an uncertified system makes the data submissions to public health.

Of course, adding additional functionality to the EHR system with a simultaneous revamping of uncertified system to provide Meaningful Use share data with one another is one (costly) solution. Getting the secondary data system certified is another one. A third approach, which Dr. Arzt touches on, is for Health Information Exchanges to act as/provide for certified intermediaries that bridge the data flow between an uncertified system and one that is Meaningful Use certified.

Here’s what HHS had to say about the subject a month ago:

If an intermediary performs a capability specified in an adopted certification criterion and a provider intends to use the capability the intermediary provides to satisfy a correlated meaningful use requirement (submission to public health according to adopted standards), the capability provided by the intermediary would need to be certified as an EHR Module

This intermediary need can be filled, especially by innovative software vendors or those looking to break into the EHR IT industry. From plain data conversions to web services, IT companies have plenty of tricks up their sleeve to assist HIEs. The technology is there, all we need are savvy techies (companies, people) to see the opportunity this presents and act on it.

September 6, 2011 I Written By

Priya Ramachandran is a Maryland based freelance writer. In a former life, she wrote software code and managed Sarbanes Oxley related audits for IT departments. She now enjoys writing about healthcare, science and technology.

Guest Post: ONC-ATCB ICSA Labs – The Future of EHR Testing Requires Security and Privacy Enhancements

Guest Post – Amit Trivedi – As the healthcare program manager for ICSA Labs, Amit Trivedi spearheads the lab’s overall efforts in the healthcare industry, including launching and managing the 2011/2012 Office of the National Coordinator (ONC) Authorized Testing and Certification Body (ATCB) certification program.


We all know there is no such thing as perfect security. All we can do is try to mitigate as many risks as possible. In this regard, there are areas related to information security that the current ONC-ATCB 2011/2012 (commonly referred to as meaningful use) certification testing does not yet address and that the health IT community should be aware of when implementing systems.

ICSA Labs is an Office of the National Coordinator-Authorized Testing and Certification Body (ONC-ATCB), designated to test both complete and modular electronic health record (EHR) technologies under the auspices of the federal government’s Temporary Certification Program. ICSA Labs has a history rich in the certification of security products. We have been testing security products and developing test criteria for more than two decades and we understand the importance of raising security awareness in the health IT community and helping Eligible Providers and Hospitals understand what meaningful use EHR certification testing does and doesn’t cover.

It is important to remember that regardless of the number of security features a product has, an incorrect or incomplete implementation can introduce vulnerabilities or compromise the security of the system. Certification testing can really only demonstrate that a product is capable of being used securely, not that its security can never be compromised.

Testing bodies must test products within the scope of approved test procedures. As an organization that has developed testing procedures and methodologies, we understand that there is a delicate balancing act when developing requirements so that general concepts and capabilities are covered by the testing, but the testing process is not designed so specifically as to stifle innovation in new products. As such, we recommend that end users and implementers be aware of these requirements when deploying ONC-ATCB 2011/2012 certified products.

Encryption Requirements Do Not Address the “What”

Consider the encryption requirements (criteria 170.302.u and 170.302.v). The current testing criteria require FIPS 140-2 level encryption. This an excellent way to require products to support some of the best levels of encryption available today, and that they are also in line with other federal encryption requirements.

One could compare encryption to a bank vault. You might purchase the most secure, unbreakable vault in the world, but if you don’t put your valuables in the vault, it won’t be of any help when there is a break-in. The current meaningful use testing procedures do not dictate what must be encrypted. Ultimately it falls to end users to make a determination as to how they want to implement security – hopefully basing the decision on a risk-based approach. Fortunately, meaningful use testing and certification follows a staged approach to getting from where we are today to where we’d like to be in the future. The meaningful use certification is planned to be rolled out in three stages. Right now, we are in the midst of Stage 1. Some recommendations to the ONC for Stage 2 security criteria include addressing things like encrypting data at rest (including data in datacenters and mobile devices) – something that is not part of the Stage 1 requirements.

Negative Testing Examines the Unexpected

Another area to highlight is related to negative testing, which is currently out of scope for ONC-ATCBs. The testing performed today relies on giving the EHR an expected input and verifying that the expected result is met. Negative testing, however, is the concept of giving unexpected or invalid inputs to a system and verifying receipt of an expected result (typically, that the data is not accepted or an error is generated that does not crash the system). Negative testing is common throughout ICSA Labs’ proprietary security testing programs and something we feel should be incorporated into future testing of EHR technologies under the ONC Certification program.

Consider the authentication and access control requirements (criteria 170.302.t and 170.302.o). Some of you may be aware of an old Unix bug that resulted in the operating system being unable to correctly support passwords over eight characters. If the password was 12 characters long, a user only needed to enter the first 8 characters to be allowed to login. This made password cracking on Unix servers much easier, and because the system allowed the entry of a longer password, most users were unaware of this limitation.

ICSA Labs has discovered the same or similar problems when testing products in our proprietary security certification programs, and the primary way we discover this is by negative testing. For example, we configure a password greater than eight characters, and then we attempt to login to the system using only the first eight characters. This should be treated as invalid by the system and rejected. However, the meaningful use EHR testing only tests that the system accepts valid passwords. There is no testing done on the system’s acceptance or rejection of invalid passwords.

The Future of EHR Testing Must Increase Security, Privacy

As we progress to the next stages of meaningful use certification, the requirements should begin to look at other areas of security, such as application testing for vulnerabilities like buffer overflows, SQL Injection, and cross-site scripting attacks. These are all examples of security testing best practices. In many instances, ONC has signaled its flexibility in allowing third-party products to complement functionality of EHR technologies, which means that not all of the functionality needs to be native to the product. This can allow EHR developers to focus on functionality that their customers are looking for, while at the same time keeping security as an important consideration in the product life cycle development.

It is our hope that future stages of meaningful use testing will raise the bar and specify how and when features like encryption should be used and the scope of testing will be expanded to include things like negative testing. As the meaningful use criteria evolve, it is critical that both the criteria and testing procedures are developed in ways that consider the long-term security and privacy of patient health records.  

August 25, 2011 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 5000 articles with John having written over 2000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 9.3 million times. John also recently launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus.

101 Tips to Make Your EMR and EHR More Useful – EHR Tips 56-60

Time for the next entry covering Shawn Riley’s list of 101 Tips to Make your EMR and EHR More Useful. I hope you’re enjoying the series.

If you want to see my analysis of the other 101 EMR and EHR tips, I’ll be updating this page with my 101 EMR and EHR tips analysis. So, click on that link to see the other EMR tips.

60. Reporting, reporting, reporting, reports
What’s the point in collecting the data if you can’t report on it? I’ve before about the types of EMR reports that you can get out of the EMR system. The reports a hospital require will be much more robust than an ambulatory practice. In fact, outside of the basic reports (A/R, Appointments, etc), most ambulatory practices that I know don’t run very many reports. I’d say it’s haphazard report running at best.

Although, I won’t be surprised if the need to report data from your EHR increases over the next couple years. Between the meaningful use reporting requirements and the movement towards ACO’s, you can be sure that being able to have a robust reporting system built into your EHR will become a necessity.

59. Are the meaningful use (MU) guidelines covered by your product?
Assuming you want to show meaningful use, make sure your EHR vendor is certified by an ONC-ATCB. Next, talk to some of their existing users that have attested to meaningful use stage 1. Third, ask them about their approach for handling meaningful use stage 2 and 3. Fourth, evaluate how they’ve implemented some of the meaningful use requirements so you get an idea of how much extra work you’ll have to do beyond your regular documenting to meet meaningful use.

58. It they aren’t CCHIT certified take a really really hard look
Well, it looks like this tip was written pre-ONC-ATCB certifying bodies. Of course, readers of this site and its sister site, EMR and HIPAA, will be aware that CCHIT Has Become Irrelevant. Now it’s worth taking a hard look if the EHR isn’t an ONC-ATCB certified EHR. There are a few cases where it might be ok, but they better have a great reason not to be certified. Not because the EHR certification provides you any more value other than the EHR vendor will likely need that EHR certification to stay relevant in the current EHR market.

57. What billing systems do you interface with?
These days it seems in vogue to have an integrated EMR and PMS (billing system). Either way, it’s really important to evaluate how your EMR is going to integrate with your billing. Plus, there can be tremendous benefits to the tight integration if done right.

56. How much do changes and customizations cost?
In many cases, you can see and plan for the customization that you’ll need as part of the EHR implementation. However, there are also going to be plenty of unexpected customizations that you don’t know about until you’re actually using your EHR (Check out this recent post on Unexpected EHR Expenses). Be sure to have the pricing for such customizations specified in the contract. Plus, as much as possible try to understand how open they are to doing customizations for their customers.

Check out my analysis of all 101 EMR and EHR tips.

August 22, 2011 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 5000 articles with John having written over 2000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 9.3 million times. John also recently launched two new companies: InfluentialNetworks.com and Physia.com, and is an advisor to docBeat. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and Google Plus.