How good is your hospital? (JCAHO CMS to the rescue!)

Posted 10 July, 2007 in news, EHRs, solutions

onetoten.jpgWe’ve talked before about the importance of universal metrics and standards (e.g. IT security metrics (see: HIPAA intro and HIPAA enforcement) and EHR functionality.) Well, now that you have patient encounter data safely in your hosted EHR database, you’ll need some way to measure how well the medical practitioners are doing their jobs.

Enter JCAHO*– Joint Commission on Accreditation of Healthcare Organizations and Centers for Medicare & Medicaid Services– CMS (I know, they forgot an M in there…)

Those two organizations have identified “core measures” which they use 1. to determine JCAHO accreditation and 2. to determine if the hospital gets government money (Medicare & Medicaid).

An example, please!

A patient is admitted to the ER who has suffered a heart attack. JCAHO/CMS core measure AMI-1 states that the patient needs to be administered aspirin within 24 hours. There are five main categories of core measures with over thirty sub-measures. Running through your encounters manually to check against core measures would quickly become exhausting.

Wouldn’t it be nice if your EHR program could analyze your EHR encounter data and produce handy reports which show your JCAHO/CMS compliance levels? Well, there is at least one EHR vendor whose product now does that: RemedyMD’s OutcomeTrack. You can now even test drive their core measures analysis tool for free online (registration required).

If JCAHO accreditation is in the present or future of your hospital or practice, be sure that your EHR supports JCAHO/CMS reporting. If not, switch to an EHR vendor who does!

* The Joint Commission, an independent, not-for-profit organization, is the nation’s predominant standards-setting and accrediting body in health care. JCAHO is committed to improving healthcare nationwide and it evaluates medical facility compliance based on a focused set of “requirements” that are long known as essential to the delivery of good patient care.A JCAHO certification is considered the gold seal of approval and current law says hospitals accredited by JCAHO are automatically eligible for Medicare reimbursement.

The JCAHO web site can be found at www.jcaho.org (which is an alias for http://www.jointcommission.org/ )

HIPAA– it’s got teeth now

Posted 7 July, 2007 in HIPAA, EHRs

teeth.jpgWithout enforcement (including audits and levied penalties), laws are essentially meaningless. In en effort to prove that the HIPAA regulations were meant to be both read and obeyed, the Department of Health and Human Service (HHS) has begun to audit medical institutions. They started this March with Atlanta’s Piedmont Hospital. I think this is great, because up until now, EHR companies and the like have been able to claim HIPAA compliance without any proof. Now is when the truth will come out.

Piedmont Hospital was given ten days to provide policies and procedures addressing the following 24 areas:

  1. Establishing and terminating users’ access to systems housing electronic patient health information (ePHI).
  2. Emergency access to electronic information systems.
  3. Inactive computer sessions (periods of inactivity).
  4. Recording and examining activity in information systems that contain or use ePHI.
  5. Risk assessments and analyses of relevant information systems that house or process ePHI data.
  6. Employee violations (sanctions).
  7. Electronically transmitting ePHI.
  8. Preventing, detecting, containing and correcting security violations (incident reports).
  9. Regularly reviewing records of information system activity, such as audit logs, access reports and security incident tracking reports.
  10. Creating, documenting and reviewing exception reports or logs. Please provide a list of examples of security violation logging and monitoring.
  11. Monitoring systems and the network, including a listing of all network perimeter devices, i.e. firewalls and routers.
  12. Physical access to electronic information systems and the facility in which they are housed.
  13. Establishing security access controls; (what types of security access controls are currently implemented or installed in hospitals’ databases that house ePHI data?).
  14. Remote access activity i.e. network infrastructure, platform, access servers, authentication, and encryption software.
  15. Internet usage.
  16. Wireless security (transmission and usage).
  17. Firewalls, routers and switches.
  18. Maintenance and repairs of hardware, walls, doors, and locks in sensitive areas.
  19. Terminating an electronic session and encrypting and decrypting ePHI.
  20. Transmitting ePHI.
  21. Password and server configurations.
  22. Antivirus software.
  23. Network remote access.
  24. Computer patch management.

How would your EHR institution do on this quiz?

The Makings of an EHR

Posted 6 July, 2007 in EHRs

ehr.gifWhen deciding on an EHR for your practice or hospital, a functional comparison between vendors is certainly in order. Fortunately, a company called CCHIT (Certification Commission for Healthcare Information Technology) provides an updated comprehensive list of functional EHR requirements for “certified” EHR systems. Whether or not a private, for-profit organization ought to be certifying EHR companies is debatable, but the CCHIT certification documents do provide a robust baseline upon which an EHR can be considered complete. I’ve summarized most of their 2007 EHR functional specifications for you below:

Criteria for a complete EHR (items the EHR system must have or do):

  • Identify and maintain a patient record
  • Manage patient demographics
  • Create and maintain patient specific problem lists
  • Create and maintain patient specific medication lists
  • Create and maintain patient specific allergy and adverse reaction lists
  • Capture, review and manage medical, procedural/surgical, social and family history
  • Summarize health record
  • Manage clinical documents and notes
  • Capture and store external clinical documents
  • Generate and record patient specific instructions
  • Create prescriptions with detail adequate for filing and administration
  • Order diagnostic tests
  • Route, manage and present current and historical rest results
  • Manage consents and authorizations
  • Identify drug interaction warnings at the point of medication ordering
  • Present alerts for disease management, preventive services and wellness
  • Clinical task assignment and routing
  • Scheduling
  • Report generation
  • Health record output
  • Manage and document the health care delivered during an encounter
  • Rules-driven financial and administrative coding assistance
  • Entity authorization
  • Enforcement of confidentiality
  • Data retention, availability and destruction
  • Audit trail
  • Concurrent Use

NAVIGATION

Powered by AccordingToME.
Health Blogs - BlogCatalog Blog Directory Blog Directory Blogarama Globe of Blogs Blog Listings All-Blogs.net directory blog search directory