Stage 2-ready software delays prompt CMS to postpone Stage 2 deadline

While vendors were able to supply the software needed for healthcare providers to comply with Stage 1 of the EHR incentive program, they are experiencing delays in developing the software needed for Stage 2 meaningful use compliance.  In response to feedback from the healthcare community on this subject, the Centers for Medicare and Medicaid Services and the HHS' Office of the National Coordinator for Health Information Technology propose postponing Stage 2 implementation deadlines one year -- to take effect in 2015 instead of in 2014

Via Modern Healthcare:

For the second time this year, the federal government is pushing back a major health information technology initiative, potentially giving early adopters of electronic health records an extra year to meet more stringent meaningful-use requirements.

The CMS and HHS' Office of the National Coordinator for Health Information Technology issued a proposed rule last week that would give hospitals, office-based physicians and other professionals eligible for the EHR incentive program an additional year to use 2011 Edition software for their systems and continue to meet Stage 1 criteria for meaningful use of the technology.

The proposed rule means providers that entered the program in 2011 could have as many as four years using 2011 software at Stage 1 meaningful use.

Continue Reading...

Rural providers cope with HIT staffing deficits

If compliance with ONC regulations is challenging for healthcare providers in urban areas, with high concentrations of IT professionals, it is especially challenging for rural providers where IT resources in the form of human capital are scarce.  The federal government's 2009 healthcare stimulus package, HITECH, provided funding for a national network of regional extension centers (RECs) designed to assist rural healthcare systems.  While the program is considered very effective, its funding will dry up in 2014.  Rural providers have devised a creative array of strategies to overcome their HIT staffing obstacles.

Via Modern Healthcare:

It took St. Claire Regional Medical Center, in the small town of Morehead in northeastern Kentucky, 2½ months to fill an open position on its computer help desk.

“We just don't see that many people who are even close to being qualified willing to work for the amount of money we're able to pay,” said Randy McCleese, vice president of information services and chief information officer of the 159-bed hospital. “That's part of what we have to deal with in the rural environment.”

Continue Reading...

Software to ease ICD-10 transition: providers consider the options

Congress' decision this spring to delay the ICD-10 deadline has given healthcare providers some extra breathing space to make the transition, but many are seeking additional help in the form of new "language-to-code" translation software. 

Via Modern Healthcare:

Despite the recent congressional delay in implementing the ICD-10 coding system, there is growing interest in a high-tech way of helping physicians convert their standard clinical terminology into the complex new payment codes. It's called “language-to-code” translation.

These translation systems are essentially computerized medical dictionaries stuffed with clinician-friendly descriptions in English or Latin of patient complaints, diagnoses and procedures, which are then linked to lists of clinical and billing codes. These words are presented to clinicians during preparation or updating of a problem list, for example, through software built into their electronic health records. Once a clinician selects a word or phrase, the software links it to code sets such as SNOMED CT—now available for free through the National Library of Medicine—the American Medical Association's Current Procedural Terminology, and ICD-9 and ICD-10.

Continue Reading...

Steven J. Fox gives talks on cloud vendor contracts, receives favorable media coverage

Health IT blawger Steven J. Fox spoke to healthcare providers on contracting with cloud-based technology vendors at events sponsored by the Pennsylvania and American bar associations recently.  Initially covered by, the presentation has garnered further industry media attention, sparking three additional articles so far:

  • “Hospitals can benefit from cloud-based IT technology,” TeraMedica (March 31, 2014)
  • “Attorney: Cloud vendor contracts wrought with pitfalls,” FierceEMR (April 7, 2014)
  • “Beware the hidden costs of a poorly constructed EHR contract,” FierceEMR (April 10, 2014)

PHI of 26-30 million Americans to be linked in single, vast network

By September 2015 database managers hope to have a network in place that will link databases containing the PHI records of millions of people.  The project is being implemented by PCORI, Patient-Centered Outcomes Research Institute, a non-profit organization formed at the behest of Congress as part of the 2010 Affordable Care Act.  PCORI’s mission is to organize “comparative effectiveness” research in the healthcare industry regarding different treatment possibilities, drugs and devices.  PCORI elected to use its funding to create a network pooling millions of patient records in aid of its mission.  Issues still undecided include what pharmaceutical and insurance companies’ access to the data will be.  PCORI asserts that the data, which will, in some cases, include links to genetic samples, will be anonymized before release to researchers.  Critics worry that patient identities may not remain private (see "De-identified PHI records relatively easy to re-identify Harvard prof demonstrates"). 

See full Washington Post article at “Scientists embark on unprecedented effort to connect millions of patient medical records”.

Washington state inadvertently released computers containing PHI and other sensitive data

All state governments dispose of large numbers of older computers each year, and while they all have procedures in place to scrub sensitive data from the hard drives before releasing them, there have been reports of slip-ups.  An audit conducted last summer on computers approved for sale or donation by Washington state found that 9% still contained sensitive information such as Social Security numbers and health data including psychiatric records.  Washington releases as many as 10,000 older computers each year.  Since the audit, the state has changed how it processes computers destined for disposal including submitting them to an additional scrubbing procedure.

See full Consumerist article at “Washington State Sold Computers Loaded With Sensitive Personal Information,” as well as additional coverage at Spokesman-Review (Spokane, WA) and

FDA, ONC and FCC release FDASIA Health IT Report draft

Last week  the Food and Drug Administration (FDA), the Office of the National Coordinator for Health IT (ONC), and the Federal Communications Commission (FCC) announced the release of their draft FDASIA Health IT Report which incorporates the September 2013 recommendations of the FDASIA Workgroup.  The 34-page report introduces a proposed strategy for a risk-based regulatory framework for health IT.  The public is invited to comment.

See FDA announcement and the draft report itself at “FDASIA Health IT Report:  Proposed Strategy and Recommendations for a Risk-Based Framework”.

'Fasten your contracts' or risk a bumpy ride in the 'Cloud' blawger Steven J. Fox warns healthcare providers

"Never accept the vendor's standard form contract as the final word; remember that everything is negotiable," cautions Steven J. Fox.  Fox shared the podium with Lee Kim, HIMSS’ Director of Privacy and Security, at the HIMSS conference in Orlando to speak on “Hidden Pitfalls with Cloud, Mobile Technology, and Mobile Data".  Fox, who chairs Post & Schell’s Information Technology Practice Group, spoke extensively on steps healthcare providers can take before and during contract negotiations to protect their interests.  According to AuntMinnie, the medical imaging industry’s online news magazine, which covered the talk in depth, if you “[w]ant to implement a cloud-based health IT system…[you] need to perform thorough technical and business due diligence to ensure patient privacy and the availability and security of your data….”  While this is good advice for any contract negotiations, cloud data storage’s unique set of issues – reviewed in the HIMSS talk -- makes these precautions especially vital. 

See full AuntMinnie article at “Cloud IT use requires technical, business due diligence”

Over 220K PHI records affected in San Francisco area burglary

In a February incident at a Torrance, California medical billing company, burglars made off with several unencrypted computers.  According to an announcement by San Francisco’s Department of Public Health, the loss resulted in the theft of 56,000 San Francisco area patient records, and compromised an additional 168,500 Los Angeles area patient records, The medical billing company, Sutherland Healthcare Solutions, is offering the affected San Francisco area patients free credit monitoring and recovery services.  Sutherland has also committed to henceforth encrypt its computers, anchor them to office furniture, and require that all data be saved to shared drives rather than to individual computers.

See full LA Times article at “San Francisco patient records stolen in Torrance burglary”

Emailing PHI: considerations for developing best practices

PHI breaches that make the headlines often result from computer thefts or hacking.  Another, less well-publicized vulnerability for PHI records, however, is in the realm of electronic mail which is arguably not a particularly secure form of communication.  Over 100 billion emails were exchanged daily within the business community in 2013 and the number routinely exchanged within the healthcare industry is also enormous.  Institutions and entities that work with PHI’s can consider some of the following issues and questions regarding email and PHI’s either on a case-by-case basis, or in developing broader policies: 

  • Email is not what it used to be:  with continuing changes in technology, communication methods that have up until now been considered separate from email, may now also be considered email, including, for instance, telephone messages and faxes which are now routinely delivered by email.
  • Is email the only or best way to transmit the PHI or is there another, more secure method?
  • Is disclosing the PHI really required in this instance, or is it possible to simply allude to the information within the PHI more generally?
  • The contracts governing interactions with business associates and other entities may themselves limit what and how communication occurs.
  • Is encryption appropriate, and if so what is the best method?

See full AHLA Connections article at “Tips and Tactics for Transmitting PHI by Email”