All of the product literature I collected at the recent AHIMA show in Salt Lake City finally arrived in the mail the other day. As I sat sifting through all the pamphlets, brochures, case studies and white papers trying to remember why I had picked them up in the first place, one tag line in particular caught my eye: “Has your transcription seen more continents than you?”

Yes, there were plenty of technologies and services on hand relating to electronic medical records (EMRs) and electronic health records (EHR), depending on which term is your flavor of the week. But what really got my attention was the number of booths I went to that boasted transcription and coding services based right here in the good ole’ US of A, and their competitors that still internationally outsource these types of services.

Most booth reps I spoke with proudly told me that their services were located in the US. On the flip side, one company boasted that all of its services have been totally off-shored in order to meet customer demand for more competitive pricing. So what’s a provider to do?

I am, admittedly, new to the world of coding, and as this was my first AHIMA show, I was unaware of the schism that has developed in the world of domestic and international coding services. But, as a consumer that has been assisted – both competently and disastrously – by call center reps that I’m 99-percent sure were not located in the United States (despite their insistence on being located somewhere “in the Midwest”), I am aware of the consumer backlash that can result from a business’s decision to outsource its customer services.

I can only imagine, however, the pressures providers must feel when they are making decisions along these lines. Do they adhere to what their bottom line indicates is the best choice, which I assume means going international? Or do they stick with US-based companies to ensure that native English-speakers are picking up all the right nuances in documentation?

The brochure featuring the eye-catching tag line above continued its strong messaging with: “You’ve probably heard horror stories about what can happen when transcription services send work overseas. With language barriers, training deficiencies and rapidly changing regulations, mistakes – serious mistakes – are inevitable.”

Really? Inevitable is a pretty strong word. Is it a legitimate one to use in this circumstance?

A white paper from webmedx (now a part of Nuance), “Finance Leaders Rethink Transcription: Six Critical Criteria in a Changing Landscape,” provides a bit more insight into the issue: “Perhaps it was the black market sale of patient information in India …. Perhaps it was the worldwide economic meltdown and loss of U.S. jobs in 2009. Or maybe it is the pressure of tighter HIPAA regulations under ARRA’s HITECH Act. Whatever the cause, the effect is clear. Healthcare providers who sent medical transcription offshore in the past are bringing it back home.”

Are there any providers in the audience who’d care to speak to either side – why they chose to go domestic, or feel that the quality of transcription is just as good abroad? Has “cheap” become overrated?

Chime in with your comments below in answer to my question above.

Maybe two years ago, I saw this interview on TV with this Silicon Valley yuppie who had a camera attached to a cap on his head (or maybe it was a backpack. I digress.) Every 10 seconds, the camera would kick into action and take a snapshot. This way, the yuppie surmised, he would have a repository of pretty much everything he had ever done, even the parts he didn’t like or want to share.

Fascinating as the interview was, to me the $64,000 question was Why? Why, I wondered, would someone want this much detail about his life?

Turns out, there are a whole lot of people who are into this kind of minutiae logging. And they may very well be changing the way medical records are used and stored. At Quantified Self, people believe that self-logged data holds the key to a better understanding of oneself. And some Quantified Selfers are on a mission to make it easier and cheaper to save one’s personal data.

I can think of a myriad things about my health that I might want to log and analyze – blood pressure, weight, mood swings, food intake and (ew! even) bowel movements. Such data might serve to show me the cause and effect, or at least correlations, between my daily choices and the end result of these choices. Such feedback loops apparently work. Last month’s Wired story on this topic shows how innocuous and ineffective seeming reporting can be used for positive behavior change. (There’s an interesting section on how one inventor helps non-compliant patients take their pills as directed.)

This is still a newish area of experimentation. We still don’t know if, and when, and how this trend will play out in the healthcare field. To me, there are several questions that need to be answered:

• How is data going to be stored and transmitted to the EMR?
• Who takes charge of interpreting all this data we will gather? Will my already overworked primary care physician for example want to look through graphs of my self-reported B.P. and weight changes?
• How will this data interface with EMR systems already in place?
• How safe is it to maintain a personal health data journal? What are the HIPAA implications?
• How much is too much?

It will be interesting to see how this form of health-logging will play out.

I had this post in my drafts from a long long time ago. It linked to an article that is no longer relevant. However, I still think the title is incredible relevant. I was talking with someone this week about the real problem with EMR software is that they have to jump through the crazy billing requirements. Although, you could certainly add in the HIPAA requirements in some regards as well.

We can all appreciate the need to protect patients information. Plus, while HIPAA has some issues, I think it could be much worse. So, I can’t say I can really complain about the HIPAA requirements as they relate to EMR.

Instead, I’ll focus this post on the crazy billing requirements that doctors have to jump through in order to be reimbursed for their work.

Now, imagine the beautiful EMR interface that could be created if everything about the EMR software was focused on patient care and physician workflow. I’d love for someone to do a study on what percentage of EMR functions are there because of the onerous billing requirements. I think we’d be shocked to find out how many of them are there because of billing.

I’ve covered this topic from a lot of different angles before. It just keeps coming back to me over and over again. So, until I find someone who has a fix for it, I’m going to keep bringing it up.

Of course, I wonder if 3 years down the road I’ll be writing a post talking about how meaningful use is impeding EMR progress. Then, I’ll be interested in a study that looks at how many features of an EMR were needlessly added thanks to meaningful use.

Anyone who knows me has probably heard me take a few potshots at the AMA, which isn’t exactly known for its progressive positions on health policy issues.  But this time, I must admit, the AMA has done the industry a good turn by shining a spotlight on an issue that deserves a closer look.

The group’s House of Delegates has just adopted a policy asking the AMA to study the issue of who owns — and can use — data sent back and forth across an HIE network.

The author of the policy, a New Mexico-based nephrologist, noted that as health plans acquire HIE technology vendors, it’s become unclear who will control patient data.

For example, UnitedHealth Group’s health IT consulting subsidiary Ingenix bought HIE technology provider Axolotl last year.  Another example of such consolidation comes from Aetna, which picked up HIE vendor Medicity last year, notes American Medical News.

At present, the AMA notes, it’s not clear whether payers who buy HIE technology vendors have the right to siphon out data on patients who aren’t members of their own plans.  (My guess is that health plans will be all too happy to do so, if they can get away with it, as it would help them screen out high-risk patients before they even consider applying for coverage.)

Now, I’m no legal expert, but I would have assumed that HIPAA regs would cover this situation.  But even if HIPAA does spell out what health plans may and may not do in this instance, this won’t be the last time the increasing consolidation of patient records will raise important privacy questions.

The truth is, as health data begins to become a public commodity — something that’s hard to avoid as it’s aggregated and shared with more parties — the notion of health data privacy will need to evolve.

Do we need a “son of HIPAA” law to protect consumers in this new era?  Not being an attorney, I’m not qualified to say.

But as HIEs begin to play a more important role in healthcare delivery, I do think we should pay close attention to what data ends up in whose hands.  Otherwise, we’re looking at loopholes you could drive a truck through.

Right now, HHS is considering a new rule which would demand that hospitals, medical practices and health plans provide anyone who asks with a list of who has accessed their electronic medical records.

The proposed rule, which will go into effect January 2013 if approved, shouldn’t be a big deal in theory. After all, since 2005 healthcare companies directly involved in patient care have had to keep their own log of who accesses patient records electronically.  But apparently, the industry is arguing that providing a report on who saw your EMR file would be a massive hassle. (Even the rule’s author told USA Today that “the burden could be significant.”)

OK, I’m beginning to get a bit of a headache. Correct me if I’m wrong, but isn’t such monitoring — a detailed record of who looked at what record — a completely standard security measure for any organization with its act together?

I’m also wondering why the heck the article suggests that it would be difficult to get such access logs across departments. Again, I’m not an IT executive and I don’t play one on TV, but how much would EMR security be worth if you could only track access department by department?

I’ll admit that the more paper that remains in the process, the trickier things get. If a consumer wanted a complete list of who’d accessed their files, and the healthcare organization still conducted some major processes on paper, things could get pretty time-consuming. (Though even in that case, healthcare organizations better be aware of who’s peeked at what patient’s data.)

Still, I detect a smokescreen here. While there are probably entities — notably smaller practices with lower-end EMRs in place — that would be burdened by this requirement, many more would probably find it no trouble to handle if they tried. In fact, if a provider has spent big bucks on an EMR that can’t dig up access records easily, they should get their multi-million-dollar investment back.

I understand health plans’ and hospitals’ reluctance to turn over such information, which could drag them into lawsuits, divorces (“Did my wife really have the right to see my records?”) and medical ID theft prosecutions, to name just a few possibilities.  Once targeted, the entity would have to prove, sometimes laboriously, why a given person actually did have good reason to access a certain patient record, and sometimes they’d look bad even if they were in the right.

But if that’s the real issue, and I strongly suspect it is, I’d prefer to see health plans and providers come out and admit that they don’t want to get dragged into fights they may not win. Saying they can’t afford to comply with what should be a simple request just makes them look dishonest. And that can only lead to further headaches down the road.

Here’s a handy little blog item from health IT consulting firm Entegration.  While many bloggers focus on big-picture issues, firm president Art Gross has offered three easy-to-understand, concrete suggestions on how medical practices should protect themselves when they’re first rolling out their EMR.

Gross suggests they consider the following steps:

*  HIPAA security:  Gross recommends hiring HIPAA security services to help train employees and implement protocols which will make sure protected patient information isn’t compromised.

* Off-site data backup:  Few medical practices do more than back up their existing files to tape, but as he notes, data gets corrupted, backups are sometimes overwritten by mistake and disasters (fire, floods and more) can destroy on-site archives.

* Disaster recovery:   To be prepared for all contingencies, practices must have more than one copy of current data available, methods for accessing that data and detailed procedures in place for accessing the duplicate data.

Sure, companies with big IT staffs would do these things as a matter of course, but many small physician practices don’t even have a single full-time IT employee, relying instead on consultants to do basic maintenance.  That drive-by consultant is unlikely to be evaluating the practice’s overall readiness to keep an EMR up and running securely.

Reminding doctors that they must be careful custodians of their new digital data is a good idea.  Let’s hope more consultants )and vendors) dealing with small practices are preaching this gospel.

I can’t quite figure out why EMR software was been so slow to integrate with various mobile technologies. Certainly we’ve seen quite a bit of effort when it comes to EMR and the iPad. However, I’m talking more about patient focused mobile apps.

I started thinking about this when I saw the video below. It’s a sales video, but demos some interesting mobile features that I think should be part of most EMR software:

Something as simple as appointment reminders should be part of every EMR, but sadly it’s not and I’m not sure why. I’m sure some will cry HIPAA, but that’s a total cop out. Besides the fact that you can obtain consent, you can text an appointment reminder without violating HIPAA. It’s not that much different than an automated call system calling to remind them for the appointment.

The automatic welcome text with directions to the office is a nice touch too. Some of the Cisco mobile integrations I’ve seen before in a few EMR, but it definitely adds to the complexity of the EMR implementation. That’s something that I think you have to be careful with as an EMR vendor.

However, the mobile nurse notification is something that could be really interesting. This is a little harder to implement properly since you need to balance the nurses need to know the information and alert fatigue. Or in other words you don’t want to bombard the nurse with so many messages that she stops looking at them because there’s too many and many are outdated since she can’t keep up with the messages.

What about using the bump or bump like technologies to give patients their clinical summaries on their mobiles to satisfy the meaningful use requirements? I’m sure there’s many more.

Why don’t we see more functions like this? Sadly, I’m afraid the answer is that these features won’t likely sell more EMR software.

While it’s all well and good to prepare for Meaningful Use compliance, IT departments may be going a bit overboard.  A new survey by HIMSS has concluded that providers are being diverted from critical efforts like the HIPAA 5010/ICD-10 transition by efforts to capture MU bonuses.

It’s hardly surprising, given the tempting candy MU incentives offer, but it’s a bit worrisome too.  After all, preparing for 5010 transactions requires a mountain of work, touching electronic claims, eligibility verification, claim status, referral certification and more.  This is NOT something you can afford to ignore, particularly given the risk of incurring CMS’s wrath.

Consider this:  a full 35 percent of the providers responding to the HIMSS survey this summer said they had no plans at all in place to implement a 5010 readiness project. This despite the fact that they were supposed to begin testing by January 1 of this year.

Instead, HIMSS found, providers are spending much of their time working to qualify for MU money, neglecting the 5010 transition for now.  The HIMSS folks hypothesize that providers are laying low on 5010 now, hoping to squeeze in under the January 1, 2012 final deadline. Hey, maybe if IT leaders stick their heads in the sand long enough, the deadline itself will go away!

In reality, we all know what will happen — the same thing that happens whenever an enterprise punts on a critical initiative. Over the next several months, expect facilities to dump truckloads of money on vendors and tech help. Consultants, start your engines!

The people over at FierceIT recently reported that a hospital employee was recently fired for comments the employee made on Facebook. Here’s the story:

An employee at Oakwood Hospital in Michigan was fired after she posted negative comments about a patient on Facebook, WJBK Fox 2 reports.

In her post, Cheryl James said she came face-to-face with a cop killer and hoped he rotted in hell. She also posted another remark WJBK would not repeat.

The hospital gave the following reasons for the firing:

A statement released by the hospital referred to HIPAA rules and noted that “we all have a legal and ethical responsibility to put our personal opinions aside and provide the care required for any patient who has entrusted us with their health.”

James plans to fight her termination, claiming she did not share the patient’s name, his condition, or the name of the hospital.

Doesn’t seem like a HIPAA violation to me. Although, it is poor discretion and in poor taste. I am often amazed at what people post to Facebook. Some people just don’t realize how public it really is. I guess after things like this, the idea of a Facebook PHR isn’t very likely either.

I must admit that I’m also amazed that the hospital worker had access to Facebook. Hospital computers are some of the most guarded computers I’ve ever seen. Unless of course she posted from her phone. We’re bound to see a lot more of this. In fact, at some point we’ll see pictures and/or video of patients posted to Facebook.

Someone sent me an email with this link to the list of HIPAA breaches affecting 500 or more individuals. One of my popular searches on EMR and HIPAA is about HIPAA lawsuits, so you can imagine the lawyers are salivating over this list.

In a quick count, I found 31 on the list that were desktop, laptop, or other computer related device. In another quick count, I counted 46 on the list (feel free to correct my counts, but the range is right). The person who emailed me suggested that most of the list was breaches of EMR. I personally don’t think that’s the case.

One thing seems pretty certain. Technology has opened the doors for larger breaches. In the paper world, it’s a little harder to lose/misplace/steal 500 or more individuals information. It happens, but it’s much easier in the digital world. Plus, there’s a lot more vagueness in technology when a breach happens.

In the digital world, it’s often a best guess about what happened during a breach. Most of the time breaches happen in the technical world, they probably didn’t give a rip about the healthcare data. However, there’s the potential that they did, so you get to report it. Enough of that tangent.

One other problem with the assertion that most of this list is from an EMR breach is that I was surprised how many insurance providers were on the list. In fact, it seems like a large portion of the breaches were insurance lists probably. Not sure that’s an EMR breach.

I think it’s also interesting to note that this list of breaches is probably far below the reality. This is just the list of reported cases. I can’t imagine how many breaches happen that go unreported.

Of course, this begs the question of whether we should be moving to electronic records at all if there’s more possibility for breaches. My answer is that of course we should. Although, it should give us real pause as we consider the security of those systems as well. Stuff happens, but we shouldn’t put the possibility of breaches make us set aside the benefits of technology.