The requirements for Meaningful Use attestation began on April 18, which means medical organizations now have some field experience with meeting Stage 1 requirements. Micky Tripathi, President and CEO of the Massachusetts eHealth Collaborative, recently polled his staff to see which core measures they are having the most difficulty with. The results were pretty interesting. We’ve included a summary of Tripathi’s findings below as well as our suggestions of the best ways to meet the related requirements. You can read Tripathi’s full article on the Health IT blog.
1. Core Measure 14: Capability to exchange key clinical information – Tripathi notes one large source of confusion with this requirement is whether it requires information exchange via a HIE (Health Information Exchange). The answer is NO. All it requires is that a valid clinical summary CCD/c32 be generated from one certified system, and that an attempt be made to upload it to another distinct certified system.
Solution: In our experience, we have seen that practices can meet this measure by creating an electronic CCD/CCR out of their EMR/EHR that is both Human Readable and structured data (needed in this measure). Then once it is produced, the encrypted digital file can be transferred to another practice on a CD, thumb drive, or via other encrypted protocol for them to upload to their system.
2. Core Measure 15: Protect health information – This requirement requires a practice to implement “appropriate technical capabilities” to protect health information and validate they have done so by “conducting or reviewing a security risk analysis” of their internal capabilities. Tripathi notes the problem with this measure is most providers generally know what the privacy and security rules are, but they’re unfamiliar with process details and don’t know the severity of the punishments for violating the rules. He also notes that since this requirement is somewhat vague and so focused on technical capabilities, there is a risk that an eligible professional (as defined in the Meaningful Use guidelines) merely “checking the box” could be tricked into thinking that they’ve adequately addressed federal and state privacy and security rules when they might not even be close!
Solution: To meet this measure, Tripathi suggests hiring a well-respected third party security audit firm. He states, “Your IT vendor may say that they can provide this service, but be careful – some will only focus on technical issues like firewalls and will give scant attention or completely ignore the policies and training that you and your staff need to really meet the letter and spirit of the law.” He continues that you should not rely on your EHR vendor for this, as they are highly unlikely to have a holistic view of the operations necessary for protecting you and your patients. Having a third party assess your risk of an information breach with HIPAA may cost you a bit up front, but definitely can save you money in the long run. Ask ScanSTAT about the other ways you can lower your risk and transfer your HIPAA liability to a trusted third party.
3. Core Measure 12: Provide patients with an electronic copy of their health information– Tripathi notes the general difficulties practices are having with Core Measure 12 is determining how to provide patient health information it in the way the patient wants it. The problem is, not all patients want their information in the same medium, so terms like “per patient preference” get complicated. Some patients ask for it in the patient portal, others want it in their PHR, while some want it in another way (like on a CD or thumb drive).
Solution: Indeed, meeting the measure and meeting the needs of your patient are NOT always one-in-the-same. While many EMR’s allow you to produce a CCD from the system, often this does NOT take into account scanned data that contains information your patient may desire. Keep in mind that how you interpret this measure and its objective should be based on how your EMR is certified for this measure and how they track it. Then you can alter your workflow accordingly. Many EMR’s have interpreted this measure to produce the minimally defined data as calculated by their defined “start”/denominator and “stop”/numerator actions. For example, when a patient requests an electronic copy of their record (the “start” action), the EMR system is capable of producing a CCD that is both Human Readable and structured data (the “stop” action) to deliver to the patient, satisfying the measure. ScanSTAT can work directly from your EMR to help you with your records request fulfillment work and scanning needs. Outsourcing to a trusted third party like ScanSTAT gives you the ability to transfer your HIPAA liability and lower your risk as a practice.
We have a feeling that many practices out there are struggling with these same problems and are looking for solutions. ScanSTAT is proud to be a leader in the electronic records fulfillment process and is here as your educational partner and resource. Learn more about Meaningful Use guidelines and how to fulfill them by downloading a Meaningful Use white paper or by viewing our Meaningful Use recorded webinar. Or, talk to one of our eROI experts today about our superior medical records fulfillment services, and see how easy it is to get started.