Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and EHR for FREE!

AHIMA Plans To Promote Blue Button

Posted on October 31, 2013 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @ziegerhealth on Twitter or visit her site at Zieger Healthcare.

This week, at its annual conference, AHIMA announced that it’s launching a drive to get its members and state organizations to push use of Blue Button technology.  The idea behind the push is to improve consumer access to personal health records, according to a report in iHealthBeat.

For those who aren’t familiar with it, the Blue Button dates to 2010, when the Department of Veterans Affairs launched the tool to help veterans access and share their personal health data in a standardized manner. Consumers who click on the Blue Button get human-readable personal health data in ASCII format.

Since its inception, both private organizations and federal agencies have implemented the Blue Button. According to ONCHIT, almost 500 healthcare organizations have joined the Blue Button Pledge Program, which encourages providers to make personal health records available to individuals and caregivers. Almost 80 million Americans can now access their health information through the program.

Now, AHIMA is encouraging wider expansion of Blue Button use. The association is urging members and state AHIMA chapters to inform employers, families, healthcare providers and other health professionals of the benefits of the Blue Button format, according to iHealthBeat.

This effort should be enhanced as providers move toward Blue Button+, the next generation of Blue Button efforts, which meets and builds on view, download and transmit requirements in Meaningful Use Stage 2.

Neither Blue Button nor Blue Button+ programs magically transform patient data into something everyone can see and use, but they’re steps in the right direction.

So, what’s the next step when Blue Button functionality becomes common?  Will it help patients manage their data, or is it unrealistic to expect them to download and transfer information? I think the jury’s still out on this one.

If nothing else, though, we can look too the Automated Blue Button Initiative, which will probably evolve away from ASCII into more universal standards like XML. I’m keeping my eye on #ABBI to see where that goes, for sure.

Physicians Face Flood of Unsolicited Data

Posted on October 30, 2013 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @ziegerhealth on Twitter or visit her site at Zieger Healthcare.

Over the last few years, the sources of information an EMR can contain have exploded. Where it once included only clinical information generated by the provider, these days EMRs may also embrace health information exchange data, input from personal health records, contributions from patient mobile device use and remote monitoring data.

As iHealthBeat writer Michelle Stuckey points out, this information may not have been requested by the provider, but they have to contend with it anyway.  Adapting to these new data sources is possible, but for the near term, it’s likely to disrupt provider workflows and affect the usability of their EMRs.

To combat this problem, AHIMA recently came out with a practice brief which outlines the challenges unsolicited health information can pose for providers. The brief makes several recommendations health organizations should consider in handling the problem, including the following:

  • Develop policies with providers that outline which unsolicited information will be retained
  • Create policies that establish the legal definition of the health record, and which unsolicited information fits the criteria
  • Review the incoming information to determine whether a patient-provider relationship exists, and verify that the information is needed for treatment
  • Develop protocols, by specialty, clinical area or document type which establish which types of information will be accepted into the EMR
  • Provide education to all providers and staff in the health organization on steps to be taken when they receive  unsolicited health records

While it’d be nice, in some ways, for EMRs to remain in silos — at least for those who use them — it simply isn’t going to last. Data is going to come at doctors from every angle, including some we probably haven’t even considered yet.  Forward-looking medical organizations should take a hard look at the AHIMA recommendations before they’re swamped in data they can’t handle.

Patients Want Access To Physician Notes Despite Privacy Concerns

Posted on October 4, 2013 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @ziegerhealth on Twitter or visit her site at Zieger Healthcare.

While privacy concerns remain, patients’ desire to access their medical records online seems to outweigh those concerns, according to a study reported in iHealthBeat.

The study, which was published in the Journal of Medical Internet Research, included 3,874 primary care patients at Beth Israel Deaconess Medical Center, Geisinger Health System and Harborview Medical Center. Each of these institutions implemented OpenNotes, a portal which allows patients to read the notes written by their doctors following office visits, e-mail correspondence and phone calls. The patients were able to view the notes via the portals where other parts of their medical records are stored.

Researchers interviewed patients at baseline, prior to their using the OpenNotes portal. They were interviewed again after a one year period during which they were able to use the OpenNotes portal to review the notes doctors made during their visits.

Privacy remained a concern throughout the study period, iHealthBeat noted. At the study’s outset, about 33 percent of OpenNotes project participants reported having concerns about privacy;  meanwhile, almost 37 percent said they were concerned about privacy after the one year period of using the portal.

After using the portal  for a year, 15.5 percent of patients said they were more concerned about privacy, while 12.7 percent said they were less concerned about privacy.

That being said, study participants were still very enthusiastic about having access to the notes. In fact, at the study’s end, 99 percent of participants said they wanted continued access physician notes, despite their initial privacy concerns.

In April of last year, when I first wrote about this project, I  predicted that patients would become very attached to the level of intimacy OpenNotes would offer with their providers.  It seems that this has come to pass. If 99 percent of patients want to continue with the project despite having privacy concerns, that’s a ringing endorsement of the concept. Now, I’m curious as to whether other institutions will get on board.

Study: Auditing Cloud-Based EMR Providers A Good Idea

Posted on August 28, 2013 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @ziegerhealth on Twitter or visit her site at Zieger Healthcare.

Providers that use cloud-based EMRs should have an outside party audit the EMR before they begin using them in production, according to a Journal of Medical Internet Resesarch piece reported in iHealthBeat.

The study, which was conducted through a literature review of Medline sources and correspondence with with cloud EMR providers, found that auditing cloud service providers would prove a useful window into management information processes and allow for an apples-to-apples comparison of security features between different providers.

To ensure the privacy and security of cloud EMRs, providers should look into the following features, the study said :

*  Access monitoring
*  Data encryption
*  Digital signatures
*  Network security mechanisms
*  Role-based access

Even with a thorough audit, providers are likely to find holes in the EMRs’ security and management capabilities. The study’s authors note that cloud-based EMR management systems are “still under development.”

For that, healthcare providers thinking about moving their EMR to the cloud should implement a thorough security policy, including:

* Third party certification:  Cloud providers must be compliant with standard third-party requirements such as FISMA, ISO 27001, PCI DSS Level 1 and SAS70 Type II.

* Monitoring:  The provider should include automated monitoring tools to assure high levels of performance and system availability.

* Internal communications:  The cloud provider should use the platform as a communications channel keeping personnel up to date on everything that happens within the system.

Background checks: Providers must have strong policies to control user access, and require that employees accessing patient data agree to background checks.

* Physical security:  The data center should be strictly controlled and feature video surveillance, expert security staff, intrusion detection and other electronic monitoring.

These steps, along with other standard  protocols, should go a long way toward addressing any security questions about cloud EMRs. But it still seems like most healthcare facilities are paranoid enough about their cloud installations that they seldom discuss them in public. Though I suspect things will change over time, I think cloud installations are still suspect in the eyes of hospital CIOs.  Perhaps a research-backed blueprint for cloud security will reassure some.