How to build an EHR system
- What is an EHR system
- What is the current EHR market size
- What programming languages are used in healthcare IT systems
- What are the most common EHR requirements
- What EHR hosting solution to choose
- Should EHR be mobile-friendly
- What mobile operating system to pick
- What does GDPR have to do with EHR
- What are the federal regulations to keep up with
- What are the health IT certification criteria
- What are the interoperability standards
- What are the consequences of ignoring EHR certification requirements
- What are the security measures EHR developers must take
- What are the major challenges EHRs face in 2018
- EHR in veterinary medicine
WHAT IS AN EHR SYSTEM
EHR is a real-time, patient-centered documentation software intended to make health info available instantly and securely to authorized users whenever and wherever they need it. EHR systems are built to share data between healthcare providers and organizations, including laboratories, specialized experts, medical imaging facilities, pharmacies, schools and workplace clinics.
An average electronic healthcare record contains:
- Patient demographics
- Medical history
- Personal statistics
- Medications/Treatment plans
- Immunization dates
- Radiology images
- Lab and test results
- Vital signs
- Administrative and billing data
“Talking about an EHR is similar to asking what a computer or smartphone does. It can serve as little more than a typewriter or telephone — or it can provide functionality beyond anything ever available or imagined,” Robert Pearl, MD, said.
EHRs help healthcare providers:
- Streamline their workforce
- Improve the quality of care
- Store and update digital information
- Exchange data with other care providers
- Reduce errors
WHAT IS THE CURRENT EHR MARKET SIZE
The global EHR market size was estimated at $28 billion in 2017 and expected to reach $33.41 billion by 2025. It is a competitive field, with over 1.000 service providers. In general, vying companies offer high-tech solutions to private practices and hospitals.
“To be effective, EHR platforms must leverage newer technologies, such as analytics and mobility, to adapt to the changing needs of patient populations and better connect physicians and patients,” Kaveh Safavi, Senior Managing Director of Global Health Practice at Accenture, said. “As health systems gain more experience in meeting these goals, market growth for EHR will follow.”
Local and country-specific EHR providers are not considered as major players (organizations like Epic, Cerner, and MEDITECH) in worldwide market participation. However, low-budget firms and new entrants can still find opportunities to join the party. The main drawback for smaller companies is the cost to enter the market with a certified product.
Data source: beckershospitalreview.com/ehrs/epic-cerner-maintain-largest-emr-market-share-among-small-hospitals.html
Many region-specific initiatives are promoting digital healthcare field. The UK National Health Services (NHS) is projecting to completely digitize documentation process by the end of 2018. EUR-Lex developed an eHealth action plan for 2012-2020, which promotes the strategies for deployment of eHealth services among European nations.
The US medical field has experienced a tremendous increase of EHR adoptions due to the Health Information Technology for Economic and Clinical Health (HITECH) Act and the Centers for Medicare and Medicaid Services (CMS) EHR Incentive Program. As a part of the Health HITECH Act of 2009, the federal government allocated $25.9 billion for encouraging certified providers. The funds were primarily earmarked for promoting and expanding adoption of EHRs in hospitals and ambulatory care centers. Thus, the USA holds the largest market share at around 42% in 2016.
Asia Pacific and Latin America are expected to be the fastest growing regional segments over the period of 2017 through 2025. Most specifically, the significant increase is predicted in Asian countries, such as India and China, which are modifying regulations and maintaining financial stability. The state apparatus strives to control the implementation of procedures, policies, and guidelines to promote innovation and commercialization.
This has led to a rising number of hospitals and academic institutions interested in the health IT field. Moreover, China is expected to attract more investors as the largest producer of low-cost electronic chips and components.
WHAT PROGRAMMING LANGUAGES ARE USED IN HEALTHCARE IT SYSTEMS
Choosing a proper programming language while building an EHR system affects the quality of an end-product. The criteria to be used in selecting a technology stack are the following:
- Speed of the end-product for voluminous economic data calculation, 3D graphics usage, etc.
- Amount of RAM for embedded computing systems, mobile platform, microcontrollers, etc.
- Program development speed for releasing a ready-made product within a limited time.
- Powerful graphics part for better user experience.
- Cross-platform compatibility for allowing the program to work on various platforms and OSes with minimum code changes required.
- Code modification and testing speeds for ability to constantly review the functionality and make changes.
Guided by our healthcare software development experience and detailed industry research, we may recommend most suitable and reliable options.
Java programming in healthcare software development
As one of the most sought-after programming language, Java has received broad support from the field. The technology has significant advantages over other solutions that make it suitable for healthcare programming.
Java was built with the philosophy of “write once, run anywhere” (WORA). Thus, the pure Java code programmers write on one operating system will run on other platforms with no modifications.
Java is designed to be easy to use and therefore easy to write, debug, and learn than other programming languages. It is object-oriented allowing to build modular programs and reusable code. This principle makes it easy to maintain and upgrade existing code as new features can be created with minor modifications to the code.
Equally important, Java provides built-in security features, such as:
- Automatic memory management that decreases memory corruption and vulnerabilities.
- Secure communication by preserving the integrity and privacy of data transmitted.
Simply put, Java’s robustness, ease of use, cross-platform capabilities and security features make it a language of choice for building an EHR system.
Python as a programming language for health IT
Python is a clear and powerful object-oriented language, comparable to Java. This solution is ideal for prototype development and other ad-hoc programming tasks. As of June 2018, Python is the fourth most popular programming language and is used by many healthcare startups.
Python is often described as an easy-to-use language. It has a clear syntax, large community, and a gentle learning curve. By having a very clear and readable syntax, developers can quickly write working code, spending less time fixing bugs and troubleshooting. Python code can run on various operating systems since its interpreters are available for a wide array of platforms.
WHAT ARE THE MOST COMMON EHR REQUIREMENTS
“Computers need to do work for physicians rather than making physicians do work for the computer. Technologies should make it faster and easier for the treating physician to view relevant information, to document a useful patient story, and to make the best care decisions”, Jonathan Handler, MD, Vice President of Digital Innovation at Baxter Healthcare Corporation, said.
According to Dr. Handler, EHR systems have to be supplied with single sign-on, biometrics, speech recognition, natural language understanding, computer-assisted physician documentation, advanced data visualizations, predictive analytics, and other modern technologies. He believes that EHRs empowered with these modern technologies can increase physician adoption and ease the burden of EHR entry.
An EHR system is typically required to:
- Have electronic prescribing. As an aspect of interoperability between systems, all medication orders electronically signed by a provider are transmitted to an external pharmacy vendor who dispenses and ships the order to the appropriate facility. The patient's record is updated to reflect when the pharmacy vendor dispenses the medication. The entire ordering and approval processes are electronic.
High-level dataflow diagram outlining the roles and processes involved in electronic prescribing
- Receive lab results electronically. Lab values are received electronically from an external lab vendor via an interface between the EHR and the lab vendor's system. The data is displayed in a flow-sheet format, and providers sent electronic notification when they have new lab results to view.
- Use structured data and nomenclature provided by International Classification of Diseases, Ninth Revision or Tenth Revision (ICD-9 or ICD-10), Systematized Nomenclature of Medicine (SNOMED), National Drug Code (NDC), or other data dictionaries for documentation;
- Provide computerized physician order entry (CPOE). Computerized orders, such as requests for labs, tests, and images, are transmitted internally to any users and remain active on the user's “to do” list until completed.
- Have the ability to generate clinical, administrative, and demographic reports. All discrete structured data (problems, procedures, medications, documentation, etc.) and flow-sheet data (labs, vital signs, etc.) can be generated or extracted for data analysis. In addition to individual and population level clinical data, administrative info regarding user activity is also available.
There will always be some physicians who don’t like our system. I don’t know any way around it. In this industry, there will always be more to do, which is really a wonderful thing, because we’ll always be finding new ways to improve health care. We are not close to perfect, we’re in the middle - somewhere between perfect and abysmal. We try to listen to our users and develop products they need,” Faulkner said. “What’s difficult is when they tell us they need software improved, and we do it, and they don’t have the time to install it.”
Providers should also look for technical architectural features. These should be the basis for a strong infrastructure in the system they decided to use. One thing in particular to consider is whether the EHR system will be client server-based, web-based, or cloud-based.
WHAT EHR HOSTING SOLUTION TO CHOOSE
The on-premise solution only runs on an in-house data storage and requires both hardware and software installation at the physician’s location. This method provides total control over data and hardware and does not require Internet connectivity (except for external interfaces like e-prescribe).
However, healthcare providers must pay for the aforementioned hardware and software installation in addition to licensing fees, maintenance services and, upgrades. Moreover, the practice is responsible for data protection and backup measures.
Instead, dedicated hosting services are more popular among healthcare providers as an EHR system can be installed without in-house servers. Choosing this approach, clients pay monthly rental for getting a dedicated server including its full capabilities like CPU, RAM, full control over apps and scripts they would like to install. However, it may not be economically viable to pay for superfluous features that come with renting a server.
The subscription-based cloud solution is the fastest growing product segment as they are more convenient for clinics, pharmacies, and small-scale laboratories.
Perhaps the biggest reason cloud technology has received so much attention is that it excludes costs to the client of deploying a locally hosted server and software. This alone has made cloud-based EHRs an attractive option for smaller medical practices or those who have numerous low-volume locations.
Cloud hosting is a highly customized and flexible solution. It requires a client to pay for time using the service and extra features they have added. Customers are able to increase/decrease amount of memory rented and even put hosting services on pause.
Moreover, some cloud hosting providers will ensure their clients meet HIPAA and GDPR data protection requirements. They offer healthcare apps a secure API to store PHI (Patient Health Information), while also handling all of the technical requirements mandated by the HIPAA Security Rule.
However, since a cloud solution depends fundamentally on an internet connection, practices need high-speed network services. If a network connection drops, users won’t be able to access patients’ medical records during the outage.
SHOULD EHR BE MOBILE-FRIENDLY
Mobile device adoption into practice is a recent Medicare trend that has increased dramatically. Physicians found positive gains from utilizing portable devices in overall productivity. In general, the technology improves patient communication and education, the process of care.
Data source: sciencedirect.com/science/article/pii/S1386505616300107
The easy availability of low-cost portable devices helps bedside information retrieval by clinicians. Published in the International Journal of Medical Informatics in 2012, a pilot study of a tablet computer in an Emergency department compared physician workstation usage with/without portable devices. The results proved that clinical use of a tablet computer reduced the number of times specialists logged into a workstation. Moreover, they spent less time using the EDIS (Electronic Data Information Source) that increased physician availability at the bedside.
“They’re [tablets] very clear, handy, and not too heavy,” Chris Altendorf, director of Baptist OneCare Inpatient Nursing/Clinical Areas at Baptist-Memphis, said. “Compared to a smartphone, which is relatively small, tablets provide better ease of reading, particularly for elderly patients. Tablets are really the perfect solution for that. We’ve had patients of all ages using them without any problems.”
In July 2015, Baptist Memorial launched the pilot program, allowing patients to access their EHR platform. This includes large touch-screen monitors displaying patient vitals and medical team info. Additionally, patients receive 10-inch tablets to track their records and test results, see daily treatment schedules and communicate with care providers.
Moreover, outpatients and approved family members can use a dedicated portal. They are able to schedule appointments and request prescription refills remotely from their smartphones.
“Patients and families love it, because it shows them exactly what’s going to happen,” Altendorf said. “It gives them a sense of comfort they didn’t have before. If they miss some piece of information, they can go back and look at it again. Particularly with the education piece, it’s all right there in front of them on a tablet and is very clear.”
Mobile EHRs help patients become more involved in their treatment, improve their satisfaction as well as communication with the specialists. Further portable device use in the clinical settings can benefit in improved documentation, medical decision-making, and physician efficiency. As such, EHR providers have focused on the prospects of mobile technology adoption by practices.
WHAT MOBILE OPERATING SYSTEM TO PICK
Android is now the world’s most commonly used mobile platform and preferred by various smartphones and mobile tablet manufacturers. The system holds about 85 percent of global market share to iOS’s 14,7 percent.
Having analyzed the global market share, it is likely that mobile devices used by clinicians are operated on Android. This is mainly because iOS-based products come with a hefty price tag, so Android is a natural choice for practices on tighter budgets. As such, Android development would be more profitable here.
WHAT DOES GDPR HAVE TO DO WITH EHR
The General Data Protection Regulation (GDPR) is an extensive new law coordinating the collection and use of personal data in the EU, which came into effect on May 25, 2018.
GDPR is concerned with all kinds of personal info relating to an identifiable individual. This could include names, addresses, contact details or demographic info. The Regulation applies to any organization/person with a European presence, or which deals with the individuals’ data within the EU.
The Regulation concerns the private and public healthcare sectors. Healthcare providers must ensure they comply with the requirements and demonstrate that they are protecting their patients’ data adequately. Any healthcare organization has to verify patients’ identities and create a system to erase or rectify their information.
Do you need to be GDPR compliant? Read the following articles to stay on top!
WHAT ARE THE FEDERAL REGULATIONS TO KEEP UP WITH
As a part of the 2009 HITECH Act, the Centers for Medicare & Medicaid Services (CMS) introduced the Meaningful Use (MU) program. The procedure was initiated to promote the use of EHRs in hospitals and medical offices. If measured by the number of active users, the program has been successful; the percentage of physicians preferring an EHR has increased from 48% in 2009 to 72% in 2012.
"It's what's right for the patient, and our goal as a country to get to better health, better healthcare and lower costs,” Farzad Mostashari, MD, the former National Coordinator for Health IT, said.
The American Recovery and Reinvestment Act of 2009 (ARRA) established the EHR incentive programs for both Medicare and Medicaid. According to the programs, the US Department of Health and Human Services (HHS) financially supports healthcare providers that adopt and demonstrate “meaningful use” of certified EHR technology. Additionally, EHR software companies must prove that their program complies with applicable HHS-adopted criteria and pass testing by an accredited independent certifying entity approved by HHS.
Since 2011, EHR software vendors have been held to the requirements of becoming “certified EHR technology” (CEHRT) to enable healthcare providers to attest to various federal payment programs. CEHRT means the software meets the HHS Secretary’s minimum standards for security and functionality. This certification process started with Meaningful Use.
MEANINGFUL USE: STAGES AND REQUIREMENTS
Meaningful Use was implemented in a phased approach over a series of 3 stages.
Stage 1 aimed at establishing requirements for the electronic capture of clinical data. It also included providing patients with electronic copies of health data. Thus, all parties must have implemented an EHR that complies with the listed criteria in order to be eligible for government incentives.
Stage 2 expanded upon the Stage 1 criteria with a focus on emphasizing care coordination and patient data-sharing. Moreover, the CMS rulemakers considered ensuring that the MU of EHRs supported the aims and priorities of the National Quality Strategy. Finalized in late 2012, Stage 2 introduced more clinical decision support, care-coordination requirements, and basic patient engagement rules.
Practice showed that the choice a healthcare provider makes regarding their EHR platform has a notable impact on Meaningful Use performance. According to the study published in the Journal of the American Medical Informatics Association (JAMIA), EHR vendor choice accounts for 7%-34% of hospital performance variation in six Stage 2 core competencies.
Stage 3 is expected to bring about advancements in care delivery by requiring enhanced EHR functionality and standards for structuring data. Besides, it is intended to improve coordinated care and patient engagement.
Thus, all CEHRT must be able to meet the following objectives for attestation to Stage 3:
- Protect electronic patient health information (ePHI): Eligible providers must attest to conducting a security risk analysis to assess vulnerabilities to ePHI that could cause data leaks. Identified security weaknesses must be rectified as part of the provider’s risk management process.
- Utilize electronic prescribing: more than 60 percent of prescriptions must be transmitted electronically using CEHRT.
- Implement clinical decision support (CDS).
- Use computerized provider order entry (CPOE)for more than 60 percent of medication, laboratory, and diagnostic imaging orders.
- Provide more than 80 percent of all unique patients with timely electronic access to health information, with the option to download the records. Use clinically relevant data from CEHRT to identify patient-specific educational resources and allow accessing those materials to more than 35 percent of unique patients.
- Use CEHRT to engage with unique patients or their authorized representatives for improved coordination of care. The measures cover three different aspects. First of all, they require physicians to have more than 25 percent of patients join their EHR. Secondly, care providers should ensure more than 35 percent of patients with a secure digital communication. And thirdly, more than 15 percent of patients have to generate data from fitness trackers or wearable devices.
- Improve health information exchange (HIE). The first measure requires more than 50 percent of care transition and referrals include the exchange of health records electronically. The second measure requires physicians to incorporate into the patient’s EHR an electronic summary of care document for more than 40 percent of transitions received and new patients. The third measure calls for using e-prescribing services to reconcile medication lists from online sources with their own for more than 80 percent of new patients.
- Coordinate with a Public Health Agency or Clinical Data Registry to submit ePHI, including immunization registry, syndromic surveillance, cases, clinical data registry, and public health registry.
EHR vendors offer different design choices, but some do a better job meeting MU criteria. However, provider choice alone won’t translate to compliance. System implementation, staff training, and EHR optimization also have a significant impact on meeting federal certification requirements.
"The meaningful use program, as it has existed, will now be effectively over and replaced with something better," Andy Slavitt, CMS Acting Administrator, said.
MACRA: PURPOSES, STRUCTURES, CONDITIONS
In 2016 Medicare Access and CHIP (Children’s Health Insurance Program) Reauthorization Act replaced Meaningful Use, however, most MU requirements still apply. MACRA determines ways to pay physicians for caring for Medicare beneficiaries and establishes funding for technical assistance for providers.
“It encourages us to continue to make the healthcare system smarter without denying service. As a consequence, it's going to be good for people who use Medicare,” Barack Obama, 44th President of the United States, said. “It starts encouraging payments based on quality, not the number of tests that are provided or the number of procedures that are applied but whether or not people actually start feeling better.”
There are two ways to take part in the MACRA program: Merit-based Incentive Payment System (MIPS) and Advanced Alternative Payment Models (APMs). Both require physicians to use certified EHR technology as well as EHR vendors to supply with standardized software.
Thus, an eligible clinician is required to use a certified EHR if they are seeking to obtain the bonus. Providers may submit their MIPS data using their EHR either directly or through a third party, such as EHR vendor.
“It’s good to have options when it comes to the clothes we wear, cars we drive, and things we do. But having too many options when it comes to quality reporting under MACRA’s Merit-Based Incentive Payment System (MIPS) may prove to be too much for providers and their EHR vendors,” Ida Mantashi, CMHP, Director of Product Management at Modernizing Medicine, said.
2018 marks the second year of the Merit-Based Incentive Payment System, and the requirements are definitely ramping up and posing more of a challenge. However, MIPS is nothing to be too scared of - as long as the practice has the right technology to streamline MIPS data collection and submission.
ONC CERTIFICATION PROGRAM: KEY PRINCIPLES AND WEAKNESSES
The Office of the National Coordinator for Health IT (ONC) has established a voluntary program for the certification of health IT standards. The program also regulates implementation specifications and certification criteria adopted by the HHS Secretary.
The ONC Certification Program is based on the principles of the International Standards Organization (ISO) and International Electrotechnical Commission (IEC) framework.
In order to capture and share patient data efficiently, providers need an EHR that stores information in a structured format. Well-designed data allows patient files to be easily retrieved and transferred, as well as enables providers to use the system in ways that can aid patient care.
An EHR vendor who maintained ONC certification process and required EHR-based data submission has to meet the submission requirements. They are established by CMS for all MIPS categories in order to support eligible clinicians participating in MIPS. Healthcare providers, in turn, may feel overwhelmed as they choose not only which MIPS measures to report on, but how to report them. While MIPS attestation flexibilities create challenges for EHR vendors, providers should still turn to their systems for advice on which MIPS quality measures to select.
“Providers are going to facing challenges because they are putting so many options in front of them,” Mantashi said. “It seems very nice, but it’s going to be more difficult for them to understand which option is the best option for them.”
Selecting measures already supported by an EHR system or dashboard will help eligible clinicians to predict their payment adjustments based on their performance as well as refocus their attention on patient care, rather than quality reporting.
“Now some of the EHRs and the dashboards show which measures the providers are doing better on,” Mantashi said. “We do recommend them to stay with that selection. Select the top six that they’re doing much better and don’t forget about outcome measures and high-priority ones.”
Moreover, EHR providers may find it harder to act as a partner for their customers as they strive for quality improvement.
In this regard, the final rules seek to introduce a more flexible certification program that supports developer innovations, opens new market opportunities, and supplies healthcare providers with a broader range of electronic HIE options. However, EHR vendors are concerned that there are many requirements that are yet to be fully vetted by the industry.
"We will certainly meet all the demands for industry regulation and do what is necessary," Joe Wall, Manager Interoperability Strategy, Certification and Health IT Policy at MEDITECH said. "But, the certification process will pose a challenge to smaller vendors because what they put in the certification rule is very large and the technology demands are immense."
WHAT ARE THE HEALTH IT CERTIFICATION CRITERIA
Certification of an EHR system ensures it offers the necessary technological capability and functionality to help users meet the MU objectives. Healthcare providers and patients must also be confident that the product they use is secure, respects the confidentiality of any info received and can share data with other systems.
The 2015 Edition Health IT Certification Criteria addresses past rulemakings and extends into 2018 and following years. The 2015 Edition final rule supports patient care, their participation in care delivery, and electronic exchange of interoperable health information.
EHRs have a ton of data that has to be recorded and stored in accordance with the law. Information is said to be structured when it’s easy to view online, edit, and import into other software. This is also known as “interoperability”. Thus, CEHRTs are obliged to store records that patients can browse, download, modify, and share with other healthcare professionals.
CMS refers to EHR-stored info as Common Clinical Data Set (CCD). According to the ONC Health IT, all providers using a 2015 ONC edition CEHRT should be able to send the following CCD about a patient:
CMS notes that EHR technology must be able to electronically receive and transmit transitions of care summaries according to the Applicability Statement for Secure Health Transport. EHR technology developers are also able to seek certification to two optional transport standards:
- The Applicability Statement for Secure Health Transport specification and the XDR and XDM for Direct Messaging specification;
- The Simple Object Access Protocol (SOAP)-Based Secure Transport Requirements Traceability Matrix (RTM) version 1.0 standard and the XDR and XDM for Direct Messaging specification.
WHAT ARE THE INTEROPERABILITY STANDARDS
As defined by HIMSS, healthcare interoperability describes the extent to which systems and devices can exchange data, and interpret that shared files.
“If a project requires two different systems to talk to each other, they're may not interoperable,” Brian Lancaster, Nebraska Medicine Vice President of IT, said. “Eventually having a standard isn’t the issue. The issue is the lack of control organizations have over what goes into the transport mechanism.”
Created by the HL7 organization, Fast Healthcare Interoperability Resource (FHIR) is a draft standard defining data formats and APIs for exchanging EHRs. FHIR uses modern web-based technologies, like a HTTP-based RESTful protocol, HTML, and Cascading Style Sheets (for user interface integration), JSON/XML (for data representation), and Atom (for results). This standard was supported at an American Medical Informatics Association meeting by industry-successful companies like Cerner.
"FHIR uses the exact same technology as does Google," Charles Jaffe, MD, PhD, HL7 CEO, said. "When you ask for the five best restaurants in Baltimore, there's not a database of restaurants in Baltimore. Google goes out and looks for that query on the web, albeit with a rather exotic algorithm to find those things, and assembles that information for you."
Digital Imaging and Communications in Medicine (DICOM) is most commonly used for storing and transmitting medical pictures. The standard enables integrating healthcare imaging devices like scanners, workstations, and picture archiving communication systems (PACS) from multiple vendors. However, DICOM files can be exchanged between parties that are capable of receiving data in DICOM format.
The ONC for Health IT included Consolidated Clinical Document Architecture (C-CDA) in its 2014 and 2015 Edition certification criteria. C-CDA is an XML-based markup standard that encodes and structure clinical documents for exchange. Additionally, it allows for a non-XML body (e.g. pdf, Word, jpg) for simple implementation. This standard can contain any type of clinical content that would be included in a patient’s medical record.
WHAT ARE THE CONSEQUENCES OF IGNORING EHR CERTIFICATION REQUIREMENTS
Over the past year, the US administration has become increasingly concerned with the risk of improper incentive payments under the programs. In June 2017, the HHS Office of Inspector General (OIG) reported that $729.4 million were tied up with EHR incentive payments. However, it was found that the software did not comply with federal requirements. The OIG’s review covered EHR incentive payments amounting over $6.094 billion that Medicare provided to 250.470 eligible professionals from 2001 to 2014.
Following the report, the OIG decided to initiate a nationwide review of Medicare EHR incentive payments. In the same year, they announced the first False Claims Act settlement with EHR vendor for misrepresenting their ability to meet certification standards, however, have received incentive payments.
“Every day, millions of Americans rely on the accuracy of their electronic health records to record and transmit their vital health information,” Chad A. Readler, Acting Assistant Attorney General of the Justice Department’s Civil Division, said. “This resolution is a testament to our deep commitment to public health and our determination to hold accountable those whose conduct results in improper payments by the federal government.”
The first case was the one where eClinicalWorks paid $155 million to settle charges of not meeting all the government requirements. The company was alleged to inappropriately test their software and to ignore data portability as well as reliable record laboratory and diagnostic imaging orders.
On 12 December 2017, 21st Century Oncology was forced to pay $26 million. The vendor resolved allegations that they made false certifications regarding the capabilities of their EHR software.
“This settlement represents our office’s continued commitment to ensuring compliance with important federal health care laws,” Stephen Muldrow, Acting U.S. Attorney of the Middle District of Florida, said. “We appreciate that 21st Century Oncology self-reported a major fraud affecting Medicare, and we are also pleased that the company has agreed to accept financial responsibility for past compliance failures.”
The aforementioned cases reflect the US government's aggressive efforts to uncover and prosecute unfair practices related to the ever expanding use/development of EHR technology.
WHAT ARE THE SECURITY MEASURES EHR DEVELOPERS MUST TAKE
“Let’s talk about safety. Cars are not a mishmash of pieces from different manufacturers. For the safety of the passengers, the manufacturer has figured out that you can’t put random components together because if you do, you won’t produce a safe vehicle. It’s the same situation in our industry,” Judith Faulkner, CEO and founder of Epic Systems, said. “Health care organizations don’t ask us to interface to every type of module because they understand that it could cause safety problems.”
Due to the sensitive nature of the information included in a patient’s EHR, several security safeguards have been introduced through the HIPAA and the HITECH Act. The HIPAA privacy and security rules apply to any organization that has access to PHI. They also include business associates, such as banks, billing firms, and software companies.
The HIPAA Security Rule requires maintaining reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI.
We are experienced in HIPAA-compliant app development and ready to serve you. Contact us for a free quote.
Features like secure messaging, end-user device encryption, and automatically logging users out after a period of inactivity help create a more secure EHR.
"As EHRs mature and collect vast amounts of data, keeping this data safe as adept cybersecurity threats increase must remain at the forefront," Kris K. Wilson, Chief Information Officer and the Director of CIP Projects for the Hawaii Health Systems, said. "Educating staff on the proper use of hospital systems and placing safeguards within your EHR to limit the amount of data accessible is a good start to overcoming this challenge."
WHAT ARE THE MAJOR CHALLENGES EHRs FACE IN 2018
An EHR is most frequently deployed as a digitized version of a paper medical record. Every interaction has to be recorded for a patient’s personal archive to improve care and future regulation. However, in some cases, entering and retrieving data takes even more time than with a paper chart that disrupts physicians.
According to Dr. Jonatan Handler, today’s EHRs are often overly focused on data entry and usually provide poorly designed displays with primitive options for searching and organizing PHI.
“The data entry steals physician time away from direct patient care, and that is what’s driving physician dissatisfaction”, Dr. Handler said.
Another major challenge EHRs face is the ongoing focus on interoperability. EHR systems should communicate with each other to successfully gain the complete picture of a patient.
"The major challenge that all of us face is the development of interoperability," David Ratto, MD, a pulmonary and critical care specialist and hospitalist at Methodist Hospital of Southern California, said. "Whether we are trying to accomplish meaningful use or improve the overall care of our patients, we need improved functional interoperability. Data must be available and needs to be seamlessly transferred from one source to the next."
Mustafa Ozkaynak, assistant professor in the University of Colorado Denver College of Nursing, believes EHR systems should accept data from outside health-related resources, such as daily living activities and nursing homes.
"CIOs and other executives should put themselves in the physician’s shoes; spend a day following physicians and see how they work with their EHR tools, understand the pain points, and hear their suggestions on improving value-based care," Kurt Hengman, MD, Director of the Rocky Mountain Center for Occupational and Environmental Health at the University of Utah, said.
Finally, there is an issue of information overload and physician burnout with EHRs. One of the ways to overcome this challenge is to offer a dedicated support team to work with staff and help them understand the workflows.
"This team would partner with the staff, super-users, and designated department contacts, and would give the staff a sense of ownership into its use," Matthew Ernst, Manager Information Systems at Thomas Jefferson University Hospitals, said. "The goal would be for the staff to become more proficient in its use and be freed for additional tasks."
EHR IN VETERINARY MEDICINE
One of the most overlooked medical specialties that have not been included in a discussion of EHRs is the practice of veterinary medicine. Veterinarians are required to document the examinations they perform that can take many hours а paperwork.
“Veterinary EHRs have no financial support or governmental mandate, so quality and use is all over the spectrum,” Sonnya Dennis, DVM, DABVP, President of the Association for Veterinary Informatics, said. “Veterinary EHRs can be good or horrible,” says Dennis. “It depends on the software, company support, and the doctor implementing it. Some docs confuse ‘easy to use’ with ‘good quality.”
A recent research conducted by independent veterinary medical practices in Massachusetts showed that over 80 percent of practices use some version of EVHRs. In other words, 63 percent of surveyed use a combination of both digital and paper-based records and 17 percent have switched completely to EVHRs. Additionally, 71 percent of them are satisfied, while 34 percent of veterinarians in clinics that mix electronic and paper records report satisfaction with their systems. This is mostly due to their EVHR systems failing their needs.
Developing and maintaining a reliable EHR system requires not only a significant investment but a continuous user support and robust education. In addition, if you participate in the EHR incentive programs in any capacity, you should ensure your company provides proper documentation to keep up with government-controlled attestation or certification. However, a certified clinic-oriented EHR system will definitely be in high demand on the current healthcare market.