00:00:15OFF CAMERA So, you told your supervisor you were having difficulty with concentration, and then it was your supervisor who set up this appointment, right, is it?
00:00:25HAROLD Yeah, I, I work at this large architectural engineering firm and it's all great. Except, they've accelerated the deadlines now and it just puts a lot of pressure on. And I, I just can't concentrate. I mean, everyone else is, doesn't have a problem with it. But, but I just, I just can't seem to be able to do the same job they're doing.
00:00:50OFF CAMERA Okay, tell me about your problem with concentration.
00:00:55HAROLD Well, um, you know it's just... Perfect example is, is they wanted me to design um, air ducts.
00:01:05OFF CAMERA Right.
00:01:05HAROLD Air ducts, simple. But I designed them through solid wall, a fire wall, and a supporting wall and I didn't even realize what I was doing.
00:01:15OFF CAMERA Uh-huh.
00:01:15HAROLD You know, I mean, um, I'm making silly mistakes like that because, another time we had these windows, we already bought them, design,
beautiful, they're going to be in this entire building.
00:01:30OFF CAMERA Right.
00:01:30HAROLD Every floor. Well, I drew the window opening way too small. Now, I mean, if that would have gone ahead, it would have cost millions. I just, it's, it's just silly things like that.
00:01:45OFF CAMERA Uh-huh, is this a new kind of problem for you?
00:01:45HAROLD Well, I mean, I didn't seem to have a problem when everything was relaxed, and the deadlines were normal.
00:01:50OFF CAMERA Right.
00:01:55HAROLD I could do the job. Everything was fine. But now we're on these, these ridiculously tight deadlines and, and I just, can't seem to do it. Everyone else can. It's, there's not a problem for them. And I end up like I'm not pulling my weight.
00:02:10OFF CAMERA Uh-huh.
00:02:10HAROLD And they think that and it's true, I'm not.
00:02:10OFF CAMERA Now did you have these, uh, similar kind of problems back in school?
00:02:15HAROLD Well, yeah, I mean, in school everyone would go to the library to cram for big exams, so, I mean.
00:02:20OFF CAMERA Right.
00:02:20HAROLD That was a normal thing. And, yeah, I'd go but I'd end up looking out the window. Look it's snowing, oh, it's spring time. I'll go for a walk. And, and if someone is whispering in a library well, I have to go to the other side. All my friends could study anywhere.
00:02:35OFF CAMERA Uh-huh, but, what other kind of difficulties do you seem to have?
00:02:40HAROLD Well, at the job we have, these uh, lectures, you know.
00:02:45OFF CAMERA Right.
00:02:45HAROLD We'd get together, it's groups. This is the lectures by the chief of the department gets together with all the architects and engineers and he talks about the mission of the day. What we're trying to work for, our goals.
00:02:55OFF CAMERA Right.
00:03:00HAROLD Do I listen? I'm thinking, maybe, my dog needs a bath. Or what am I going to have for lunch? Or, you know, anything other than what he's saying.
00:03:05OFF CAMERA Mm-hmm.
00:03:10HAROLD And because of that, you know, it's not a good idea.
00:03:15OFF CAMERA So, so, is it difficult to sit and listen?
00:03:20HAROLD Yeah, I mean, okay, we were suppose to be designing this other, on top of this penthouse, this, kind of, a patio, party area.
00:03:30OFF CAMERA Right.
00:03:30HAROLD And the gutters around it just to make sure everything was
very comfortable for everyone. Well, I got up there and I'm designing and the gutters are here, and no, wait a minute, there's Italian, tile floor. Doesn't look like it's tilted the correct way. So I started studying that and there were already two people assigned to study that. To fix that problem, not me.
00:03:50OFF CAMERA Mm-hmm.
00:03:55HAROLD I got in a lot of trouble for that one.
00:03:55OFF CAMERA Do you have any problems organizing?
00:04:00HAROLD At home or the office?
00:04:00OFF CAMERA Uh, either.
00:04:05HAROLD I'm a bit of a mess. I mean, and I'm messy. I will forget my shoes, my socks, my phone, my jacket, I, I can't find them. I'm not that organized. And I have a calendar. One of my coworkers, actually bought me a calendar to motivate me.
00:04:20OFF CAMERA Yeah.
00:04:25HAROLD To get more organized. So, I started writing down all the important dates and events, but then do I ever look at that calendar? No, I don't. So, it's a complete waste of time.
00:04:35OFF CAMERA What about problems paying bills?
00:04:40HAROLD Bills, I mean, yeah they get paid. After two or three times of the threatening calls or letters. And then I have to pay the penalties.
00:04:50OFF CAMERA Hmm, what about hyperactivity?
00:04:50HAROLD You know, I mean, I'm, sometimes I'm a little more uncomfortable in a chair or you know. But I don't think that's that big a deal. I mean, I used to be a lot worse. I mean, uh, there was a time when I was in school, I would get marked down for citizenship because I never raised my hand and I talked out of class and, and I just, couldn't seem to stay focused. But I'm a lot better now.
00:05:20OFF CAMERA Mm-hmm, were you ever um, treated with medications or behavioral therapies for ADHD?
00:05:25HAROLD No, no. My mother threatened that one time, but I was never evaluated. Never went, uh, I'm kind of amazed she never just dragged me into a doctor's office, but she never did.
00:05:40OFF CAMERA Do you drink any caffeinated drinks?
00:05:45HAROLD Coffee, soda, you know, once in a while. But when I was a kid, my mother said no caffeine, no sugar, cause you'll climb the walls. I was already doing it anyway and so she, I uh, once and a while I'll have a little caffeine now and it kind of helps me focus a little but, sugar, I stay away from that. It's just not a good idea.
00:06:05END TRANSCRIPT
Training Title 50
Name: Harold Brown
Gender: male Age: 60 years old
Vital Signs: T- 98.8 P- 74 R: 18 1 BP: 34/70 Ht 5’10 Wt: 170lbs
Background: Has bachelor’s degree in engineering. He dates casually, never married, no children. Has one younger brother. Sleeps 7 hours, appetite good. Denied legal issues; MOCA 28/30 difficulty with attention and delayed recall; ASRS-5 21/24; denied hx of drug use; enjoys one scotch drink on the weekends with a cigar. Allergies Dilaudid; history HTN blood pressure controlled with Cozaar 100mg daily, angina prescribed ASA 81mg po daily, valsartan 80mg daily. Hypertriglyceridemia prescribed fenofibrate 160mg daily, has BPH prescribed tamsulosin 0.4mg po bedtime.
Symptom Media. (Producer). (2017). Training title 50 [Video]. https://video-alexanderstreetcom.ezp.waldenulibrary.org/watch/training-title-50
Learning Resources
American Psychiatric Association. (2022). Neurocognitive disorders. In Diagnostic and statistical manual of mental disorders (5th ed., text rev.). https://go.openathens.net/redirector/waldenu.edu?url= https://dsm.psychiatryonline.org/doi/full/10.1176/appi.books.9780890425787.x17_Neurocognitive_Disorders
American Psychiatric Association. (2022). Neurodevelopmental disorders. In Diagnostic and statistical manual of mental disorders (5th ed., text rev.). https://go.openathens.net/redirector/waldenu.edu?url= https://dsm.psychiatryonline.org/doi/full/10.1176/appi.books.9780890425787.x01_Neurodevelopmental_Disorders
Sadock, B. J., Sadock, V. A., & Ruiz, P. (2015). Kaplan & Sadock’s synopsis of psychiatry (11th ed.). Wolters Kluwer.
· Chapter 21, Neurocognitive Disorders
· Chapter 31, Child Psychiatry
Health Care Information Systems
Health Care Information Systems A Practical Approach for Health
Care Management
Fourth Edition
Karen A. Wager
Frances Wickham Lee
John P. Glaser
Cover design by Wiley
Copyright © 2017 by John Wiley & Sons, Inc. All rights reserved.
Published by Jossey-Bass A Wiley Brand One Montgomery Street, Suite 1000, San Francisco, CA 94104-4594—www.josseybass.com
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400, fax 978-646-8600, or on the Web at www.copyright.com. Requests to the publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, 201-748-6011, fax 201-748-6008, or online at www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifi cally disclaim any implied warranties of merchantability or fi tness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profi t or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. Readers should be aware that Internet Web sites offered as citations and/or sources for further information may have changed or disappeared between the time this was written and when it is read.
Jossey-Bass books and products are available through most bookstores. To contact Jossey-Bass directly call our Customer Care Department within the U.S. at 800-956-7739, outside the U.S. at 317-572-3986, or fax 317-572-4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.
Library of Congress Cataloging-in-Publication Data Library of Congress Cataloging-in-Publication Data has been applied for and is on fi le with the Library of Congress.
9781119337188 (paperback) 9781119337126 (ePDF) 9781119337089 (ePub)
Printed in the United States of America
FOURTH EDITION
PB Printing 10 9 8 7 6 5 4 3 2 1
Contents
Tables, Figures, and Exhibits ................................................................................ xi Preface ................................................................................................................ xv Acknowledgments ............................................................................................ xxiii The Authors ...................................................................................................... xxv
Part 1 Major Environmental Forces That Shape the National Health Information System Landscape ....................................................... 1
1 The National Health Information Technology Landscape ..................................................................... 3 Learning Objectives 1990s: The Call for HIT 2000–2010: The Arrival of HIT 2010–Present: Health Care Reform and the Growth of HIT Summary Key Terms Learning Activities References
2 Health Care Data ............................................................................ 21 Learning Objectives Health Care Data and Information Defi ned Health Care Data and Information Sources Health Care Data Uses Health Care Data Quality Summary Key Terms Learning Activities References
3 Health Care Information Systems ................................................. 65 Learning Objectives Review of Key Terms Major Health Care Information Systems History and Evolution Electronic Health Records Personal Health Records Key Issues and Challenges
v
vi · C O N T E N T S
Summary Key Terms Learning Activities References
4 Information Systems to Support Population Health Management ...................................................................... 99 Learning Objectives PHM: Key to Success Accountable Care Core Processes Data, Analytics, and Health IT Capabilities and Tools Transitioning from the Record to the Plan Summary Key Terms Learning Activities References
Part 2 Selection, Implementation, Evaluation, and Management of Health Care Information Systems .................................................................... 139 5 System Acquisition ....................................................................... 141
Learning Objectives System Acquisition: A Defi nition Systems Development Life Cycle System Acquisition Process Project Management Tools Things That Can Go Wrong Information Technology Architecture Summary Key Terms Learning Activities References
6 System Implementation and Support ........................................ 179 Learning Objectives System Implementation Process Managing Change and the Organizational Aspects System Support and Evaluation Summary Key Terms Learning Activities References
7 Assessing and Achieving Value in Health Care Information Systems .................................................................... 215 Learning Objectives Definition of IT-Enabled Value
C O N T E N T S · vii
The IT Project Proposal Ensuring the Delivery of Value Analyses of the IT Value Challenge Summary Key Terms Learning Activities References
8 Organizing Information Technology Services ............................ 251 Learning Objectives Information Technology Functions Organizing IT Staff Members and Services In-House versus Outsourced IT Evaluating IT Effectiveness Summary Key Terms Learning Activities References
Part 3 Laws, Regulations, and Standards That Affect Health Care Information Systems .............. 285
9 Privacy and Security ..................................................................... 287 Learning Objectives Privacy, Confidentiality, and Security Defi ned Legal Protection of Health Information Threats to Health Care Information The Health Care Organization’s Security Program Beyond HIPAA: Cybersecurity for Today’s Wired Environment Summary Key Terms Learning Activities References
10 Performance Standards and Measures ....................................... 323 Learning Objectives Licensure, Certification, and Accreditation Measuring the Quality of Care Federal Quality Improvement Initiatives Summary Key Terms Learning Activities References
11 Health Care Information System Standards .............................. 357 Learning Objectives HCIS Standards Overview Standards Development Process
viii · C O N T E N T S
Federal Initiatives Affecting Health Care IT Standards Other Organizations Influencing Health Care IT Standards Health IT Standards Vocabulary and Terminology Standards Data Exchange and Messaging Standards Health Record Content and Functional Standards Summary Key Terms Learning Activities References
Part 4 Senior-Level Management Issues Related to Health Care Information Systems Management ........................................................... 393 12 IT Alignment and Strategic Planning ......................................... 395
Learning Objectives IT Planning Objectives Overview of Strategy The IT Assest A Normative Approach to Developing Alignment and IT Strategy IT Strategy and Alignment Challenges Summary Key Terms Learning Activities References
13 IT Governance and Management ............................................... 427 Learning Objectives IT Governance IT Budget Management Role in Major IT Initiatives IT Effectiveness The Competitive Value of IT Summary Key Terms Learning Activities Notes References
14 Health IT Leadership Case Studies .............................................. 467 Case 1: Population Health Management in Action Case 2: Registries and Disease Management in the PCMH Case 3: Implementing a Capacity Management
Information System Case 4: Implementing a Telemedicine Solution Case 5: Selecting an EHR For Dermatology Practice Case 6: Watson’s Ambulatory EHR Transition
C O N T E N T S · ix
Case 7: Concerns and Workarounds with a Clinical Documentation System
Case 8: Conversion to an EHR Messaging System Case 9: Strategies for Implementing CPOE Case 10: Implementing a Syndromic Surveillance System Case 11: Planning an EHR Implementation Case 12: Replacing a Practice Management System Case 13: Implementing Tele-psychiatry in a Community Hospital
Emergency Department Case 14: Assessing the Value and Impact of CPOE Case 15: Assessing the Value of Health IT Investment Case 16: The Admitting System Crashes Case 17: Breaching The Security of an Internet Patient Portal Case 18: The Decision to Develop an IT Strategic Plan Case 19: Selection of a Patient Safety Strategy Case 20: Strategic IS Planning for the Hospital ED Case 21: Board Support for a Capital Project Supplemental Listing of Related Case Studies and Webinars
Appendixes A. Overview of the Health Care IT Industry ................................... 525
The Health Care IT Industry Sources of Industry Information Health Care IT Associations Summary Learning Activities References
B. Sample Project Charter, Sample Job Descriptions, and Sample User Satisfaction Survey ......................................... 539 Sample Project Charter Sample Job Descriptions Sample User Satisfaction Survey
Index ................................................................................................................. 559
Tables, Figures, and Exhibits
TABLES
1.1 Stages of Meaningful Use ................................................................. 9 1.2 Differences between Medicare and Medicaid EHR
incentive programs .......................................................................... 11 1.3 MIPS performance categories...........................................................13 2.1 Ten common hospital statistical measures ........................................47 2.2 Terms used in the literature to describe the fi ve common
dimensions of data quality ..............................................................52 2.3 Excerpt from data dictionary used by AHRQ surgical site infection
risk stratifi cation/outcome detection ................................................56 3.1 Common types of administrative and clinical information systems ....68
3.2 Functions defining the use of EHRs .................................................76 3.3 Sociotechnical dimensions ...............................................................92 4.1 Key attributes and broad results of current ACO models ................. 106 5.1 Sample criteria for evaluation of RFP responses ............................. 161 7.1 Financial analysis of a patient accounting document
imaging system .............................................................................227 7.2 Requests for new information system projects ................................ 230 9.1 HIPAA violation categories ............................................................ 302 9.2 Top ten largest fines levied for HIPAA violations as of
August 2016 .................................................................................. 303 9.3 Resources for conducting a comprehensive risk analysis ................. 309 9.4 Common examples of vulnerabilities and mitigation strategies ........ 310
10.1 2015 approved CMS accrediting organizations ................................329 10.2 Major types of quality measures ....................................................336 10.3 Excerpt of CQMs for 2014 EHR Incentive Programs ........................338 10.4 MIPS performance categories.........................................................349 11.1 Relationships among standards-setting organizations ...................... 361 11.2 Excerpt from CVX (clinical vaccines administered) .........................374 11.3 Excerpt from NCPDP data dictionary ............................................. 380 11.4 X12 TG2 work groups ................................................................... 381 11.5 Excerpt from the HL7 EHR-S Functional Model ..............................386
xi
xii · T A B L E S , F I G U R E S , A N D E X H I B I T S
12.1 IT initiatives linked to organizational goals ....................................397 12.2 Summary of the scope of outpatient care problems ........................ 402 12.3 Assessment of telehealth strategic opportunities ............................. 413 12.4 Summary of IT strategic planning .................................................. 414 13.1 Target increases in an IT operating budget .....................................442 14.1 List of cases and corresponding chapters .......................................469 A.1 IT interests of different health care organizations ...........................526 A.2 Health care provider market: NAICS taxonomy ..............................527 A.3 Changes in application focus resulting from changes
in the health care business model .................................................528 A.4 Major health care IT vendors, ranked by revenue ........................... 530 B.1 Revision history ............................................................................ 541 B.2 Issue management ........................................................................549
FIGURES
1.1 Milestones for a supportive payment and regulatory environment ....15 2.1 Health care data to health care knowledge .......................................23 2.2 Sample EHR information screen ......................................................33 2.3 Sample EHR problem list ................................................................34 2.4 Sample EHR progress notes .............................................................34
2.5 Sample EHR lab report ....................................................................35 2.6 Sample heart failure and hypertension query screen .........................45
3.1 History and evolution of health care information systems (1960s to today) .............................................................................70
3.2 Sample drug alert screen .................................................................73 3.3 Sample patient portal ......................................................................74 3.4 Percent of non-federal acute care hospitals with adoption of at
least a basic EHR with notes system and position of a certifi ed EHR: 2008–2015 ..............................................................................75
3.5 Office-based physician practice EHR adoption since 2004 .................77 3.6 The ONC’s roadmap to interoperability ............................................84 4.1 Percent of nonfederal acute care hospitals that electronically
exchanged laboratory results, radiology reports, clinical care summaries, or medication lists with ambulatory care providers or hospitals outside their organization: 2008–2015 ......................... 118
5.1 Systems development life cycle ......................................................144 5.2 System usability scale questionnaire ..............................................163
5.3 Cost-benefi t analysis .....................................................................164 5.4 Example of a simple Gantt chart ...................................................167
T A B L E S , F I G U R E S , A N D E X H I B I T S · xiii
6.1 Project timeline with project phases ..............................................189 7.1 IT investment portfolio ..................................................................237 7.2 Days in accounts receivable ..........................................................239 7.3 Digital intensity versus transformation intensity .............................246 8.1 IT organizational chart: Large health system ..................................257
10.1 Screenshot from NQF .................................................................... 341 10.2 Projected timetable for implementation of MACRA ......................... 350 12.1 Overview of IT strategy development ............................................. 400 12.2 IT initiative priorities .................................................................... 415 12.3 IT plan timetable and budget ........................................................ 416 12.4 Hype cycle for emerging technologies, 2014 ................................... 422 13.1 IT budget decision-making process ................................................443 13.2 Gross margin performance differences in high IT–use industries ..... 461 13.3 Singles and grand slams ................................................................463
EXHIBITS
2.1 Excerpt from ICD-10-CM 2016 ..........................................................38 2.2 Excerpt from ICD-10 PCS 2017 OCW ................................................40 2.3 Patient encounter form coding standards .........................................41 5.1 Overview of System Acquisition Process ........................................ 147 9.1 Sample release of information form ...............................................294 9.2 Cybersecurity framework core ....................................................... 318
10.1 Medical Record Content: Excerpt from South Carolina Standards for Licensing Hospitals and Institutional General Infi rmaries ..........326
10.2 Medical Record Content: Excerpt from the Conditions of Participation for Hospitals .............................................................328
11.1 Excerpt from ONC 2016 Interoperability Standards Advisory ...........366 11.2 X12 5010 professional claim standard............................................. 382 12.1 IT initiatives necessary to support a strategic goal for a provider .... 410 12.2 IT initiatives necessary to support a strategic goal for a
health plan ................................................................................... 411 12.3 System support of nursing documentation ..................................... 412
In memory of our colleague Andy Pasternack
Preface
Health care delivery is in the early stages of a profound shift in its core strat egies, organization, financing, and operational and care processes.
Reactive sick care is being replaced by proactive efforts to keep people well and out of the hospital. Fragmented care delivery capabilities are being supplanted by initiatives to create and manage cross-continuum systems of care. Providers that were rewarded for volume are increasingly being rewarded for quality and effi ciency.
New forms of reimbursement, such as bundles and various types of cap itation, are causing this shift. To thrive in the new era of health care delivery, providers are creating health systems, such as accountable care organizations, that include venues along the care spectrum.
In addition providers are introducing new processes to support the need to manage care between encounters, keep people healthy, and ensure that utilization is appropriate. Moreover, as reimbursement shifts to incent- improved provider performance these organizations will have a common need to optimize operational efficiency, improve financial management, and effectively engage consumers in managing their health and care.
These changes in business models and processes follow on the heels of the extraordinary increase in electronic health record adoption spurred by the Meaningful Use program of the US federal government.
On top of a foundation of electronic health records, the industry will add population health management applications, systems that support extensive patient engagement, broader interoperability, and more significant use of analytics. Providers involved in patient care will need immediate access to electronic decision-support tools, the latest relevant research findings on a given topic, and patient-specific reminders and alerts. Health care executives will need to be able to devise strategic initiatives that take advantage of access to real-time, relevant administrative and clinical information.
In parallel with the changes in health care, information technology (IT) innovation continues at a remarkable pace. The Internet of Things is creating a reality of intelligent homes, cars, and equipment, such as environmental sensors and devices attached to patients. Social media use continues to grow
xv
xvi · P R E F A C E
and become more sophisticated and capable. Mobile personal devices have become the device of choice for personal and professional activities. Big data has exceptional potential to help identify new diagnostic and therapeutic algorithms, conduct most market surveillance, and assess the comparative effectiveness of treatments.
For providers to prosper in this new era they must be very effective in developing IT strategies, implementing the technology, and leveraging the technology to improve organizational performance. They must understand the nature of health care data and the challenges of privacy and security. Clinicians and managers must appreciate the breadth of health care IT and emerging health care IT trends.
The transformation of the health care industry means that IT is no longer a necessary back-office evil—it is an essential foundation if an organization is to survive. That has not been true in the past; provider organizations could do quite well in a fee-for-service world without computerized physician order entry and other advanced IT applications.
Having ready access to timely, complete, accurate, legible, and rele vant information is critical to health care organizations, providers, and the patients they serve. Whether it is a nurse administering medication to a comatose patient, a physician advising a patient on the latest research findings for a specific cancer treatment, a billing clerk filing an electronic claim, a chief executive officer justifying to the board the need for build ing a new emergency department, or a health policy analyst reporting on the cost-effectiveness of a new prevention program to the state’s Medicaid program, each individual needs access to high-quality information with which to effectively perform his or her job.
The need for quality information in health care, already strong, has never been greater, particularly as this sector of our society strives to provide quality care, contain costs, and ensure adequate access.
PURPOSE OF THIS BOOK
The purpose of this book is to prepare future health care executives with the knowledge and skills they need to manage information and information systems technology effectively in this new environment. We wrote this book with the graduate student (or upper-level undergraduate student) enrolled in a health care management program in mind.
Our definition of health care management is fairly broad and includes a range of academic programs from health administration, health infor mation management, and public health programs to master of business
P R E F A C E · xvii
administration (MBA) programs with an emphasis in health to nursing administration and physician executive educational programs. This book may also serve as an introductory text in health informatics programs.
The first (2005), second (2009), and third (2013) editions have been widely used by a variety of health care management and health information systems programs throughout the United States and abroad. Although we have maintained the majority of the chapters from the third edition, this edition has gone through significant changes in composition and structure reflecting feedback from educators and students and the need to discuss topics such as population health and recent changes in payment reform ini tiatives. We have removed the section on the international perspective on health care information technology and updated the case studies of organi zations experiencing management-related information system challenges. We also added a new chapter on the role of information systems in managing population health.
ORGANIZATION OF THIS BOOK
The chapters in this book are organized into four major parts:
• Part One: “Major Environmental Forces That Shape the National Health Information System Landscape” (Chapters One through Four)
• Part Two: “Selection, Implementation, Evaluation, and Management of Health Care Information Systems” (Chapters Five through Eight)
• Part Three: “Laws, Regulations, and Standards That Affect Health Care Information Systems” (Chapters Nine through Eleven)
• Part Four: “Senior-Level Management Issues Related to Health Care Information Systems Management” (Chapters Twelve through Fourteen)
In addition Appendix A provides an overview of the health care IT indus try. Appendix B provides a compendium of a sample project charter, sample job descriptions, and a sample user satisfaction survey.
The purpose of Part One (“Major Environmental Forces That Shape the National Health Information System Landscape”) is to provide the reader with the foundation needed for the rest of the book. This foun dation includes an overview of the major environmental forces that are shaping the national health IT landscape, such as Medicare’s alternative payment programs. The reader will gain insight into the different types of clinical, administrative, and external data used by health care provider
xviii · P R E F A C E
organizations. Additionally, the reader will gain an understanding of the adoption, use, and functionality of health care information systems with focus on electronic health records (EHRs), personal health records (PHRs), and systems need to support population health management (e.g., data analytics, telehealth).
Specifically Part One has four chapters:
• Chapter One: National Health Information Technology Landscape. This chapter discusses the various forces and activities that are shaping health information systems nationally. The chapter reviews the HITECH Act, the Affordable Care Act, HIPAA, and national efforts to advance interoperability.
• Chapter Two: Health Care Data. This chapter examines the range of health care data and issues with data quality and capture. This examination is conducted from a cross-continuum, health system perspective.
• Chapter Three: Health Care Information Systems. This chapter provides an overview of clinical and administrative information systems. The chapter focuses on the electronic health record and personal health record and describes in greater detail the major initiatives that have led to current adoption and use of EHRs by hospitals and physician practices (e.g., Meaningful Use and health information exchanges). The chapter also includes discussion on the state of EHRs in settings across the care continuum (e.g., behavioral health, community care, long-term care). It concludes with a discussion on important health care information system issues including interoperability, usability, and health IT safety.
• Chapter Four: Information Systems to Support Population Health Management. This is a new chapter. Its purpose is to focus on the key data and information needs of health systems to effectively manage population health. Key topics include population health, telehealth, patient engagement (including social media), data analytics, and health information exchange (HIE).
The purpose of Part Two (“Selection, Implementation, Evaluation, and Management of Health Care Information Systems”) is to provide the reader with an overview of what is needed to effectively select, implement, evaluate, and manage health care information systems. This section discusses issues mid- and senior-level managers are likely to encounter related to managing
P R E F A C E · xix
change and managing projects. The reader will also gain insight into the role and functions of the IT organization or department.
Specifically Part Two has four chapters:
• Chapter Five: System Acquisition. This chapter discusses the processes that organizations use to select information systems. We have included a discussion on the importance of system architecture.
• Chapter Six: System Implementation and Support. This chapter reviews the processes and activities need to implement and support health care information systems. We have included an examination of change management and project management.
• Chapter Seven: Assessing and Achieving Value in Health Care Information Systems. This chapter discusses the nature of the value that can be obtained from health care information systems and the approaches to achieving that value.
• Chapter Eight: Organizing Information Technology Services. This chapter reviews the structure and responsibilities of the IT organization. This chapter discusses IT senior management roles such as the chief information offi cer and the chief medical information offi cer.
The purpose of Part Three (“Laws, Regulations, and Standards That Affect Health Care Information Systems”) is to provide the reader with an overview of the laws, regulations, and standards that affect health care infor mation systems. Emphasis is given to system security.
Specifically Part Three has three chapters:
• Chapter Nine: Privacy and Security. This chapter examines privacy and security regulations and practices.
• Chapter Ten: Performance Standards and Measures. This chapter discusses the wide range of regulations that affect health care information systems, with an emphasis on new regulations related to the focus on the continuum of care.
• Chapter Eleven: Health Care Information Systems Standards. This chapter reviews the new and emerging standards that govern health care data, transactions, and quality measures.
The purpose of Part Four (“Senior-Level Management Issues Related to Health Care Information Systems Management”) is to provide the reader with
xx · P R E F A C E
an understanding of senior-level management responsibilities and activities related to IT management.
Specifically Part Four has three chapters:
• Chapter Twelve: IT Alignment and Strategic Planning. This chapter discusses the processes used by organizations to develop an IT strategic plan. The chapter reviews the challenges faced in developing these plans.
• Chapter Thirteen: IT Governance and Management. This chapter discusses several topics that must be addressed by senior leadership if IT is to be leveraged effectively: establishing IT governance, developing the IT budget, and ensuring that projects are successful.
• Chapter Fourteen: Health IT Leadership Case Studies. This chapter comprises case studies that provide real-world situations that touch on the content of this textbook.
Each chapter in the book (except Chapter Fourteen) begins with a set of chapter learning objectives and an overview and concludes with a summary of the material presented and a set of learning activities. These activities are designed to give students an opportunity to explore more fully the concepts intro duced in the chapter and to gain hands-on experience by visiting and talking with IT and management professionals in a variety of health care settings.
Two appendixes offer supplemental information. Appendix A presents an overview of the health care IT industry: the companies that provide IT hard ware, software, and a wide range of services to health care organizations. Appendix B contains a sample project charter, sample job descriptions, and a sample user satisfaction survey: documents referenced throughout the book.
Depending on the nature and interests of the students, various chapters are worth emphasizing. Students and courses that are targeted for current or aspiring senior executive positions may want to emphasize Chapter One (National Health Care IT Landscape), Chapter Four (Population Health), Chapter Seven (IT Value), Chapter Twelve (IT Strategy), and Chapter Thirteen (IT Governance and Management). For classes focused on mid-level man agement, Chapter One (National Health Care IT Landscape), Chapter Five (System Selection), Chapter Six (System Implementation), and Chapter Seven (IT Value) will merit attention.
Regardless of role, Chapter Two (Health Care Data), Chapter Three (Health Care Information Systems), Chapter Eight (IT Organization), and Part Three (Laws, Regulations, and Standards) provide important founda tional knowledge.
P R E F A C E · xxi
One final comment. Two terms, health information technology (HIT) and health care information systems (HCIS), are frequently used throughout the text. Although it may seem that these terms are interchangeable, they are, in fact, related but different. As used in this text, HIT encompasses the technol ogies (hardware, software, networks, etc.) used in the management of health information. HCIS describes a broader concept that not only encompasses HIT but also the processes and people that the HIT must support. HCIS delivers value to individual health care organizations, patients, and providers, as well as across the continuum of care and for entire communities of individuals. HIT delivers little value on its own. Both HCIS and HIT must be managed, but the management of HCIS is significantly more difficult and diverse.
Health care and health care information technology are in the early stages of a profound transformation. We hope you find this textbook helpful as we prepare our students for the challenges that lie ahead.
Acknowledgments
We wish to extend a special thanks to Juli Wilt for her dedication and assis tance in preparing the fi nal manuscript for this book. We also wish to thank the following MUSC students in the doctoral program in health administra tion, who contributed information systems management stories and expe riences to us for use as case studies: Penney Burlingame, Barbara Chelton, Stuart Fine, David Freed, David Gehant, Patricia Givens, Shirley Harkey, Victoria Harkins, Randall Jones, Michael Moran, Catrin Jones-Nazar, Ronald Kintz, Lauren Lent, George Mikatarian, Lorie Shoemaker, and Gary Wilde.
To all of our students whom we have learned from over the years, we thank you.
Finally, we wish to extend a very special thanks to Molly Shane Grasso for her many contributions to Chapter Four, “Information Systems to Support Population Health Management.”
xxiii
The Authors
Karen A. Wager is professor and associate dean for student affairs in the College of Health Professions at the Medical University of South Carolina (MUSC), where she teaches management and health information systems courses to graduate students. She has more than thirty years of professional and academic experience in the health information management profession and has published numerous articles, case studies, and book chapters. Recog nized for her excellence in interprofessional education and in bringing prac tical research to the classroom, Wager received the 2016 College Teacher of the Year award and the 2008 MUSC outstanding teaching award in the educa tor-lecturer category and the 2008 Governor’s Distinguished Professor Award. She currently serves as the chair of the Accreditation Council for the Com mission on Accreditation of Healthcare Management Education (CAHME), is a member of the CAHME board of directors, and is a past fellow of CAHME. Wager previously served as a member of the HIMSS-AUPHA-CAHME Task Force responsible for the development of a model curriculum in health information systems appropriate for educating graduate students in health administration programs. She is past president of the South Carolina chapter of the Healthcare Information and Management Systems Society (HIMSS) and past president of the South Carolina Health Information Management Association. Wager holds a doctor of business administration (DBA) degree with an emphasis in information systems from the University of Sarasota.
Frances Wickham Lee is professor and director of instructional operations for Healthcare Simulation South Carolina at the Medical University of South Carolina (MUSC). She recently joined the faculty at Walden University to teach in the Master of Healthcare Administration program. Lee has more than thirty years of professional and academic experience in the health information management, including publication of numerous articles and book chapters related to the field. She is past president of the North Carolina Health Information Management Association and South Carolina chapter of the Healthcare Information and Management Systems Society (HIMSS). Since 2007, Lee has broadened her expertise as a health care educator through her membership in a pioneering team charged with bringing health care
xxv
xxvi · T H E A U T H O R S
simulation to students and practicing professionals across the state of South Carolina. She holds a DBA degree with an emphasis in information systems from the University of Sarasota.
John P. Glaser currently serves as the senior vice president of population health for Cerner. He joined Cerner in 2015 as part of the Siemens Health Services acquisition, where he was CEO. Prior to Siemens, Glaser was vice president and CIO at Partners HealthCare. He also previously served as vice president of information systems at Brigham and Women’s Hospital.
Glaser was the founding chair of the College of Healthcare Informa tion Management Executives (CHIME) and the past president of the Health- care Information and Management Systems Society (HIMSS). He has served on numerous boards including eHealth Initiative, the American Telemedi cine Association (ATA), and the American Medical Informatics Association (AMIA). He is a fellow of CHIME, HIMSS, and the American College of Health Informatics. He is a former senior advisor to the Office of the National Coor dinator for Health Information Technology (ONC).
Glaser has published more than two hundred articles, three books on the strategic application of information technology in health care. Glaser holds a PhD in health care information systems from the University of Minnesota.
Health Care Information Systems
Major Environmental Forces That Shape
the National Health Information System
Landscape
PART ONE
1
CHAPTER 1
The National Health Information Technology
Landscape
LEARNING OBJECTIVES
• To be able to discuss some of the most signifi cant infl uences shaping the current and future health information technology landscapes in the United States.
• To understand the roles national private sector and government initiatives have played in the advancement of health information technology in the United States.
• To be able to describe major events since the 1990s that have infl uenced the adoption of health information technologies and systems.
3
4 · C H A P T E R 1 : T H E N A T I O N A L H E A L T H I N F O R M A T I O N T E C H N O L O G Y L A N D S C A P E
Since the early 1990s, the use of health information technology (HIT) across all aspects of the US health care delivery system has been increasing. Electronic health records (EHRs), telehealth, social media, mobile applica tions, and so on are becoming the norm—even commonplace—today. Today’s health care providers and organizations across the continuum of care have come to depend on reliable HIT to aid in managing population health effec tively while reducing costs and improving quality patient care. Chapter One will explore some of the most signifi cant influences shaping the current and future HIT landscapes in the United States. Certainly, advances in infor mation technology affect HIT development, but national private sector and government initiatives have played key roles in the adoption and application of the technologies in health care. This chapter will provide a chronologi cal overview of the significant government and private sector actions that have directly or indirectly affected the adoption of HIT since the Institute of Medicine landmark report, The Computer-Based Patient Record: An Essential Technology for Health Care, authored by Dick and Steen and published in 1991. Knowledge of these initiatives and mandates shaping the current HIT national landscape provides the background for understanding the importance of the health information systems that are used to promote excellent, cost-effective patient care.
1990s: THE CALL FOR HIT
Institute of Medicine CPR Report
The Institute of Medicine (IOM) report The Computer-Based Patient Record: An Essential Technology for Health Care (Dick & Steen, 1991) brought international attention to the numerous problems inherent in paper-based medical records and called for the adoption of the computer-based patient record (CPR) as the standard by the year 2001. The IOM defi ned the CPR as “an electronic patient record that resides in a system specifi cally designed to support users by providing accessibility to complete and accurate data, alerts, reminders, clinical decision support systems, links to medical knowledge, and other aids” (Dick & Steen, 1991, p. 11). This vision of a patient’s record offered far more than an electronic version of existing paper records—the IOM report viewed the CPR as a tool to assist the clinician in caring for the patient by providing him or her with remind ers, alerts, clinical decision–support capabilities, and access to the latest research findings on a particular diagnosis or treatment modality. CPR systems and related applications, such as EHRs, will be further discussed
2 0 0 0 – 2 0 1 0 : T H E A R R I V A L O F H I T · 5
in Chapter Three. At this point, it is important to understand the IOM report’s impact on the vendor community and health care organizations. Leading vendors and health care organizations saw this report as an impetus toward radically changing the ways in which patient information would be managed and patient care delivered. During the 1990s, a number of vendors developed CPR systems. However, despite the fact that these systems were, for the most part, reliable and technically mature by the end of the decade, only 10 percent of hospitals and less than 15 percent of physician practices had implemented them (Goldsmith, 2003). Needless to say, the IOM goal of widespread CPR adoption by 2001 was not met. The report alone was not enough to entice organizations and individual providers to commit to the required investment of resources to make the switch from predominantly paper records.
Health Insurance Portability and Accountability Act (HIPAA)
Five years after the IOM report advocating CPRs was published, President Clinton signed into law the Health Insurance Portability and Account ability Act (HIPAA) of 1996 (which is discussed in detail in Chapter Nine). HIPAA was designed primarily to make health insurance more affordable and accessible, but it included important provisions to simplify adminis trative processes and to protect the security and confi dentiality of personal health information. HIPAA was part of a larger health care reform effort and a federal interest in HIT for purposes beyond reimbursement. HIPAA also brought national attention to the issues surrounding the use of personal health information in electronic form. The Internet had revolutionized the way that consumers, providers, and health care organizations accessed health information, communicated with each other, and conducted business, creat ing new risks to patient privacy and security.
2000–2010: THE ARRIVAL OF HIT
IOM Patient Safety Reports
A second IOM report, To Err Is Human: Building a Safer Health Care System (Kohn, Corrigan, & Donaldson, 2000), brought national attention to research estimating that 44,000 to 98,000 patients die each year because of medical errors. A subsequent related report by the IOM Committee on Data Stan dards for Patient Safety, Patient Safety: Achieving a New Standard for Care (Aspden, 2004), called for health care organizations to adopt information
6 · C H A P T E R 1 : T H E N A T I O N A L H E A L T H I N F O R M A T I O N T E C H N O L O G Y L A N D S C A P E
technology capable of collecting and sharing essential health information on patients and their care. This IOM committee examined the status of stan dards, including standards for health data interchange, terminologies, and medical knowledge representation. Here is an example of the committee’s conclusions:
• As concerns about patient safety have grown, the health care sector has looked to other industries that have confronted similar challenges, in particular, the airline industry. This industry learned long ago that information and clear communications are critical to the safe navigation of an airplane. To perform their jobs well and guide their plane safely to its destination, pilots must communicate with the airport controller concerning their destination and current circumstances (e.g., mechanical or other problems), their fl ight plan, and environmental factors (e.g., weather conditions) that could necessitate a change in course. Information must also pass seamlessly from one controller to another to ensure a safe and smooth journey for planes fl ying long distances, provide notifi cation of airport delays or closures because of weather conditions, and enable rapid alert and response to extenuating circumstance, such as a terrorist attack.
• Information is as critical to the provision of safe health care—which is free of errors of commission and omission—as it is to the safe operation of aircraft. To develop a treatment plan, a doctor must have access to complete patient information (e.g., diagnoses, medications, current test results, and available social supports) and to the most current science base (Aspden, 2004).
Whereas To Err Is Human focused primarily on errors that occur in hospi tals, the 2004 report examined the incidence of serious safety issues in other settings as well, including ambulatory care facilities and nursing homes. Its authors point out that earlier research on patient safety focused on errors of commission, such as prescribing a medication that has a potentially fatal interaction with another medication the patient is taking, and they argue that errors of omission are equally important. An example of an error of omission is failing to prescribe a medication from which the patient would likely have benefited (Institute of Medicine, Committee on Data Standards for Patient Safety, 2003). A significant contributing factor to the unacceptably high rate of medical errors reported in these two reports and many others is poor information management practices. Illegible prescriptions, unconfi rmed
2 0 0 0 – 2 0 1 0 : T H E A R R I V A L O F H I T · 7
verbal orders, unanswered telephone calls, and lost medical records could all place patients at risk.
Transparency and Patient Safety
The federal government also responded to quality of care concerns by pro moting health care transparency (for example, making quality and price information available to consumers) and furthering the adoption of HIT. In 2003, the Medicare Modernization Act was passed, which expanded the program to include prescription drugs and mandated the use of electronic prescribing (e-prescribing) among health plans providing prescription drug coverage to Medicare beneficiaries. A year later (2004), President Bush called for the widespread adoption of EHR systems within the decade to improve efficiency, reduce medical errors, and improve quality of care. By 2006, he had issued an executive order directing federal agencies that administer or sponsor health insurance programs to make information about prices paid to health care providers for procedures and information on the quality of services provided by physicians, hospitals, and other health care providers publicly available. This executive order also encouraged adoption of HIT standards to facilitate the rapid exchange of health information (The White House, 2006).
During this period significant changes in reimbursement practices also materialized in an effort to address patient safety, health care quality, and cost concerns. Historically, health care providers and organizations had been paid for services rendered regardless of patient quality or outcome. Nearing the end of the decade, payment reform became a hot item. For example, pay for performance (P4P) or value-based purchasing pilot programs became more widespread. P4P reimburses providers based on meeting predefined quality measures and thus is intended to promote and reward quality. The Centers for Medicare and Medicaid Services (CMS) notified hospitals and physicians that future increases in payment would be linked to improvements in clinical performance. Medicare also announced it would no longer pay hospitals for the costs of treating certain conditions that could reasonably have been prevented—such as bedsores, injuries caused by falls, and infections resulting from the prolonged use of catheters in blood vessels or the bladder—or for treating “serious prevent able” events—such as leaving a sponge or other object in a patient during surgery or providing the patient with incompatible blood or blood prod ucts. Private health plans also followed Medicare’s lead and began denying payment for such mishaps. Providers began to recognize the importance
8 · C H A P T E R 1 : T H E N A T I O N A L H E A L T H I N F O R M A T I O N T E C H N O L O G Y L A N D S C A P E
of adopting improved HIT to collect and transmit the data needed under these payment reforms.
Office of the National Coordinator for Health Information Technology
In April 2004, President Bush signed Executive Order No. 13335, 3 C.F.R., establishing the Office of the National Coordinator for Health Information Technology (ONC) and charged the office with providing “leadership for the development and nationwide implementation of an interoperable health information technology infrastructure to improve the quality and effi ciency of health care.” In 2009, the role of the ONC (organizationally located within the US Department of Health and Human Services) was strengthened when the Health Information Technology for Economic and Clinical Health (HITECH) Act legislatively mandated it to provide leadership and oversight of the national efforts to support the adoption of EHRs and health informa tion exchange (HIE) (ONC, 2015).
In spite of the various national initiatives and changes to reimbursement during the first decade of the twenty-first century, by the end of the decade only 25 percent of physician practices (Hsiao, Hing, Socey, & Cai, 2011) and 12 percent of hospitals (Jha, 2010) had implemented “basic” EHR systems. The far majority of solo and small physician practices continued to use paper- based medical record systems. Studies show that the relatively low adoption rates among solo and small physician practices were because of the cost of HIT and the misalignment of incentives (Jha et al., 2009). Patients, payers, and purchasers had the most to gain from physician use of EHR systems, yet it was the physician who was expected to bear the total cost. To address this misalignment of incentives issue, to provide health care organizations and providers with some funding for the adoption and Meaningful Use of EHRs, and to promote a national agenda for HIE, the HITECH Act was passed as a part of the American Recovery and Reinvestment Act in 2009.
2010–PRESENT: HEALTH CARE REFORM AND THE GROWTH OF HIT
HITECH and Meaningful Use
An important component of HITECH was the establishment of the Medicare and Medicaid EHR Incentive Programs. Eligible professionals and hospitals that adopt, implement, or upgrade to a certified EHR received incentive pay ments. After the first year of adoption, the providers had to prove successfully
2 0 1 0 – P R E S E N T : H E A L T H C A R E R E F O R M A N D T H E G R O W T H O F H I T · 9
that they were “demonstrating Meaningful Use” of certified EHRs to receive additional incentive payments. The criteria, objectives, and measures for demonstrating Meaningful Use evolved over a five-year period from 2011 to 2016. The first stage of Meaningful Use criteria was implemented in 2011–2012 and focused on data capturing and sharing. Stage 2 (2014) criteria are intended to advance clinical processes, and Stage 3 (2016) criteria aim to show improved outcomes. Table 1.1 provides a broad overview of the Meaningful Use criteria by stage.
Through the Medicare EHR Incentive Program, each eligible professional who adopted and achieved meaningful EHR use in 2011 or 2012 was able to earn up to $44,000 over a five-year period. The amount decreased over the period, creating incentives to providers to start sooner rather than later.
Table 1.1 Stages of Meaningful Use
Stage 1: Stage 2: Stage 3: Meaningful Use criteria Meaningful Use criteria Meaningful Use criteria focus focus focus
Electronically capturing health information in a standardized format
Using that information to track key clinical conditions
Communicating that information for care coordination processes
Initiating the reporting of clinical quality measures and public health information
Using information to engage patients and their families in their care
More rigorous HIE
Increased requirements for e-prescribing and incorporating lab results
Electronic transmission of patient summaries across multiple settings
More patient-controlled data
Improving quality, safety, and effi ciency leading to improved health outcomes
Decision support for national high-priority conditions
Patient access to self- management tools
Access to comprehensive patient data through patient-centered HIE
Improving population health
Source: ONC (n.d.a.).
10 · C H A P T E R 1 : T H E N A T I O N A L H E A L T H I N F O R M A T I O N T E C H N O L O G Y L A N D S C A P E
Eligible hospitals could earn over $2 million through the Medicare EHR Incentive Program, and the Medicaid program made available up to $63,500 for each eligible professional (through 2021) and over $2 million to each eligible hospital. As of December 2015, more than 482,000 health care pro viders received a total of over $31 billion in payments for participating in the Medicare and Medicaid EHR Incentive Programs (CMS, n.d.). See Table 1.2 for primary differences between the two incentive programs.
Within the ONC, the Office of Interoperability and Standards oversees certification programs for HIT. The purpose of certification is to provide assurance to EHR purchasers and other users that their EHR system has the technological capability, functionality, and security needed to assist them in meeting Meaningful Use criteria. Eligible providers who apply for the EHR Medicare and Medicaid Incentive Programs are required to use certifi ed EHR technology. The ONC has authorized certain organizations to perform the actual testing and certification of EHR systems.
Other HITECH Programs
Many small physician practices and rural hospitals do not have the in-house expertise to select, implement, and support EHR systems that meet certifi ca tion standards. To address these needs, HITECH funded sixty-two regional extension centers (RECs) throughout the nation to support providers in adopt ing and becoming meaningful users of EHRs. The RECs are primarily intended to provide advice and technical assistance to primary care providers, espe cially those in small practices, and to small rural hospitals, which often do not have information technology (IT) expertise. Furthermore, HITECH provided funding for various workforce training programs to support the education of HIT professionals. The education-based programs included curriculum development, community college consortia, competency examination, and university-based training programs, with the overarching goal of training an additional forty-five thousand HIT professionals. Funding was also made avail able to seventeen Beacon communities and Strategic Health IT Advanced Research Projects (SHARP) across the nation. The Beacon programs are leading organizations that are demonstrating how HIT can be used in innova tive ways to target specific health problems within communities (HealthIT.gov, 2012). These programs are illustrating HIT’s role in improving individual and population health outcomes and in overcoming barriers such as coordination of care, which plagues our nation’s health care system (McKethan et al., 2011).
Achieving Meaningful Use requires that health care providers are able to share health information electronically with others using a secure network for HIE. To this end, HITECH provided state grants to help build the HIE
2 0 1 0 – P R E S E N T : H E A L T H C A R E R E F O R M A N D T H E G R O W T H O F H I T · 11
Table 1.2 Differences between Medicare and Medicaid EHR incentive programs
Medicare EHR Incentive Program Medicaid EHR Incentive Program
Federally implemented and available nationally
Medicare Advantage professionals have special eligibility accommodations.
Open to physicians, subsection (d) hospitals, and critical access hospitals
Same definition of Meaningful Use applied to all participants nationally
Must demonstrate Meaningful Use in fi rst year
Maximum incentive for eligible professionals is $44,000; 10 percent for HPSA (health professional shortage area).
2014 is the last year in which a professional can initiate participation.
Payments over fi ve years
In 2015 fee reductions (penalties) begin for those who do not demonstrate Meaningful Use of a certifi ed HER.
2016 is the last incentive payment year.
No Medicare patient population minimum is required.
Implemented voluntarily by states
Medicaid managed care professionals must meet regular eligibility requirements.
Open to fi ve types of professionals and three types of hospitals
States can adopt a more rigorous definition of Meaningful Use.
Adopt, implement, or upgrade option in fi rst year
Maximum incentive for eligible professionals is $63,750.
2016 is the last year in which a professional can initiate participation.
Payments over six years
No fee reductions (penalties)
2021 is the last incentive payment year.
Eligible professionals must have a 30 percent Medicaid population (20 percent for pediatricians) to participate; this must be demonstrated annually.
Source: Carson, Garr, Goforth, and Forkner (2010).
infrastructure for exchange of electronic health information among provid ers and between providers and consumers. Nearly all states have approved strategic and operational plans for moving forward with implementation of their HIE cooperative agreement programs.
12 · C H A P T E R 1 : T H E N A T I O N A L H E A L T H I N F O R M A T I O N T E C H N O L O G Y L A N D S C A P E
Affordable Care Act
In addition to the increased efforts to promote HIT through legislated pro grams, the early 2010s brought dramatic change to the health care sector as a whole with the passage of significant health care reform legislation. Amer icans have grappled for decades with some type of “health care reform” in an attempt to achieve the simultaneous “triple aims” for the US health care delivery system:
• Improve the patient experience of care
• Improve the health of populations
• Reduce per capita cost of health care (IHI, n.d.)
Full achievement of these aims has been challenging within a health care delivery system managed by different stakeholders—payers, providers, and patients—whose goals are frequently not well aligned. The latest attempt at reform occurred in 2010, when President Obama signed into law the Patient Protection and Affordable Care Act (PPACA), now known as the Affordable Care Act (ACA).
Along with mandating that individuals have health insurance and expanding Medicaid programs, the ACA created the structure for health insurance exchanges, including a greater role for states, and imposed changes to private insurance, such as prohibiting health plans from placing lifetime limits on the dollar value of coverage and prohibiting preexisting condition exclusions. Numerous changes were to be made to the Medicare program, including continued reductions in Medicare pay ments to certain hospitals for hospital-acquired conditions and excessive preventable hospital readmissions. Additionally, the CMS established an innovation center to test, evaluate, and expand different payment struc tures and methodologies to reduce program expenditures while main taining or improving quality of care. Through the innovation center and other means, CMS has been aggressively pursuing implementation of value-based payment methods and exploring the viability of alternative models of care and payment.
The final assessment of the success of ACA is still unknown; however, what is certain is that its various programs will rely heavily on quality HIT to achieve their goals. A greater emphasis than ever is placed on facilitating patient engagement in their own care through the use of technology. On the other end of the spectrum, new models of care and payment include improved health for populations as an explicit goal, requiring HIT to manage the sheer volume and complexity of data needed.
2 0 1 0 – P R E S E N T : H E A L T H C A R E R E F O R M A N D T H E G R O W T H O F H I T · 13
Value-Based Payment Programs
Shortly after the ACA was passed, CMS implemented several value-based payment programs in an effort to reward health care providers with incentive payments for the quality of care they provide to Medicare patients. In 2015, the Medicare Access and CHIP Reauthorization Act (MACRA) was signed into law. Among other things, MACRA outlines a timetable for the 2019 implementation of a merit-based incentive payment system (MIPS) that will replace other value-based payment programs, including the EHR Incentive Programs. MIPS will use a set of performance measures, divided into catego ries, to calculate a score (between 0 and 100) for eligible professionals. Each category of performance will be weighted as shown in Table 1.3.
Health care providers meeting the established threshold score will receive no adjustment to payment; those scoring below will receive a negative adjust ment, and those above, a positive adjustment. Exceptional performers may receive bonus payments (CMS, n.d.).
Alternate Payment Methods
Providers who meet the criteria to provide an alternate payment method (APM) will receive bonus payments and will be exempt from the MIPS. Although there are likely to be other APMs identified over time, three types are receiving a great deal of attention currently: accountable care organi zations (ACOs), bundled payments, and patient-centered medical homes (PCMHs). ACOs are “networks of . . . health care providers that share respon sibility for coordinating care and meeting health care quality and cost metrics for a defined patient population” (Breakaway Policy Strategies for FasterCures, 2015, p. 2). Bundled payments aim to incentivize providers to improve care coordination, promote teamwork, and lower costs. Payers will compensate
Table 1.3 MIPS performance categories
Category Weight (%)
Quality 50
Advancing care information 25
Clinical practice improvement activities 15
Resource use 10
14 · C H A P T E R 1 : T H E N A T I O N A L H E A L T H I N F O R M A T I O N T E C H N O L O G Y L A N D S C A P E
providers with a single payment for an episode of care. PCMHs are APMs that are rooted in the private sector. In 2007, four physician societies pub lished a joint statement of principles emphasizing a personal physician–led coordination of care. All of the APMs rely heavily on HIT. ACOs and PCMHs, in particular, require that HIT support the organization and its providers in the carrying out the following functions:
• Manage and coordinate integrated care.
• Identify, manage, and reduce or contain costs.
• Adhere to evidence-based practice guidelines and standards of care; ensure quality and safety.
• Manage population health.
• Engage patients and their families and caregivers in their own care.
• Report on quality outcomes.
HIT Interoperability Efforts
Despite efforts dating back to the first reports on the need for adoption of computerized patient records, complete interoperability among HIT systems, which is key to supporting an integrated health care delivery system that provides improved care to individuals and populations while managing costs, remains elusive. The federal government, along with other provider, vendor, and professional organizations, however, recognize this need for interopera bility. The ONC defines interoperability as “the ability of a system to exchange electronic health information with and use electronic health information from other systems without special effort on the part of the user” (ONC, n.d.a). Interoperability among HIT encompasses far more than just connected EHRs across systems. Home health monitoring systems are becoming common place, telehealth is on the rise, and large public health databases exist at state and national levels. True interoperability will encompass any electronic sources with information needed to provide the best possible health care.
Some of the more notable efforts toward HIT interoperability include the efforts by the government under the direction of the ONC and several other national public and private organizations. In 2015, the ONC published “Connecting Health and Care for the Nation: A Shared Nationwide Interop erability Roadmap,” a ten-year plan for achieving HIT interoperability in the United States. Figure 1.1 summarizes the key milestones identified in the ONC road map. The ultimate goal for 2024 is “a learning health system enabled by nationwide interoperability.” The goal of the learning health system is to
2 0 1 0 – P R E S E N T : H E A L T H C A R E R E F O R M A N D T H E G R O W T H O F H I T · 15
Figure 1.1 Milestones for a supportive payment and regulatory environment
Source: ONC (2015).
improve the health of individuals and populations by “generating information and knowledge from data captured and updated over time . . . and sharing and disseminating what is learned in timely and actionable forms that directly enable individuals, clinicians, and public health entities to . . . make informed decisions” (ONC, 2015, p. 18).
Health Level Seven International (HL7), a not-for-profi t, ANSI (American National Standards Institute)–accredited, standards-developing organization, is focused on technical standards for HIE. The HL7 Fast Healthcare Interop erability Resources (FHIR) standards were introduced in 2012 and are under development to improve the exchange of EHR data. About this same time Healtheway, now the Sequoia Project, was chartered as a nonprofi t organi zation to “advance the implementation of secure, interoperable nationwide health information exchange” (Sequoia Project, n.d.a). The Sequoia Project supports several initiatives, including the eHealth Exchange, a group of government and nongovernment organizations devoted to improving patient care through “interoperable health information exchange” (Sequoia Project, n.d.a). Unlike HL7, which focuses on technical standards, eHealth Exchange’s primary focus is on the legal and policy barriers associated with nationwide interoperability. Another Sequoia initiative, Carequality, strives to connect private HIE networks. Another private endeavor, Commonwell Health Alli ance, is a consortium of HIT vendors and other organizations that are com mitted to achieving interoperability. Commonwell began in 2013 with six EHR vendors. In 2015, their membership represented 70 percent of hospitals. Provider members of Commonwell register their patients in order to exchange easily information with other member providers (Jacob, 2015).
Although HIT has become commonplace across the continuum of care, seamless interoperability among the nation’s HIT systems has not yet been realized. One author describes the movement toward HIT interoperability in the United States not as a straight path but rather as a jigsaw puzzle with multiple public and private organizations “working on different pieces”
16 · C H A P T E R 1 : T H E N A T I O N A L H E A L T H I N F O R M A T I O N T E C H N O L O G Y L A N D S C A P E
(Jacob, 2015). Interoperability requires not only technical standards but also a national health information infrastructure, along with an effective gov erning system. Concerns about the misalignment of incentives for achiev ing interoperability remain. Most experts agree that technology is not the barrier to interoperability. Governance and alignment of agendas among disparate organizations are cited as the most daunting barriers. Because of its potential to affect seriously the progress of interoperability, in 2015, the ONC reported to Congress on the phenomenon of health information block ing, which is defined as occurring “when persons or entities knowingly and unreasonably interfere with the exchange or use of electronic health infor mation” (ONC, 2015). The report charged that current economic incentives were not supportive of information exchange and that some of the current market practices actually discouraged sharing health information (DeSalvo & Daniel, 2015).
SUMMARY
Chapter One provides a brief chronological overview of the some of the most significant national drivers in the development, growth, and use of HIT in the United States. Since the 1990s and the publication of The Computer-Based Patient Record: An Essential Technology for Health Care, the national HIT landscape has certainly evolved, and it will continue to do so. Challenges to realizing an integrated national HIT infrastructure are numerous, but the need for one has never been greater. Recognizing that the technology is not the major barrier to the national infrastructure, the government, through legislation, CMS incentive programs, the ONC, and other programs, will continue to play a significant role in the Meaningful Use of HIT, pushing for the alignment of incentives within the health care delivery system.
In a 2016 speech, CMS acting chief Andy Slavitt summed up the govern ment’s role in achieving its HIT vision with the following statements:
The focus will move away from rewarding providers for the use of tech nology and towards the outcome they achieve with their patients.
Second, providers will be able to customize their goals so tech compa nies can build around the individual practice needs, not the needs of the government. Technology must be user-centered and support physicians, not distract them.
Third, one way to aid this is by leveling the technology playing fi eld for start-ups and new entrants. We are requiring open APIs . . . that allow apps, analytic tools, and connected technologies to get data in and out of an EHR securely.
K E Y T E R M S · 17
We are deadly serious about interoperability. We will begin initiatives . . . pointing technology to fill critical use cases like closing referral loops and engaging a patient in their care.
Technology companies that look for ways to practice “data blocking” in oppo sition to new regulations will find that it won’t be tolerated. (Nerney, 2016)
Many of the initiatives discussed in Chapter One will be explored more fully in subsequent chapters of this book. The purpose of Chapter One is to provide the reader with a snapshot of the national HIT landscape and enough historical background to set the stage for why health care managers and leaders must understand and actively engage in the implementation of effective health information systems to achieve better health for individuals and populations while managing costs.
KEY TERMS Accountable Care Organizations (ACOs) Affordable Care Act (ACA) Alternate payment methods (APM) American Recovery and Reinvestment
Act ANSI (American National Standards
Institute) Beacon communities Bundled payments Centers for Medicare and Medicaid
Services (CMS) Commonwell Health Alliance Computer-based patient record (CPR) Coordination of care eHealth Exchange Electronic health records (EHRs) e-prescribing Fast Healthcare Interoperability
Resources (FHIR) standards Health information blocking Health information exchange (HIE) Health information technology (HIT) Health Information Technology for
Economic and Clinical Health (HITECH) Act
Health Insurance Portability and Accountability Act (HIPAA)
Health Level Seven International (HL7)
HIT interoperability Meaningful Use of EHR Medicare Access and CHIP
Reauthorization Act (MACRA) Medicare Modernization Act Merit-based incentive payment system
(MIPS) Nationwide Interoperability
Roadmap Office of the National Coordinator
for Health Information Technology (ONC)
Patient-centered medical homes (PCMHs)
Patient safety Pay for performance (P4P) Regional extension centers (RECs) Strategic Health IT Advanced
Research Projects (SHARP) The Sequoia Project Value-based payment
18 · C H A P T E R 1 : T H E N A T I O N A L H E A L T H I N F O R M A T I O N T E C H N O L O G Y L A N D S C A P E
LEARNING ACTIVITIES
1. Investigate the latest Meaningful Use criteria for eligible professionals or eligible hospitals. Visit either a physician practice or hospital in your community. Have they participated in the Medicare or Medicaid EHR Incentive Program? Why or why not? If the organization or provider has participated in the program, what has the experience been like? What lessons have they learned? Find out the degree to which the facility uses EHRs and what issues or challenges they have had in achieving Meaningful Use.
2. Evaluate different models of care within your local community or state. Did you find any examples of accountable care organizations or patient-centered medical homes? Explain. Working as a team, visit or interview a leader from a site that uses an innovative model of care. Describe the model, its use, challenges, and degree of patient coordination and integration. How is HIT used to support the delivery of care and reporting of outcomes?
3. Investigate one of the Beacon communities to find out how they are using HIT to improve quality of care and access to care within their region. Be prepared to share with the class a summary of your findings. Do you think the work that this Beacon community has done could be replicated in your community? Why or why not?
4. Explore the extent to which health information exchange is occurring within your community, region, or state. Who are the key players? What types of models of health information exchange exist? To what extent is information being exchanged across organizations for patient care purposes?
5. Investigate the CMS website to determine their current and proposed value-based or pay-for-performance programs. Compare one or more of the programs to the traditional fee-for-service payment method. What are the advantages and disadvantages of each to a physician provider in a small practice?
REFERENCES
Aspden, P. (2004). Patient safety: Achieving a new standard for care. Washington, DC: National Academies Press.
Breakaway Policy Strategies for FasterCures. (2015). A closer look at alternative payment models. FasterCures value and coverage issue brief. Retrieved August 4, 2016, from http://www.fastercures.org/assets/Uploads/PDF/VC-Brief-Alternative PaymentModels.pdf
R E F E R E N C E S · 19
Carson, D. D., Garr, D. R., Goforth, G. A., & Forkner, E. (2010). The time to hesitate has passed: The age of electronic health records is here (pp. 2–11). Columbia, SC: South Carolina Medical Association.
Centers for Medicare & Medicaid Services (CMS). (n.d.). The merit-based incen tive payment system: MIPS scoring methodology overview. Retrieved August 4, 2016, from https://www.cms.gov/Medicare/Quality-Initiatives-Patient- Assessment-Instruments/Value-Based-Programs/MACRA-MIPS-and-APMs/ MIPS-Scoring-Methodology-slide-deck.pdf
DeSalvo, K., & Daniel, J. (2015, April 10). Blocking of health information undermines health system interoperability and delivery reform. HealthIT Buzz. Retrieved August 4, 2016, from https://www.healthit.gov/buzz-blog/from-the-onc-desk/ health-information-blocking-undermines-interoperability-delivery-reform/
Dick, R. S., & Steen, E. B. (1991). The computer-based patient record: An essential technology for health care. Washington, DC: National Academy Press.
Goldsmith, J. C. (2003). Digital medicine: Implications for healthcare leaders. Chicago, IL: Health Administration Press.
HealthIT.gov. (2012). The Beacon community program improving health through health information technology [Brochure]. Retrieved August 3, 2016, from https://www.healthit.gov/sites/default/fi les/beacon-communities- lessons learned.pdf
Hsiao, C., Hing, E., Socey, T., & Cai, B. (2011, Nov.). Electronic medical record/ electronic health record systems of office-based physicians: United States, 2009 and preliminary 2010 state estimates. NCHS Data Brief (79). Washington, DC: US Department of Health and Human Services, National Center for Health Statistics, Division of Health Care Statistics.
Institute for Healthcare Improvement (IHI). (n.d.). The IHI triple aim. Retrieved September 22, 2016, from http://www.ihi.org/Engage/Initiatives/TripleAim/ Pages/default.aspx
Institute of Medicine, Committee on Data Standards for Patient Safety. (2003). Reducing medical errors requires national computerized information systems: Data standards are crucial to improving patient safety. Retrieved from http:// www8.nationalacademies.org/onpinews/newsitem.aspx?RecordID=10863
Jacob, J. A. (2015). On the road to interoperability, public and private organizations work to connect health care data. JAMA, 314(12), 1213.
Jha, A. K. (2010). Meaningful use of electronic health records. JAMA, 304(15), 1709. doi:10.1001/jama.2010.1497
Jha, A. K., Desroches, C. M., Campbell, E. G., Donelan, K., Rao, S. R., Ferris, T. G. . . . Blumenthal, D. (2009). Use of electronic health records in US hos pitals. New England Journal of Medicine, 360(16), 1628–1638. doi:10.1056/ nejmsa0900592
Kohn, L. T., Corrigan, J., & Donaldson, M. S. (2000). To err is human: Building a safer health system. Washington, DC: National Academy Press.
20 · C H A P T E R 1 : T H E N A T I O N A L H E A L T H I N F O R M A T I O N T E C H N O L O G Y L A N D S C A P E
McKethan, A., Brammer, C., Fatemi, P., Kim, M., Kirtane, J., Kunzman, J. . . . Jain, S. H. (2011). An early status report on the Beacon Communities’ plans for transformation via health information technology. Health Affairs, 30(4), 782–788. doi:10.1377/hlthaff.2011.0166
Nerney, C. (2016, January). CMS acting chief Slavitt on interoperabil ity. Retrieved August 3, 2016, from http://www.hiewatch.com/news/ cms-acting-chief-slavitt-interoperability
Office of the National Coordinator for Health Information Technology (ONC). (2015). Connecting health and care for the nation: A shared nationwide interop erability roadmap. Retrieved August 3, 2016, from https://www.healthit.gov/ sites/default/fi les/nationwide-interoperability-roadmap-draft-version-1.0.pdf
Office of the National Coordinator for Health Information Technology (ONC). (n.d.a). EHR incentives & certifi cation. Retrieved September 21, 2016, from https://www.healthit.gov/providers-professionals/how-attain-meaningful-use
Office of the National Coordinator for Health Information Technology (ONC). (n.d.b). Interoperability. Retrieved September 21, 2016, from https://www .healthit.gov/policy-researchers-implementers/interoperability
The Sequoia Project. (n.d.a). About the Sequoia Project. Retrieved August 4, 2016, from http://sequoiaproject.org/about-us/
The Sequoia Project. (n.d.b). What is eHealth exchange. Retrieved from http:// sequoiaproject.org/ehealth-exchange/
The White House. (2006, August). Fact sheet: Health care transparency: Empowering consumers to save on quality care. Retrieved September 22, 2016, from https:// georgewbush-whitehouse.archives.gov/news/releases/2006/08/20060822.html
CHAPTER 2
Health Care Data
LEARNING OBJECTIVES
• To be able to define health care data and information.
• To be able to understand the major purposes for maintaining patient records.
• To be able to discuss basic patient health record and claims content.
• To be able to discuss basic uses of health care data, including big and small data and analytics.
• To be able to identify common issues related to health care data quality.
21
22 · C H A P T E R 2 : H E A L T H C A R E D A T A
Central to health care information systems is the actual health care data that is collected and subsequently transformed into useful health care infor mation. In this chapter we will examine key aspects of health care data. In particular, this chapter is divided into four main sections:
• Health care data and information defined (What are health data and health information?)
• Health care data and information sources (Where does health data originate and why? When does health care data become health care information?)
• Health care data uses (How do health care organizations use data? What is the impact of the trend toward analytics and big data on health care data?)
• Health care data quality (How does the quality of health data affect its use?)
HEALTH CARE DATA AND INFORMATION DEFINED
Often the terms health care data and health care information are used inter changeably. However, there is a distinction, if somewhat blurred in current use. What, then, is the difference between health data and health informa tion? The simple answer is that health information is processed health data. (We interpret processing broadly to cover everything from formal analysis to explanations supplied by the individual decision maker’s brain.) Health care data are raw health care facts, generally stored as characters, words, symbols, measurements, or statistics. One thing apparent about health care data is that they are generally not very useful for decision making. Health care data may describe a particular event, but alone and unprocessed they are not particu larly helpful. Take, for example, this figure: 79 percent. By itself, what does it mean? If we process this datum further by indicating that it represents the average bed occupancy for a hospital for the month of January, it takes on more meaning. With the additional facts attached, is this figure now infor mation? That depends. If all a health care executive wants or needs to know is the bed occupancy rate for January, this could be considered information. However, for the hospital executive who is interested in knowing the trend of the bed occupancy rate over time or how the facility’s bed occupancy rate compares to that of other, similar facilities, this is not yet the information he needs. A clinical example of raw data would be the lab value, hematocrit (HCT) = 32 or a diagnosis, such as diabetes. These are single facts, data at the most granular level. They take on meaning when assigned to particular
H E A L T H C A R E D A T A A N D I N F O R M A T I O N D E F I N E D · 23
patients in the context of their health Figure 2.1 Health care data to care status or analyzed as components health care knowledge of population studies.
Knowledge is seen by some as the highest level in a hierarchy with data at the bottom and information in the middle (Figure 2.1). Knowledge is defined by Johns (1997, p. 53) as “a combination of rules, relationships, ideas, and experience.” Another way of thinking about knowledge is that it is information applied to rules, expe riences, and relationships with the result that it can be used for decision making. Data analytics applied to health care information and research studies based on health care information are examples of transforming health care information into new knowledge. To carry out our example from previ ous paragraphs, the 79 percent occupancy rate could be related to additional information to lead to knowledge that the health care facility’s referral strat egy is working.
Where do health care data end and where does health care information begin? Information is an extremely valuable asset at all levels of the health care community. Health care executives, clinical staff members, and others rely on information to get their jobs accomplished. The goal of this discussion is not to pinpoint where data end and information begins but rather to further an understanding of the relationship between health care data and information— health care data are the beginnings of health care information. You cannot create information without data. Through the rest of this chapter the terms health care data and health care information will be used to describe either the most granular components of health care information or data that have been processed, respectively (Lee, 2002).
The first several sections of this chapter focus primarily on the health care data and information levels, but the content of the section on health care data quality takes on new importance when applied to processes for seeking knowledge from health care data. We will begin the chapter exploring where some of the most common health care data originate and describe some of the most common organizational and provider uses of health care information, including patient care, billing and reimbursement, and basic health care statistics. Please note there are many other uses for health information that go beyond these basics that will be explored throughout this text.
24 · C H A P T E R 2 : H E A L T H C A R E D A T A
HEALTH CARE DATA AND INFORMATION SOURCES
The majority of health care information created and used in health care information systems within and across organizations can be found as an entry in a patient’s health record or claim, and this information is readily matched to a specifi c, identifi able patient.
The Health Insurance Portability and Accountability Act (HIPAA), the federal legislation that includes provisions to protect patients’ health informa tion from unauthorized disclosure, defi nes health information as any information, whether oral or recorded in any form or medium, that does the following:
• Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse
• Relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual
HIPAA refers to this type of identifiable information as protected health information (PHI).
The Joint Commission, the major accrediting agency for many types of health care organizations in the United States, has adopted the HIPAA defi ni tion of protected health information as the definition of “health information” listed in their accreditation manuals’ glossary of terms (The Joint Commis sion, 2016). Creating, maintaining, and managing quality health information is a significant factor in health care organizations, such as hospitals, nursing homes, rehabilitation centers, and others, who want to achieve Joint Commis sion accreditation. The accreditation manuals for each type of facility contain dozens of standards that are devoted to the creation and management of health information. For example, the hospital accreditation manual contains two specific chapters, Record of Care, Treatment, and Services (RC) and Infor mation Management (IM). The RC chapter outlines specifi c standards govern ing the components of a complete medical record, and the IM chapter outlines standards for managing information as an important organizational resource.
Medical Record versus Health Record
The terms medical record and health record are often used interchangeably to describe a patient’s clinical record. However, with the advent and subse quent evolution of electronic versions of patient records these terms actually describe different entities. The Office of the National Coordinator for Health
H E A L T H C A R E D A T A A N D I N F O R M A T I O N S O U R C E S · 25
Information Technology (ONC) distinguishes the electronic medical record and the electronic health record as follows.
Electronic medical records (EMRs) are a digital version of the paper charts. An EMR contains the medical and treatment history of the patients in one practice (or organization). EMRs have advantages over paper records. For example, EMRs enable clinicians (and others) to do the following:
• Track data over time
• Easily identify which patients are due for preventive screenings or checkups
• Check how their patients are doing on certain parameters—such as blood pressure readings or vaccinations
• Monitor and improve overall quality of care within the practice
But the information in EMRs doesn’t travel easily out of the practice (or organization). In fact, the patient’s record might even have to be printed out and delivered by mail to specialists and other members of the care team. In that regard, EMRs are not much better than a paper record.
Electronic health records (EHRs) do all those things—and more. EHRs focus on the total health of the patient—going beyond standard clinical data collected in the provider’s office (or during episodes of care)—and is inclusive of a broader view on a patient’s care. EHRs are designed to reach out beyond the health organization that originally collects and compiles the information. They are built to share information with other health care providers (and organizations), such as laboratories and specialists, so they contain information from all the clinicians involved in the patient’s care (Garrett & Seidman, 2011). Another distinguishing feature of the EHR (dis cussed in more detail in Chapter Three) is the inclusion of decision-support capabilities beyond those of the EMR.
Patient Record Purposes
Health care organizations maintain patient clinical records for several key purposes. As we move into the discussion on clinical information systems in subsequent chapters, it will be important to remember these purposes, which remain constant regardless of the format or infrastructure supporting the records. In considering the purposes listed, the scope of care is also important. Records support not only managing a single episode of care but also a patient’s continuum of care and population health. Episode of care generally refers to the services provided to a patient with a specific condition for a specifi c period
26 · C H A P T E R 2 : H E A L T H C A R E D A T A
of time. Continuum of care, as defined by HIMSS (2014), is a concept involving a system that guides and tracks patients over time through a comprehensive array of health services spanning all levels and intensity of care. Population health is a relatively new term and definitions vary. However, the concept behind managing population health is to improve health outcomes within defined communities (Stoto, 2013). The following list comprises the most commonly recognized purposes for creating and maintaining patient records.
1. Patient care. Patient records provide the documented basis for planning patient care and treatment, for a single episode of care and across the care continuum. This purpose is considered the number- one reason for maintaining patient records. As our health care delivery system moves toward true population health management and patient-focused care, the patient record becomes a critical tool for documenting each provider’s contribution to that care.
2. Communication. Patient records are an important means by which physicians, nurses, and others, whether within a single organization or across organizations, can communicate with one another about patient needs. The members of the health care team generally interact with patients at different times during the day, week, or even month or year. Information from the patient’s record plays an important role in facilitating communication among providers across the continuum of care. The patient record may be the only means of communication among various providers. It is important to note that patients also have a right to access their records, and their engagement in their own care is often reflected in today’s records.
3. Legal documentation. Patient records, because they describe and document care and treatment, are also legal records. In the event of a lawsuit or other legal action involving patient care, the record becomes the primary evidence for what actually took place during the care. An old but absolutely true adage about the legal importance of patient records says, “If it was not documented, it was not done.”
4. Billing and reimbursement. Patient records provide the documentation patients and payers use to verify billed services. Insurance companies and other third-party payers insist on clear documentation to support any claims submitted. The federal programs Medicare and Medicaid have oversight and review processes in place that use patient records to confirm the accuracy of claims filed. Filing a claim for a service that is not clearly documented in the patient record may be construed as fraud.
H E A L T H C A R E D A T A A N D I N F O R M A T I O N S O U R C E S · 27
5. Research and quality management. Patient records are used in many facilities for research purposes and for monitoring the quality of care provided. Patient records can serve as source documents from which information about certain diseases or procedures can be taken, for example. Although research is most prevalent in large academic medical centers, studies are conducted in other types of health care organizations as well.
6. Population health. Information from patient records is used to monitor population health, assess health status, measure utilization of services, track quality outcomes, and evaluate adherence to evidence- based practice guidelines. Health care payers and consumers are increasingly demanding to know the cost-effectiveness and effi cacy of different treatment options and modalities. Population health focuses on prevention as a means of achieving cost-effective care.
7. Public health. Federal and state public health agencies use information from patient records to inform policies and procedures to ensure that they protect citizens from unhealthy conditions.
Patient Records as Legal Documents
The importance of maintaining complete and accurate patient records cannot be underestimated. They serve not only as a basis for planning patient care but also as the legal record documenting the care that was provided to patients. The data captured in a patient record become a permanent record of that patient’s diagnoses, treatments, response to treatments, and case management. Patient records provide much of the source data for health care information that is created, maintained, and managed within and across health care organizations.
When the patient record was a file folder full of paper housed in the health information management department of the hospital, identifying the legal health record (LHR) was fairly straightforward. Records kept in the usual course of business (in this case, providing care to patients) represent an exception to the hearsay rule, are generally admissible in a court, and there fore can be subpoenaed—they are legal documentation of the care provided to the patients. With the implementation of comprehensive EHR systems the definition of an LHR remains the same, but the identification of the boundaries for it may be harder to determine. In 2013, the ONC’s National Learning Consortium published the Legal Health Record Policy Template to guide health care organizations and providers in defi ning which records and record sets constitute their legal health record for administrative, business, or
28 · C H A P T E R 2 : H E A L T H C A R E D A T A
evidentiary purposes. The media on which the records are maintained does not determine the legal status; rather, it is the purpose for which the record was created and is maintained. The complete template can be found at www .healthit.gov/sites/default/fi les/legal_health_policy_template.docx.
Because of the legal nature of patient records, the majority of states have specific retention requirements for information contained within them. These state requirements should be the basis for the health care organiza tion’s formal retention policy. (The Joint Commission and other accrediting agencies also address retention but generally refer organizations back to their own state regulations for specifics.) When no specific retention requirement is made by the state, all patient information that is a part of the LHR should be maintained for at least as long as the state’s statute of limitations or other regulation requires. In the case of minor children the LHR should be retained until the child reaches the age of majority as defined by state law, usually eighteen or twenty-one. Health care executives should be aware that stat utes of limitations may allow a patient to bring a case as long as ten years after the patient learns that his or her care caused an injury (Lee, 2002). Although some specific retention requirements and general guidelines exist, it is becoming increasingly popular for health care organizations to keep all LHR information indefinitely, particularly if the information is stored in an electronic format. If an organization does decide to destroy LHR information, this destruction must be carried out in accordance with all applicable laws and regulations.
Another important aspect related to the legal nature of patient records is the need for them to be authenticated. State and federal laws and accredita tion standards require that medical record entries be authenticated to ensure that the legal document shows the person or persons responsible for the care provided. Generally, authentication of an LHR entry is accomplished when the physician or other health care professional signs it, either with a hand written signature or an electronic signature.
Personal Health Records
An increasingly common type of patient record is maintained by the indi vidual to track personal health care information: the personal health record (PHR). According to the American Health Information Management Associ ation (AHIMA, 2016), a PHR “is a tool . . . to collect, track and share past and current information about your health or the health of someone in your care.” A PHR is not the same as a health record managed by a health care organization or provider, and it does not constitute a legal document of care, but it should contain all pertinent health care information contained in an
H E A L T H C A R E D A T A A N D I N F O R M A T I O N S O U R C E S · 29
individual’s health records. PHRs are an effective tool enabling patients to be active members of their own health care teams (AHIMA, 2016).
Patient Record Content
The following components are common to most patient records, regardless of facility type or record system (AHIMA, 2016). Specific patient record content is determined to a large extent by external requirements, standards, and regulations (discussed in Chapter Nine). Keep in mind, a patient record may contain some or all of the documentation listed. Depending on the patient’s illness or injury and the type of treatment facility, he or she may need addi tional specialized health care services. These services may require specifi c documentation. For example, long-term care facilities and behavioral health facilities have special documentation requirements. Our list is intended to introduce the common components of patient records, not to provide a com prehensive list of all possible components. The following provides a general overview of record content and the person or persons responsible for cap turing the content during a single episode of care. It reveals that the patient record is a repository for a variety of health care data and information that is captured by many different individuals involved in the care of the patient.
• Identifi cation screen. Information found on the identifi cation screen of a health or medical record originates at the time of registration or admission. The identifi cation data generally includes at least the patient name, address, telephone number, insurance carrier, and policy number, as well as the patient’s diagnoses and disposition at discharge. These diagnoses are recorded by the physicians and coded by administrative personnel. (Diagnosis coding is discussed following in this chapter.) The identifi cation component of the data is used as a clinical and an administrative document. It provides a quick view of the diagnoses that required care during the encounter. The codes and other demographic information are used for reimbursement and planning purposes.
• Problem list. Patient records frequently contain a comprehensive problem list, which identifi es signifi cant illnesses and operations the patient has experienced. This list is generally maintained over time. It is not specifi c to a single episode of care and may be maintained by the attending or primary care physician or collectively by all the health care providers involved in the patient’s care.
• Medication record. Sometimes called a medication administration record (MAR), this record lists medicines prescribed for and subsequently administered to the patient. It often also lists any medication allergies
30 · C H A P T E R 2 : H E A L T H C A R E D A T A
the patient may have. Nursing personnel are generally responsible for documenting and maintaining medication information in acute care settings, because they are responsible for administering medications according to physicians’ written or verbal orders.
• History and physical. The history component of the report describes any major illnesses and surgeries the patient has had, any signifi cant family history of disease, patient health habits, and current medications. The information for the history is provided by the patient (or someone acting on his or her behalf) and is documented by the attending physician or other care provider at the beginning of or immediately prior to an encounter or treatment episode. The physical component of this report states what the physician found when he or she performed a hands-on examination of the patient. The history and physical together document the initial assessment of the patient for the particular care episode and provide the basis for diagnosis and subsequent treatment. They also provide a framework within which physicians and other care providers can document signifi cant findings. Although obtaining the initial history and physical is a one time activity during an episode of care, continued reassessment and documentation of that reassessment during the patient’s course of treatment is critical. Results of reassessments are generally recorded in progress notes.
• Progress notes. Progress notes are made by the physicians, nurses, therapists, social workers, and other staff members caring for the patient. Each provider is responsible for the content of his or her notes. Progress notes should refl ect the patient’s response to treatment along with the provider’s observations and plans for continued treatment. There are many formats for progress notes. In some organizations all care providers use the same note format; in others each provider type uses a customized format. A commonly used format for a progress note is the SOAP format. Providers are expected to enter notes divided into four components:
o Subjective fi ndings
o Objective fi ndings
o Assessment
o Plan
• Consultation. A consultation note or report records opinions about the patient’s condition made by another health care provider at the request of the attending physician or primary care provider.
H E A L T H C A R E D A T A A N D I N F O R M A T I O N S O U R C E S · 31
Consultation reports may come from physicians and others inside or outside a particular health care organization, but this information is maintained as part of the patient record.
• Physician’s orders. Physician’s orders are a physician’s directions, instructions, or prescriptions given to other members of the health care team regarding the patient’s medications, tests, diets, treatments, and so forth. In the current US health care system, procedures and treatments must be ordered by the appropriate licensed practitioner; in most cases this will be a physician.
• Imaging and X-ray reports. The radiologist is responsible for interpreting images produced through X-rays, mammograms, ultrasounds, scans, and the like and for documenting his or her interpretations or findings in the patient’s record. These fi ndings should be documented in a timely manner so they are available to the appropriate provider to facilitate the appropriate treatment. The actual digital images are generally maintained in the radiology or imaging departments in specialized computer systems. These images are typically not considered part of the legal patient record, per se, but in modern EHRs they are available through the same interface.
• Laboratory reports. Laboratory reports contain the results of tests conducted on body fl uids, cells, and tissues. For example, a medical lab might perform a throat culture, urinalysis, cholesterol level, or complete blood count. There are hundreds of specifi c lab tests that can be run by health care organizations or specialized labs. Lab personnel are responsible for documenting the lab results into the patient record. Results of the lab work become part of the permanent patient record. However, lab results must also be available during treatment. Health care providers rely on accurate lab results in making clinical decisions, so there is a need for timely reporting of lab results and a system for ensuring that physicians and other appropriate care providers receive the results. Physicians or other primary care providers are responsible for documenting any findings and treatment plans based on the lab results.
• Consent and authorization forms. Copies of consents to admission, treatment, surgery, and release of information are an important component of the patient record related to its use as a legal document. The practitioner who actually provides the treatment must obtain informed consent for the treatment. Patients must sign informed consent documents before treatment takes place. Forms authorizing release of information must also be signed by patients before any
32 · C H A P T E R 2 : H E A L T H C A R E D A T A
patient-specifi c health care information is released to parties not directly involved in the care of the patient.
• Operative report. Operative reports describe any surgery performed and list the names of surgeons and assistants. The surgeon is responsible for documenting the information found in the operative report.
• Pathology report. Pathology reports describe tissue removed during any surgical procedure and the diagnosis based on examination of that tissue. The pathologist is responsible for documenting the information contained within the pathology report.
• Discharge summary. Each acute care patient record contains a discharge summary. The discharge summary summarizes the hospital stay, including the reason for admission, signifi cant fi ndings from tests, procedures performed, therapies provided, responses to treatments, condition at discharge, and instructions for medications, activity, diet, and follow-up care. The attending physician is responsible for documenting the discharge summary at the conclusion of the patient’s stay in the hospital.
With the passage of the Accountable Care Act (ACA) and other health care payment reform measures, organizations and communities have begun to shift focus from episodic care to population health. By defi nition, pop ulation health focuses on maintaining health and managing health care utilization for a defined population of patients or community with the goal of decreasing costs. Along with other key components, successful popula tion health will require extensive care coordination across care providers and community organizations. Care managers are needed to interact with patients on a regular basis during and in between clinical encounters (Insti tute for Health Technology Transformation, 2012). Needless to say, this will have a significant impact on the form and structure of the future EHRs. These care managers will document all plan findings, clinical and social, within the patient’s record and rely on other providers’ notes and fi ndings to effectively coordinate care. Baker, Cronin, Conway, DeSalvo, Rajkumar, and Press (2016), for example, describes a new tool to support “person-cen tered care by a multidisciplinary team,” the comprehensive shared care plan (CSCP), which will rely on HIT to enable collaboration across settings. A stakeholder group organized by the US Department of Health and Human Services developed key goals for the CSCP as they envision it:
• It should enable a clinician to electronically view information that is directly relevant to his or her role in the care of the person, to easily
H E A L T H C A R E D A T A A N D I N F O R M A T I O N S O U R C E S · 33
identify which clinician is doing what, and to update other members of an interdisciplinary team on new developments.
• It should put the person’s goals (captured in his or her own words) at the center of decision making and give that individual direct access to his or her information in the CSCP.
• It should be holistic and describe clinical and nonclinical (including home- and community-based) needs and services.
• It should follow the person through high-need episodes (e.g., acute illness) as well as periods of health improvement and maintenance (Baker et al., 2016).
Figures 2.2 through 2.5 display screens from one organization’s EHR.
Claims Content
As we have seen in the previous section, health care information is captured and stored as a part of the patient record. However, there is more to the story: health care organizations and providers must be paid for the care they provide. Generally, the health care organization’s accounting or billing
Figure 2.2 Sample EHR information screen
Source: Medical University of South Carolina; Epic.
34 · C H A P T E R 2 : H E A L T H C A R E D A T A
Figure 2.3 Sample EHR problem list
Source: Medical University of South Carolina; Epic.
Figure 2.4 Sample EHR progress notes
Source: Medical University of South Carolina; Epic.
H E A L T H C A R E D A T A A N D I N F O R M A T I O N S O U R C E S · 35
Figure 2.5 Sample EHR lab report
Source: Medical University of South Carolina; Epic.
department is responsible for processing claims, an activity that includes verifying insurance coverage; billing third-party payers (private insurance companies, Medicare, or Medicaid); and processing the payments as they are received. Centers for Medicare and Medicaid Services (CMS) currently requires health care providers to submit claims electronically using a set of standard elements. As early as the 1970s the health care community strived to develop standard insurance claim forms to facilitate payment collection. With the nearly universal adoption of electronic billing and government-mandated transaction standards, standard claims content has become essential.
Depending on the type of service provided to the patient, one of two standard data sets will be submitted to the third-party payer. The UB-04, or CMS-1450, is submitted for inpatient, hospital-based outpatient, home health care, and long-term care services. The CMS-1500 is submitted for health care provider services, such as those provided by a physician’s office. It is also used for billing by some Medicaid state agencies. The standard requirements for the parallel electronic counterparts to the CMS-1450 and CMS-1500 are defined by ANSI ASC X12N 837I (Institutional) and ANSI ASC X12N 837P (Professional), respectively. Therefore, the claims standards are frequently referred to as 837I and 837P.
UB-04/CMS-1450/837I
In 1975, the American Hospital Association (AHA) formed the National Uniform Billing Committee (NUBC), bringing the major national provider and
36 · C H A P T E R 2 : H E A L T H C A R E D A T A
payer organizations together for the purpose of developing a single billing form and standard data set that could be used for processing health care claims by institutions nationwide. The first uniform bill was the UB-82. It has since been modified and improved on, resulting, first, in the UB-92 data set and now in the currently used UB-04, also known as CMS-1450. UB-04 is the de facto institutional provider claim standard. Its content is required by CMS and has been widely adopted by other government and private insurers. In addition to hospitals, UB-04 or 837I is used by skilled nursing facilities, end stage renal disease providers, home health agencies, hospices, rehabilitation clinics and facilities, community mental health centers, critical access hospitals, federally qualified health centers, and others to bill their third-party payers. The NUBC is responsible for maintaining and updating the specifications for the data elements and codes that are used for the UB-04/CMS-1450 and 837I. A full description of the elements required and the specifications manual can be found on the NUBC website, www.nubc.org (CMS 2016a; NUBC, 2016).
CMS-1500/837P
The National Uniform Claim Committee (NUCC) was created by the Amer ican Medical Association (AMA) to develop a standardized data set for the noninstitutional or “professional” health care community to use in the sub mission of claims (much as the NUBC has done for institutional providers). Members of this committee represent key provider and payer organizations, with the AMA appointing the committee chair. The standardized claim form developed and overseen by NUCC is the CMS-1500 and its electronic coun terpart is the 837P. This standard has been adopted by CMS to bill Medicare fee-for-service, and similar to UB-04 and 837I for institutional care, it has become the de facto standard for all types of noninstitutional provider claims, such as those for private physician services. NUCC maintains a crosswalk between the 837P and CMS-1500 explaining the specific data elements, which can be found on their website at www.nucc.org (CMS, 2013; NUCC, 2016).
It is important to recognize that the UB-04 and the CMS-1500 and their electronic counterparts incorporate standardized data sets. Regardless of a health care organization’s location or a patient’s insurance coverage, the same data elements are collected. In many states UB-04 data and CMS-1500 data must be reported to a central state agency responsible for aggregating and analyzing the state’s health data. At the federal level the CMS aggregates the data from these claims forms for analyzing national health care reimburse ment and clinical and population trends. Having uniform data sets means that data can be compared not only within organizations but also within states and across the country.
H E A L T H C A R E D A T A A N D I N F O R M A T I O N S O U R C E S · 37
Diagnostic and Procedural Codes
Diagnostic and procedural codes are captured during the patient encounter, not only to track clinical progress but also for billing, reimbursement, and other administrative purposes. This diagnostic and procedural information is initially captured in narrative form through physicians’ and other health care providers’ documentation in the patient record. This documentation is subsequently translated into numerical codes. Coding facilitates the classi fication of diagnoses and procedures for reimbursement purposes, clinical research, and comparative studies.
Two major coding systems are employed by health care providers today:
• ICD-10 (International Classification of Diseases)
• CPT (Current Procedural Terminology), published by the American Medical Association
Use of these systems is required by the federal government for reimburse ment, and they are recognized by health care agencies nationally and inter nationally. The UB-04 and CMS-1500 have very specific coding requirements for claim submission, which include use of these coding sets.
ICD-10-CM
The ICD-10 classification system used to code diseases and other health statuses in the United States is derived from the International Classifi ca tion of Diseases, Tenth Revision, which was developed by the World Health Organization (WHO) (CDC, 2016) to capture disease data. The precursors to the current ICD system were developed to enable comparison of morbidity (illness) and mortality (death) statistics across nations. Over the years this basic purpose has evolved and today ICD-10-CM (Clinical Modifi cation) coding plays major role in reimbursement to hospitals and other health care institutions. ICD-10-CM codes used for determining the diagnosis related group (DRG) into which a patient is assigned. DRGs are in turn the basis for determining appropriate inpatient reimbursements for Medicare, Medicaid, and many other health care insurance benefi ciaries. Accurate ICD coding has, as a consequence, become vital to accurate institutional reimbursement.
The National Center of Health Statistics (NVHS) is the federal agency responsible for publishing ICD-10-CM (Clinical Modification) in the United States. Procedure information is similarly coded using the ICD-10-PCS (Pro cedural Coding System). ICD-10-PCS was developed by CMS for US inpatient
- -
38 · C H A P T E R 2 : H E A L T H C A R E D A T A
Exhibit 2.1 Excerpt from ICD 10 CM 2016
Malignant neoplasms (C00-C96) Malignant neoplasms, stated or presumed to be primary (of specifi ed sites), and certain specified histologies, except neuroendocrine, and of lymphoid, hematopoietic, and related tissue (C00-C75)
Malignant neoplasms of lip, oral cavity, and pharynx (C00-C14)
C00 Malignant neoplasm of lip
Use additional code to identify:
alcohol abuse and dependence (F10.-)
history of tobacco use (Z87.891)
tobacco dependence (F17.-)
tobacco use (Z72.0)
Excludes 1: malignant melanoma of lip (C43.0)
Merkel cell carcinoma of lip (C4A.0)
other and unspecifi ed malignant neoplasm of skin of lip (C44.0-)
C00.0 Malignant neoplasm of external upper lip
Malignant neoplasm of lipstick area of upper lip
Malignant neoplasm of upper lip NOS
Malignant neoplasm of vermilion border of upper lip
C00.1 Malignant neoplasm of external lower lip
Malignant neoplasm of lower lip NOS
Malignant neoplasm of lipstick area of lower lip
Malignant neoplasm of vermilion border of lower lip
hospital settings only. The ICD-10-CM and ICD-10-PCS publications are considered federal government documents whose contents may be used freely by others. However, multiple companies republish this government document in easier-to-use, annotated, formally copyrighted versions. In general, the ICD-10-CM and ICD-10-PCS are updated on an annual basis (CMS, 2015, 2016b).
Exhibits 2.1 and 2.2 are excerpts from the ICD-10-CM and ICD-10-PCS classification systems. They show the system in its text form, but large health care organizations generally use encoders, computer applications that facil itate accurate coding. Whether a book or text file or encoder is used, the classification system follows the same structure.
H E A L T H C A R E D A T A A N D I N F O R M A T I O N S O U R C E S · 39
C00.2 Malignant neoplasm of external lip, unspecifi ed
Malignant neoplasm of vermilion border of lip NOS
C00.3 Malignant neoplasm of upper lip, inner aspect
Malignant neoplasm of buccal aspect of upper lip
Malignant neoplasm of frenulum of upper lip
Malignant neoplasm of mucosa of upper lip
Malignant neoplasm of oral aspect of upper lip
C00.4 Malignant neoplasm of lower lip, inner aspect
Malignant neoplasm of buccal aspect of lower lip
Malignant neoplasm of frenulum of lower lip
Malignant neoplasm of mucosa of lower lip
Malignant neoplasm of oral aspect of lower lip
C00.5 Malignant neoplasm of lip, unspecifi ed, inner aspect
Malignant neoplasm of buccal aspect of lip, unspecifi ed
Malignant neoplasm of frenulum of lip, unspecifi ed
Malignant neoplasm of mucosa of lip, unspecifi ed
Malignant neoplasm of oral aspect of lip, unspecifi ed
C00.6 Malignant neoplasm of commissure of lip, unspecifi ed
C00.7 Malignant neoplasm of overlapping sites of lip
C00.8 Malignant neoplasm of lip, unspecifi ed
Source: CMS (2016b).
CPT and HCPCS
The American Medical Association (AMA) publishes an updated CPT each year. Unlike ICD-9-CM, CPT is copyrighted, with all rights to publication and distribution held by the AMA. CPT was first developed and published in 1966. The stated purpose for developing CPT was to provide a uniform language for describing medical and surgical services. In 1983, however, the government adopted CPT, in its entirety, as the major component (known as Level 1) of the Healthcare Common Procedure Coding System (HCPCS). Since then CPT has become the standard for physician’s office, outpatient, and ambulatory care coding for reimbursement purposes. Exhibit 2.3 is a simplifi ed example of a patient encounter form with HCPCS/CPT codes.
-
40 · C H A P T E R 2 : H E A L T H C A R E D A T A
Exhibit 2.2 Excerpt from ICD 10 PCS 2017 OCW
Section 0 Medical and Surgical
Body System C Mouth and Throat
Operation W Revision: Correcting, to the extent possible, a portion of a malfunctioning device or the position of a displaced device
Body Part Approach Device Qualifi er
A Salivary Gland 0 Open
3 Percutaneous
X External
0 Drainage Device
C Extraluminal Device
Z No Qualifi er
S Larynx 0 Open
3 Percutaneous
7 Via Natural or Artifi cial Opening
8 Via Natural or Artifi cial Opening Endoscopic
X External
0 Drainage Device
7 Autologous
Z No Qualifi er
Tissue Substitute
D Intraluminal Device
J Synthetic Substitute
K Nonautologous Tissue Substitute
Y Mouth and 0 Open 0 Drainage Device Z No Qualifi er Throat
3 Percutaneous 1 Radioactive
7 Via Natural or Artifi cial Opening 7 Autologous
8 Via Natural or Artifi cial Opening D Intraluminal Endoscopic
X External
Device
Element
Tissue Substitute
J Synthetic Substitute
K Nonautologous Tissue Substitute
Source: CMS (2016c).
H E A L T H C A R E D A T A A N D I N F O R M A T I O N S O U R C E S · 41
Exhibit 2.3 Patient encounter form coding standards
Pediatric Associates P.A. 123 Children’ s Avenue, Anytown, USA
Offi ce Visits 99211 Estab Pt—minimal Preventive Medicine—New 99212 Estab Pt—focused 99381 Prev Med 0–1 years 99213 Estab Pt—expanded 99382 Prev Med 1–4 years 99214 Estab Pt—detailed 99383 Prev Med 5–11 years 99215 Estab Pt—high complexity 99384 Prev Med 12–17 years
99385 Prev Med 18–39 years 99201 New Pt—problem focused 99202 New Pt—expanded Preventive Medicine—Established 99203 New Pt—detailed 99391 Prev Med 0–1 years 99204 New Pt—moderate complexity 99392 Prev Med 1–4 years
99205 New Pt—high complexity 99393 Prev Med 5–11 years 99394 Prev Med 12–17 years
99050 After Hours 99395 Prev Med 18–39 years 99052 After Hours—after 10 pm 99054 After Hours—Sundays and Holidays 99070 10 Arm Sling
99070 11 Sterile Dressing Outpatient Consult 99070 45 Cervical Cap 99241 99242 99243 99244 99245
Immunizations, Injections, and Office Laboratory Services 90471 Adm of Vaccine 1 81000 Urinalysis w/ micro 90472 Adm of Vaccine > 1 81002 Urinalysis w/o micro 90648 HIB 82270 Hemoccult Stool 90658 Infl uenza 82948 Dextrostix 90669 Prevnar 83655 Lead Level 90701 DTP 84030 PKU 90702 DT 85018 Hemoglobin 90707 MMR 87086 Urine Culture 90713 Polio Injection 87081 Throat Culture 90720 DTP/HIB 87205 Gram Stain 90700 DTaP 87208 Ova Smear (pin worm) 90730 Hepatitis A 87210 Wet Prep 90733 Meningococcal 87880 Rapid Strep 90744 Hepatitis B 0–11 90746 Hepatitis B 18+ years
Diagnosis Patient Name No. Date Time Address DOB Name of Insured ID Insurance Company Return Appointment ___________________________________________________
42 · C H A P T E R 2 : H E A L T H C A R E D A T A
As coding has become intimately linked to reimbursement, directly deter mining the amount of money a health care organization can receive for a claim from insurers, the government has increased its scrutiny of coding practices. There are official guidelines for accurate coding, and health care facilities that do not adhere to these guidelines are liable to charges of fraud ulent coding practices. In addition, the Office of Inspector General of the Department of Health and Human Services (HHS OIG) publishes compliance guidelines to facilitate health care organizations’ adherence to ethical and legal coding practices. The OIG is responsible for (among other duties) investi gating fraud involving government health insurance programs. More specifi c information about compliance guidelines can be found on the OIG website (www.oig.hhs.gov) and will be more thoroughly discussed in Chapter Nine.
HEALTH CARE DATA USES
The previous sections of this chapter examine how health care data is cap tured in patient records and billing claims. Even with this brief overview you can begin to see what a rich source of health care data these records could be. However, before health care data can be used, it must be stored and retrieved. How do we retrieve that data so that the information can be aggregated, manipulated, or analyzed for health care organizations to improve patient care and business operations? How do we combine this patient care data created and stored internally with other pertinent data from external sources?
As we discussed previously in the chapter, data need to be processed to become information. We also noted that data and information may be considered along a continuum, one person’s data may be another person’s information depending on the level of processing required. In this section of the chapter we will focus on the use of data analysis to transform data into information. There is a lot of discussion about the current and future impact of so-called big data on the health care community. We will start the dis cussion of data analysis by looking at the basic elements required to perform effective health care data analysis, followed by a comparison of “small” data analysis examples to the emerging big data.
Regardless of the scope of the data or the tools used, health care data analysis requires basic elements. First, there must be a source of data, for example, the EHR, claims data, laboratory data, and so on. Second, these data must be stored in a retrievable manner, for example, in a database or data warehouse. Next, an analytical tool, such as mathematical statistics, probability models, predictive models, and so on, must be applied to the stored data. Finally, to be meaningful, the analyzed data must be reported in a usable manner.
H E A L T H C A R E D A T A U S E S · 43
Databases and Data Warehouses
A database generally refers to any structured, accessible set of data stored elec tronically; it can be large or small. The back end of EHR and claims systems are examples of large databases. A data warehouse differs from a database in its structure and function. In health care, data warehouses that are derived from health care information systems may be referred to as clinical data repos itories. The data in a data warehouse come from a variety of sources, such as the EHR, claims data, and ancillary health care information systems (lab oratory, radiology, etc.). The data from the sources are extracted, “cleaned,” and stored in a structure that enables the data to be accessed along multiple dimensions, such as time (e.g., day, month, year); location; or diagnosis. Data warehouses help organizations transform large quantities of data from sep arate transactional files or other applications into a single decision-support database. The important concept to understand is that the database or data warehouse provides organized storage for data so that they can be retrieved and analyzed. Before useful information can be obtained, the data must be analyzed. In the most straightforward uses, the data from the data stores are aggregated and reported using simple reporting or statistical methods.
Small versus Big Data
Data stores and data analytics are not new to health care. However, the scope and speed with which we are now capable of analyzing data and discovering new information has increased tremendously. Big data is not a data store (warehouse or database), nor is it a specific analytical tool, but rather it refers to a combination of the two. Experts describe big data as characterized by three Vs (the fourth V—veracity, or accuracy—is sometimes added). These characteristics are present in big but not small data:
• Very large volume of data
• A variety (e.g., images, text, discrete) of types and sources (EHR, wearable fi tness technology, social media, etc.) of data
• The velocity at which the data is accumulated and processed (Glaser, 2014; Macadamian, n.d.)
Harris and Schneider (2015) describe a useful metaphor for explaining the difference between big data and traditional data storage and analysis systems. They tell us to consider “even enormous databases, such as the Medicare claims database as ‘filing cabinets,’ while big data is more like a ‘conveyor
44 · C H A P T E R 2 : H E A L T H C A R E D A T A
belt.’ The filing cabinet no matter how large, is static, while the conveyor belt is constantly moving and presenting new data points and even data sources” (p. 53). They further provide the following examples of questions answered by big versus small data in health care:
o What are the effects of our immunization programs? versus Is my child growing as expected?
o What are some the healthiest regions? versus Is this medication improving my (or my patients’) blood pressure?
Small Data Examples
Disease and Procedure Indexes
Health care management often wants to know summary information about a particular disease or treatment. Examples of questions that might be asked are What is the most common diagnosis among patients treated in the facil ity? What percentage of patients with diabetes is African American? What is the most common procedure performed on patients admitted with gastritis (or heart attack or any other diagnosis)? Traditionally, such questions have been answered by looking in disease and procedure indexes. Prior to EHRs and their resulting databases, disease and procedure indexes were large card catalogues or books that kept track of the numbers of diseases treated and procedures occurring in a facility by disease and procedure codes. Now that repositories of health care data are common, the disease and procedure index function is generally handled as a component of the EHR. The retrieval of information related to diseases and procedures is still based on ICD and CPT codes, but the queries are limitless. Users can search the disease and procedure database for general frequency statistics for any number of combi nations of data. Figure 2.6 is an example of a screen resulting from a query for a specific patient, Iris Hale, who has been identified as a member of both the Heart Failure and Hypertension registries.
Many other types of aggregate clinical reports are used by health care providers and executives. Ad hoc reporting capability applied to clinical databases gives providers and executives access to any number of summary reports based on the data elements from patient health and claims records.
Health Care Statistics
Utilization and performance statistics are routinely gathered for health care executives. This information is needed for facility and health care provision
H E A L T H C A R E D A T A U S E S · 45
planning and improvement. Statistical reports can provide managers and executives a snapshot of their organization’s performance.
Two categories of statistics directly related to inpatient stays are routinely captured and reported. Many variations of these reports and others that drill down to more granular level of data also exist.
• Census statistics. These data reveal the number of patients present at any one time in a facility. Several commonly computed rates are based on these census data, including the average daily census and bed occupancy rates.
• Discharge statistics. This group of statistics is calculated from data accumulated when patients are discharged. Some commonly computed rates based on discharge statistics are average length of stay, death rates, autopsy rates, infection rates, and consultation rates.
Outpatient facilities and group practices, specialty providers, and so on also routinely collect utilization statistics. Some of the more common statis tics are average patient visits per month (or year) and percentage of patients achieving a health status goal, such as immunizations or smoking cessa tion. The number of descriptive health care statistics that can be produced is limitless. Health care organizations also track a wide variety of fi nancial
Figure 2.6 Sample heart failure and hypertension query screen
Source: Cerner Corporation (2016). Used with permission.
46 · C H A P T E R 2 : H E A L T H C A R E D A T A
performance, patient satisfaction, and employee satisfaction data. Patient and employee data generally come from surveys that are routinely adminis tered. The body of data collected and analyzed is driven by the mission of the organization, along with reporting requirements from state, federal, and accrediting organizations.
Health care organizations also look to data to guide improved perfor mance and patient satisfaction. Performance data are essential to health care leaders; however, because they are generally managed within a quality or performance improvement department and are not derived from health care data, per se, they will not be discussed in depth in this chapter. A few significant external agencies that report performance data, however, will be discussed in Chapter Nine.
Although each organization will determine which daily, monthly, and yearly statistics they need to track based on their individual service missions, Rachel Fields (2010) in an article published by Becker’s Hospital Review pro vides a list of ten common measures identified by a panel of fi ve hospital leaders, as shown in Table 2.1.
Big Data Examples
Health care organizations today contend with data from EHRs, internal databases, data warehouses, as well as the availability of data from the growing volume of other health-related sources, such as diagnostic imaging equipment, aggregated pharmaceutical research, social media, and personal devices such as Fitbits and other wearable technologies. No longer is the data needed to support health care decisions located within the organization or any single data source. As we begin to manage populations and care con tinuums we have to bring together data from hospitals, physician practices, long-term care facilities, the patient, and so on. These data needs are bigger than the data needs we had (and still have) when we focused primarily on inpatient care.
Big data is a practice that is applied to a wide range of uses across a wide range of industries and efforts, including health care. There is no single big data product, application, or technology, but big data is broadening the range of data that may be important in caring for patients. For instance, in the case of Alz heimer’s and other chronic diseases such as diabetes and cancer, online social sites not only provide a support community for like-minded patients but also contain knowledge that can be mined for public health research, medication use monitoring, and other health-related activities. Moreover, popular social networks can be used to engage the public and monitor public perception and response during flu epidemics and other public health threats (Glaser, 2014).
H E A L T H C A R E D A T A U S E S · 47
Table 2.1 Ten common hospital statistical measures
Daily Monthly Yearly
1. Quality measures, 4. Point-of-service cash such as collections
Infection rates 5. Percentage of charity care
Patient falls 6. Percentage of budget spent
Overall mortality for each department
2. Patient census 7. Door-to-discharge time
statistics 8. Patient satisfaction scores
By physician
By service line
3. Discharged but not fi nal billed
9. Colleague satisfaction scores
10. Market share and service line development
Source: Fields (2010).
As important and perhaps more important than the data themselves are the novel analytics that are being developed to analyze these data. In health care we see an impressive range of analytics:
• Post-market surveillance of medication and device safety
• Comparative effectiveness research (CER)
• Assignment of risk, for example, readmissions
• Novel diagnostic and therapeutic algorithms in areas such as oncology
• Real-time status and process surveillance to determine, for example, abnormal test follow-up performance and patient compliance with treatment regimes
• Determination of structure including intent, for example, identifying treatment patterns using a range of structured and unstructured and EHR and non-EHR data
• Machine correction of data-quality problems
The potential impact of applying data analytics to big data is huge. McKinsey & Company (Kayyil, Knott, & Van Kuiken, 2013) estimates that big data initiatives could account for $300 to $450 billion in reduced health care spending, or 12 to 17 percent of the $2.6 trillion baseline in US health care costs. There are several early examples of possibly profound
48 · C H A P T E R 2 : H E A L T H C A R E D A T A
impact. For example, an analysis of the cumulative sum of monthly hospitalizations because of myocardial infarction, among other clinical and cost data, led to the discovery of arthritis drug Vioxx’s adverse effects and its subsequent withdrawal from the market in 2004.
A Deloitte (2011) analysis identifi ed five areas of analysis that will be crucial in the emerging era of providers being held more accountable for the care delivered to a patient and a population:
• Population management analytics. Producing a variety of clinical indicator and quality measure dashboards and reports to help improve the health of a whole community, as well as help identify and manage at-risk populations
• Provider profiling/physician performance analytics. Normalizing (severity and case mix–adjusted profiling), evaluating, and reporting the performance of individual providers (PCPs and specialists) compared to established measures and goals
• Point of care (POC) health gap analytics. Identifying patient specifi c health care gaps and issuing a specifi c set of actionable recommendations and notifi cations either to physicians at the point of care or to patients via a patient portal or PHR
• Disease management. Defining best practice care protocols over multiple care settings, enhancing the coordination of care, and monitoring and improving adherence to best practice care protocols
• Cost modeling/performance risk management/comparative effectiveness. Managing aggregated costs and performance risk and integrating clinical information and clinical quality measures
HEALTH CARE DATA QUALITY
Up to this point, this chapter has examined health care data and information with a focus on the origins and uses of such. Changes to the health care delivery system and payment reform are amending the ways in which we use health care information. Traditionally, patient clinical and claims records were used primarily to document episodic care or, at best, the care received by an individual across the continuum, as long as that care was provided through a single organization. In today’s environment, care providers, care coordinators, analysts, and researchers are all looking to EHRs and electronic claims records as a source of data beyond the episodic scope. Any discussion of health care data analytics and big data include the EHR as a key data
H E A L T H C A R E D A T A Q U A L I T Y · 49
source. This expanded use of electronic records and the push for bigger and better data analytics has raised the bar for ensuring the quality of the health care data. Quality health care data has always been important, but the criteria for what constitute high-quality data have shifted.
There are many operational definitions for quality. Two of the best known were developed by the well-known quality “gurus,” Philip B. Crosby and Joseph M. Juran. Crosby (1979) defines quality as “conformance to require ments” or conformance to standards. Juran (Juran & Gryna, 1988) defi nes quality as “fitness for use,” products or services must be free of defi ciencies. What these definitions have in common is that the criteria against which quality is measured will change depending on the product, service, or use. Herein lies the problem with adopting a single standard for health care data quality—it depends on the use of the data.
EHRs evolved from patient medical records, whose central purpose was to document and communicate episodes of patient care. Today EHRs are being evaluated as source data for complex data analytics and clinical research. Before an organization can measure the quality of the information it produces and uses, it must establish data standards. And before it can establish data standards it must identify all endorsed uses of the EHR.
Consider this scenario. EHRs contain two basic types of data: struc tured data that is quantifiable or predefined and unstructured data that is narrative. Within a health care organization, the clinicians using the EHR for patient care prefer unstructured data, because it is easier to dictate a note than to follow a lengthy point and click pathway to create a struc tured note. The clinicians feel that the validation screens cost time that is too valuable for them to waste. The researchers within the organization, however, want as much of the data in the record as possible to be structured to avoid missing data and data entry errors. What should the organization adopt as its standard? Structured or unstructured data? Who will decide and based on what criteria? This discussion between the primary use of EHR data and secondary, or reuse, of data is likely to continue. However, to effectively use EHR data to create new knowledge, either through ana lytics or research, will require HIT leaders to adopt the more stringent data quality criteria posed by these uses. Wells, Nowacki, Chagin, and Kattan (2013) identify missing data as particularly problematic when using the EHR for research purposes. They further identify two main sources of missing EHR data:
1. Data were not collected. A patient was never asked about a condition. This is most likely directly related to the clinician’s lack of interest in what would be considered irrelevant to the current episode of
50 · C H A P T E R 2 : H E A L T H C A R E D A T A
care. Few clinicians will take a full history, for example, at every encounter.
2. Documentation was not complete. The patient was asked, but it was not noted in the record. This is common in the EHR when clinicians only note positive values and leave negative values blank. For example, if a patient states that he or she does not have a history of cancer, no note will be made, either positive or negative. For a researcher this creates issues. Is this missing data or a negative value?
Although there is no single common standard against which health care data quality can be measured, there are useful frameworks for organizations to use to evaluate health care quality (once the purpose for the data is clearly determined).
The following section will examine two different frameworks for eval uating health care data quality. The first was developed by the American Health Information Management Association (AHIMA) (Davoudi et al., 2015), the second by Weiskopf and Weng (2013). The AHIMA framework is set in the context of managing health care data quality across the enter prise. The Weiskopf and Weng framework was delineated after in-depth research into the quality of data specifically found within an EHR, as cur rently used. Common health data quality issues will be examined using each framework.
AHIMA Data Quality Characteristics
AHIMA developed and published a set of health care data quality character istics as a component of a comprehensive data quality management model. They define data quality management as “the business processes that ensure the integrity of an organization’s data during collection, application (includ ing aggregation), warehousing, and analysis” (Davoudi et al., 2015). These characteristics are to be measured for conformance during the entire data management process.
• Data accuracy. Data that refl ect correct, valid values are accurate. Typographical errors in discharge summaries and misspelled names are examples of inaccurate data.
• Data accessibility. Data that are not available to the decision makers needing them are of no value to those decision makers.
H E A L T H C A R E D A T A Q U A L I T Y · 51
• Data comprehensiveness. All of the data required for a particular use must be present and available to the user. Even relevant data may not be useful when they are incomplete.
• Data consistency. Quality data are consistent. Use of an abbreviation that has two different meanings is a good example of how lack of consistency can lead to problems. For example, a nurse may use the abbreviation CPR to mean cardiopulmonary resuscitation at one time and computer-based patient record at another time, leading to confusion.
• Data currency. Many types of health care data become obsolete after a period of time. A patient’s admitting diagnosis is often not the same as the diagnosis recorded on discharge. If a health care executive needs a report on the diagnoses treated during a particular time frame, which of these two diagnoses should be included?
• Data defi nition. Clear definitions of data elements must be provided so that current and future data users will understand what the data mean. This issue is exacerbated in today’s health care environment of collaboration across organizations.
• Data granularity. Data granularity is sometimes referred to as data atomicity. That is, individual data elements are “atomic” in the sense that they cannot be further subdivided. For example, a typical patient’s name should generally be stored as three data elements (last name, first name, middle name—”Smith” and “John” and “Allen”), not as a single data element (“John Allen Smith”). Again, granularity is related to the purpose for which the data are collected. Although it is possible to subdivide a person’s birth date into separate fi elds for the month, the date, and the year, this is usually not desirable. The birth date is at its lowest practical level of granularity when used as a patient identifi er. Values for data should be defined at the correct level for their use.
• Data precision. Precision often relates to numerical data. Precision denotes how close to an actual size, weight, or other standard a particular measurement is. Some health care data must be very precise. For example, in figuring a drug dosage it is not all right to round up to the nearest gram when the drug is to be dosed in milligrams.
• Data relevancy. Data must be relevant to the purpose for which they are collected. We could collect very accurate, timely data about a patient’s color preferences or choice of hairdresser, but are these matters relevant to the care of the patient?
52 · C H A P T E R 2 : H E A L T H C A R E D A T A
Table 2.2 Terms used in the literature to describe the fi ve common dimensions of data quality
Completeness Correctness Concordance Plausibility Currency
Accessibility Accuracy Agreement Accuracy Recency Accuracy Corrections made Consistency Believability Timeliness Availability Errors Reliability Trustworthiness
Missingness Misleading Variation Validity Omission Positive predictive
value Presence Quality Quality Validity Rate of recording Sensitivity Validity
Source: Weiskopf and Weng (2013). Reproduced with permission of Oxford University Press.
• Data timeliness. Timeliness is a critical dimension in the quality of many types of health care data. For example, critical lab values must be available to the health care provider in a timely manner. Producing accurate results after the patient has been discharged may be of little or no value to the patient’s care.
Weiskopf and Weng Data Quality Dimensions
Weiskopf and Weng (2013) published a review article in the Journal of the American Medical Informatics Association that identifi ed five dimensions of EHR data quality. They based their findings on a pool of ninety-fi ve arti cles that examined EHR data quality. Their context was using the EHR for research, that is, “reusing” the EHR data. Although different terms were used in the articles, the authors were able to map the terms to one of the five dimensions (see Table 2.2):
• Completeness: Is the truth about a patient present?
• Correctness: Is an element that is in the EHR true?
• Concordance: Is there agreement between elements in the EHR or between the EHR and another data source?
• Plausibility: Does an element in the EHR make sense in light of other knowledge about what that element is measuring?
H E A L T H C A R E D A T A Q U A L I T Y · 53
PERSPECTIVE Problems with Reusing EHR Data:
Examples from the Literature
Botsis, T., Hartvigsen, G., Chen, F., & Weng, C. (2010). Secondary use of EHR: Data quality issues and informatics opportunities. Summit on Translational Bioinformatics, 2010, 1–5.
The authors report on data quality issues they encountered when attempting to use data that originated in an EHR to conduct survival analysis of pancreatic cancer patients treated at a large medical center in New York City. They found that of 3,068 patients within the clini cal data warehouse, only 1,589 had appropriate disease documentation within a pathology report. The sample size was further reduced to 522 when the researchers discovered incompleteness of key study variables. Other instances of incompleteness and inaccuracies were found within the remaining 522 subjects’ documentation, causing the researchers to make inferences regarding some of the non-key study variables.
Bayley, K. B., Belnap, T., Savitz, L., Masica, A. L., Shah, N., & Fleming, N. S. (2013). Challenges in using electronic health record data for CER. Medical Care, 51(8 Suppl 3), S80–S86. doi:10.1097/mlr.0b013e31829b1d48
The authors conducted research to determine the “strengths and challenges” of using EHRs for CER across four major health care systems with mature EHR systems. They looked at comparing the effectiveness of antihypertensive medications on blood pressure control for a population of patients with hypertension who were being followed by primary care providers within the health systems. Data quality problems that were identifi ed included the following:
• Missing data
• Erroneous data
• Uninterpretable data
• Inconsistent data
• Text notes and noncoded data
The authors concluded that the potential for EHRs as a source of longi tudinal data for comparative effectiveness studies in populations is high, but they note that “improving data quality within the EHR in order to facilitate research will remain a challenge as long as research is seen as a separate activity from clinical care.”
54 · C H A P T E R 2 : H E A L T H C A R E D A T A
• Currency: Is an element in the EHR a relevant representation of the patient state at a given point in time?
The authors further identify completeness, correctness, and currency as “fundamental,” stating that concordance and plausibility “appear to be proxies for the fundamental dimensions when it is not possible to assess them directly.”
Strategies for Minimizing Data Quality Issues
As a beginning point, health care data standardization requires clear, con sistent definitions. One essential tool for identifying and ensuring the use of standard data definitions is to use a data dictionary. AHIMA defines a data dictionary as “a descriptive list of names (also called ‘representations’ or ‘displays’), definitions, and attributes of data elements to be collected in an information system or database” (Dooling, Goyal, Hyde, Kadles, & White, 2014, p. 7) (see Table 2.3).
Regardless of how well data are defined, however, errors in entry will occur. These errors can be discussed in terms of two types of underlying cause—systematic errors and random errors. Systematic errors are errors that can be attributed to a flaw or discrepancy in the system or in adherence to standard operating procedures or systems. Random errors, however, are caused by carelessness, human error, or simply making a mistake.
Consider these scenarios:
• A nurse is required to document vital signs into each patient’s EHR at the beginning of each visit. However, the data entry screen is cumbersome and often the nurse must wait until the end of day and go back to update the vital signs. On occasion the EHR locks up and does not allow the nurse to update the information. This is an example of a systematic error.
• A physician uses the structured history and physical module of the EHR within her practice. However, to save time she cuts and pastes information from one visit to another. During cutting and pasting, she fails to reread her note and leaves in the wrong encounter date. Although there are some elements of systematic error in this situation (not following protocol), the error is primarily a random error.
Effective systems are needed to ensure preventable errors are minimized and errors that are not preventable are easily detected and corrected. Clearly, there are multiple points during data collection and processing when the system design can reduce data errors.
H E A L T H C A R E D A T A Q U A L I T Y · 55
The Markle Foundation (2006, p. 4) argues that comprehensive data quality programs are needed by health care organizations to prevent “dirty data” and subsequently improve the quality of patient care. They propose that a data quality program include “automated and human strategies”:
• Standardizing data entry fi elds and processes for entering data
• Instituting real-time quality checking, including the use of validation and feedback loops
• Designing data elements to avoid errors (e.g., using check digits, algorithms, and well-designed user interfaces)
• Developing and adhering to guidelines for documenting the care that was provided
• Building human capacity, including training, awareness-building, and organizational change
Health care data quality problems are exacerbated by inter-facility collab orations and health information exchange. Imagine standardizing processes and definitions across multiple organizations.
Certainly, information technology has tremendous potential as a tool for improving health care data quality. Through the use of electronic data entry, users can be required to complete certain fields, prompted to add information, or warned when a value is out of prescribed range. When health care providers respond to a series of prompts, rather than dictating a free-form narrative, they are reminded to include all necessary elements of a health record entry. Data quality is improved when these systems also incorporate error checking. Structured data entry, drop-down lists, and templates can be incorporated to promote accuracy, consistency, and com pleteness (Wells et al., 2013). To date some of this potential for technology- enhanced improvements has been realized, but many opportunities remain. As noted in the Perspective many of the data in existing EHR systems are recorded in an unstructured format, rather than in data fields designated to contain specific pieces of information, which can lead to poor health care data quality. Natural language processing (NLP) is a promising, evolving technology that will enable efficient data extraction from the unstructured components of the EHR, but it is not yet commonplace with health care systems.
A clear example of data quality improvement achieved through informa tion technology is the result seen from incorporating medication adminis tration systems designed to prevent medication error. With structured data input and sophisticated error prevention, these systems can signifi cantly
Table 2.3 Excerpt from data dictionary used by AHRQ surgical site infection risk stratifi cation/outcome detection
Table Field Datatype Description
PATIENT Include patients who had surgery that meet inclusion CPT, SNOMED, or ICD-9 criteria between 1/1/2007 and 1/30/2009.
PATIENT DOB Date The birthdate for the patient
PATIENT PATIENT_ID Integer A unique ID for the patient
PATIENT DATA_SOURCE_ID Varchar(10) An identifi er for the source of the patient record data (UU, IHC, DH for example)
DIAGNOSIS Include ICD-9 CM discharge codes within one month of surgery. A list of included codes is in table 2 of Stevenson et al. AJIC vol 36 (3) 155–164.
DIAGNOSIS DIAGNOSIS_ID Integer A unique ID for the diagnosis
DIAGNOSIS DIAGNOSIS_CODE Varchar(64) The code for the patient’s diagnosis
DIAGNOSIS DIAGNOSIS_CODE_ Varchar(64) The nomenclature that the diagnosis code is taken from SOURCE (ICD9, etc.)
DIAGNOSIS CLINICAL_DTM Date The date and time of the diagnosis’s onset or exacerbation
MICROBIOLOGY Include all Microbiology specimens taken within one month before or after a surgery. (For risk, this might be expanded to one year or more.)
MICROBIOLOGY MICRO_ID Integer A unique ID for the procedure
MICROBIOLOGY SPECIMEN_CODE Varchar(64) The site that the specimen was collected from
MICROBIOLOGY SPECIMEN_CODE_ Varchar(64) The nomenclature that the specimen code is taken from (SNOMED, SOURCE LOINC, etc.)
MICROBIOLOGY PATHOGEN_CODE Varchar(64) The code of the pathogen cultured from the collected specimen
MICROBIOLOGY PATHOGEN_CODE_ Varchar(64) The nomenclature that the pathogen code is taken from (SNOMEN, SOURCE LOINC, etc.)
MICROBIOLOGY COLLECT_DTM Date The date and time the specimen was collected
ENCOUNTER Include all Encounters within one month before or after surgery.
ENCOUNTER ENCOUNTER_ID Integer A unique ID for the visit. This will serve to tie all of the different data tables together via foreign key relationship.
ENCOUNTER ADMIT_DTM Date The admission date and time for a patient’s visit
ENCOUNTER DISCH_DTM Date The discharge date and time for a patient’s visit
ENCOUNTER ENCOUNTER_TYPE Varchar(64) The type of patient encounter such as inpatient, outpatient, observa tion, etc.
Source: Agency for Healthcare Research and Quality (2012).
58 · C H A P T E R 2 : H E A L T H C A R E D A T A
reduce medication errors. The challenge for the foreseeable future is to balance the need for structured data with the associated costs (time and money). Further in the future, new challenges will appear as the breadth of data contained in patient records is likely to increase. Genomic and pro teomic data, along with enhanced behavioral and social data, are likely to be captured (IOM, 2014). These added data will introduce new quality issues to be resolved.
SUMMARY
Without health care data and information, there would be no need for health care information systems. Health care data and information are valuable assets in health care organizations, and they must be managed similar to other assets. To that end, health care executives need an understanding of the sources of health care data and information and recognize the importance of ensuring the quality of health data and information. In this chapter, after defining health care data and information, we examined patient record and claims content as sources for health care data. We looked at disease and procedure indexes and health care statistics as examples of basic uses of the health care data. The emerging use of data analytics and big data were introduced and the chapter concluded with a discussion of two frameworks for examining health care data quality and a discussion of how informa tion technology, in general, and the EHR, in particular, can be leveraged to improve the quality of health care data.
KEY TERMS
Accountable Care Act (ACA) American Hospital Association (AHA) Big data CMS-1500/837P Completeness Comprehensive shared care plan
(CSCP) Concordance Consent and authorization forms Consultation Continuum of care Correctness
CPT (Current Procedural Terminology) Currency Data accessibility Data accuracy Data comprehensiveness Data consistency Data currency Data defi nition Data granularity Data precision Data quality characteristics Data relevancy
L E A R N I N G A C T I V I T I E S · 59
Data timeliness Databases Data warehouses Diagnosis related group (DRG) Diagnostic and procedural codes Discharge summary Disease and procedure indexes Electronic health records (EHRs) Electronic medical records
(EMRs) Episode of care Healthcare Common Procedure
Coding System (HCPCS) Health care data Health care data quality Health care information Health care statistics Health Insurance Portability and
Accountability Act (HIPAA) Health record History and physical ICD-10 (International Classifi cation of
Diseases) ICD-10-CM (Clinical Modifi cation) ICD-10-PCS (Procedural Coding
System)
LEARNING ACTIVITIES
Identifi cation screen Imaging and X-ray reports Knowledge Laboratory reports Legal health record (LHR) Medical record Medication record The National Center of Health
Statistics (NVHS) National Uniform Billing Committee
(NUBC) National Uniform Claim Committee
(NUCC) Office of Inspector General of the
Department of Health and Human Services (HHS OIG)
Operative report Pathology report Physician’s orders Plausibility Population health Problem list Progress notes Protected health information (PHI) Small data UB-04/CMS-1450/837I
1. Contact a health care facility (hospital, nursing home, physician’s offi ce, or other organization) to ask permission to view a sample of the health records they maintain. Answer the following questions for each record:
a. What is the primary reason (or condition) for which the patient was seen?
b. How long has the patient had this condition?
c. Did the patient have a procedure performed? If so, what procedure(s) was (were) done?
60 · C H A P T E R 2 : H E A L T H C A R E D A T A
d. Did the patient experience any complications? If so, what were they?
e. How does the physician’s initial assessment of the patient compare with the nurse’s initial assessment? Where in the record would you find this information?
f. To where was the patient discharged?
g. What were the patient’s discharge orders or instructions? Where in the record should you find this information?
2. Make an appointment to meet with the business manager at a physician’s offi ce or health care clinic. Discuss the importance of ICD-10 coding or CPT coding (or both) for that offi ce. Ask to view the system that the offi ce uses to assign diagnostic and procedure codes. After the visit, write a brief summary of your findings and impressions.
3. Visit www.oig.hhs.gov. What are the major responsibilities of the Offi ce of Inspector General as they relate to coded health care data? What other responsibilities related to health care fraud and abuse does this offi ce have?
4. Consider a patient (real or imagined) with a chronic health condition. Identify at least three actual health care providers that this patient has seen in the past twelve months. Draw a diagram to illustrate the timeline of the patient’s encounters. Considering these encounters, how easy is it for each provider to share health care information regarding this patient with the others? What are the barriers to the communication and sharing of health care information? How will this affect the patient’s overall care?
5. Contact a health care facility (hospital, nursing home, physicians’ offi ce, or other facility) to ask permission to view a sample of the health records it maintains. These records may be in paper or electronic form. For each record, answer the following questions about data quality:
a. How would you assess the quality of the data in the patient’s record?
b. What proportion of the data in the patient’s medical record is captured electronically? What information is recorded manually? Do you think the method of capture affects the quality of the information?
c. How does the data quality compare with what you expected?
R E F E R E N C E S · 61
REFERENCES
Agency for Healthcare Research and Quality. (2012). Improving the measurement of surgical site infection risk stratification/outcome detection. Appendix C: Data dic tionary. Retrieved from http://www.ahrq.gov/research/fi ndings/fi nal-reports/ ssi/ssiapc.html
AHIMA. (2016). What is a personal health record (PHR)? Retrieved May 29, 2016, from http://myphr.com/StartaPHR/what_is_a_phr.aspx
Baker, A., Cronin, K., Conway, P., DeSalvo, K., Rajkumar, R., & Press, M. (2016, May 18). Making the comprehensive shared care plan a reality. Retrieved June 1, 2016, from http://catalyst.nejm.org/ making-the-comprehensive-shared-care-plan-a-reality/
Bayley, K. B., Belnap, T., Savitz, L., Masica, A. L., Shah, N., & Fleming, N. S. (2013). Challenges in using electronic health record data for CER. Medical Care, 51(8 Suppl 3), S80–S86. doi:10.1097/mlr.0b013e31829b1d48
Botsis, T., Hartvigsen, G., Chen, F., & Weng, C. (2010). Secondary use of EHR: Data quality issues and informatics opportunities. Summit on Translational Bioinfor matics, 2010, 1–5.
CDC. (2016). International classification of diseases, tenth revision. Clinical Modi fication (ICD-10-CM). Retrieved May 30, 2016, from http://www.cdc.gov/nchs/ icd/icd10cm.htm
Centers for Medicare and Medicaid Services (CMS). (2013). Medicare billing: 837P and form CMS-1500 [Brochure]. Retrieved March 2013 from https://www.cms. gov/Outreach-and-Education/Medicare-Learning-Network-MLN/MLNProducts/ downloads/form_cms-1500_fact_sheet.pdf
Centers for Medicare and Medicaid Services (CMS). (2015). ICD-10-CM/PCS: The next generation of coding [Brochure]. Retrieved May 30, 2016, from https:// www.cms.gov/Medicare/Coding/ICD10/downloads/ICD-10Overview.pdf
Centers for Medicare and Medicaid Services (CMS). (2016a). Medicare billing: 837I and form CMS-1450 [Brochure]. Retrieved May 30, 2016, from https://www.cms .gov/Outreach-and-Education/Medicare-Learning-Network-MLN/MLNProducts/ Downloads/837I-FormCMS-1450-ICN006926.pdf
Centers for Medicare and Medicaid Services (CMS). (2016b). 2016 ICD-10-CM and GEMS. Retrieved August 2016 from https://www.cms.gov/Medicare/Coding/ ICD10/2016-ICD-10-CM-and-GEMs.html
Centers for Medicare and Medicaid Services (CMS). (2016c). 2017 ICD-10 PCS and GEMS. Retrieved August 2016 from https://www.cms.gov/Medicare/Coding/ ICD10/2017-ICD-10-PCS-and-GEMs.html
Crosby, P. B. (1979). Quality is free: The art of making quality certain. New York, NY: McGraw-Hill.
Davoudi, S., Dooling, J., Glondys, B., Jones, T., Kadlec, L., Overgaard, S., . . .
62 · C H A P T E R 2 : H E A L T H C A R E D A T A
& Wendicke, A. (2015, Oct.). Data quality management model (2015 update). Journal of AHIMA, 86(10). Retrieved from http://bok.ahima.org/ doc?oid=107773#.V6ILzfkrIuU
Deloitte Consulting. (2011) Integrated care organizations’ information technology requirements. New York, NY: Author.
Dooling, J., Goyal, P., Hyde, L., Kadles, L., & White, S. (2014). Health data analysis toolkit. Chicago, IL: AHIMA. Retrieved September 22, 2016, from http://library. ahima.org/PdfView?oid=107504
Fields, R. (2010, Sept. 2). 10 statistics your hospital should track. Becker’s Hospital Review. Retrieved May 30, 2016, from http://www.beckershospitalreview.com/ hospital-management-administration/10-statistics-your-hospital-should-track.html
Garrett, P., & Seidman, J. (2011, Jan. 4). EMR vs. EHR—what is the difference? Health IT Buzz. Retrieved May 30, 2016, from http://www.healthit.gov/ buzz-blog/electronic-health-and-medical-records/emr-vs-ehr-difference/
Glaser, J. (2014, Dec. 9). Solving big problems with big data. Retrieved October 11, 2016, from http://www.hhnmag.com/ articles/3809-solving-big-problems-with-big-data
Harris, Y., & Schneider, C. D. (2015). Health information technology in the United States, 2015: Transition to a post-HITECH world (Ch. 4). Published jointly by the Robert Wood Johnson Foundation, Mathematica Policy Research, Harvard School of Public Health, and University of Michigan, School of Information. Available online.
Health Information Management and Systems Society (HIMSS). (2014). Defi nition of continuum of care [Brochure]. Retrieved June 1, 2016, from http://s3.amazonaws .com/rdcms-himss/fi les/production/public/2014-05-14-Defi nitionContinuumofCare .pdf
Institute for Health Technology Transformation. (2012). Population health manage ment: A roadmap for provider-based automation in a new era of healthcare. Retrieved May 29, 2016, from http://ihealthtran.com/pdf/PHMReport.pdf
Institute of Medicine (IOM). (2014) Capturing social and behavioral domains and measures in electronic health records. Washington, DC: National Academies.
Johns, M. (1997). Information management for health professionals. Albany, NY: Delmar.
The Joint Commission. (2016). Comprehensive accreditation manual for hospitals. Oakbrook Terrace, IL: Author.
Juran, J. M., & Gryna, F. M. (1988). Juran’s quality control handbook. New York, NY: McGraw-Hill.
Kayyil, B., Knott, D., & Van Kuiken, S. (2013). The “big data” revolution in health- care. New York, NY: McKinsey and Co. Retrieved July 8, 2016, from http:// healthcare.mckinsey.com/sites/default/fi les/The_big-data_revolution_in_US_ health_care_Accelerating_value_and_innovation%5B1%5D.pdf
R E F E R E N C E S · 63
Lee, F. W. (2002). Data and information management. In K. LaTour & S. Eich enwald (Eds.), Health information management concepts, principles, and practice (pp.83–100). Chicago, IL: American Health Information Management Association.
Macadamian. (n.d.). Big data vs. small data: Turning big data into actionable insights. Retrieved August 3, 2016, from http://www.macadamian.com/ guide-to-healthcare-software-development/big-data-vs-small-data/
Markle Foundation. (2006). Connecting for health common framework: Background issues on data quality. Retrieved September 22, 2016, from http://www.markle .org/sites/default/fi les/T5_Background_Issues_Data.pdf
National Learning Consortium. (2013). Legal health record policy template. Offi ce of the National Coordinator for Health Information Technology. Retrieved August 18, 2016, from www.healthit.gov/sites/default/fi les/legal_health_policy_template.docx
National Uniform Billing Committee (NUBC). (2016). About us. Retrieved August 2016 from http://www.nubc.org/aboutus/index.dhtml
National Uniform Claim Committee (NUCC). (2016). Who are we? Retrieved August 2016 from http://www.nucc.org/index.php/22-active-home-page/23-who-are-we
Stoto, M. A. (2013, Feb. 21). Population health in the Affordable Care Act era. Academy Health. Retrieved June 1, 2016, from https://www.academyhealth .org/fi les/AH2013pophealth.pdf
Wells, B. J., Nowacki, A. S., Chagin, K., & Kattan, M. W. (2013). Strategies for handling missing data in electronic health record derived data. EGEMs (Generating Evidence & Methods to Improve Patient Outcomes), 1(3). doi:10.13063/2327-9214.1035
Weiskopf, N. G., & Weng, C. (2013). Methods and dimensions of electronic health record data quality assessment: Enabling reuse for clinical research. Journal of the American Medical Informatics Association, 20(1), 144–151. doi:10.1136/ amiajnl-2011-000681
CHAPTER 3
Health Care Information Systems
LEARNING OBJECTIVES
• To be able to identify the major types of administrative and clinical information systems used in health care.
• To be able to give a brief explanation of the history and evolution of health care information systems.
• To be able to discuss the key functions and capabilities of electronic health record systems and current adoption rates in hospitals, physician practices, and other settings.
• To be able to describe the use and adoption of personal health records and patient portals.
• To be able to discuss current issues pertaining to the use of HCIS systems including interoperability, usability, and health IT safety.
65
66 · C H A P T E R 3 : H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
After reading Chapters One and Two, you should have a general understanding of the national health IT landscape and the types and uses of clinical and administrative data captured in provider organizations. In this chapter we build on these fundamental concepts and introduce health care information systems, a broad category that includes clinical and administrative applica tions. We begin by providing a brief history and overview of information systems used in health care provider organizations. The chapter focuses on the electronic health record (EHR) and personal health record (PHR), including patient portals and the major initiatives that have led to the adoption and use of EHRs in hospitals and physician practices. Included is a discussion on the state of EHR adoption and use in other health care settings, including behavioral health, community health, and long-term care. Applications such as computerized provider order entry and decision support are described in the context of the EHR. (Note: Other health IT systems and applications needed to support population health and value-based payment—such as patient engage ment tools, telemedicine, and telehealth—are described in Chapter Four.) Finally, the chapter concludes with a discussion on important key issues in the use of HCIS including usability, interoperability, and health IT safety.
We begin first with a brief review of key terms.
REVIEW OF KEY TERMS
An information system (IS) is an arrangement of data (information), pro cesses, people, and information technology that interact to collect, process, store, and provide as output the information needed to support the orga nization (Whitten & Bentley, 2007). Note that information technology is a component of every information system. Information technology (IT) is a contemporary term that describes the combination of computer technol ogy (hardware and software) with data and telecommunications technology (data, image, and voice networks). Often in current management literature the terms information system (IS) and information technology (IT) are used interchangeably.
Within the health care sector, health care IS and IT include a broad range of applications and products and are used by a wide range of constituent groups such as payers, government, life sciences, and patients, as well as providers and provider organizations. For our purpose, however, we have chosen to focus on health care information systems from the provider organization’s perspective. The provider organization is the hospital, health system, physician practice, integrated delivery system, nursing home, or rural health clinic. That is, it is any setting where health-related services are delivered. The organization (namely, the capacity, decisions about how health IT is applied, and incentives)
M A J O R H E A L T H C A R E I N F O R M A T I O N S Y S T E M S · 67
and the external environment (regulations and public opinion) are important elements in how systems are used by clinicians and other users (IOM, 2011). We also examine the use of patient engagement tools such as PHRs and secure patient portals. Yet our focus is from an organization or provider perspective.
MAJOR HEALTH CARE INFORMATION SYSTEMS
There are two primary categories of health care information systems: admin istrative and clinical. A simple way to distinguish them is by purpose and the type of data they contain. An administrative information system (or an administrative application) contains primarily administrative or fi nancial data and is generally used to support the management functions and general operations of the health care organization. For example, an administrative information system might contain information used to manage personnel, finances, materials, supplies, or equipment. It might be a system for human resource management, materials management, patient accounting or billing, or staff scheduling. Revenue cycle management is increasingly important to health care organizations and generally includes the following:
• Charge capture
• Coding and documentation review
• Managed care contracting
• Denial management of claims
• Payment posting
• Accounts receivable follow-up
• Patient collections
• Reporting and benchmarking
By contrast, a clinical information system (or clinical application) contains clinical or health-related information used by providers in diagnosing and treating a patient and monitoring that patient’s care. Clinical information systems may be departmental systems—such as radiology, pharmacy, or laboratory systems—or clinical decision support, medication administration, computerized provider order entry, or EHR systems, to name a few. They may be limited in their scope to a single area of clinical information (for example, radiology, pharmacy, or laboratory), or they may be comprehensive and cover virtually all aspects of patient care (as an EHR system does, for example). Table 3.1 lists common types of clinical and administrative health care information systems.
68 · C H A P T E R 3 : H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
Health care organizations, particularly those that have implemented EHR systems, generally provide patients with access to their information electron ically through a patient portal. A patient portal is a secure website through which patients may communicate with their provider, request refill on pre scriptions, schedule appointments, review test results, or pay bills (Emont, 2011). Another term that is frequently used is personal health record (PHR). Different from an EHR or patient portal, which is managed by the provider or health care organization, the PHR is managed by the consumer. It may
Table 3.1. Common types of administrative and clinical information systems
Administrative Applications Clinical Applications
Patient administration systems
Admission, discharge, transfer (ADT) tracks the patient’ s movement of care in an inpatient setting
Registration may be coupled with ADT system; includes patient demographic and insurance information as well as date of visit(s), provider information
Scheduling aids in the scheduling of patient visits; includes information on patients, providers, date and time of visit, rooms, equipment, other resources
Patient billing or accounts receivable includes all information needed to submit claims and monitor submission and reimbursement status
Utilization management tracks use and appropriateness of care
Other administrative and fi nancial systems
Accounts payable monitors money owed to other organizations for purchased products and services
General ledger monitors general fi nancial management and reporting
Ancillary information systems
Laboratory information supports collection, verifi cation, and reporting of laboratory tests
Radiology information supports digital image generation (picture archiving and communication systems [PACS]), image analysis, image management
Pharmacy information supports medication ordering, dispensing, and inventory control; drug compatibility checks; allergy screening; medication administration
Other clinical information systems
Nursing documentation facilitates nursing documentation from assessment to evaluation, patient care decision support (care planning, assessment, fl ow- sheet charting, patient acuity, patient education)
Electronic health record (EHR) facilitates electronic capture and reporting of patient’ s health history, problem lists, treatment and outcomes; allows clinicians to document clinical findings, progress notes, and other patient information; provides decision-support tools and reminders and alerts
H I S T O R Y A N D E V O L U T I O N · 69
Administrative Applications Clinical Applications
Personnel management manages human resource information for staff, including salaries, benefi ts, education, and training
Materials management monitors ordering and inventory of supplies, equipment needs, and maintenance
Payroll manages information about staff salaries, payroll deductions, tax withholding, and pay status
Staff scheduling assists in scheduling and monitoring staffi ng needs
Staff time and attendance tracks employee work schedules and attendance
Revenue cycle management monitors the entire fl ow of revenue generation from charge capture to patient collection; generally relies on integration of a host of administrative and fi nancial applications
Computerized provider order entry (CPOE) enables clinicians to directly enter orders electronically and access decision- support tools and clinical care guidelines and protocols
Telemedicine and telehealth supports remote delivery of care; common features include image capture and transmission, voice and video conferencing, text messaging
Rehabilitation service documentation supports the capturing and reporting of occupational therapy, physical therapy, and speech pathology services
Medication administration is typically used by nurses to document medication given, dose, and time
include health information and wellness information, such as an individual’s exercise and diet. The consumer decides who has access to the information and controls the content of the record. The adoption and use of patient portals and PHRs are discussed further on in this chapter. For now, we begin with a brief historical overview of how these various clinical and administrative systems evolved in health care.
HISTORY AND EVOLUTION
Since the 1960s, the development and use of health care information systems has changed dramatically with advances in technology and the impact of environmental influences and payment reform (see Figure 3.1). In the 1960s to 1970s, health care executives invested primarily in administrative and fi nan cial information systems that could automate the patient billing process and facilitate accurate Medicare cost reporting. The administrative applications that were used were generally found in large hospitals, such as those affi li ated with academic medical centers. These larger health care organizations were often the only ones with the resources and staff available to develop,
70 · C H A P T E R 3 : H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
Figure 3.1 History and evolution of health care information systems (1960s to today)
implement, and support such systems. It was common for these facilities to develop their own administrative and financial applications in-house in what were then known as “data processing” departments. The systems themselves ran on large mainframe computers, which had to be housed in large, envi ronmentally controlled settings. Recognizing that small, community-based hospitals could not bear the cost of an in-house, mainframe system, leading vendors began to offer shared systems, so called because they enabled hospi tals to share the use of a mainframe with other hospitals. Vendors typically charged participating hospitals for computer time and storage, for the number of terminal connects, and for reports.
By the 1970s, departmental systems such as clinical laboratory or pharmacy systems began to be developed, coinciding with the advent of minicomputers. Minicomputers were smaller and more powerful than some of the mainframe computers and available at a cost that could be justified by revenue-generating departments. Clinical applications includ ing departmental systems such as laboratory, pharmacy, and radiology systems became more commonplace. Most systems were stand-alone and did not interface well with other clinical and administrative systems in the organization.
The 1980s brought a significant turning point in the use of health care information systems primarily because of the development of the micro computer, also known as the personal computer (PC). Sweeping changes in reimbursement practices designed to rein in high costs of health care also had a significant impact. In 1982, Medicare shifted from a cost-based reimbursement system to a prospective payment system based on diagnosis related groups (DRGs). This new payment system had a profound effect on
H I S T O R Y A N D E V O L U T I O N · 71
hospital billing practices. Reimbursement amounts were now dependent on the accuracy of the patient’s diagnosis and procedures(s) and other informa tion contained in the patient’s record. With hospital reimbursement changes occurring, the advent of the microcomputer could not have been more timely. The microcomputer was smaller, often as or more powerful, and far more affordable than a mainframe computer. Additionally, the microcomputer was not confined to large hospitals. It brought computing capabilities to a host of smaller organizations including small community hospitals, physician practices, and other care delivery settings. Sharing information among micro computers also became possible with the development of local area networks. The notion of best of breed systems was also common; individual clinical departments would select the best application or system for meeting their unique unit’s needs and attempt to get the “systems to talk to each other” using interface engines.
Rapid technological advances continued into the 1990s, with the most profound being the evolution and widespread use of the Internet and elec tronic mail (e-mail). The Internet provided health care consumers, patients, providers, and industries with access to the World Wide Web and new and innovative opportunities to access care, promote services, and share infor mation. Concurrently, the Institute of Medicine (IOM, 1991) published its fi rst landmark report The Computer-Based Patient Record: An Essential Technology for Health Care, which called for the widespread adoption of computerized patient records (CPRs) as the standard by the year 2001. CPRs were the precursor to what we refer to today as EHR systems. Numerous studies had revealed the problems with paper-based medical records (Burnum, 1989; Hershey, McAloon, & Bertram, 1989; IOM, 1991). Records are often illegible, incomplete, or unavailable when and where they are needed. They lack any type of active decision-support capability and make data collection and anal ysis very cumbersome. This passive role for the medical record was no longer sufficient. Health care providers needed access to active tools that afforded them clinical decision-support capabilities and access to the latest relevant research findings, reminders, alerts, and other knowledge aids. Along with patients, they needed access to systems that would support the integration of care across the continuum.
By the start of the new millennium, health care quality and patient safety emerged as top priorities. In 2000, the IOM published the report To Err Is Human: Building a Safer Health Care System, which brought national attention to research estimating that 44,000 to 98,000 patients die each year to medical errors. Since then, additional reports have indicated that these fi gures are grossly underestimated and the incidents of medical errors are much higher
72 · C H A P T E R 3 : H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
(Classen et al., 2011; James, 2013; Makary & Daniel, 2016;). A subsequent report, Patient Safety: Achieving a New Standard of Care (2004), called for health care providers to adopt information technology to help prevent and reduce errors because of illegible prescriptions, drug-to-drug interactions, and lost medical records, for example.
By 2009, the US government launched an “unprecedented effort to reengi neer” the way we capture, store, and use health information (Blumenthal, 2011, p. 2323). This effort was realized in the Health Information Technology for Economic and Clinical Health (HITECH) Act. Nearly $30 billion was set aside over a ten-year period to support the adoption and Meaningful Use of EHRs and other types of health information technology with the goal of improving health and health care. Rarely, if ever, have we seen public investments in the advancement of health information technology of this magnitude (Blumenthal, 2011). Interest also grew in engaging patients more fully in providing access to their EHR through patient portals or the concept of a PHR. We have also seen significant advances in telemedicine and tele health, cloud computing, and mobile applications that monitor and track a wide range of health data.
ELECTRONIC HEALTH RECORDS
Features and Functions
Let’s first examine the features and functions of an EHR because it is core to patient care. An EHR can electronically collect and store patient data, supply that information to providers on request, permit clinicians to enter orders directly into a computerized provider order entry (CPOE) system, and advise health care practitioners by providing decision-support tools such as reminders, alerts, and access to the latest research findings or appropriate evidence-based guidelines. CPOE at its most basic level is a computer appli cation that accepts provider orders electronically, replacing handwritten or verbal orders and prescriptions. Most CPOE systems provide physicians and other providers with decision-support capabilities at the point of ordering. For example, an order for a laboratory test might trigger an alert to the provider that the test has already been ordered and the results are pending. An order for a drug to which the patient is allergic might trigger an alert warning to the provider of an alternative drug. These decision-support capa bilities make the EHR far more robust than a digital version of the paper medical record.
Figure 3.2 illustrates an EHR alert reminding the clinician that the patient is allergic to certain medication or that two medications should not be taken
E L E C T R O N I C H E A L T H R E C O R D S · 73
Figure 3.2 Sample drug alert screen
Source: Medical University of South Carolina, Epic. Used with permission.
in combination with each other. Reminders might also show that the patient is due for a health maintenance test such as a mammography or a cholesterol test or for an influenza vaccine (Figure 3.2).
Up until the passage of the HITECH Act of 2009, EHR adoption and use was fairly low. HITECH made available incentive money through the Medi care and Medicaid EHR Incentive Programs for eligible professionals and hospitals to adopt and become “meaningful users” of EHR. As mentioned in Chapter One, the Meaningful Use criteria were established and rolled out in three phases. Each phase built on the previous phase in an effort to further the advancement and use of EHR technology as a strategy to improve the nation’s health outcome policy priorities:
• Improve health care quality, safety, and effi ciency and reduce health disparities.
• Engage patients and families in their health care.
• Improve care coordination.
• Improve population and public health.
• Ensure adequate privacy and security of personal health information.
To accomplish these goals and facilitate patient engagement in managing their health and care, health care organizations provide patients with access to their records typically through a patient portal. A patient portal is a secure website through which patients can electronically access their medical records. Portals often also enable users to complete forms online, schedule appointments, communicate with providers, request refills on prescriptions, review test results, or pay bills (Emont, 2011) (see Figure 3.3). Some provid ers offer patients the opportunity to schedule e-visits for a limited number of nonurgent medical conditions such as allergic skin reactions, colds, and nosebleeds.
74 · C H A P T E R 3 : H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
Figure 3.3 Sample patient portal
Source: Medical University of South Carolina.
EHR Adoption Rates in US Hospitals
As of 2015, nearly 84 percent of US nonfederal acute care hospitals had adopted basic EHR systems representing a nine-fold increase from 2008 (Henry, Pylypchuck, Searcy, & Patel, 2016) (see Figure 3.4). Table 3.2 lists the difference functionality between a basic system and a fully functional system (DesRoches et al., 2008). A key distinguishing characteristic is fully functional EHRs provide order entry capabilities (beyond ordering medica tions) and decision-support capabilities.
The Veterans Administration (VA) has used an EHR system for years, enabling any veteran treated at any VA hospital to have electronic access to his or her EHR. Likewise, the US Department of Defense is under contract with Cerner to replace its EHR system. EHR adoption among specialty hos pitals such as children’s (55 percent) and psychiatric hospitals (15 percent) is significantly lower than general medicine hospitals because these types of hospitals were not eligible for HITECH incentive payments. Small, rural, and critical access hospitals that have historically lagged behind in EHR adoption are now closing the gap with general acute care hospitals (Henry et al., 2016).
E L E C T R O N I C H E A L T H R E C O R D S · 75
Figure 3.4 Percent of non-federal acute care hospitals with adoption of at least a basic EHR with notes system and position of a certifi ed EHR: 2008–2015
Note: Basic EHR adoption requires the EHR system to have a set of EHR functions defined in Table 3.2. A certified EHR is EHR technology that meets the technological capability, functionality, and security requirements adopted by the Department of Health and Human Services. Possession means that the hospital has a legal agreement with the EHR vendor but is not equivalent to adoption. *Signifi cantly different from previous year (p<0.05). Source: ONC (2015a).
EHR Adoption in Office-Based Physician Practices
In addition to EHR use in hospitals, we have also seen signifi cant increases in the adoption and use of EHR systems among offi ce-based physician prac tices. By 2014, 79 percent of primary care physicians had adopted a certifi ed EHR system and 70 percent of medical and surgical specialties had as well (Heisey-Grove & Patel, 2015) (see Figure 3.5).
Ninety-eight percent of physicians in community health centers had adopted an EHR, three-quarters of them using a certified EHR. Not surpris ingly, physicians in solo and small group practices were less likely to have adopted EHR systems (Heisey-Grove & Patel, 2015).
EHR Adoption in Other Settings
Less is known nationally about EHR adoption rates in settings other than hospitals and physician practices. Among home health and hospice agencies,
76 · C H A P T E R 3 : H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
Table 3.2 Functions defining the use of EHRs
Fully Functional Basic System
System
Health Information Data
Patient demographics X X
Patient problem lists X X
Electronic lists of medications taken by X X
patients
Clinical notes X X
Notes including medical history and X
follow-up
Order Entry Management
Orders for prescriptions X X
Orders for laboratory tests X
Orders for radiology tests X
Prescriptions sent electronically X
Orders sent electronically X
Results Management
Viewing laboratory results X X
Viewing imaging results X X
Electronic images returned X
Clinical Decision Support
Warnings of drug interactions or X
contraindications provided
Out-of-range test levels highlighted X
Reminders regarding guidelines-based X
interventions or screening
the latest national estimates based on data from the 2007 National Home and Hospice Care survey indicate that 44 percent of home health and hospice agencies have adopted EHR systems (16 percent EHRs only and 28 percent EHRs and mobile technologies such as tablets or hand-held devices
E L E C T R O N I C H E A L T H R E C O R D S · 77
Figure 3.5. Offi ce-based physician practice EHR adoption since 2004
Source: ONC (2015a).
used to gather information at the point of care) (Bercovitz, Park-Lee, & Jamoom, 2013).
Some states, such as New York, have attempted to assess EHR adoption in long-term care facilities such as nursing homes. One study found that among 473 nursing homes in New York, 56.3 percent had implemented an EHR system (Abramson, Edwards, Silver, & Kaushal, 2014). Among the nursing homes that did not have EHRs, the majority had plans to implement one within two years. One-fifth had plans to implement one in more than two years, and 11.7 percent had no EHR implementation plans (Abramson et al., 2014). The majority of nursing homes indicated the biggest barriers to health IT investment were the initial cost, a lack of IT staff members, and the lack of fiscal incentives. National estimates on EHR adoption in long-term care are nearly nonexistent. Most are qualitative studies examining the experiences of early adopters (Cherry, Ford, & Peterson, 2011).
Impact of EHR Systems
Numerous studies over the years have demonstrated the value of using EHR systems and other types of clinical applications within health care organi zations. The majority of benefits fall into three broad categories: (1) quality, outcomes, and safety; (2) efficiency, improved revenues, and cost reduction; and (3) provider and patient satisfaction. Following is a brief discussion of these major categories, along with several recent examples and reports illus trating the value of EHRs to the health care process. It is important to note, however, that despite the benefits, some studies have found mixed results or negative consequences.
78 · C H A P T E R 3 : H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
• Quality, outcomes, and safety. EHR systems can have a signifi cant impact on patient quality, outcomes, and safety. Three major effects on quality are increased adherence to evidence-based care, enhanced surveillance and monitoring, and decreased medication errors. Banger and Graber (2015) recently conducted a review of the literature on the impact of health IT (including EHR systems) on patient quality and safety and found four major systematic reviews had been conducted from 2006 through 2014 each using a consistent methodology (Buntin, Burke, Hoaglin, & Blumenthal, 2011; Chaudhry et al., 2006; Goldzweig, Towfigh, Maglione, & Shekelle, 2009; Jones, Rudin, Perry, & Shekelle, 2014). Two of the reviews were published before the HITECH Act and two afterward. Collectively, 59 percent of the studies examined demonstrated positive effects on quality and safety, 25 percent had mixed-positive outcomes, 9 percent were neutral, and 8 percent were negative (Banger & Graber, 2015). Limitations of most of the earlier studies were based on the fact that they did not include many commercially available EHR systems. Since then, more than half of EHR evaluation studies involved commercially available EHR systems (Jones et al., 2014). Findings from the most recent systematic review conclude that CPOE effectively decreases medication errors. Hydari, Telang, and Marella (2014) studied the incidence of adverse patient safety events reported from 231 Pennsylvania hospitals from 2005 to 2012 in relation to their level of health IT use. After controlling for several possibly confounding factors, the authors found that hospitals adopting advanced EHRs (as defined by HIMSS) experienced a 27 percent overall reduction in reported patient safety events. Using advanced EHRs was associated with a 30 percent decline in medication errors and a 25 percent decline in procedure-related errors (Hydari et al., 2014).
• Efficiency, improved revenue, and cost reduction. In addition to improving quality and safety, some studies have shown that the EHR can improve effi ciency, increase revenues, and lead to cost reductions (Barlow, Johnson, & Steck, 2004; Grieger, Cohen, & Krusch, 2007). A fairly recent study by Howley, Chou, Hansen, and Dalrymple (2014) examined the financial impact of EHRs on ambulatory practices by tracking the productivity (e.g., the number of patient visits) and reimbursement of thirty practices for two years after EHR implementation. They found that practice revenues increased during EHR implementation despite seeing fewer patients. Another study looked at seventeen primary care clinics that used EHR systems and found that the clinics recovered their EHR investments within an average period of ten months (95 percent CI 6.2–17.4 months), seeing
E L E C T R O N I C H E A L T H R E C O R D S · 79
more patients with an average increase of 27 percent in the active patients-to-clinicians full-time equivalent ratio, and an increase in the clinic net revenue (p<.001) (Jang, Lortie, & Sanche, 2014).
• Provider and patient satisfaction. Provider and patient satisfaction are common factors to assess when implementing EHR systems. Results from satisfaction surveys are often mixed. In a 2008 national survey of physicians, 90 percent of providers using EHRs reported they were satisfi ed or very satisfi ed with them and a large majority could point to specifi c quality benefi ts (DesRoches et al., 2008). Those who had systems in place for two or more years were more likely to be satisfi ed (Menachemi, Powers, Au, & Brooks, 2010). A study that examined EHR satisfaction among obstetrics/gynecology (OB/ GYN) physicians found that 63 percent reported being satisfi ed with their EHR system, and nearly 31 percent were not satisfi ed (Raglan, Margolis, Paulus, & Schulkin, 2014). Among study participants, younger OB/GYN physicians were more satisfi ed with their EHR than older physicians. A study by Rand (in collaboration with the AMA) found that although many physicians approved of EHRs in concept (for example, they appreciated the fact that they could remotely access patient information and provide improved patient care), they expressed frustrations with usability and work fl ow (Friedberg et al., 2013). The time-consuming nature of data entry, interference with face-to face patient care, ineffi ciency, and the inability to exchange health information between EHR products led to dissatisfaction. Physicians across the full range of specialties and practice models also described other concerns regarding the degradation of clinical documentation.
Among US hospitals, a 2011 national study found that those with EHRs had significantly higher patient satisfaction scores on items such as “staff always giving patients information about what to do for the recovery at home,” “patients rating the hospital as a 9 or 10 overall,” and “patients would defi nitely recommend the hospital to others” than hospitals that did not (Kazley, Diana, Ford, & Menachemi, 2011, p. 26). Yet the same study found that the EHR use was not statistically associated with other patient satisfaction mea sures (such as having clean rooms) that one would not expect to be affected by EHR use. A more recent study by Jarvis and colleagues (2013) assessed the impact of using advanced EHRs (as defined as Stages 6 or 7 on the HIMSS Analytics EMR Adoption Model [EMRAM] level of health IT adoption) on hospital quality patient satisfaction using a composite score for measuring patient experience. (See the following Perspective.) They found that hospitals with the most advanced EHRs had the greatest gains in improving clinical
80 · C H A P T E R 3 : H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
process of care scores, without negatively affecting the patient experience (Jarvis et al., 2013). Another study found that physicians using EHRS that met Meaningful Use criteria and had two or more years EHR experience were more likely to report clinical benefits (King, Patel, Jamoon, & Furukawa, 2014).
Limitations and Need for Further Research
Not all studies have demonstrated positive outcomes from using EHR systems. For example, the same EHR or clinical information system can be imple mented in different organizations and have different results. As example of variability, two children’s hospitals implemented the same EHR (including CPOE) in their pediatric intensive care units. One hospital experienced a significant increase in mortality (Han et al., 2005), and the other did not (Del Beccaro, Jeffries, Eisenberg, & Harry, 2006). The hospital that experienced an increase in mortality noted that several implementation factors contributed to the deterioration in quality; specific order sets for critical care were not created, changes in workflow were not well executed, and orders for patients arriving via critical care transportation could not be written before the patient arrived at the hospital, delaying life-saving treatments. Many factors can influence the successful use and adoption of EHR systems. These are discussed more fully in Chapter Six.
PERSONAL HEALTH RECORDS
In addition to EHRs and patient portals, the broader concept of a personal health record has emerged in recent years. Initially, the PHR was envisioned as a tool to enable individuals to keep their own health records, and they could share information electronically with their physicians or other health care professionals and receive advice, reminders, test results, and alerts from them. Unlike the EHR and patient portal, which is managed by health care provider organizations, the PHR is managed by the consumer. It may include health and wellness information, such as an individual’s exercise and diet. The consumer decides who has access to the information and con trols the content of the record. Personal data the consumer gathers through use of health apps such as My Fitness Pal or Fitbits may be included.
What is the value of the PHR, and how does it relate to the EHR? Tang and Lansky (2005) believe the PHR enables individuals to serve as copilots in their own care. Patients can receive customized content based on their needs, values, and preferences. PHRs should be lifelong and comprehensive and should support information exchange and portability. Patients are often seen by multiple health care providers in different settings and locations over
P E R S O N A L H E A L T H R E C O R D S · 81
PERSPECTIVE HIMSS Analytics EHR Adoption Levels among US Hospitals
Stage Cumulative Capabilities 2016—Q1
Stage 7 Complete EHR is used; data warehousing and data analytics is used to improve care; clinical information can be shared via standardized electronic transactions across continuum of care.
4.3%
Stage 6 Physician documentation with structured templates and discrete data is implemented for at least one inpatient area. Full CCSS. The closed loop medication administration with bar coding is used. The fi ve rights of medication administration are verifi ed.
29.1%
Stage 5 A full complement of radiology PACS system provides medical images to physicians via an intranet.
34.4%
Stage 4 Computerized provider order entry (CPOE) used to create orders; CDSS is used with clinical protocols.
10.0%
Stage 3 Nursing/clinical documentation has been implemented including electronic medication administration record (MAR); clinical decision support (CDS) capabilities allow for error checking with order entry. Medical image access from picture archive and communication systems (PACS) is available within organization.
15.3%
Stage 2 Major clinical systems feed into clinical data repository (CDR) that enables viewing of orders and results. CDR contains a controlled medical vocabulary, and clinical decision support system (CDSS) capabilities. Hospital may have health information exchange (HIE) capabilities and can share CDR information with patient care stakeholders.
2.5%
Stage 1 All three major ancillary clinical systems (laboratory, pharmacy, radiology) are installed.
1.8%
Stage 0 All three key ancillary department systems (laboratory, pharmacy, radiology) are not installed.
2.6%
N=5,456
Source: Adapted from HIMSS Analytics EMR Adoption Model (EMRAM). © HIMSS Analytics 2016. Retrieved from http://www.himssanalytics.org/pro vider-solutions. Used with permission.
82 · C H A P T E R 3 : H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
the course of a lifetime. In our fragmented health care system, this means patients are often left to consolidate information from the various participants in their care. A PHR that brings together important health information across an individual’s lifetime and that is safe, secure, portable, and easily acces sible can reduce costs by avoiding unnecessary duplicate tests and improv ing health care communications. The concept of patient portals and PHRs are also inherent in the CMS Meaningful Use program. Stage 3 Meaningful Use recommendations (originally scheduled for implementation in 2017 but now under policy reconsideration) state that patients should be able to (1) communicate electronically using secure messaging, (2) access patient edu cation materials on the Internet, (3) generate health data into their providers’ EHRs, and (4) view, download, and transmit their provider-managed EHRs. Taken together, Ford, Hesse, and Huerta (2016) argue that these requirements outline the basic functionalities of a consumer-managed PHR.
Ford and his colleagues (2016) examined US consumers PHR use over time, the factors that influence use, and projected the diffusion of PHR under three scenarios. Not surprisingly, they found that consumers were increas ingly using electronic means for storing health data and communicating with their clinical providers. An estimated 5 percent of consumers used PHRs in 2008, and by 2013, this number had reached 17 percent (Ford et al., 2016), still relatively low. Using various prediction models, they estimate that PHR use will increase significantly within the next decade.
PHRs and personal health applications have the potential to positively affect medication adherence and quality of life for patients with chronic dis eases. For example, a recent controlled study examined the impact of a text- based message reminder system on medication adherence among adolescents with asthma (Johnson et al., 2016). Compared to adolescents in the control group, they found improvements in self-reported medication adherence (p = .011), quality of life (p = .037), and self-effi cacy (p = .016). System use varied considerably, however, with lower use among African American adolescents (Johnson et al., 2016).
Consumers are also increasingly capturing health, wellness, and clin ical data about themselves using a wide range of mobile technologies and applications—everything from wrist-worn devices that track steps and sleep patterns to web-based food diaries, networked weight scales, and blood pres sure machines (Rosenbloom, 2016). They also use social media networks to connect with others who share a similar health condition. Such approaches are referred to as person-generated health data (PGHD) technologies given that consumers may use these technologies independent of situations in which they are patients per se. According to Rosenbloom (2016) the fi eld of PGHD and related technologies is in its infancy, particularly in studying
K E Y I S S U E S A N D C H A L L E N G E S · 83
the real value these technologies add to health care delivery. Shaw and his colleagues (2016) found, for example, that individuals with chronic illnesses (who may have the most to benefi t from using mobile health devices) may be less likely to adopt and use these devices compared to healthy individuals. As health care organizations and providers move to managing population health and cohorts of patients under value-based payment models, the use of such technologies with certain populations of patients may be incredibly useful. Chapter Four discusses further the health IT tools needed to support population health management.
KEY ISSUES AND CHALLENGES
Despite the proliferation in the adoption and use of EHR systems, health care providers and organizations still face critical issues and challenges related to interoperability, usability, and health IT safety. Following is a brief dis cussion of each.
Interoperability
In simple terms, interoperability is “the ability of a system to exchange elec tronic health information with and use electronic health information from other systems without special effort on the part of the [user]” (Institute for Electrical and Electronics Engineering [IEEE], n.d.). The ONC’s report Connecting Health and Care for the Nation: A Shared Nationwide Interoper ability Roadmap (ONC, 2015a) describes the importance of interoperability in a creating a “learning health system” in which “health information fl ows seamlessly and is available to the right people, at the right place, at the right time.” The overarching vision of a learning health system is to put patients at the center of their care—“where providers can easily access and use secure health information from different sources; where an individual’s health information is not limited to what is stored in EHRs, but includes information from other sources (including technologies that individuals use) and portrays a longitudinal picture of their health, not just episodes of care; where diagnostic tests are only repeated when necessary, because the infor mation is readily available; and where public health agencies and researchers can rapidly learn, develop and deliver cutting edge treatments” (ONC, 2015a, p. vi) (see Figure 3.6).
Today, providers are challenged to knit together multiple EHRs, fi nan cial systems, and analytic solutions in an effort to effectively manage population health and facilitate care coordination. As health care providers
Source: ONC (2015a).
84 · C H A P T E R 3 : H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
Figure 3.6 The ONC’s roadmap to interoperability
and organizations coalesce to manage performance and utilization risk in their communities, they need high degrees of interoperability among these systems (Glaser, 2015). The systems must also fit well into the clinical workflow and patient care process while ensuring patient safety and quality. Additionally, interoperability will enable data generated by personal fitness and wearable devices to be included in the patient’s EHR (Glaser, 2015).
True interoperability has yet to be realized. Several factors make interop erability among health care information systems complicated. EHR systems are often developed using different platforms with inconsistent use of stan dards, no universal patient identifier exists, and pulling together from a wide range of sources is complicated (Glaser, 2015). Moreover, historically there has not been a great deal of incentive for providers to share information, nor for health IT vendors to bridge together a number of different systems, giving rise to the concept of information blocking. According to the ONC, informa tion blocking occurs “when persons or entities knowingly and unreasonably interfere with exchange or use of electronic health information” (ONC, 2015b). The concept of information blocking implies that the entity intentionally and knowingly interferes with sharing the data and is objectively unreasonable in light of public policy. The ONC has developed comprehensive strategies for identifying, deterring, and remedying information blocking and coordinat ing with other federal agencies that can investigate and take action against certain types of information blocking.
The ONC Roadmap to Interoperability postulates that work is needed in three critical areas: (1) requiring standards, (2) motivating the use of those standards through appropriate incentives, and (3) creating a trusted environ ment for collecting, sharing, and using electronic health information. Broad
K E Y I S S U E S A N D C H A L L E N G E S · 85
stakeholder involvement is critical to achieving interoperability. Stakeholders include those who receive or support care, those who deliver care, those who pay for care, and people and organizations that support health IT capabilities, oversight of health care organizations, and those who develop and maintain standards (ONC, 2015b). (See the following Perspective.) In addition to the ONC, which resides in the Department of Health and Human Services, CMS and state governments also play key roles in advancing interoperability. Statewide health information exchanges can be found in Massachusetts, New York, and Delaware (Glaser, 2015). Interoperability efforts and standards development are discussed more fully in Chapter Ten.
Partnerships are also occurring within the private sector to advance interoperability among systems by creating standards and promoting the sharing of data. CommonWell Health Alliance has created and implemented patient identification and record-locating service capabilities, Carequality is developing an interoperability and governance framework, and the Argo naut Project is testing the next generation of interoperability standards. Glaser (2015) argues that we must focus on several important goals in making interoperability in health care a reality by doing the following:
• Advancing standards development and pursuing new technical approaches to effecting standards-based interoperability
• Strengthening sanctions, perhaps through the certifi cation process, to minimize business practices that thwart interoperability
• Increasing transparency of vendor and provider progress in achieving interoperability
• Developing a trust framework that balances the need for effi cient exchange with the privacy rights of patients
• Promoting collaborative multi-stakeholder efforts, such as CommonWell Health Alliance, Carequality, and eHealth Initiative
• Encouraging provider-led activities within communities to broaden the range of interconnections and include stakeholders such as safety net providers
• Creating a governance mechanism that ensures an effective interchange across a wide range of health information exchanges
• Making reimbursement changes that emphasize care coordination and population health management, all of which must continue to evolve and be implemented
Unfortunately, there is no silver bullet or easy road to achieving true interoperability. However, with collaboration among stakeholders, appropriate
86 · C H A P T E R 3 : H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
Connecting Health and Care for the Nation: A Shared Nationwide Interoper ability Roadmap (ONC, 2015b) was released by the Office of the National Coordinator for Health Information Technology in 2015. This document was published as a companion to the Connecting Health and Care for the Nation: A 10-Year Vision to Achieve an Interoperable Health IT Infrastruc ture. The following facts are taken from the Roadmap and its companion infographic, Shared Nationwide Interoperability Roadmap: The Journey to Better Health and Care. This outline lists progress toward interoperability since 2009, the current state of health care supporting the need for interop erability, and the future goals and selected payer and outcome milestones for achieving the ultimate in interoperability, “learning health systems in which health information flows seamlessly and is available to the right people, at the right place, at the right time” (ONC, 2015a).
Selected Historical Interoperability Achievements
2009 16% of hospitals and 21% of providers adopted basic EHRs. 2011 27% of hospitals and 34% of providers adopted EHRs. 2013 94% of nonfederal acute care hospitals use a certifi ed EHR.
78% of offi ce-based physicians use an EHR. 62% of hospitals electronically exchanged health information with providers outside their system.
2014 80% of hospitals can electronically query other organizations for health information. 14% of office-based providers electronically share patient information with other providers.
Current State of Health Care
• One in three consumers must provide his or her own health informa tion when seeking care for a medical problem.
• A typical Medicare benefi ciary sees seven providers annually.
• A typical primary care physician has to coordinate care with 229 other physicians working in 117 practices.
• Eighty to ninety percent of health determinants are not related to health care.
K E Y I S S U E S A N D C H A L L E N G E S · 87
PERSPECTIVE The ONC Roadmap to Interoperability
• One in eight Americans tracks a health metric using technology.
• It takes seventeen years for evidence to go from research to practice.
Barriers to Interoperability
• States have different laws and regulations making it diffi cult to share health information across state lines.
• Health information is not suffi ciently standardized.
• Payment incentives are not aligned to support interoperability.
• Privacy laws differ and are misinterpreted.
• There is a lack of trust among health care providers and consumers.
2015–2017 Goal and Milestones Goal: Send, receive, find, and use priority data domains to improve health care quality and outcomes
Roadmap Milestones for a Supportive Payment and Regulatory Environment and Outcomes
CMS will aim to administer 30 percent of all Medicare payments to providers through alternative payment models that reward quality and value and encourage interoperability by the end of 2016.
A majority of individuals are able to securely access their elec tronic health information and direct it to the destination of their choice.
Providers evolve care processes and information reconciliation to ensure essential health information is sent, found, or received to support safe transitions in care.
ONC, federal partners, and stakeholders develop a set of measures assessing interoperable exchanges and the impact of interoperability on key processes that enable improved health and health care.
2018–2020 Goal and Milestones Goal: Expand interoperable health IT and users to improve health and lower cost
88 · C H A P T E R 3 : H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
Roadmap Milestones for a Supportive Payment and Regulatory Environment and Outcomes
CMS will administer 50 percent of all Medicare payments to pro viders through alternative payment models that reward quality and value by the end of 2018.
Individuals regularly access and contribute to their longitudinal electronic health information via health IT, send and receive that information through a variety of emerging technologies, and use that information to manage their health and participate in shared deci sion making with their care, support, and service teams.
Providers routinely and proactively seek outside information about individuals and can use it to coordinate care.
Public and private stakeholders report on progress toward interop erable exchange, including identifying barriers to interoperability, lessons learned, and impacts of interoperability on health outcomes and costs.
incentives, and keeping the patient at the center of our work and efforts, secure and efficient interoperability is certainly within reach.
Usability
In addition to interoperability concerns, clinicians often express frustration with the usability of EHR systems and other clinical information systems. In fact, 55 percent of physicians reported that it was difficult or very diffi cult to use. Common frustrations include confusing displays, iconography that lacks consistency and intuitive meaning, and the feeling that systems do not support clinicians’ cognitive workflow or inhibit them from easily drawing insights or conclusions from the data. Similarly, physicians who participated in a Rand study (Friedberg et al., 2013) felt that EHR data entry was time-con suming, interfered with face-to-face patient care, and was overall ineffi cient. They also reported that inability to exchange health information and the deg radation of clinical documentation were of concern. Others argue that poor usability of EHR systems not only contributes to clinician frustration but also can lead to errors and patient safety concerns (Meeks, Smith, Taylor, Sittig,
K E Y I S S U E S A N D C H A L L E N G E S · 89
2020–2024 Goal and Milestones Goal: Achieve nationwide interoperability to enable a learning health system
Roadmap Milestones for a Supportive Payment and Regulatory Environment and Outcomes
The federal government will use value-based payment models as the dominant mode of payment for providers.
Individuals are able to seamlessly integrate and compile longitudi nal electronic health information across online tools, mobile plat forms, and devices to participate in shared decision making with their care, support, and service teams.
Providers routinely use relevant info from a variety of sources, including environmental, occupational, genetic, human service, and cutting-edge research evidence, to tailor care to the individual.
Public and private stakeholders report on progress on key metrics identifi ed to achieve a learning health system.
Source: ONC (2015a).
Scott, & Singh, 2014; Sittig & Singh, 2011). In essence, usability refers to “the effectiveness, efficiency, and satisfaction with which the intended users can achieve their tasks in the intended context of produce use” (Bevan, 2001). Smartphones are typically viewed as having high usability, because they require little training and are intuitive to use. In fact, we often see young children navigating them before they can even talk!
Given the importance of system usability, a task force was formed by the American Medical Informatics Association (Middleton et al., 2013) to study the issue. They identified key recommendations on critical usability issues, particularly those that may adversely affect patient safety and the quality of care. The recommendations fall into four categories: (1) usability and human factors research, (2) policy recommendations, (3) industry recommendations, and (4) clinical end user recommendations. (See the Perspective.)
As one can discern from AMIA’s task force recommendations, usability is a multifaceted issue and one that requires thoughtful research, standardiza tion and interoperability, a common user interface style guide, and systems for identifying best practices and monitoring use as well as adverse events that may affect patient safety.
90 · C H A P T E R 3 : H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
PERSPECTIVE AMIA EHR Usability Recommendations
1. Usability and human factors research agenda in health IT
a. Prioritize standardized use cases.
b. Develop a core set of measures for adverse events related to health IT use.
c. Research and promote best practices for safe implementation of EHR.
2. Policy recommendations
d. Standardization and interoperability across EHR systems should take account of usability concerns.
e. Establish an adverse event reporting system for health IT and voluntary health IT event reporting.
f. Develop and disseminate an educational campaign on the safe and effective use of EHR.
3. Industry recommendations
g. Develop a common user interface style guide for select EHR functionalities.
h. Perform formal usability assessments on patient-safety sensitive EHR functionalities.
4. Clinical end user recommendations
i. Adopt best practices for EHR implementation and ongoing management.
j. Monitor how IT systems are used and report IT-related adverse events.
Source: Middleton et al. (2013). Reproduced with permission of Oxford Univer sity Press.
K E Y I S S U E S A N D C H A L L E N G E S · 91
Health IT Safety
In 2011, the Institute of Medicine published a report titled Health IT and Patient Safety: Building Safer Systems for Better Care in which they outlined a number of recommendations to ensure health IT systems are safe. In brief, they suggest that safety is a shared responsibility between vendors and health care organizations and requires the following:
• Building systems using user-centered design principles with adequate testing and simulation
• Embedding safety considerations throughout the implementation process
• Developing and publishing best practices
• Having accreditation agencies (such as the Joint Commission) assume a signifi cant role in testing as part of their accreditation criteria
• Focusing on shared learning and transparency
• Creating a nonpunitive environment for reporting (IOM, 2011)
Since then, the topic of health IT safety has grown in importance as more EHR systems have been deployed. Health IT patient safety concerns include adverse events that reached the patient, near misses that did not reach the patient, or unsafe conditions that increased the likelihood of a safety event (Meeks et al., 2014). Such events are often difficult to define and detect. Consequently, Singh and Sittig (2016) have developed a health IT safety measurement framework that takes into account eight technological and nontechnological dimensions or sociotechnical dimensions (see Table 3.3).
The Health IT Safety Framework provides a conceptual framework for defining and measuring health IT–related patient safety issues. The frame work is also built on continuous quality improvement methods that require stakeholders to ask themselves, How are we doing? Can we do better? How can we do better (Singh & Sittig, 2016)? In fact, Singh and Sittig (2016) argue that it is essential that clinicians and leaders make health IT patient safety an organizational priority by ensuring that the governance structure facil itates measuring and monitoring and creating an environment that is con ducive to detecting, fixing, and learning from system vulnerabilities. Meeks and colleagues (2014) used a variation of the Health IT Safety Framework in analyzing one hundred different EHR-related safety concerns reported to and investigated by the VA’s Informatics Patient Safety Office, which is a voluntary reporting system. The major categories of errors were because of (1) unmet display needs (mismatch between information needs and content
92 · C H A P T E R 3 : H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
Table 3.3 Sociotechnical dimensions
Dimension Description
Hardware and software Computing infrastructure used to support and operate clinical applications and devices
Clinical content The text, numeric data, and images that constitute the “language” of clinical applications, including clinical decision support
Human-computer All aspects of technology that users can see, touch, or interface hear as they interact with it
People Everyone who is involved with patient care and/or interacts in some way with health care delivery (including technology). This would include patients, clinicians and other health care personnel, IT developers and other IT personnel, informaticians
Workfl ow and Processes to ensure that patient care is carried out communication effectively, effi ciently, and safely
Internal organizational Policies, procedures, the physical work environment, features and the organizational culture that govern how the
system is configured, who uses it, and where and how it is used
External rules and Federal or state rules (e.g., CMS’s Physician Quality regulations Reporting Initiative, HIPAA, and Meaningful Use
program) and billing requirements that facilitate or constrain the other dimensions
Measurement and Evaluating both intended and unintended monitoring consequences through a variety of prospective and
retrospective, quantitative, and qualitative methods
Source: Reproduced from Measuring and Improving Patient Safety through Health Information Technology: The Health IT Safety Framework, Singh and Sittig, 25: p.228, 2016. With permission from BMJ Publishing Group Ltd.
display; (2) software modifications (concerns about upgrades, modifi ca tions, or configurations); (3) system-to-system interfacing (concerns about failure of interfacing between systems); and (4) hidden dependencies on distributed systems (one component of the EHR is unexpectedly or unknow ingly affected by the state or condition of another component) (Meeks et al., 2014). They concluded that because EHR-related safety concerns have soci otechnical origins and are multifaceted, health care organizations should build a robust infrastructure to monitor and learn from them.
K E Y T E R M S · 93
Numerous factors can affect the safety and effective use of health care information systems—everything from poor usability to software glitches to unexpected downtime or cyber attacks. Health care executives should be aware of these issues and vulnerabilities and ensure their organizations have in place mechanisms to prevent, detect, monitor, and address adverse events that may affect patient safety and quality of care.
SUMMARY
This chapter provided an overview of health care information systems including administrative and clinical information systems. We gave a brief history of the evolution of the use of information systems in health care. Special attention was given to the adoption, use, and features of EHR systems, patient portals, and PHR systems. We also summarized recent literature on the value of EHR systems, which may be categorized into three main areas: (1) quality, outcomes, and safety; (2) effi ciency, improved revenues, and cost reduction; and (3) provider and patient satisfaction. Limitations to research findings were noted along with the need for future research. Key issues related to the use of health care information systems were discussed including interoperability, usability, and health IT safety. The chapter concludes with a discussion of a health IT safety framework that may be useful to health care leaders in preventing, detecting, and monitoring health IT–related patient safety issues.
KEY TERMS Administrative information system Information blocking Best of breed Interoperability Clinical information systems Learning health systems Computerized provider order entry Mainframe computers
(CPOE) Microcomputer Electronic health record (EHR) Minicomputers Health IT safety Patient portals HIMSS Analytics EMR Adoption Personal health record (PHR)
Model (EMRAM) Usability
94 · C H A P T E R 3 : H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
LEARNING ACTIVITIES
1. Search the literature and find at least one article describing the adoption and use of one administrative or clinical information system. Summarize the article for your classmates and discuss it with them. What are the key points of the article? What learned lessons does it describe?
2. Visit a health care organization that uses one of the clinical applications described in this chapter. Find out how the application’s value is measured or assessed. What do the providers think of it? Health care executives? Nurses? Support staff members? What impact has it had on quality? Patient safety? Effi ciency? Satisfaction?
3. Conduct a literature review on interoperability in health care. What progress has been made to date? What challenges lie ahead? How do you think we may overcome these challenges?
4. Interview a CIO or health IT professional in your community regarding interoperability and health information exchange. To what extent is the organization exchanging health information electronically with others? What are the barriers and facilitators to the exchange?
5. Visit a health care organization (outside of a hospital or physician practice) to examine the types and use of information systems used. What are the major management issues related to the use of information systems in this setting? Discuss strategies for addressing these issues.
6. Interview a CMIO or other health care executive to investigate how health IT safety events are detected, monitored, and addressed in his or her organization. How does the organization’s approach take into consideration the factors described in the Singh and Sittig’s Health IT Safety Framework?
REFERENCES
Abramson, E. L., Edwards, A., Silver, M., & Kaushal, R. (2014). Trending health information technology adoption among New York nursing homes. The Ameri can Journal of Managed Care, 20(Special Issue), eSP53–eSP59.
Banger, A., & Graber, M. L. (2015). Recent evidence that health IT improves patient safety: Issue brief. RTI International. Retrieved July 28, 2016, from https:// psnet.ahrq.gov/resources/resource/28967
R E F E R E N C E S · 95
Barlow, S., Johnson, J., & Steck, J. (2004). The economic effect of implementing an EMR in an outpatient clinical setting. Journal of Healthcare Information Man agement, 18(1), 46–51.
Bercovitz, A. R., Park-Lee, E., & Jamoom, E. (2013). Adoption and use of electronic health records and mobile technology by home health and hospice care agen cies. National health statistics report, no 66. Hyattsville, MD: National Center for Health Statistics.
Bevan, N. (2001). International standards for HCI and usability. International Journal of Human-Computer Studies, 55, 533–552.
Blumenthal, D. (2011). Wiring the health system—origins and provisions of a new federal program: Part one of two. New England Journal of Medicine, 365(24), 2323–2329.
Buntin, M. B., Burke, M. F., Hoaglin, M. C., & Blumenthal, D. (2011). The benefi ts of health information technology: A review of the recent literature shows pre dominantly positive results. Health Affairs, 30(3), 464–471.
Burnum, J. (1989). The misinformation era: The fall of the medical record. Annals of Internal Medicine, 110, 482–484.
Chaudhry, B., Wang, J., Wu, S., Maglione, M., Mojica, W., Roth, E., . . . & Shek elle, P. G. (2006). Systematic review: Impact of health information technology on quality, efficiency, and costs of medical care. Annals of Internal Medicine, 144(10), 742–752.
Cherry, B. J., Ford, E. W., & Peterson, L. T. (2011). Experiences with electronic health records: Early adopters in long term care facilities. Health Care Manage ment Review, 36(3), 265–274.
Classen, D., Resar, R., Griffin, F., Federico, F., Frankel, T, . . . & James, B. C. (2011). Global “trigger tool” shows that adverse events in hospitals may be ten times greater than previously measured. Health Affairs, 30(4), 581–589.
Del Beccaro, M. A., Jeffries, H. E., Eisenberg, M. A., & Harry, E. D. (2006). Com puterized provider order entry implementation: No association with increased mortality rates in an intensive care unit. Pediatrics, 118, 290–295.
DesRoches, C. M., Campbell, E. G., Rao, S. R., Donelan, K., Ferris, T. G., Jha, A., . . . & Blumenthal, D. (2008). Electronic health records in ambulatory care: A national survey of physicians. New England Journal of Medicine, 359(1), 50–60.
Emont, S. (2011). Measuring the impact of patient portals: What the literature tells us. Oakland, CA: California HealthCare Foundation.
Ford, E. W., Hesse, B. W., & Huerta, T. R. (2016). Personal health record use in the United States: Forecasting future adoption levels. Journal of Medical Internet Research, 18(3), e73.
Friedberg, M. W., Chen, P. G., Van Busum, K. R., Aunon, F., Pham, C., Caloyeras, J. P. Mattke, S., Pitchforth, E., . . . & Tutty, P. (2013). Factors affecting physician professional satisfaction and their implications for patient care, health systems,
96 · C H A P T E R 3 : H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
and health policy. Santa Monica, CA: Rand Corporation. Retrieved August 3, 2016, from http://www.rand.org/pubs/research_reports/RR439.html
Glaser, J. (2015, April 14). Interoperability: A promise unfulfi lled. Hospitals and Health Networks.
Goldzweig, C. L., Towfigh, A., Maglione, M., & Shekelle, P. G. (2009). Costs and benefits of health information technology: New trends from the literature. Health Affairs, 28(2), w282–w293.
Grieger, D. L., Cohen, S. H., & Krusch, D. (2007). A pilot study to document the return on investment for implementing an ambulatory electronic health record at an academic medical center. Journal of the American College of Surgeons, 205(1), 89–96.
Han, Y. Y., Carcillo, J. A., Venkataraman, S. T., Clark, R., Watson, R. S., Nguyen, T. C., & Orr, R. A. (2005). Unexpected increased mortality after implementation of a commercially sold computerized physician order entry system. Pediatrics, 116(6), 1506–1512.
Heisey-Grove, D., & Patel, V. (2015, Sept.). Any, certified or basic: Quantifying phy sician EHR adoption. ONC Data Brief, No. 28. Washington, DC: Office of the National Coordinator for Health Information Technology.
Henry, J., Pylypchuck, Y., Searcy, Y., & Patel, V. (2016, May). Adoption of electronic health record systems among US non-federal acute care hospitals: 2008–2015. ONC Data Brief, No. 35. Washington, DC: Office of the National Coordinator for Health Information Technology.
Hershey, C., McAloon, M., & Bertram, D. (1989). The new medical practice environ ment: Internists’ view of the future. Archives of Internal Medicine, 149, 1745–1749.
HIMSS Analytics. (n.d.). EMR adoption model (EMRAM). Retrieved from http:// www.himssanalytics.org/provider-solutions
Howley, M. J., Chou, E. Y., Hansen, N., & Dalrymple, P. W. (2014). The long-term financial impact of electronic health record implementation. Journal of the American Medical Informatics Association, 2015(22), 443–452. Retrieved from http://skateboardingalice.com/papers/2015_Howley.pdf
Hydari, M. Z., Telang, R., & Marella, W. M. (2014). Saving patient Ryan: Can advanced medical records make patient care safer. Retrieved from https:// papers.ssrn.com/sol3/papers.cfm?abstract_id=2503702
IEEE. (n.d.) Interoperability. Standards glossary. Retrieved from http://www.ieee. org/education_careers/education/standards/standards_glossary.html#top
Institute of Medicine (IOM). (1991). The computer based patient record: An essential technology for health care. Washington, DC: National Academies Press.
Institute of Medicine (IOM). (2011). Health IT and patient safety: Building safer systems for better care. Washington, DC: National Academies Press.
James, J.T.A. (2013). A new evidence-based estimate of patient harm associated with hospital care. Journal of Patient Safety, 9, 122–128.
R E F E R E N C E S · 97
Jang, Y., Lortie, M. A., & Sanche, S. (2014). Return on investment in electronic health records in primary care practices: A mixed-methods study. Journal of Medical Informatics, 2(2), e25. Retrieved from http://medinform.jmir.org/2014/2/e25
Jarvis, B., Johnson, T., Butler, P., O’Shaughnessy, K., Fullam, F., Tran, L., & Gupta, R. (2013). Assessing the impact of electronic health records as an enabler of hospital quality and patient satisfaction. Academic Medicine, 88(10), 1471–1477.
Johnson, K. B., Patterson, B. L., Ho, Y., Chen, Q., Nian, H., Davison, C. L., Slagle, J., & Mulvaney, S. A. (2016). The feasibility of text reminders to improve med ication adherence in adolescents with asthma. The Journal of the American Medical Informatics Association, 21(3), 449–455.
Jones, S., Rudin, R., Perry, T., & Shekelle, P. (2014). Health information technol ogy: An updated systematic review with a focus on meaningful use. Annals of Internal Medicine, 160, 48–54.
Kazley, A. S., Diana, M. D., Ford, E., & Menachemi, N. (2011). Is EHR use associated with patient satisfaction in hospitals? Health Care Management Review, 37(1).
King, J., Patel, V., Jamoom, E. W., & Furukawa, M. F. (2014). Clinical benefi ts of electronic health record use: National fi ndings. Health Services Research, 49(1), 392–404.
Makary, M. A., & Daniel, M. (2016, May 3). Medical error—the third leading cause of death in the US. British Medical Journal, 353, i2139. Retrieved August 3, 2016, from http://www.bmj.com/content/353/bmj.i213
Meeks, D. W., Smith, M. W., Taylor, L., Sittig, D. F., Scott, J. M., & Singh, H. (2014). An analysis of electronic health record-related patient safety concerns. Journal of the American Medical Informatics Association, 21, 1053–1059.
Menachemi, N., Powers, T, Au, D. W., & Brooks, R. G. (2010). Predictors of phy sician satisfaction among electronic health record system users. Journal of Healthcare Quality, 32(1), 35–41.
Middleton, B., Bloomrosen, M., Dente, M. A., Hashmat, B., Koppel, R., Overhage, J. M., Payne, T. H., Rosenbloom, S. T., Weaver, C., & Zhang, J. (2013, June). Enhancing patient safety and quality of care by improving the usability of electronic health record systems: Recommendations from AMIA. Journal of the American Medical Informatics Association, 20, e2–e8.
ONC. (2015a). Connecting health and care for the nation: A shared nation wide interoperability roadmap. Final version 1.0. Retrieved July 11, 2016, from https://www.healthit.gov/policy-researchers-implementers/ draft-interoperability-roadmap
ONC. (2015b). Report to Congress on health information blocking. Retrieved August 3, 2016, from https://www.healthit.gov/sites/default/fi les/reports/ info_blocking_040915.pdf
Raglan, G. B., Margolis, B., Paulus, R. A., & Schulkin, J. (2014). Electronic health record adoption among obstetricians/gynecologists in the United States:
98 · C H A P T E R 3 : H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
Physician practices and satisfaction. Journal for Healthcare Quality. Retrieved August 3, 2016, from http://onlinelibrary.wiley.com/doi/10.1111/jhq.12072/full
Rosenbloom, S.T. (2016). Personal-generated health and wellness data for health care. Journal of the American Medical Informatics Association, 23(3), 438–439.
Shaw, R. J., Steinberg, D. M., Bonnet, J., Modarai, F., George, A., Cunningham, T., Mason, M., Shahsahebi, M., Grambow, S. C., Bennett, G. G., & Bowsorth, H. B. (2016). Mobile health devices: Will patients actually use them? Journal of the American Medical Informatics Association, 23(3), 462–466.
Sittig, D. F., & Singh, H. (2011). Defining health information technology-related errors. Archives in Internal Medicine, 171(14), 1281–1284.
Singh, H., & Sittig, D. F. (2016). Measuring and improving patient safety through health information technology: The health IT safety framework. BMJ Quality and Safety, 25, 226–232.
Tang, P. C., & Lansky, D. (2005). The missing link: Bridging the patient-provider health information gap. Health Affairs, 24(5), 1290–1295.
Whitten, J., & Bentley, L. (2007). Systems analysis and design methods (7th ed.). New York, NY: McGraw-Hill/Irvin.
CHAPTER 4
Information Systems to Support Population Health Management
LEARNING OBJECTIVES
• To be able to understand the data and information needs of health systems in managing population health effectively under value-based payment models.
• To be able to discuss key health IT tools and strategies for population health management including EHRs, registries, risk stratifi cation, patient engagement, and outreach, care coordination and management, analytics, health information exchange, and telemedicine and telehealth.
• To be able to discuss the application and use of data analytics to monitor, predict, and improve performance.
99
100 · C H A P T E R 4 : I N F O R M A T I O N S Y S T E M S T O S U P P O R T P O P U L A T I O N H E A L T H M A N A G E M E N T
The enactment of the Affordable Care Act (ACA) brought about sweeping legislation intended to reduce the numbers of uninsured and make health care accessible to all Americans. It also ushered in an era in which chang ing reimbursement and care delivery models are driving providers from the current fragmented system focused on volume-based services to an outcomes orientation. As a result, the health care system now taking shape is one in which value-based payment models financially reward patient-centered, coor dinated, accountable care.
Against this backdrop, providers’ increasing use of evidence-based med icine and growing capabilities in managing volumes of clinical evidence through sophisticated health IT systems will mean that treatments can be tailored for the individual and interventions can be made earlier to keep patients well. Furthermore, patient engagement is fast becoming a critical component in the care process, particularly in the area of population health management (PHM).
Health care providers’ interest in improving population health appears to be increasing because of the sudden ubiquity of the phrase, because many are participating in accountable care organizations (ACOs), and because even hospitals not participating in an ACO increasingly have incentives to reduce their number of potentially unavoidable admissions, readmissions, and emergency department visits (Casalino, Erb, Joshi, & Shortell, 2015).
In this chapter we’ll not only seek a common understanding of PHM but also explore how the advent of shared accountability fi nancial arrangements between providers and purchasers of care has created significant focus on PHM. We’ll also review the core processes associated with accountable care and examine the strategic IT investments and data management capabilities required to support population health management and enable a successful transition from volume-based to value-based care.
PHM: KEY TO SUCCESS
Although the ACO model is still new and evolving, approximately 750 ACOs are in operation today, covering some 23.5 million lives under Medicare, Medicaid, and private insurers. Although not all ACOs have demonstrated success in delivering better health outcomes at a lower cost, many have achieved promising results (Houston & McGinnis, 2016). As such, signifi cant ACO growth is expected. In fact, it is predicted that upward of 105 million people will be covered by an ACO by 2020 (Leavitt Partners, 2015).
Similarly, although the industry’s move to value-based payment is also in its early stages, value-based contracts are expected to substantially increase throughout the next decade. CMS has a stated goal that 50 percent of Medicare
P H M : K E Y T O S U C C E S S · 101
payments will be tied to alternative payment models by the end of 2018 (US DHHS, 2015). In fact, the projected impact of MACRA, which we discussed in Chapter One, on the adoption of value-based payment models is expected to rival the impact of Meaningful Use on adoption of EHRs. In addition, the substantial payment reform activity at the federal level is paralleled by private insurers’ efforts to support value-based payment and new models of care. For example, Aetna expects that 75 percent of its contracts will be value-based by 2020 (Jaspen, 2015).
These trends will accelerate the demand for services and technology that enable health systems and other organizations (health plans, Medicaid, community-based organizations, employers, and so forth) to jointly manage the health and care of populations—either as an ACO or in an ACO-like fashion. Although diverse, these organizations will all have a common need to improve operational efficiency, drive better patient outcomes while reduc ing the overall cost of care, and effectively engage consumers in managing their health and care.
Although the new reimbursement system is still taking shape, it’s clear that population health management will become a required core competency for provider organizations in a post fee-for-service payment environment (Institute for Health Technology Transformation, 2012).
Understanding Population Health Management
Population health as a concept first appeared in 2003 when David Kindig and Greg Stoddart (2003) defined it as “the health outcomes of a group of individ uals, including the distribution of such outcomes within the group” (p. 380).
It is important to note that medical care is only one of many factors that affect those outcomes. Other factors include public health interventions; aspects of the social environment (income, education, employment, social support, and culture); the physical environment (urban design, clean air and water); genetics; and individual behavior (Institute for Health Technology Transformation, 2012). “Improving the health of populations” was later iden tified as one element in the Institute for Healthcare Improvement’s triple aim for improving the US health care system, along with improving the individual experience of care and reducing the per capita cost of care (Berwick, Nolan & Whittington, 2008, p. 759).
Today, population health management comprises the proactive application of strategies and interventions to defined groups of individuals (e.g., diabetics, cancer patients with tumor regrowth, the elderly with multiple comorbidities) to improve the health of individuals within the group at the lowest cost. PHM interventions are designed to maintain and improve people’s health across
102 · C H A P T E R 4 : I N F O R M A T I O N S Y S T E M S T O S U P P O R T P O P U L A T I O N H E A L T H M A N A G E M E N T
the full continuum of care—from low-risk, healthy individuals to high-risk individuals with one or more chronic conditions (Felt-Lisk & Higgins, 2011). PHM also seeks to minimize the need for expensive encounters with the health care system, such as emergency department visits, hospitalizations, imaging tests, and procedures. This not only lowers costs but also redefi nes health care as an activity that encompasses far more than sick care, because it systematically addresses the preventative and chronic care needs of every patient—not just high-risk patients who generate the majority of health care costs (Institute for Health Technology Transformation, 2012).
Although population health can also mean the health of the entire popu lation in a geographic area, the population health efforts most health systems and ACOs are undertaking are aimed at providing better preventive and medical care for the “population” of patients “attributed” to their organiza tions by Medicare, Medicaid, or private health insurers (Casalino et al., 2015).
New Care Delivery and Payment Models: The Link to PHM
As we know, historically, there has been a lack of accountability for the total care of patients, the outcomes of their treatment, and the effi ciency with which health resources are used. The fact that health care services are paid primarily on a fee-for-service basis has contributed to the fragmentation and lack of accountability. Fee-for-service emphasizes the provision of health ser vices by individual hospitals or providers rather than care that is coordinated across providers to address the patient’s needs. Providers are rewarded for volume and for conducting procedures that are often more complex, when simpler, lower-cost, better methods may be more appropriate (Guterman & Drake, 2010).
Value-based care is emerging as a solution to address rising health care costs, clinical inefficiency and duplication of services, and to make it easier for people to get the appropriate care they need. As the federal government continues to test and implement several new payment models designed to achieve optimal health outcomes at a sustainable cost, commercial insurers are also partnering with health care providers in various arrangements that similarly seek to reward value rather than volume of services.
As discussed in Chapter One, two popular models of delivery system reform are the patient-centered medical home (PCMH) and the ACO. The PCMH emphasizes the central role of primary care and care coordination, with the vision that every person should have the opportunity to easily access high-quality primary care in a place that is familiar and knowledge able about his or her health care needs and choices. The ACO emphasizes the urgent need to think beyond patients to populations, providing a vision
P H M : K E Y T O S U C C E S S · 103
for increased accountability for performance and spending across the health care system (Patient-Centered Primary Care Collaborative, 2011). Both models rely on health care organizations and physicians providing coordinated and integrated care in an evidence-based, cost-effective way. This, of course, has significant implications for an organization’s ability to manage information effectively.
In conjunction with new models of care are new or modifi ed forms of payment for health care services, which are being piloted in various communities around the nation. These include bundled payments, pay for performance, shared savings programs, capitation or global payment, and episode-of-care payments.
Bundled payments may take different forms such as making a single payment for hospital and physician services instead of separate payments, bundling payments for inpatient and post-acute care, or paying based on diag nosis instead of treatment. Bundled payments are often applied to surgical procedures such as hip replacements. Pay-for-performance (P4P) programs reward hospitals, physician practices, and other providers with fi nancial and nonfinancial incentives based on performance on select measures. These performance measures can cover various aspects of health care delivery: clinical quality and safety, efficiency, patient experience, and health infor mation technology adoption. Most P4P programs, however, are still a bonus to a fee-for-service model (Miller, 2011). An integral part of the ACA, shared savings programs are intended to reward providers by paying them a bonus that is explicitly connected to the amount by which they reduce the total cost of care compared to expected levels. Capitation or global payment places full risk with the provider organization; the provider is responsible for the costs of all care that a patient receives. An episode-of-care payment system would pay the provider organization a single payment for all of the services associated with a hospitalization or other episode of acute care, such as a heart attack, including inpatient and post-acute care (Miller, 2011).
The revised payments associated with these programs signal the federal government’s most all-encompassing effort thus far to distribute risk and hold providers financially accountable for the quality of care they deliver. Although an in-depth discussion of these and other proposed payment reform systems is beyond the scope of this book, the following resources can provide a wealth of detailed information on health care payment reform initiatives:
• Centers for Medicaid & Medicare Services (www.CMS.gov)
• Healthcare Financial Management Association (www.hfma.org)
• American College of Healthcare Executives (www.ache.org)
104 · C H A P T E R 4 : I N F O R M A T I O N S Y S T E M S T O S U P P O R T P O P U L A T I O N H E A L T H M A N A G E M E N T
Progress to Date: PCMHs
Growing support for the PCMH has arisen across the vast majority of the US health care delivery system to include commercial insurance plans, multiple employers, state Medicaid programs, numerous federal agencies, the Depart ment of Defense, hundreds of safety net clinics, and thousands of small and large clinical practices nationwide (Grundy, Hacker, Langner, Nielsen, & Zema, 2012). Private and public payer initiatives together have grown from eighteen states in 2009 to forty-four states in 2013, and they now cover almost twenty-one million patients. These heterogeneous initiatives overall are becoming larger, paying higher fees, and engaging in more risk sharing with practices (NCQA, 2015).
Because the patient-centered medical home is foundational to ACOs— with ACOs often described as the “medical neighborhood”—the PCMH is likely to gain even greater prominence as ACOs continue to develop in the marketplace (Grundy et al., 2012). Moreover, a growing body of scientifi c evidence shows that PCMHs are saving money by reducing hospital and emergency department visits, mitigating health disparities, and improving patient outcomes. Examples of specific outcomes achieved by various PCMHs include the following:
• Lower Medicare spending
• More effective care management and optimized use of health care services
• Improved care management and preventative screenings for cardiovascular and diabetes patients
• Reduced socioeconomic disparities in cancer screening (NCQA, 2015)
Additionally, more than nine thousand primary care practices and for ty-three thousand clinicians (doctors and nurse practitioners) across the country have earned the PCMH designation from the National Committee for Quality Assurance (NCQA), the nation’s largest credentialing organization. The designation is earned by demonstrating achievement of goals related to accessible, coordinated, and patient-centered care (Olivero, 2015).
Progress to Date: ACOs
In the value-based care world, ACOs are expected to play a leadership role in improving population health—whether participating in contracts with Medi care, Medicaid, or managed care organizations (MCOs) or health plans. These arrangements are often complex and may differ widely, including elements
P H M : K E Y T O S U C C E S S · 105
such as governance requirements, payment structures, quality metrics, reporting requirements, and data sharing (Houston & McGinnis, 2016).
Several different ACO models, including the Pioneer ACO program and the Medicare Shared Savings Program (MSSP), are testing and evaluating various risk-sharing agreements. In December 2011, CMS signed agreements with thirty-two organizations to participate in the Pioneer ACO model, designed to show how particular ACO payment arrangements can best improve care and generate savings for Medicare. As of May 1, 2016, there are nine Pioneer ACOs participating in the model for a fifth and final performance year (CY2016). The MSSP is a key component of the Medicare delivery system reform initiatives included in the Affordable Care Act and is designed to facilitate coordination and cooperation among providers to improve the quality of care for Medicare fee-for-service (FFS) beneficiaries and reduce unnecessary costs. Eligible providers, hospitals, and suppliers may participate in the MSSP by creating or participating in an ACO.
Although there has been considerable debate among policymakers as to the success of the ACO model, some of these ACOs are already reporting pos itive results for improving patient outcomes and controlling costs, as shown in Table 4.1 (Houston & McGinnis, 2016).
ACO Challenges
Now with years of observation and learnings to draw from, several key chal lenges facing ACOs have been identified, including difficulties working across organizational boundaries, building the requisite infrastructure for effective data sharing, and truly engaging patients in the care process. One of the more notable challenges currently being worked on is the alignment and consolida tion of myriad quality measures being used in public and private programs.
Effective quality measures are imperative to accountability in organized systems of care, especially when performance affects the ability of the pro vider to share in savings or determines whether a provider avoids penalties or receives bonus payments (Bipartisan Policy Center, 2015). However, the notion of “measurement fatigue” and the increasing administrative burden it places on providers is a legitimate concern (Buelt, Nichols, Nielsen, & Patel, 2016). Another challenge with quality metrics is that although they tend to capture performance on specific outcomes, such as lower avoidable readmissions, or processes, such as screening for depression, they may not accurately measure the overall health of the patient, making it diffi cult to assess the true impact and efficacy of ACO arrangements (Houston & McGinnis, 2016).
106 · C H A P T E R 4 : I N F O R M A T I O N S Y S T E M S T O S U P P O R T P O P U L A T I O N H E A L T H M A N A G E M E N T
Table 4.1 Key attributes and broad results of current ACO models
Medicare Commercial Medicaid
Attribute MSSP Pioneer ACO ACOs ACOs
ACO prevalence
333 ACOs in 47 states
Key model features
Shared savings payment methodology
33 quality metrics
Results to date
CMS has reported results for different cohorts of MSSP ACOs based on start date, which have shown signifi cant savings, but it is diffi cult to aggregate these results, though only 26% of ACOs received shared savings payments
ACOs consistently improved on 27 of 33 quality metrics.
Increases in patient satisfaction relative to patients not enrolled in ACOs
18 ACOs in 8 states
Designed for large hospital systems
Shared savings system with higher risk and reward potential than MSSP
Same 33 quality metrics as MSSP
$304 million in savings over three years
ACOS consistently improved on 28 of 33 quality metrics.
Increases in patient satisfaction relative to patients not enrolled in ACOs
Began with 32 participants; 14 have left program
528 commercial contracts
Often independent contracts between ACOs and MCOs
Many feature narrow provider networks.
Not many publicly reported results available across programs due to proprietary information and diffi culty comparing results
66 ACOs in 9 active state-based programs
Various approaches to payment including shared savings and capitation
Various approaches to quality measurement
CO, MN, and VT have collectively reported $129.9 million in savings.
ED visits in OR decreased by 22%.
Source: R. Houston and T. McGinnis. January 2016. “Accountable Care Organizations: Looking Back and Moving Forward.” Center for Health Care Strategies. Used with permission.
P H M : K E Y T O S U C C E S S · 107
Implications for Health Care Leaders
Through the combination of changing health care business models and payment mechanisms, we are witnessing transformational change in the nature of health care delivery. It is evolving from one of reactive care with fragmented accountability and a dependence on full beds to a model of health management, care that extends over time and place and rewards for effi ciency and quality. This transformation poses potent challenges for providers and has enormous implications for today’s health care leaders, particularly by placing greater emphasis on these issues:
• Keeping patients well and managing and preventing disease
• Establishing more effi cient organization and utilization of care teams and venues of care
• Creating a care culture that is comfortable with change and ongoing automation
• Engaging patients in managing their care and overall health
• Ensuring the most cost-effective care is provided and that clinical processes are streamlined and follow the best evidence
More specifically, accountable care and the move to population health management will require industry perspectives and health care delivery practices to shift from
• Care providers working independently to collaborative teams of providers
• Treating individuals when they get sick to keeping groups of people healthy
• Emphasizing volumes to emphasizing outcomes
• Maximizing the use of resources and assets to applying appropriate levels of care at the right place
• Offering care at centralized facilities to providing care at sites convenient to patients
• Treating all patients the same to customizing health care for each patient
• Avoiding the sickest chronically ill patients to providing special chronic care services
• Being responsible for those who seek services to being responsible for the needs of the community
• Putting forth best efforts to becoming high-reliability organizations (Glaser, 2012b)
108 · C H A P T E R 4 : I N F O R M A T I O N S Y S T E M S T O S U P P O R T P O P U L A T I O N H E A L T H M A N A G E M E N T
Additionally, accountability will bring new performance and utilization risks to providers as the focus shifts from optimizing business unit perfor mance to optimizing network performance. At the same time, instead of maximizing the profitability of care, organizations will increase the volume of desired bundled episodes while controlling costs. At an operational level, organizations must change their structure as well as workflows to imple ment PHM and adopt new types of automation tools and reporting. This will require setting clear goals, the active participation of leadership—including physician leaders, an assessment of technology requirements, and an effective rollout strategy (Institute for Health Technology Transformation, 2012).
Health IT clearly plays a vital role in the success of new models of care and payment reform and should be an integral part of the organization’s planning process. Whether participating in an ACO or not, all health care organizations should be thinking about building a population health man agement strategy and addressing related gaps in their information technology (IT) capabilities. Minimally, this would include acquiring the capabilities and tools to do the following:
• Know, characterize, and predict the health trajectory that will happen within a population.
• Engage members, families, and care providers to take action.
• Manage outcomes to improve health and care.
ACCOUNTABLE CARE CORE PROCESSES
Accountable care frameworks are based on risk and reward, with providers and organizations agreeing to share the financial risk for a population in return for the opportunity to access rewards on meeting health care quality and cost goals. ACOs are responsible for tracking and measuring specifi c quality metrics to indicate that patient outcomes are improving or evidence‐ based processes are being used. Some, but not necessarily all, metrics may be tied directly to the payment methodology, meaning that performance on these metrics will trigger either a quality incentive (such as an increased percentage of shared savings) or a disincentive (such as not receiving any shared savings) (Houston & McGinnis, 2016).
To accomplish the goals of PHM, a provider must deliver proactive pre ventive and chronic care to its attributed patient population. As such, the care team must maintain regular contact with patients and support their efforts to manage their own health. At the same time, care managers must closely monitor high-risk patients to prevent them from deteriorating or developing complications. The use of evidence-based protocols to diagnose and treat
A C C O U N T A B L E C A R E C O R E P R O C E S S E S · 109
patients in a consistent, cost-effective manner is also central to PHM efforts. In many respects, success in population health management depends largely on a provider’s ability to manage several core processes in an accountable care environment. We’ll review these core processes in the next sections.
Identifying, Assessing, Stratifying, and Selecting Target Populations
To manage population health effectively, an organization must be able to track and monitor the health of individual patients, while also stratifying its population into subgroups that require particular services at specifi ed inter vals. ACOs typically stratify their patient population by common care needs, conditions, and expenditure levels and then deploy tailored interventions based on these characteristics (Houston & McGinnis, 2016). For example, a high-risk pregnancy may require more frequent interventions (offi ce visits, fetal heart monitoring, etc.) than standard prenatal care warrants.
Stratifi cation also involves the ability to identify a patient or cohort at risk for a negative health event (e.g., myocardial infarction, stroke, mental health crisis) or preventable health care utilization (e.g., surgical proce dure or hospitalization) (Gibson, Hunt, Knudson, Powell, Whittington, & Wozney, 2015). The Agency for Healthcare Research and Quality (AHRQ) describes another method of stratification as being able to identify subpop ulations of patients who might benefit from additional services. Examples of these groups include patients needing reminders for preventive care or tests, patients overdue for care or not meeting management goals, patients who have failed to receive follow-up after being sent reminders, and patients who might benefit from discussion of risk reduction (Institute for Health Technology Transformation, 2012).
Although there are numerous ways to identify and segment patients, having the ability to identify risk, alert appropriate stakeholders, and inter vene in the care process at the right time is a key component of population health management.
Providing High-Quality Care and Care Management Interventions across the Continuum
A key tenet of accountable care is to ensure that the health and wellness of a population is managed, the most cost-effective care is provided, clini cal processes are streamlined and follow the best evidence, the necessary reporting is in place, and payments and reimbursement are appropriate. Although this is an obvious goal for all providers, ACOs must facilitate
110 · C H A P T E R 4 : I N F O R M A T I O N S Y S T E M S T O S U P P O R T P O P U L A T I O N H E A L T H M A N A G E M E N T
cross-continuum medical management of patients for active episodes and acute disease processes or for any patient outside of the defined goals of a target population. An ACO must demonstrate, in a variety of ways, its commitment to being patient centered and to engaging patients in their care and overall health.
To effectively care for populations, care management involves the patient-centered management and coordination of care events and activities in multiple care settings by one or more providers (e.g., fi ne-tuning coor dination among care team members, identifying care gaps and situations requiring additional interventions, as well as managing care transitions). For example, research indicates that poorly executed transitions of care between different locations (e.g., from hospital to primary care) are associated with increased risks of adverse medication events, hospital readmissions, and higher health care costs. Determining which transitions present the greatest risks and targeting care management services to patients undergoing those transitions should conserve resources and lead to better cost and quality outcomes (AHRQ, 2015).
Additionally, lack of follow-up care after hospital discharge can result in complications, worsening of patients’ conditions, and a higher chance of readmission (Nielsen & Shaljian, 2013). Therefore, another example of a care management intervention is ensuring that hospitals notify primary care practices when patients are discharged and that primary care teams follow up with patients shortly thereafter.
The overall aim of care management is to manage the most complex patients through the health care system, as well as managing the overall health of a select population (e.g., diabetics and elderly), taking their prefer ences and overall situation into consideration. Care management ensures that all patients from the lowest risk level to high-risk “super users” receive care at the right time, in the right place, and in a manner best suited for the patient. This requires proactive care, communication, education, and outreach.
Managing Contracts and Financial Performance
Under new payment models, proactively understanding patient coverage and fi nancial responsibility will be more critical than ever. Financial teams must have a solid handle on estimating reimbursement and associated payment distributions, carrying out predictive modeling for reimbursement contracts, measuring performance against contracts and predicting profitability, as well as integrating with other key processes to share information.
For example, profit maximization under a shared savings-risk model requires a shift away from revenue-focused strategies to cost-containment
A C C O U N T A B L E C A R E C O R E P R O C E S S E S · 111
strategies (Houston & McGinnis, 2016). To effectively manage costs, health care executives will need tools and data to support different types of fi nan cial modeling, such as modeling the implications of moving patient care to settings other than the hospital or physician’s office. ACOs will also need actuarial cost and utilization predictors to effectively manage the care of a defi ned population.
These changes represent a significant cultural shift for provider organi zations that must be prepared to handle a complex mix of public and private sector payment mechanisms.
Measuring, Predicting, and Improving Performance
Data analytics is an integral part of PHM. ACOs typically measure quality and outcomes data against national guidelines or peer groups, and they seek to demonstrate longitudinal improvements. They might also measure costs, utilization, and patient experience on a population-wide basis, and they may use these reports as the basis for quality reporting to payers and other outside entities.
With payment so tightly linked to quality and outcomes, predicting, mon itoring, and measuring system performance in key areas becomes paramount in an accountable care environment. Under value-based payment programs, there will be real ramifications for poor care and rewards for improved care. In fact, even low-performing areas can qualify for high payments if they demonstrate year-over-year improvement.
Therefore, providers must have the ability to forecast which patients are likely to become high-risk so they can intervene before a patient’s condition worsens. They must also understand in real time if they are complying with a certain set of measures and monitor their continual performance. For example, ACOs will want to measure the effectiveness of care protocols, such as exercise compliance, for a population of diabetic patients. Surgical services providers will need to understand the costs and quality of proposed procedure bundles. Understanding what works and what does not is key to ensuring reimbursements, controlling costs, and, most important, providing the best care for patients (Glaser, 2012a).
Equally important is retrospective monitoring—finding out what didn’t happen and why. For example, if a care provider failed to respond to an alert in a timely fashion or deviated from a given standard of care process, they can use these data to determine if new care interventions are necessary or if they need to alter an individual’s plan of care. Likewise, knowing that a patient failed to keep an appointment or was unexpect edly seen in the emergency room will enable the care team to engage
112 · C H A P T E R 4 : I N F O R M A T I O N S Y S T E M S T O S U P P O R T P O P U L A T I O N H E A L T H M A N A G E M E N T
patients in new ways to better manage chronic disease. With providers facing penalties for readmission, it will be more important than ever to understand if it’s the treatment that failed, the discharge plan that failed, or the patient who did not follow through on the post-discharge plan (Chopra & Glaser, 2013).
Preparation and Automation Is Key
Overall, the accountable care movement demands that providers be more focused and aggressive in managing their organization and their patients. Among other challenges, changes in reimbursement will require providers to predict which patients will need extra care, more intensively engage and manage high-risk patients, model the financial implications of delivering sub-par care, assess the performance of core organizational processes such as transitions of care, determine conformance to medical evidence, and report quality measures to purchasers of care.
The long-term success of the transition to value-based payment models and PHM relies largely on health care providers investing in the IT tools and infrastructure—as well as acquiring the data management and analysis expertise—needed to automate and support these core processes. In addition, as with any IT endeavor, expertise in change management and workfl ow redesign is also a core requirement.
Even for providers that may not be participating in an ACO, building the organizational and IT competencies to support accountable care is critical to staying competitive. Organizations that fail to develop and demonstrate accountable care capabilities may not fulfill their obligations to the commu nity they serve—in fact, they may not survive.
Yet, organizations embracing the transformation from traditional fee-for service to value-based PHM are fi nding significant gaps in their IT capabil ities (Gibson et al., 2015). In the following section we examine the core IT building blocks and capabilities necessary to support accountable care and the move to PHM.
DATA, ANALYTICS, AND HEALTH IT CAPABILITIES AND TOOLS
As more providers and health systems evolve into ACOs, they are becom ing increasingly aware of what it takes to manage care from a population health perspective. As we know, this includes establishing new partner net works, targeting populations, aligning providers and contracts, developing
D A T A , A N A L Y T I C S , A N D H E A L T H I T C A P A B I L I T I E S A N D T O O L S · 113
cross-continuum protocols for care management, and enabling effi cient data sharing.
It’s All about the Data
For a PHM program to be effective there is a critical need to focus on the data and information that will increasingly power clinical decisions. This includes aggregating and normalizing clinical data, claims data, administrative data, and self-reported patient data to create a holistic view of the patients within a health care network. These data enable the network to identify populations of patients whose conditions can be managed through evidence-based care plans that are coordinated across care settings.
For example, the risk of progression from glucose intolerance to dia betes mellitus can be influenced by diet and exercise. Individuals within this “rising risk” population are at different stages of readiness to change and consequently at different stages of modifiable risk. Having this insight enables providers to offer services at the appropriate level and time (AHRQ, 2015).
However, for many organizations, obtaining population health data can be difficult because it must be collected and organized from many disparate sources (e.g., laboratory information systems, EHRs, practice management systems, and home-monitoring devices). Data types that require aggrega tion and normalization include labs, radiology reports, medications, vital signs, diagnoses, demographic information, and more. Returning to our diabetes example, although a diabetic’s blood glucose result is discrete data that can be found in an EHR, the results of the same patient’s foot or eye exam may be found only in text format within a practice management system.
Data management for PHM purposes is also challenging because there’s no guarantee the various IT systems talk to each other, and each provider and health plan may have a different system for patient identification and provider attribution. An important first step in connecting patient data across different care settings is to establish master patient indices (Glaser & Salzberg, 2011). Patient indices can serve as a crosswalk among the different medical record numbers and identifiers that may be used by various provider organizations to correctly identify patients. In addition, a record locator service may be used to determine which patient records exist for a member and where the source data is located. The key concept behind having a record locator service is that a patient’s health information is housed on computers at the various sites of his or her care and this information is queried and aggregated from these sites at the time of a request.
114 · C H A P T E R 4 : I N F O R M A T I O N S Y S T E M S T O S U P P O R T P O P U L A T I O N H E A L T H M A N A G E M E N T
Beyond the EHR: Core PHM Solution Components
Although a certified EHR certainly provides the necessary foundation for effectively responding to new payment models, population health requires a range of IT applications, PHM solution components, and analytical capabili ties. In fact, early adopters of PHM solutions are already seeing the need for next-generation capabilities to support the following transitions:
• From management of the sickest patients to management of all patients
• Static risk categorization to risk categorization that follows a patient’s evolving risk
• Focus on a single disease or condition based on simple data values and events to a focus on multi-disease or condition using evidence- based care plans
• “List” generation with signifi cant manual work for care managers to signifi cant process automation
• Loosely connected care “actors” to a care team that includes the patient and family
• Retrospective analysis to concurrent analysis (Glaser, 2016a)
As organizations look to enhance their population health management strategies, they should make investments that enable the IT platform to do the following:
• Collect data from multiple, disparate sources in near–real time, including any EHR, devices used in the home and at work, and other data sources, such as pharmacy benefi t managers or insurance claims.
• Support organizations in not only aggregating but also transforming and reconciling data to establish a longitudinal record for each individual within a population.
• Identify and stratify populations to pinpoint gaps in care, enabling providers to act on information and match the right care programs to the right individuals (Glaser, 2016a).
In addition to having an EHR that spans the continuum of care, pro viders pursuing PHM might invest in a PHM platform that sits above the EHR and other sources of data and must be EHR agnostic. In general, the following key technologies will enable the core accountable care processes.
D A T A , A N A L Y T I C S , A N D H E A L T H I T C A P A B I L I T I E S A N D T O O L S · 115
Revenue Cycle Systems and Contract Management Applications
One could argue that the revenue cycle system forms the foundation of a provider’s response to accountable care and payment reform. As the reim bursement environment becomes more complex, revenue cycle systems must evolve to support payments based on quality and performance, requiring new capabilities such as these:
• Aggregating charges to form bundles and episodes, with the aggregation logic enabling different groupings for different payers
• Managing the distribution of payment for a bundle to the physicians, hospitals, and non-acute facilities that delivered the care
• Streamlining transitions between disparate reimbursement methodologies and contracts when billing and collecting
• Providing tools for retrospective analysis of clinical and administrative data to identify areas for improving the quality of care and reducing the cost of care delivered
These new capabilities must complement routine activities such as registering patients, scheduling appointments, and administering patient billing.
Care Management Systems
Used by care managers and discussed previously, care management systems enable proactive surveillance, automation, coordination, and facilitation of services for many different subpopulations across the care continuum. Spe cific capabilities might include helping to facilitate transitions of care more efficiently, use of automated campaigns (e-mail, text, phone) to better manage high-risk patients, and supporting care teams in delivering evidence-based interventions to reduce high-cost utilization.
According to time-motion studies published in the journal Population Health Management by Prevea Health, automation of routine care manage ment tasks enables care managers to manage two to three times as many patients as they can with manual methods (Handmaker & Hart, 2015).
Rules Engines and Workfl ow Engines
Processes that are efficient, predictable, and robust enable an organization to thrive in an accountable care environment. Workflow and rules engines
116 · C H A P T E R 4 : I N F O R M A T I O N S Y S T E M S T O S U P P O R T P O P U L A T I O N H E A L T H M A N A G E M E N T
can monitor process performance, alerting staff members to missed steps, sequence issues, or delays.
Workflow engines specialize in executing a business process, not just decisions made at a discrete point in time. The technology can greatly assist in clinical decision making by not only presenting clinicians with alerts and reminders, such as a rules engine, but also by encouraging teamwork in clinical decisions, assisting with the time management and task allocation in process delivery, stating changes in patient or opera tional conditions, and creating behind-the-scenes automation of process steps.
In a value-based purchasing world where each core measure needs to be associated with what’s happening today, performance improvement inter ventions must occur in real time—that is, while the patient is still in the acute care cycle. Therefore, sophisticated IT tools such as workflow and rules engines that push information to the front lines, guiding decisions at the point of highest possible impact, will be required.
Data Warehouse, Analytics, and Business Intelligence
Analytics will facilitate proactive management of key performance metrics, because accountable care creates a greater need to assess care quality and costs, examine variations in practice, and compare outcomes.
An enterprise data warehouse will fuel a wide range of analytic needs and provide intelligence to enable continual care process improvement initiatives. For example, it will be imperative that an organization can compare a hypertensive patient’s total cost of care relative to its peers and national benchmarks, and perhaps even more important, predict if those costs will significantly increase because of comorbidities, complications, or gaps in care.
Applied to the data in registries or warehouses, predictive analytics tools can also help caregivers identify patients who are likely to present in the ER or be readmitted so they can tailor appropriate interventions and avoid penalties for excessive readmissions.
Although most providers lack experience with the tools and techniques associated with advanced data analysis, the application of business intelli gence (BI) in health care will become the platform on which the organization not only monitors performance but also makes critical decisions to uncover new revenue opportunities, reduce costs, reallocate resources, and improve care quality and operational efficiency. Thus, enhancing an organization’s competency in data analytics and BI will become essential for success in population health management.
D A T A , A N A L Y T I C S , A N D H E A L T H I T C A P A B I L I T I E S A N D T O O L S · 117
Health Information Exchange (HIE)
Essential to successful implementation of new models of care and payment reform is the exchange of clinical and administration information among different health care entities and between providers and patients. Although there has been some success in the regional health information exchange (HIE) movement, much of the focus now is on HIE capabilities at the integrated delivery system or ACO level. This enables providers to obtain a composite clinical picture of the patient regardless of where that patient was seen. By participating in an HIE or sharing health information, a number of potential important benefits may be realized:
• Serves as a building block for improved patient care, quality, and safety
• Makes relevant health care information readily available when and where it is needed
• Provides the means to reduce duplication of services that can lead to reduced health care costs
• Enables automation of administrative tasks
• Provides governance and management over the data exchange process
• Facilitates achievement of meaningful use requirements (HIMSS, 2010)
The concept of HIE is not new. For nearly two decades organizations and collaborators have tried to facilitate HIE, but unfortunately a number of HIE initiatives have failed to be sustainable over the long term (Vest & Gamm, 2010). The HITECH Act placed renewed interest in the success of HIE by providing incentive payments to eligible providers for Meaningful Use of electronic health records, which includes having the ability to exchange information electronically with others in order to have a comprehensive view of the patient’s health and care (Rudin, Salzberg, Szolovitis, Volk, Simon, & Bates, 2011). However, despite investment at the national, state, and local levels, the increase in HIE utilization remains modest.
In fact, a recent survey of organizations facilitating health information exchange found that 30 percent of hospitals and 10 percent of ambulatory practices now participate in one of the 119 operational health information exchange efforts across the United States (Adler-Milstein, Bates, & Jha, 2013). Although this is substantial growth from prior surveys, the researchers also found that 74 percent of HIE efforts report struggling to develop a sustain able business model. These findings suggest that despite progress, there is a substantial risk that many current efforts to promote health informa tion exchange will fail when public funds supporting these initiatives are depleted. Adding to the challenge, HIE efforts have struggled to engage payers,
118 · C H A P T E R 4 : I N F O R M A T I O N S Y S T E M S T O S U P P O R T P O P U L A T I O N H E A L T H M A N A G E M E N T
Figure 4.1 Percent of nonfederal acute care hospitals that electronically exchanged laboratory results, radiology reports, clinical care summaries, or medication lists with ambulatory care providers or hospitals outside their organization: 2008–2015
Source: Henry, Patel, Pylypchuk, and Searcy (2016).
and only 40 percent of HIE efforts in the country have one or more payers providing financial support (Adler-Milstein, Cross, & Lin, 2016).
Still, there is reason to remain optimistic, with more recent data showing that hospitals’ rates of electronically exchanging laboratory results, radiol ogy reports, clinical care summaries, or medication lists with ambulatory care providers or hospitals outside their organization has doubled since 2008 (see Figure 4.1). Moreover, this exchange has signifi cantly increased annually since 2011 (Henry, Patel, Pylypchuk, & Searcy, 2016).
Although there is still signifi cant progress to be made to improve the use of exchanged information and to address barriers to interoperability, HIE is critically important to the success of care transformation efforts nationwide. Thus, the industry must continue its efforts toward achieving sustainable HIE approaches to ensure that the massive national investment in health IT throughout the past decade delivers its intended return—higher-quality care, improved outcomes, and lower cost.
Registries and Scorecards
Serving as a kind of central database for PHM, registries can be used for patient monitoring, care gap assessment, point-of-care reminders, care man agement, and public health and quality reporting, among other uses. By integrating clinical, financial, and operational data across disparate sources into a single chronic condition and wellness registry solution, data can be normalized and turned into meaningful, actionable information.
D A T A , A N A L Y T I C S , A N D H E A L T H I T C A P A B I L I T I E S A N D T O O L S · 119
For example, registries and scorecards enable providers to identify, score, and predict risks of individuals or populations to allow targeted interventions to be implemented. When applied to a population, the registry can show, for example, how all of a particular provider’s patients with type 2 diabetes are doing, which diabetic patients are out of control, or how well an entire orga nization is treating patients with that condition (Nielsen & Shaljian, 2013).
Longitudinal Record and Care Plan
As we know, even if a provider is diligently capturing patient information in an EHR, the data are valuable only in the world of collaborative, accountable care if the information can be integrated with patient data from other sources and harmonized to produce a single, consolidated record at the member level. The longitudinal record presents a complete picture of the patient’s medical history in an organized, coherent view.
Serving as the sister solution to the longitudinal record, a longitudinal care plan provides a consolidated, normalized view of indicators to be mon itored, events due to happen, and actions to be taken to ensure that a patient maintains and improves his or her level of health.
Patient Engagement Tools
Medical interventions that occur solely through offi ce-based patient-provider interactions will no longer provide the level of monitoring and scrutiny needed to manage the health of individuals and populations. As such, providers must continue to harness the power of technology to engage patients in their care via tools such as home-monitoring devices, patient portals, and personal health records (PHRs), as well as through the use of social media, texting, and e-mail.
Portals and PHRs
Although patient portal use is still considered modest at best, given later-stage meaningful-use requirements and the anticipated benefits of patient engagement in the value-based care world, many providers are ramping up their portal efforts and seeing adoption rates well above 20 percent (Buckley, 2015). Another recent study predicts that PHR adoption will exceed 75 percent by 2020, an optimistic projection that outpaces the PHR goals set under the Meaningful Use incentive program (Ford, Hesse, & Huerta, 2016). These consumer-centric technologies are designed to help patients and consumers better manage their own health and care, securely communicate with providers, pay bills, obtain test results, view doctors’ notes, refill prescriptions, schedule appointments, and so on.
120 · C H A P T E R 4 : I N F O R M A T I O N S Y S T E M S T O S U P P O R T P O P U L A T I O N H E A L T H M A N A G E M E N T
Despite the fact that the environment for building, creating, and developing an HIE organization has never been better, the concerns about long-term sustainability and the impact and value of exchanging health information persist. The National eHealth Collaborative (NeHC) conducted a comprehen sive study of twelve fully operationally HIEs across the nation to find out from their leaders what factors have led to their success (NeHC, 2011). In-depth structured interviews were conducted with senior executives representing the business, clinical, and technical areas of each HIE. The key critical success factors these leaders identifi ed in sustaining an HIE are as follows:
• Aligning stakeholders with HIE priorities in an intensive and ongoing effort. Create a shared vision that all stakeholders can embrace and that serves as the cornerstone to success. Foster an environment that is built on trust and that promotes learning and resolves differences when they arise. Make ongoing and effective stakeholder engagement a priority.
• Establishing and maintaining consistent brand identity and role as a trusted, neutral entity dedicated to protecting the interests of participants. Data use and data integrity are two critical elements. The culture, policies, and procedures regarding the use of data must ensure that no entity will gain competitive advantage at the expense of others. Consent and security policies must meet the requirements of various stakeholders and regions or
Some patient portals and PHRs are integrated into a provider’s existing website, and others are extensions of the organization’s EHR system. For example, New York-Presbyterian (NYP) Hospital’s award-winning patient portal, myNYP.org, was built to expand on its existing EHR. Use of the portal led to a 42 percent increase of appointments scheduled using myNYP.org, and it lowered the no-show rated from 20 percent to 12 percent over a period of six months after it was made available in January 2012 (Glaser, 2013). Additional applications of the same appointment-alert technology can provide custom ized patient education material and personalized reminders to patients who fit a specific clinical profile, such as patients who missed an immunization.
Social Media
Additionally, with one-third of consumers using online forums and social media sites such as Facebook, Twitter, and YouTube for health-related matters
D A T A , A N A L Y T I C S , A N D H E A L T H I T C A P A B I L I T I E S A N D T O O L S · 121
PERSPECTIVE The HIE Lessons
states. The HIE infrastructure must ensure that patient data are accurate, reliable, and trustworthy.
• Ensuring alignment with vision in making strategic choices. Assess the stakeholders’ alignment with the initiative and congruence with the vision before deciding to pursue them. Regardless of how promising a source of funding may have initially appeared, some HIEs chose not to pursue it because the funding source did not have the full support of all stakeholders.
• Considering structural characteristics and dynamics of the HIE market. The geographic location, composition of stakeholders, and resource capabilities are all factors to consider.
• Understanding clinical workflow and managing change. The imple mentation of an HIE requires that clinicians and administrative staff members understand the impact of HIE applications on workfl ow and identify opportunities to improve effi ciencies.
Different business models, governance structures, and strategies may be used to create value for the HIE participants.
Source: NeHC (2011).
(PwC, 2012), many providers are actively engaged in using social media to communicate with patients and disseminate information on everything from emergency department wait times to new clinical offerings and research endeavors. They might also use social media channels to provide useful links to self-management tools and invitations to chronic care management programs. In fact, nearly 95 percent of hospitals have a Facebook page and just over 50 percent have a Twitter account (Griffis et al., 2014).
Automated Messaging
Similar to social media, the use of automated messaging tools (via text, e-mail, or phone) can be equally beneficial in urging patients to sched ule necessary appointments, fill their prescriptions, and comply with dis charge orders. For example, one study showed that diabetic and hypertensive patients were two to three times more likely to attend a chronic care visit if
122 · C H A P T E R 4 : I N F O R M A T I O N S Y S T E M S T O S U P P O R T P O P U L A T I O N H E A L T H M A N A G E M E N T
Given the modest adoption rates of PHRs and patient portals to date, research firm KLAS asked providers what best practices for patient portal adoption they would pass along to other providers trying to improve their rates. The following are their suggestions:
1. Educate patients. “What contributes to adoption is educating our patients about the portal, helping them sign up, and encouraging them to use it. But education is key. Patients have embraced the portal and use it for much of our communica tion, bill pay, results review, and more.”
2. Educate patients—again and again. “We ask patients on the phone whether they have signed up for the portal, and at their appointments we check to see whether they have fi lled things out on the portal. Then the medical assistants who greet the patients ask whether they have put their information on the portal. We promote the portal five or six times. On their way out, the doctors tell the patients that they are going to send their results to the portal.”
3. Educate staff members as if they were patients. “The patients get inundated and get tired of hearing it, but it was the kickoff that got everybody in the practice used to pushing the portal. We also made everyone here register on the portal to see what the patients would go through and so we could make changes and adjustments to fit our needs. It is an ongoing process, and we try to do contests every quarter. That is what contributes to our success, and it is pretty impressive.”
4. Give patients a reason to use the portal. “We are apparently doing something right in encouraging patients to come to our portal. They come to the portal to fill out the patient history and
successfully contacted using automated provider communications (Nielsen & Shaljian, 2013).
PHM is most effective when a symbiotic relationship exists between human interventions and automation tools. Patient engagement tools and outreach programs enable providers to correspond with each person in their patient populations, with the goal of raising the percentages of patients receiving the recommended care as reflected in the quality measures payers use to evaluate provider and health system performance. More important,
D A T A , A N A L Y T I C S , A N D H E A L T H I T C A P A B I L I T I E S A N D T O O L S · 123
PERSPECTIVE Top Tips for Portal Adoption
the medication list. I think that is because of the way our front desk staff members make new-patient appointments and the way they present the portal to the patients. They tell them that we can give them less waiting time when they come in if they get on the portal. We have an aggressive sign-up process. We give patients a Chromebook in the waiting room and help them sign up for the portal right away. We have a similar process in the ED and inpatient areas. We try to push as much content to the portal as possible.”
5. Talk to your vendor and physicians. “We drove adoption from the top down. In our initial phase, the adoption didn’t go well because we thought we knew what we were doing and could do it ourselves. We went back and listened to Medfusion. We took the portal to the doctors who understand technology. They came back from a CMS meeting and said we had to do the portal. They said we might not like it, but we have to do it.”
6. Hold your vendor accountable. “When we started to deploy Empower in our ambulatory area, we hit chal lenges and barriers with the physician group. The physicians really wanted to yank the product out; they didn’t want anything to do with it. They were beyond frustrated. We worked with MEDSEEK and the physicians, and in the last year and a half, we went from having a handful of patients on the portal to having sixty-five thousand. We were fi nally able to leverage the solution in the ambulatory space after we made changes to the product and the interface. There were deal breakers in how the product looked and felt from a patient perspective, and we worked through those.”
Source: Buckley (2015). Used with permission.
such programs assist providers in keeping patients as healthy as possible for as long as possible, a core tenant of PHM.
Telemedicine and Telehealth
The growing use of telemedicine can make patient interactions more convenient, expand geographic horizons particularly where needed medical specialists are few in number, and make care more accessible to those with mobility issues.
124 · C H A P T E R 4 : I N F O R M A T I O N S Y S T E M S T O S U P P O R T P O P U L A T I O N H E A L T H M A N A G E M E N T
With an abundance of patient-generated health information now available through online patient communities, social media can play a vital role in improving our understanding of disease and accelerating new approaches to treatment. Consider the following ways patient and consumer use of social media is benefi ting health care.
Creates a Sense of Community For those seeking emotional support and tips for coping with a disease, social media delivers on many fronts. It can enable the formation of com munities regardless of member locations and enable members to commu nicate asynchronously.
Sites such as PatientsLikeMe and Inspire provide virtual medical com munities focused on chronic diseases where patients can discuss their con ditions, track key health information, share side effects of medications and therapies, and bond with others as they chronicle the highs and lows of their health care journeys.
In fact, a 2014 survey of PatientsLikeMe members found that the vast majority of adult social media users with health conditions embrace the idea of sharing their health information online if it helps clinicians improve care, assists other patients, or advances medical research.
Users of online health communities also frequently cite as reasons for their membership the accountability the sites provide them in managing their own health and reaching their health-related goals, as well as the motivation, support, and advice they receive from others. Online commu nities can also lessen the feeling of isolation that often accompanies those with rare conditions or parents with a critically ill child.
Delivers New Clinical Research Insights As more and more patients use social media to track their health conditions and actively participate in their care, there is a greater opportunity to use this real-world data to better inform new treatments and treatment deci sions, enhance symptom management, and ultimately improve outcomes.
For example, in analyzing the results of observational data housed on PatientsLikeMe, researchers found that lithium therapy had no impact on ALS disease progression, which was later confirmed by subsequent rand omized trials (Chretien & Kind, 2013).
D A T A , A N A L Y T I C S , A N D H E A L T H I T C A P A B I L I T I E S A N D T O O L S · 125
PERSPECTIVE Five Reasons to “Like” Consumers’ Use of Social Media
Although PatientsLikeMe began as a social network enabling people to crowdsource the collective wisdom of others, it has developed into a pow erful analytical platform for clinicians and researchers. In fact, the network is quite transparent with its members about how it makes money—by sharing the information members provide about their experience with dis eases and selling it to their partners (companies that are developing or selling products to patients). This may include drugs, devices, equipment insurance, or medical services.
In addition to helping patients find and take advantage of clinical trials, health care social networks also provide an opportunity for par- ticipant-led research, in which members initiate new fields of study. For instance, Inspire members with spontaneous coronary artery dissection (SCAD) persuaded researchers at the Mayo Clinic to launch new research about their condition, which led to the creation of a SCAD registry, a key step in the further study of this rare disease (Tweet, Gulati, Aase, & Hayes, 2011). Indeed, there is tremendous potential for online patient communities to contribute to the notion of a continuously learning health system.
Builds Awareness of Cause-Related Issues or Personal Health Care Crises Social media can also serve as the birthplace for beneficial social move ments, as well as hubs for galvanizing emotional and financial support for a personal health care crisis.
The ALS Ice Bucket Challenge is a terrific example of social media’s power to deliver on the fund-raising aspect of the campaign and on the equally important goal of helping the public become more aware of ALS and efforts to find a cure.
The simple act of pouring ice on one’s head, capturing it on video, and calling out another person to do the same spread across social media chan nels like wildfire. With everyone from schoolchildren to celebrities getting in on the act, the ALS Association raised $115 million in 2014, a staggering increase from its $23.5 million intake in 2013 (ALS Association, 2015).
On a smaller scale, sites such as GoFundMe and My Cancer Circle can help keep family and friends abreast of a loved one’s illness and treatment status, provide tools to coordinate meal deliveries and rides to medical appointments, as well as enable financial contributions to help offset per sonal health care expenses.
126 · C H A P T E R 4 : I N F O R M A T I O N S Y S T E M S T O S U P P O R T P O P U L A T I O N H E A L T H M A N A G E M E N T
Provides Assistance with Treatment, Physician, or Hospital Selection Although physician rating sites have been around for many years, social media has given health care consumers a more active voice and an ever- present tool set for broadcasting opinions on all things health care–related— from physicians and hospitals to medications, devices, and insurance plans.
Like it or not, social media is proving to be a vehicle that can help scale positive and negative attitudes about one’s health care experience at Inter net speed. In fact, a 2012 survey by Demi & Cooper Advertising and DC Interactive found that 41 percent of people said social media would affect their choice of a specifi c doctor, hospital, or medical facility.
Of course, the downside here is that the negative opinions of a vocal minority could cause unjust reputation management issues for providers.
With the viewpoints of those in online social networks playing such a key role in influencing health care decisions, providers ought to ensure they are optimizing their social media channels and actively participating in helping consumers share positive opinions online.
Complements Traditional Approaches to Measuring Patient Satisfaction Beyond just randomly monitoring opinions shared on social media, savvy providers may want to turn to social media to supplement their
The American Telemedicine Association defines telemedicine or tele health as exchanging medical information via electronic communications to improve a patient’s clinical health status. Health care providers are embrac ing telemedicine because they see it as an efficient and cost-effective way to deliver quality care and improve patient satisfaction (Glaser, 2015a). Today’s telehealth framework spans the continuum of care and can include services such as the following:
• Telepsychiatry
• Remote image interpretation (teleradiology, teledermatology)
• e-Visits or televisits between providers and their patients
• Video visits for semi-urgent care
• Clinician-to-clinician consultations
• Critical care (virtual ICU, telestroke)
• Remote monitoring of a patient with a chronic disease
• Cybersurgery or telesurgery
D A T A , A N A L Y T I C S , A N D H E A L T H I T C A P A B I L I T I E S A N D T O O L S · 127
traditional means of capturing patient satisfaction and feedback on inpa tient experience.
In fact, researchers at Boston Children’s Hospital conducted a study to determine if Twitter could provide a reasonable form of complemen tary quality measurement, given the real-time nature of tweets. The team amassed unsolicited knowledge (versus data gleaned from very targeted survey questions) about what pleased or angered consumers by collecting more than 400,000 tweets directed at the Twitter handles of nearly 2,400 US hospitals between 2012 and 2013 (Ulrich, 2015).
Although certainly no replacement for patient satisfaction surveys, according to the researchers the data are suggestive and provide proof of principle that Twitter and the right analytical tools may provide a valua ble means for complementing standard approaches to measuring quality. Moreover, the ability to correlate social media data points such as tweets with actual outcomes measures (e.g., patient length of stay in the emer gency department or readmission rates) provides an interesting avenue for further exploration.
Source: Glaser (2016b). Reprinted from H&HN Daily by permission, April 11, 2016, Copyright 2016, by Health Forum, Inc.
Let’s take a closer look at some of the more popular applications of tele medicine and telehealth. Two-way interactive video-conferencing or other web-based technologies can be used when a face-to-face consultation is necessary. In addition, a number of peripheral devices can be linked to com puters to aid in interactive examination. For example, a stethoscope can be linked to a computer, enabling the consulting physician to hear the patient’s heartbeat from a distance. Electronic monitoring of physiological vital signs can be done through electronic intensive care unit (eICU) patient-monitoring systems, and telesurgery can enable a surgeon in one location to remotely control a robotic arm to perform surgery in another location.
Telehealth is also being used to capture and monitor data from patients at home. Examples include monitoring patient blood sugar levels through glucometers attached to cell phones and conducting teledermatology visits with the aid of cell phone cameras.
According to the American Hospital Association (AHA), 52 percent of hospitals used some form of telehealth in 2013, and another 10 percent were beginning to implement such services (AHA, 2015). Its growth potential is
128 · C H A P T E R 4 : I N F O R M A T I O N S Y S T E M S T O S U P P O R T P O P U L A T I O N H E A L T H M A N A G E M E N T
also notable. Business information provider IHS predicts the US telehealth market will grow from $240 million in revenue in 2013 to $1.9 billion in 2018—an annual growth rate of more than 50 percent (EY, 2014).
In addition to the growing demand for access and convenience, the need for telemedicine is driven by other factors such as the following:
• Signifi cant increase in the US population
• Shortage of licensed health care professionals
• Increasing incidence of chronic diseases
• Need for effi cient care of the elderly, homebound, and physically challenged patients
• Lack of specialists and health facilities in rural areas and in many urban areas
• Avoidance of adverse events, injuries, and illnesses that can occur within the health care system
These factors become increasingly important as new health care delivery and payment models evolve and providers are challenged to better manage chronic diseases, avoid readmissions, improve quality, and remove low acuity care from high-cost venues. As we know, the long-term benefits of population health programs are predicated in large part on managing high-cost, chron ically ill patient populations more effectively. Furthermore, the rapid deploy ment of high deductible health plans, which make consumers more conscious and accountable for their health care consumption and spending, has added to the pressure on providers to provide low-cost, convenient options.
Despite all its promise, several major barriers must be addressed if tele medicine is to be used more widely and become available. Concerns about provider acceptance, interstate licensure, overall confidentiality and liability, data standards, and lack of universal reimbursement for telemedicine services from public and private payers are among the complex and evolving issues affecting the widespread use of telemedicine. Furthermore, its cost-effectiveness has yet to be fully demonstrated.
Nonetheless, the barriers are beginning to erode under mounting pres sure from all health care constituents. Licensure portability will further ease the barriers to accessing services, whereas regulatory and payment policy changes in support of telehealth are widely expected in the coming years. For instance, on the private payer side, telemedicine use has been bolstered by a growing number of states enacting parity laws, which require health insurers to treat telehealth services the same way they would in-person services.
T R A N S I T I O N I N G F R O M T H E R E C O R D T O T H E P L A N · 129
TRANSITIONING FROM THE RECORD TO THE PLAN
As we reviewed in this chapter, the profound changes in reimbursement and care models are altering the structure of care provision, requiring providers to make investments in a comprehensive IT portfolio—beyond the EHR—to support PHM and enable the core processes associated with accountable care. These changing business and payment models are leading not only to signif icant changes in organization and practice but also to changes in the funda mental nature and design of the EHR itself. These changes can be characterized as a transition from the electronic health record to the electronic health plan (Glaser, 2015b).
The EHR does not disappear as a result of this shift. We will still need traditional EHR capabilities: providers need to review a radiology report and document a patient’s history and the care delivered. Problems must be recorded and medications reconciled. However, the strategic emphasis will move to technologies and applications that assist the care team (including the patient) in developing and managing the longitudinal, cross-venue health plan and assessing the outcomes of that plan.
For example, evidence-based pathways and decision-support logic have been embedded into EHRs to guide provider decisions according to a plan based on patient condition. EHRs can now include or be enhanced by the specific PHM technologies we discussed that enable the organization to understand its aggregate performance in undertaking disease-specifi c plans for multiple patients.
Provider organizations will not thrive in an era of health reform because they have a superb and interoperable EHR. They will thrive because the care they deliver consistently follows a plan designed to ensure desired outcomes. The EHR must evolve so it focuses on individual patients’ care plans—the steps required to maintain or create health.
Every patient’s EHR should clearly display the master care plan—a long- term care plan to maintain health integrated with short-term plans for transient conditions. The EHR should be organized according to this master plan: it should highlight the steps needed to recover or maintain health, list the expec tations of every caregiver the patient interacts with, and include tools such as decision support and a library of standard care plans. Interoperability is a necessity, because various providers must be able to use the plan-based EHR.
Care Plan Attributes
The care health plan has attributes that need to be present to ensure health and should be based on some fundamental ideas.
130 · C H A P T E R 4 : I N F O R M A T I O N S Y S T E M S T O S U P P O R T P O P U L A T I O N H E A L T H M A N A G E M E N T
First, all people have a foundational plan. If the person is a healthy young man, the plan may be simple: establishing health behaviors such as exercise. If the person is a middle-aged man with high cholesterol and sleep apnea, the plan may be annual physicals, statins, a CPAP machine, and a periodic colonoscopy. If a person is frail and elderly with multiple chronic diseases, the plan may be merging the care for each chronic condition, ensuring proper diet, and providing transportation for clinic visits.
Second, plans are a combination of medical care strategies with goals to maintain health (such as losing weight) along with public health campaigns (such as immunizations).
Third, on top of foundational plans there may be transient plans. For the patient undergoing a hip replacement there is a time-bounded plan beginning with presurgery testing and ending when rehabilitation has been completed. A patient undergoing a bad case of the flu has a time-bounded plan.
Fourth, people who have a common plan are members of the same pop ulation. These populations may be all patients undergoing a coronary artery bypass graft in a hospital, all patients with a certain chronic disease, or all patients at high risk of coronary artery disease. Moreover, a particular person may be a member of multiple populations at the same time.
Fifth, risk is the likelihood that the plan will not be followed or will not result in desired outcomes. A patient motivated to manage his or her blood pressure has a lower risk than a patient who is not motivated. A frail person with multiple chronic diseases is at greater risk that the plans will not keep him or her out of the hospital than a person whose health is generally good despite having multiple chronic diseases.
Sixth, not all care will be amenable to a predefined patient plan. Life- threatening trauma, diseases of mysterious origin, sudden complications—all require skilled caregivers to make the best decisions possible at the moment.
Seventh, plans should be based on the evidence of best care and health prac tices. And the effectiveness of a plan should be measurable, either in terms of plan steps being completed or desired outcomes being achieved (Glaser, 2015a).
The Plan-Centric EHR
The EHR needs to evolve into plan-centric applications. Among others, these applications will have several key characteristics.
A Library of Plans That Cover a Wide Range of Situations
This library will include, for instance, plans for managing hypertension, removing an appendix, losing weight, and treating cervical cancer. There
T R A N S I T I O N I N G F R O M T H E R E C O R D T O T H E P L A N · 131
will be variations in plans that reflect variations in patient circumstances and preferences, for example, plans that depend on whether the patient is a well-managed diabetic or plans that reflect the slower surgical recovery time of an elderly person.
Algorithms to Form a Patient’s Master Plan
A master plan will combine, for example, the patient’s asthma, hysterectomy, depression, and weight-reduction plans into a single plan. These algorithms will identify conflicts and redundancies among the plans and highlight the care steps that optimize a patient’s health for all plans. For example, if each of the five plans has six care steps, the algorithms can determine which steps are the most important.
Team-Based
The master plan will cover the steps to be carried out by a patient’s primary care provider, specialists, nurse practitioners, pharmacists, case managers, and the patient. Each team member can see the master plan and his or her specifi c portion of the plan. Team members can assign tasks to each other (Glaser, 2015a).
Business Models in Other Industries
Major changes in an industry’s business model invariably lead to major changes in the focus and form of the core applications used by that industry. For example, financial services, retailers, and music distributors, along with many other industries, have also experienced massive shifts in their business models.
Several decades ago, financial deregulation enabled banks to offer bro kerage services. The business model of many banks shifted from banking (offering mortgages as well as checking and savings accounts) to wealth management. As banks shifted from transaction-oriented services to services that optimized a customer’s financial assets, their core applications broad ened to include an additional set of transactions (buying and selling stocks) and new services (financial advisory services).
Prior to the web, most retailers’ business models focused on establishing a brand, offering an appropriate set of well-priced products, and building attractive stores in convenient locations. The web enabled retailers to gather significantly richer data about a customer’s buying patterns and interests (and to use real-time logic to guide purchasing decisions). Retailers’ core applica tions broadened to include well-designed e-commerce sites and analytics of customer behavior.
132 · C H A P T E R 4 : I N F O R M A T I O N S Y S T E M S T O S U P P O R T P O P U L A T I O N H E A L T H M A N A G E M E N T
In both examples, even though there was a significant shift in the business model, applications needed for the previous model continued to be necessary. Banks still had to handle savings account and mortgage payment transactions. Retailers still needed to manage inventory. And advances in these legacy applications—expanding inventory breadth and reducing inventory-carrying costs—continue to be important. In each case, a critical new set of applica tions were added to the legacy applications. Often, these new applications were more important than legacy applications.
The business model changes in health care will lead to a shift from appli cations focused on the patient’s record to applications focused on the patient’s plan for health. This evolution in the nature of the EHR is a key component to achieving success in population health management.
SUMMARY
As the health care industry continues its transition from a fragmented, volume- based system toward one that embraces the notion of patient-centered, accountable care driven by value-based payment models, providers must consider what new relationships, processes, and IT assets and skills will be required to succeed—particularly when it comes to managing the health and care of attributed populations.
By implementing a PHM strategy, organizations have enormous oppor tunity to use data and analytics to improve inefficiency and waste, thereby reducing costs, and monitor adherence to evidence-based protocols to drive better outcomes. Several PCMHs and ACOs are already showing promising performance in the emerging world of value-based payment and population health management.
In addition to having a robust EHR, organizations looking to enhance their PHM strategies should consider several key solution components. PHM technologies can help providers stratify and select target populations, identify gaps in care, predict outcomes and apply early interventions, and actively engage patients in their care. Moreover, they can enable an orga nization to understand its aggregate performance in undertaking disease- specific plans for multiple patients and better manage contracts and fi nancial performance.
Additionally, because value-based payment is based on conformance to chronic disease protocols, providers must have the ability to aggregate and normalize real-time, accurate, cross-continuum data from disparate sources illustrating how well the data conform to those protocols. As we know, many hospitals and health systems do not operate from a position of excess revenue, and as outcomes become increasingly tied to the reimbursement stream, it
L E A R N I N G A C T I V I T I E S · 133
will become critical that providers can rely on their data and IT tools to detect and remedy variations in care.
Population health management solutions are intended to complement— not replace—the traditional EHR. They represent a shift from applications focused on documenting the patient’s record of care to applications focused on developing the patient’s plan for health.
KEY TERMS
Accountable care organizations Patient-centered medical home (ACOs) (PCMH)
Analytics Population health management Business intelligence (BI) (PHM) Care management Stratifi cation Health information exchange (HIE) Telemedicine and telehealth Patient engagement Value-based care
LEARNING ACTIVITIES
1. Interview a health care executive or CEO in your local community. To what extent is the organization involved in population health management? How is that person using health IT to further his or her PHM initiatives? To what extent does the organization’s health IT capabilities facilitate PHM? What other capabilities are needed?
2. Investigate the adoption and use of telemedicine and telehealth in your state. How is it being used? What benefi ts have been realized? What challenges or obstacles still exist? How important is telemedicine and telehealth in providing access to care? In improving quality of care? And in reducing costs?
3. Explore the health IT products on the market that are designed to facilitate care management. What are their key features and functions? In what specifi c ways do these tools facilitate communication among providers and patients and families?
4. Conduct a literature review on the use of social media in health care. How are consumers using social media to learn more about their health or health conditions? How are health care organizations using social media to connect with consumers? Where do you see the future of social media in health care evolving?
5. Evaluate different models of care within your local community or state. Did you find any examples of accountable care organizations or
134 · C H A P T E R 4 : I N F O R M A T I O N S Y S T E M S T O S U P P O R T P O P U L A T I O N H E A L T H M A N A G E M E N T
patient-centered medical homes? Explain. Working as a team, visit or interview a leader from a site that uses an innovative model of care. Describe the model, its uses, challenges, and the degree of patient coordination and integration. How is health IT used to support the delivery of care and the reporting of outcomes?
6. Explore the extent to which health information exchange is occurring within your community, region, or state. Who are the key players? To what extent is information being exchanged across organizations for patient care purposes? What challenges have they faced? How have they overcome them, if at all?
7. Visit a health care organization that uses an EHR system and provides patients access to their information via a patient portal. To what extent are patients using the portal? For what purposes are they using them? What are the demographic characteristics of the portal users and nonusers? What strategies might you employ to promote greater usage?
REFERENCES
Adler-Milstein, J., Bates, D. W., & Jha, A. K. (2013). Operational health information exchanges show substantial growth, but long-term funding remains a concern. Health Affairs, 32(8), 1486–1492.
Adler-Milstein, J., Cross, D., & Lin, S. (2016). Assessing payer perspectives on health information exchange. Journal of the American Medical Informatics Association, 23(2), 297–303.
AHRQ. (2015, April). Issue brief: Care management; Implications for medical practice, health policy, and health services research. AHRQ Publication No. 15-0018-EF. Retrieved May 2016 from http://www.ahrq.gov/professionals/ preventionchroniccare/improve/coordination/caremanagement/index.html
ALS Association. (2015). ALS ice bucket challenge—FAQ. Retrieved February 2016 from http://www.alsa.org/about-us/ice-bucket-challenge-faq.html
American Hospital Association (AHA). (2015, Jan.). Trendwatch: The promise of tele health for hospitals, health systems and their communities. Retrieved October 2015 from http://www.aha.org/research/reports/tw/15jan-tw-telehealth.pdf
Berwick, D., Nolan, T., & Whittington, J. (2008). The triple aim: Care, health, and cost. Health Affairs, 27(3), 759–769.
Bipartisan Policy Center. (2015, July). Transitioning from volume to value: Accel erating the shift to alternative payment models. Retrieved May 2016 from http://bipartisanpolicy.org/wp-content/uploads/2015/07/BPC-Health Alternative-Payment-Models.pdf
R E F E R E N C E S · 135
Buckley, C. (2015, May). Patient portals adoption: From 5% to 20% and beyond. KLAS. Retrieved May 2016 from http://www.klasresearch.com/resources/klas blog/klas-blog/2015/08/17/patient-portal-adoption-from-5-to-20-and-beyond
Buelt, L., Nichols, L., Nielsen, M., & Patel, K. (2016, Feb.). The patient-centered medical home’s impact on cost and quality annual review of evidence 2014–2015. Patient-Centered Primary Care Collaborative. Retrieved May 2016 from https:// www.pcpcc.org/resource/patient-centered-medical-homes-impact-cost-and quality-2014-2015
Chopra, N., & Glaser, J. (2013, April 9). Ready, set, go: Performance-based reim bursement. H&HN Daily.
Chretien, K. C., & Kind, T. (2013). Social media and clinical care: Ethical, profes sional, and social implications. Circulation, 127, 1413–1421.
Casalino, L., Erb, N., Joshi, M., & Shortell, S. (2015, Aug.). Accountable care orga nizations and population health organizations. Journal of Health Politics, Policy and Law, 40(4), 821–837.
EY. (2014). Shaping your telehealth strategy. Health Care Industry Post. Retrieved October 2015 from http://www.ey.com/Publication/vwLUAssets/EY-shaping your-telehealth-strategy/$FILE/EY-shaping-your-telehealth-strategy.pdf
Felt-Lisk, S., & Higgins, T. (2011, Aug.). Exploring the promise of population health management programs to improve health. Mathematica Policy Research Issue Brief. Retrieved May 2016 from https://www.mathematica-mpr.com/our publications-and-fi ndings/publications/exploring-the-promise-of-population health-management-programs-to-improve-health
Ford, E., Hesse, B., & Huerta, T. (2016). Personal health record use in the United States: Forecasting future adoption levels. Journal of Medical Internet Research, 18(3).
Gibson, R., Hunt, J., Knudson, S., Powell, K., Whittington, J., & Wozney, B. (2015). Guide for developing and information technology investment road map for population health management. Population Health Management, 18(3), 159–171.
Glaser, J. (2012a, Oct. 9). The growing role of analytics and business intelligence. H&HN Daily.
Glaser, J. (2012b, April 10). Six key technologies to support accountable care. H&HN Weekly.
Glaser, J. (2013, June). Expanding patients’ role in their care. H&HN Daily.
Glaser, J. (2015a, Dec.). Telemedicine hits its stride. H&HN Daily.
Glaser, J. (2015b, Aug. 11). From the electronic health record to the electronic health plan. H&HN Daily.
Glaser, J. (2016a, June 13). All roads lead to population health management. H&HN Daily.
Glaser, J. (2016b, April 11). Five reasons to “like” patients’ use of social media. H&HN Daily.
136 · C H A P T E R 4 : I N F O R M A T I O N S Y S T E M S T O S U P P O R T P O P U L A T I O N H E A L T H M A N A G E M E N T
Glaser, J., & Salzberg, C. (2011). The strategic application of information technology in health care organizations (3rd ed.). San Francisco, CA: Jossey-Bass.
Griffis, H. M., Kilaru, A. S., Werner, R. M., Asch, D. A., Hershey, J. C., Hill, S., Ha, Y. P., Sellers, A., Mahoney, K., & Merchant, R. M. (2014). Use of social media across US hospitals: Descriptive analysis of adoption and utilization. Journal of Medical Internet Research, 16(11), e264.
Grundy, P., Hacker, T., Langner, B., Nielsen, M., & Zema, C. (2012, Sept.). Benefi ts of implementing the primary care patient-centered medical home: A review of cost & quality results, 2012. Patient-Centered Primary Care Collaborative. Retrieved May 2016 from https://www.pcpcc.org/guide/benefi ts-implementing primary-care-medical-home
Guterman, S., & Drake, H. (2010, May). Developing innovative payment approaches: Finding the path to high performance. New York, NY: The Commonwealth Fund.
Handmaker, K., & Hart, J. (2015). 9 steps to effective population health manage ment. Healthcare Financial Management, 69(4), 70–76.
Health Information Management and Systems Society (HIMSS). (2010). Overview of HIE in era of meaningful use. Retrieved February 2013 from http://www.himss .org/content/fi les/12_21_2010_HIE%20OverView%20in%20HITECH.pdf
Henry, J., Patel, V., Pylypchuk, Y., & Searcy, T. (2016, May). Interoperability among US non-federal acute care hospitals in 2015. ONC Data Brief, No. 36. Washing ton, DC: Office of the National Coordinator for Health Information Technology.
Houston, R., & McGinnis, T. (2016, Jan.). Accountable care organizations: Looking back and moving forward. Center for Health Care Strategies. Retrieved May 2016 from http://www.chcs.org/resources/?fwp_paged=4
Institute for Health Technology Transformation. (2012). Population health manage ment: A Roadmap for provider-based automation in a new era of healthcare. Retrieved May 2016 from http://iht2.ihealthtran.com/blast372.html
Jaspen, B. (2015, May). Value-based care will drive Aetna’s future goals. Forbes. Retrieved May 2016 from http://www.forbes.com/sites/brucejapsen/2015/05/15/ value-based-care-may-drive-aetna-bid-for-cigna-or-humana/#3a9f829e6512
Kindig, D., & Stoddart, G. (2003). What is population health? American Journal of Public Health, 93(3), 380–383.
Leavitt Partners. (2015, Dec.). Projected growth of accountable care organizations. Retrieved May 2016 from http://leavittpartners.com/2015/12/projected-growth of-accountable-care-organizations-2/
Miller, H. D. (2011). Transitioning to accountable care: Incremental payment reforms to support higher quality, more affordable health care. Pittsburgh, PA: Center for Healthcare Quality and Payment Reform.
The National Committee for Quality Assurance (NCQA). (2015, June). Latest evidence: Benefits of the patient-centered medical home. Retrieved May 2016
R E F E R E N C E S · 137
from https://www.ncqa.org/Portals/0/Programs/Recognition/ PCMHEvidenceReportJune2015_Web.pdf?ver=2016-02-24-143948-347
National eHealth Collaborative (NeHC). (2011, July). Secrets of HIE success revealed: Lessons from the leaders. Washington, DC: Author.
Nielsen, M., & Shaljian, M. (2013, Oct.). Managing populations, maximizing tech nology: PHM in the medical neighborhood. Patient-Centered Primary Care Collaborative. Retrieved May 2016 from https://www.pcpcc.org/resource/ managing-populations-maximizing-technology
Olivero, M. (2015, March). Is a “medical home” in your future? US News & World Report. Retrieved May 2016 from http://health.usnews.com/health-news/ patient-advice/articles/2015/03/09/is-a-medical-home-in-your-future
Patient-Centered Primary Care Collaborative. (2011, March). Better to best: Value- driving elements of the patient centered medical home and accountable care organizations. Retrieved May 2016 from https://www.pcpcc.org/guide/ better-best
PwC. (2012, April). Social media likes healthcare: From marketing to social business. Retrieved February 2016 from http://download.pwc.com/ie/pubs/2012_social_ media_likes_healthcare.pdf
Rudin, R. S., Salzberg, C. A., Szolovitis, P., Volk, L. A., Simon, S. R., & Bates, D. W. (2011). Care transitions as opportunities for clinicians to use data exchange services: How often do they occur? Journal of the American Medical Informatics Association, 18(6), 853–859.
Tweet, M. S., Gulati, R., Aase, L. A., & Hayes, S. N. (2011). Spontaneous coronary artery dissection: A disease-specific, social networking community–initiated study. Mayo Clinic Proceedings, 86(9), 845–850.
US Department of Health & Human Services (US DHHS). (2015, Jan.). Better, smarter, healthier: In historic announcement, HHS sets clear goals and timeline for shifting Medicare reimbursements from volume to value. Retrieved May 2016 from http://www.hhs.gov/about/news/2015/01/26/better-smarter-healthier-in historic-announcement-hhs-sets-clear-goals-and-timeline-for-shifting-medicare reimbursements-from-volume-to-value.html
Ulrich, T. (2015, October). What can patients’ tweets teach us about their health care experiences? Boston Children’s Hospital Notes. Retrieved February 2016 from http://notes.childrenshospital.org/twitter-as-a-patient-experience-measurement tool/
Vest, J. R., & Gamm, L. D. (2010). Health information exchange: Persistent challenges and new strategies. Journal of the American Medical Informatics Association, 17, 288–294.
Selection, Implementation, Evaluation, and Management of Health Care
Information Systems
PART TWO
139
CHAPTER 5
System Acquisition
LEARNING OBJECTIVES
• To be able to explain the process a health care organization generally goes through in selecting a health care information system.
• To be able to describe the systems development life cycle and its four major stages.
• To be able to discuss the various options for acquiring a health care information system (for example, purchasing, leasing, contracting with vendor for cloud computing services, or building a system in-house) and the pros and cons of each option.
• To be able to discuss the purpose and content of a request for information and request for proposal in the system acquisition process.
• To gain insight into the problems that may occur during the system acquisition process.
• To gain an understanding of the health care IT industry and the resources available for identifying health care IT vendors
141
142 · C H A P T E R 5 : S Y S T E M A C Q U I S I T I O N
and learning about their history, products, services, and reputation.
• To gain insight into the importance of understanding IT architecture.
By now you should have an understanding of the various types of health care information systems and the value they can bring to health care organizations and the patients they serve. This chapter describes the typical process a health care organization goes through in acquiring or selecting a new clinical or administrative application. Acquiring an information system (IS) application can be an enormous investment for health care organizations. In addition to the initial cost, there are a host of long-term costs associated with maintaining, supporting, and enhancing the system. Health care professionals need access to reliable, complete, and accurate information in order to provide effective and efficient health care services and to achieve the strategic goals of the organiza tion. Selecting the right application, one that meets the organization’s needs, is a critical step. Too often information systems are acquired without exploring all options, without evaluating costs and benefits, and without gaining suffi cient input from key constituent user groups. The results can be disastrous.
This chapter describes the people who should be involved, the activities that should occur, and the questions that should be addressed in acquir ing any new information system. The suggested methods are based on the authors’ years of experience and on countless case studies of system acqui sition successes and failures published in the health care literature.
SYSTEM ACQUISITION: A DEFINITION
In this book system acquisition refers to the process that occurs from the time the decision is made to select a new system (or replace an existing system) until the time a contract has been negotiated and signed. System implementation is a separate process described in the next chapter, but both are part of the systems development life cycle. The actual system selection, or acquisition, process can take anywhere from a few days to a couple of years, depending on the organization’s size, structure, complexity, and needs. Factors such as whether the system is deemed a priority and whether adequate resources (time, people, and funds) are available can also directly affect the time and methods used to acquire a new system (Jones, Koppel, Ridgley, Palen, Wu, & Harrison, 2011).
S Y S T E M S D E V E L O P M E N T L I F E C Y C L E · 143
Prior to arriving at the decision to select a new system, the health care executive team should engage in a strategic IS planning process in which the strategic goals of the organization are formulated and the ways in which information technology (IT) will be employed to aid the organization in achieving its strategic goals and objectives are discussed. We discuss the need for aligning IT plans with the strategic goals of the organization and for determining IT priorities in Chapter Twelve. In this chapter, we assume that a strategic IT plan exists, IT priorities have been established, the new system has been adequately budgeted, and the organization is ready to move forward with the selection process. We also assume that the organization has conducted a readiness assessment and is well equipped to move forward with the health IT project or initiative. The AHRQ National Resource Center for Health IT has available a number of tools publicly available that can be helpful to health care organizations in assessing their readiness for health IT projects such as EHR implementations and for ensuring that they have in place the personnel, technical, and financial resources to embark on the initiative. These tools can be found at https://healthit.ahrq.gov/health it-tools-and-resources. Additionally, the Office of the National Coordinator for Health Information Technology (ONC) has readiness tools available and implementation blueprints that serve as excellent resources at https://www .healthit.gov/providers-professionals/ehr-implementation-steps.
SYSTEMS DEVELOPMENT LIFE CYCLE
No board of directors would recommend building a new health care facility without an architect’s blueprint and a comprehensive assessment of the orga nization’s and the community’s needs and resources. The architect’s blueprint helps ensure that the new facility has a strong foundation, is well designed, fosters the provision of high-quality care, and has the potential for growth and expansion. Similarly, the health care organization needs a blueprint to aid in the planning, selection, implementation, and support of a new health care information system. The decision to invest in a health care information system should be well aligned with the organization’s overall strategic goals and should be made after careful thought and deliberation. Information systems are an investment in the organization’s infrastructure, not a one time purchase. Health care information systems require not only up-front costs and resources but also ongoing maintenance, support, upgrades, and eventually, replacement.
The process an organization generally goes through in planning, select ing, implementing, and evaluating a health care information system is known as the systems development life cycle (SDLC). Although the SDLC is most
144 · C H A P T E R 5 : S Y S T E M A C Q U I S I T I O N
commonly described in the context of software development, the process also applies when systems are purchased from a vendor or leased through cloud- based computing services. Cloud computing is a general term that refers to a broad range of application, software, and hardware services delivered over the Internet. Regardless of how the system is acquired, most health care organizations follow a structured process for selecting and implementing a new computer-based system. The systems development process itself involves participation from individuals with different backgrounds and areas of exper tise. The specific mix of individuals depends on the nature and scope of the new system.
Many SDLC frameworks exist, some of which employ an incremental approach, but most have four general phases, or stages: planning and analy sis, design, implementation, and support and evaluation (Wager & Lee, 2006) (see Figure 5.1). Each phase has a number of tasks that need to be performed. In this chapter we focus on the first two phases; Chapter Six focuses on the last two.
The SDLC approach assumes that this four-phase life of an IS starts with a need and ends when the benefits of the system no longer outweigh its maintenance costs, at which point the life of a new system begins (Oz, 2012). Hence, the entire project is called a life cycle. After the decision has been made to explore further the need for a new information system, the feasibility of the system is assessed and the scope of the project defi ned (in actuality it is at times difficult to tell when this decision making ends and analysis begins). The primary focus of this planning and analysis phase
Figure 5.1 Systems development life cycle
S Y S T E M S D E V E L O P M E N T L I F E C Y C L E · 145
is on the business problem, or the organization’s strategy, independent of any technology that can or will be used. During this phase, it is important to examine current systems and problems in order to identify opportunities for improvement. The organization should assess the feasibility of the new system—is it technologically, financially, and operationally feasible? Further more, sometimes it is easy to think that implementing a new IS will solve all information management problems. Rarely, if ever, is this the case. But by critically evaluating existing systems and workflow processes, the health care team might find that current problems are rooted in ineffective proce dures or lack of sufficient training. Not always is a new system needed or the answer to a problem.
Once it is clear that a new IS is needed, the next step is to assess the information needs of users and define the functional requirements: What functions must the system have to fulfill the need? This process can be very time-consuming. However, it is vital to solicit widespread participation from end users during this early stage—to solicit and achieve buy-in. As part of the needs assessment, it is also helpful to gather, organize, and evaluate informa tion about the organization in which the new system is to operate. Through defining system requirements, the organization specifies what the system should be able to do and the means by which it will fulfill its stated goals.
Once the team knows what the organization needs, it enters the second stage, the design phase, when it considers all its options. Will the new system be designed in-house? Will the organization contract with an outside devel oper? Or will the organization purchase a system from a health information systems vendor or contract with a vendor for cloud-based services? A large majority of health care organizations purchase a system from a vendor or at least look first at the systems available on the market. Contracting with the vendor to host the applications, software, hardware, and infrastructure via cloud computing is also growing in popularity in health care (Griebel et al., 2015). System design is the evaluation of alternative solutions to address the business problem. It is generally in this phase that all alternatives are considered, a cost-benefi t analysis is done, a system is selected, and vendor negotiations are fi nalized.
After the contract has been finalized or the system has been chosen, the third phase, implementation, begins. The implementation phase requires significant allocation of resources in completing tasks, such as conducting work-flow and process analyses, installing the new system, testing the system, training staff members, converting data, and preparing the organi zation and staff members for the go-live of the new system. Finally, once the system is put into operation, the support and evaluation phase begins. It is common to underestimate the number of staff and resources needed to
146 · C H A P T E R 5 : S Y S T E M A C Q U I S I T I O N
effectively keep new and existing information systems functioning properly. No matter how much time and energy were spent on the design and build of the application, you can count on the fact that changes will need to be made, glitches fixed, and upgrades installed. Likewise, most mission-critical systems need to be functioning 99.99 percent of the time—that is, with little downtime. Sufficient resources (people, technology, infrastructure, and upgrades) need to be allocated to maintain and support the new system. Moreover, maintaining and supporting the new system is not enough. Health care executives and boards often want to know the value of the IT investment, thus the degree to which the new system has achieved its goals and objectives should be assessed. Eventually, the system will be replaced and the SDLC process begins again.
With this general explanation of the SDLC established, we begin by focusing on the first two phases—the planning and analysis phase and the design phase. Together they constitute what we refer to as the system acqui sition process.
SYSTEM ACQUISITION PROCESS
To gain an understanding of and appreciation for the activities that occur during the system acquisition process, we will follow a health care facility through the selection process for a new information system—specifi cally, an electronic health record (EHR) system. In this case the organization, which we will call Valley Practice, is a multiphysician primary care practice.
What process should the practice use to select the EHR? Should it pur chase a system from a vendor, contract with a vendor for cloud-based ser vices, or seek the assistance of a system developer? Who should lead the effort? Who should be involved in the process? What EHR products are available on the market? How reputable are the vendors who develop these products? These are just a few of the many questions that should be asked in selecting a new IS.
Although the time and resources needed to select an EHR (or any health care information system) may vary considerably from one setting to another, some fundamental issues should be addressed in any system acquisition initiative. The sections that follow the case study describe in more detail the major activities that should occur (see Exhibit 5.1), relating them to the multiphysician practice scenario. We assume that the practice wishes to purchase (rather than develop) an EHR system. However, we briefl y describe other options and point out how the process may differ when the EHR acquisition process occurs in a larger health care setting, such as integrated health systems.
Exhibit 5.1 Overview of system acquisition process
• Establish project steering committee and appoint project manager.
• Define project objectives and scope of analysis.
• Screen the marketplace and review vendor profi les.
• Determine system goals.
• Determine and prioritize system requirements.
• Develop and distribute a request for proposal (RFP) or a request for information (RFI).
• Explore other options for acquiring system (e.g., leasing, hiring system designer, building in-house).
• Evaluate vendor proposals.
o Develop evaluation criteria.
o Hold vendor demonstrations.
o Make site visits and check references.
o Prepare vendor analysis.
• Conduct cost-benefi t analysis.
• Prepare summary report and recommendations.
• Conduct contract negotiations.
S Y S T E M A C Q U I S I T I O N P R O C E S S · 147
Establish a Project Steering Committee
One of the first steps in any major project such as an EHR acquisition effort is to create a project steering committee. This committee’s primary function is to plan, organize, coordinate, and manage all aspects of the acquisition process. Appointing a project manager with strong communication skills, organizational skills, and leadership abilities is critical to the project. In our Valley Practice case, the project manager was a physician partner. In larger health care organizations such as hospitals, it would likely be a CIO involved in the effort and that person might also be asked to lead it.
Increasingly, clinicians such as physicians and nurses with training in informatics are being called on to lead clinical system acquisition and implementation projects. Known as chief medical informatics offi cers (CMIOs) or chief nursing informatics offi cers (CNIOs), these individuals bring to the
148 · C H A P T E R 5 : S Y S T E M A C Q U I S I T I O N
CASE STUDY
Replacing an EHR System
Valley Practice provides patient care services at three locations, all within a fifteen-mile radius, and serves nearly one hundred thousand patients. Valley Practice is owned and operated by seven physicians; each physi cian has an equal partnership. In addition to the physicians, the practice employs nine nurses, fifteen support staff members, a business offi cer manager, an accountant, and a chief executive offi cer (CEO).
During a two-day strategic planning session, the physicians and man agement team created a mission, vision, and set of strategic goals for Valley Practice. The mission of the facility is to serve as the primary care “medical home” of individuals within the community, regardless of the patients’ ability to pay. Valley Practice wishes to be recognized as a “high-tech, high-touch” practice that provides high-quality, cost- effective patient care using evidence-based standards of care. Consistent with its mission, one of the practice’s strategic goals is to replace its legacy EHR with an EHR system that adheres to industry standards for security and interoperability and that fosters patient engagement, with the long-term goal of supporting health fi tness applications.
Dr. John Marcus, the lead physician at Valley Practice, asked Dr. Julie Brown, the newest partner in the group, to lead the EHR project initiative. Dr. Brown joined the practice two years ago after completing an internal medicine residency at an academic medical center that had a fully inte grated EHR system available in the hospital and its ambulatory care clinics. Of all the physicians at Valley Practice, Dr. Brown has had the most expe rience using EHR applications via portable devices. She has been a vocal advocate for migrating to a new EHR and believes it is essential to enabling the facility to achieve its strategic goals.
Dr. Brown agreed to chair the project steering committee. She invited other key individuals to serve on the committee, including Dr. Renee Ward, a senior physician in the practice; Mr. James Rowls, the CEO; Ms. Mary Matthews, RN, a nurse; and Ms. Sandy Raymond, the business offi cer manager.
After the project steering committee was formed, Dr. Marcus met with the committee to outline its charge and deliverables. Dr. Marcus expressed his appreciation to Dr. Brown and all of the members of the committee for their willingness to participate in this important initiative. He assured them that they had his full support and the support of the entire physician team.
S Y S T E M A C Q U I S I T I O N P R O C E S S · 149
Dr. Marcus reviewed with the committee the mission, vision, and stra tegic goals of the practice as well as the committee’s charge. The committee was asked to fully investigate and recommend the top three EHR products available in the vendor community. He stressed his desire that the com mittee members would focus on EHR vendors that have experience and a solid track record in implementing systems in physician practices similar to theirs and that have Office of the National Coordinator for Health Informa tion Technology (ONC)–certified EHR products. He is intrigued with the idea of cloud-based EHR systems provided they can ensure safety, security, and confidentiality of data; are reliable and scalable; and have the capacity to convert data easily from the current system into the new system. The vendor must also be willing to sign a business associates’ agreement ensuring com pliance with HIPAA security and privacy regulations.
Dr. Marcus is also interested in exploring what opportunities are available for health information exchange within the region. He envi sions that the practice will likely partner with specialists, hospitals, and other key stakeholders in the community to provide coordinated care across the continuum under value-based reimbursement models. Under the leadership of Dr. Brown, the members of the project steering com mittee established five project goals and the methods they would use to guide their activities. Ms. Moore, the consultant, assisted them in clearly defining these goals and discussing the various options for moving forward. They agreed to consider EHR products only from those vendors that had five or more years of experience in the industry and had a solid track record of implementations (which they defined as having done twenty-five or more). Dr. Ward, Mr. Rowls, and Ms. Matthews assumed leadership roles in verifying and prioritizing the requirements expressed by the various user groups.
The five project goals were based on Valley Practice’s strategic goals. These project goals were circulated for discussion and approved by the CEO and the physician partners. Once the goals were agreed on, the project steering committee appointed a small task group of committee members to carry out the process of defining system functionality and requirements. Because staff time was limited, the task group conducted three separate focus groups during the lunch period—one with the nurses, one with the support staff members, and a third with the physicians. Ms. Moore, the
150 · C H A P T E R 5 : S Y S T E M A C Q U I S I T I O N
consultant, conducted the focus groups, using a semi-structured nominal group technique.
Concurrently with the requirements definition phase of the project, Mr. Rowls and Dr. Brown, with assistance from Ms. Moore, screened the EHR vendor marketplace. They reviewed the literature, consulted with colleagues in the state medical association, and surveyed practices in the state that they knew used state-of-the-art EHR systems. Mr. Rowls made a few phone calls to chief information offi cers (CIOs) in surround ing hospitals who had experience with ambulatory care EHR to get their advice. This initial screening resulted in the identification of eight EHR vendors whose products and services seemed to meet Valley Practice’s needs.
Given the fairly manageable number of vendors, Ms. Moore suggested that the project steering committee use a short-form RFP. This form had been developed by her consulting firm and had been used successfully
project a clinical perspective as well as an understanding of IT and informa tion management processes. (The roles of CMIOs and CNIOs are described more fully in Chapter Eight.) Regardless of the discipline or background of the project manager (for example, IT, clinical, or administrative), he or she should bring to the project passion, interest, time, strong interpersonal and communication skills, and project management skills and should be someone who is well respected by the organization’s leadership team and who has the political clout to lead the effort effectively.
Pulling together a strong team of individuals to serve on the project steering committee is also important. These individuals should include rep resentatives from key constituent groups in the practice. At Valley Practice, a physician partner, a nurse, the business officer manager, and the CEO agreed to serve on the committee. Gaining project buy-in from the various user groups should begin early. This is a key reason for inviting representatives from key constituent groups to serve on the project steering committee. They should be individuals who will use the EHR system directly or whose jobs will be affected by it.
Consideration should also be given to the size of the committee; typically, having five to six members is ideal. In a large facility, however, this may not be possible. The committee for a hospital or health systems might have fi fteen to twenty members, with representatives from key clinical areas such as laboratory medicine, pharmacy, and radiology in addition to representatives from the administrative, IT, nursing, and medical staffs.
S Y S T E M A C Q U I S I T I O N P R O C E S S · 151
by other physician practices to identify top contenders. The short-form RFPs were sent to the eight vendors; six responded. Each of these six pre sented an initial demonstration of its EHR system on site. Following the demonstrations, the practice staff members completed evaluation forms and ranked the various vendors. After reviewing the completed RFPs and getting feedback on the vendor presentations, the committee determined that three vendors had risen to the top of the list.
Dr. Brown and Dr. Ward visited four physician practices that used EHR systems from these three finalists. Mr. Rowls checked references and prepared the final vendor analysis. A detailed cost-benefi t analysis was conducted, and the three vendors were ranked. All three vendors, in rank order, were presented in the fi nal report given to Dr. Marcus and the other physician partners. Dr. Marcus, Dr. Brown, and Mr. Rowls spent four weeks negotiating a contract with the top contender. It was fi nalized and approved after legal review and after all the partners agreed to it.
It is important to have someone knowledgeable about IT serving on the project steering committee. This may be a physician, a nurse, the CEO, or an outside consultant. In a physician group practice, having an in-house IT professional is not always possible. The committee chair might look internally to see if someone has the requisite IT knowledge, skills, interests, and also the time to devote to the project, but the chair also might look externally for a health care IT professional who might serve in a consultative role and help the committee direct its activities appropriately.
Define Project Objectives and Scope of Analysis
Once the project steering committee has been established, its fi rst order of business is to clarify the charge to the committee and to defi ne project goals. The charge describes the scope and nature of the committee’s activ ities. The charge usually comes from senior leadership or a lead physician in the practice. Project goals should also be established and communicated in well-defined, measurable terms. What does the committee expect to achieve? What process will be used to ensure the committee’s success? How will milestones be acknowledged? How will the committee communicate progress and resolve problems? What resources (such as time, personnel, and travel expenses) will the committee need to carry out its charge? What method will be used to evaluate system options? Will the committee con sider contracting with a system developer to build a system or outsourcing
152 · C H A P T E R 5 : S Y S T E M A C Q U I S I T I O N
the system to an application service provider? Or is the committee only considering systems available for purchase from a health care information systems vendor?
Once project goals are formulated, they can guide the committee’s activ ities and also clarify the resources needed and the likely completion date for the project. Here are some examples of typical project goals:
• Assess the practice’s information management needs and establish goals and objectives for the new system based on these needs.
• Conduct a review of the literature on EHR products and the market resources for these products.
• Investigate the top-ten EHR system products for the ambulatory care arena.
• Visit two to four health care organizations similar to ours that have implemented an EHR system.
• Schedule vendor demonstrations for times when physicians, nurses, and others can observe and evaluate without interruptions.
As part of the goal-setting process, the committee should determine the extent to which various options will be explored. For example, the Valley Practice project steering committee decided at the onset that it was going to consider only EHR products available in the vendor community and ONC- certified. Users can be assured that certified EHR products meet certain standards for content, functionality, and interoperability.
The committee further stipulated that it would consider only vendors with experience (for example, five or more years in the industry) and those with a solid track record of system installations (for example, twenty-five or more installations). The committee members felt the practice should contract with a system developer only if they were unable to find a suitable product from the vendor community—their rationale being that the practice wanted to be known as high-tech, high-touch. They also believed it was important to invest in IT personnel who could customize the application to meet practice needs and who would be able to assist the practice in achieving project and practice goals.
Screen the Marketplace and Review Vendor Profi les
Concurrently with the establishment of project goals, the project steering committee should conduct its first, cursory review of the EHR marketplace and begin investigating vendor profiles. Many resources are available to
S Y S T E M A C Q U I S I T I O N P R O C E S S · 153
aid the committee in this effort. For example, the Valley Practice commit tee might obtain copies of recent market analysis reports—from research firms such as Gartner or KLAS—listing and describing the vendors that provide EHR systems for ambulatory care facilities. The committee might also attend trade shows at conferences of professional associations such as the Healthcare Information and Management Systems Society (HIMSS) and the American Medical Informatics Association (AMIA). (Appendix A provides an overview of the health care IT industry and describes a variety of resources available to health care organizations interested in learning about health care IT products, such as EHR systems, available in the vendor community.)
Determine System Goals
Besides identifying project goals, the project steering committee should defi ne system goals. System goals can be derived by answering questions such as, What does the organization hope to accomplish by implementing an EHR system? What is it looking for in a system? If the organization intends to transform existing care processes, can the system support the new processes? Such goals often emerge during the initial strategic planning process when the decision is made to move forward with the selection of the new system. At this point, however, the committee should state its goals and needs for a new EHR system in clearly defi ned, specific, and measurable terms. For example, a system goal such as “select a new EHR system” is very broad and not specific. Here are some examples of specific and measurable goals for a physician practice.
Our EHR system should do the following:
• Enable the practice to provide service to patients using evidence-based standards of care.
• Aid the practice in monitoring the quality and costs of care provided to the patients served.
• Provide clinicians with access to accurate, complete, relevant patient information, on-site and remotely.
• Improve staff member effi ciency and effectiveness.
• More fully engage patients in their own care by providing patients with ready access to their test results, immunization records, patient education materials, and other aids.
• Enable the practice to manage chronic disease patient care more effectively.
154 · C H A P T E R 5 : S Y S T E M A C Q U I S I T I O N
These are just a few of the types of system goals the project steering com mittee might establish as it investigates a new EHR for the organization. The system goals should be aligned with the strategic goals of the organization and should serve as measures of success throughout the system acquisition process.
Determine and Prioritize System Requirements
Once the goals of the new system have been established, the project steering committee should begin to determine system requirements. These require ments may address everything from what information should be available to the provider at the point of care to how the information will be secured to what type of response time is expected. The committee may use any of a variety of ways to identify system requirements. One approach is to have a subgroup of the committee conduct focus-group sessions or small- group interviews with the various user groups (physicians, nurses, billing personnel, and support staff members). A second approach is to develop and administer a written or an electronic survey, customized for each user group, asking individuals to identify their information needs in light of their job role or function. A third is to assign a representative from each specifi c area to obtain input from users in that area. For example, the nurse on the Valley Practice project steering committee might interview the other nurses; the business office manager might interview the support staff members. System requirements may also emerge as the committee examines templates provided by consultants or peer institutions, looks at vendor demonstrations and sales material, or considers new regulatory requirements the organiza tion must meet.
The committee may also use a combination of these or other approaches. At times, however, users do not know what they want or will need. Hence, it can be extremely helpful to hold product demonstrations, meet with con sultants, or visit sites already using EHR systems so that those who will use or be affected by the EHR can see and hear what is possible. Whatever methods are chosen to seek users’ information system needs, the end result should be a list of requirements and specifications that can be prioritized or ranked. This ranking should directly reflect the specific strategic goals and circumstances of the organization.
The system requirements and priorities will eventually be shared with vendors or the system developer; therefore, it is important that they be clearly defined and presented in an organized, easy-to-understand format. For example, it may be helpful to organize the requirements into catego ries such as software (system functionality, software upgrades); technical
S Y S T E M A C Q U I S I T I O N P R O C E S S · 155
infrastructure (hardware requirements, network specifi cations, backup, disaster recovery, security); and training and support (initial and ongoing training, technical support). These requirements will eventually become a major component of the RFP submitted to vendors or other third parties (discussed next).
Develop and Distribute the RFP or RFI
Once the organization has defined its system requirements, the next step in the acquisition process is to package these requirements into a structure that a third party can respond to, whether that third party be a development partner or a health information systems vendor. Many health care organiza tions package the requirements into a request for proposal. The RFP provides the vendor with a comprehensive list of system requirements, features, and functions and asks the vendor to indicate whether its product or service meets each need. Vendors responding to an RFP are also generally required to submit a detailed and binding price quotation for the applications and services being sought.
RFPs tend to be highly detailed and are therefore time-consuming and costly to develop and complete. However, they provide the health care organization and each vendor with a comprehensive view of the system needed. Health care IT consultants can be extremely resourceful in assist ing the organization with developing and packaging the RFP. An RFP for a major health care information system acquisition generally contains the following information (sections marked with an asterisk [*] are completed by the vendor; the other sections are completed by the organization issuing the RFP):
• Instructions for vendors:
o Proposal deadline and contact information: where and when the RFP is due; whom to contact with questions
o Confi dentiality statement and instructions: a statement that the RFP and the responses provided by the vendor are confi dential and are proprietary information
o Specifi c instructions for completing the RFP and any stipulations with which the vendor must comply in order to be considered
• Organizational objectives: type of system or application being sought; information management needs and plans
• Background of the organization:
156 · C H A P T E R 5 : S Y S T E M A C Q U I S I T I O N
o Overview of the facility: size, types of patient services, patient volume, staff composition, strategic goals of organization
o Application and technical inventory: current systems in use, hardware, software, network infrastructure
• System goals and requirements: goals for the system and functional requirements (may be categorized as mandatory or desirable and listed in priority order). Typically this section includes application, technical, and integration requirements. Increasingly, health care providers are interested in assessing and testing system usability. Incorporating scripted scenarios in the requirements section of the RFP that are based on existing workfl ow and business processes can provide meaningful information during the selection process (Corrao, Robinson, Swiernik, & Naeim, 2010; Eisenstein, Jurwishin, Kushniruk, & Nahm, 2011; IOM, 2011).
• Vendor qualifi cations: *general background of vendor, experience, number of installations, financial stability, list of current clients, standard contract, and implementation plan
• Proposed solutions: *how vendor believes its product meets the goals and needs of the health care organization. Vendor may include case studies, results from system analysis projects, and other evidence of the benefi ts of its proposed solution.
• Criteria for evaluating proposals: how the health care organization will make its final decisions on product selection
• General contractual requirements: *warranties, payment schedule, penalties for failure to meet schedules specifi ed in contract, vendor responsibilities, and so forth
• Pricing and support: *quote on cost of system, using standardized terms and forms
The RFP may become the basis for a legally binding contract or obligation between the vendor and the solicitor, so it is important for both parties to carefully consider the wording of questions and the corresponding responses (AHIMA, 2007).
RFPs are not the only means by which to solicit information from vendors. A second approach that is often used is the request for information. An RFI is less formal, considerably shorter than an RFP, and less time-consuming to develop. It is often used as part of the fact-finding process to obtain basic infor mation on the vendor’s background, product descriptions, and service capa bilities. Some health care organizations send out an RFI before distributing
S Y S T E M A C Q U I S I T I O N P R O C E S S · 157
the RFP in order to screen out vendors whose products or services are not consistent with the organization’s needs or to narrow the field of vendors to a manageable number. The RFI can serve as a tool in gathering background information on vendors’ products and services and providing the project steer ing committee with a better sense of the health IT marketplace. How does one decide whether to use an RFP, an RFI, both, or neither during the system acquisition process? Several factors should be considered. Although time- consuming to develop, the RFP is useful in forcing a health care organization to define its system goals and requirements and prioritize its needs. The RFP also creates a structure for objectively evaluating vendor responses and pro vides a record of documentation throughout the acquisition process. System acquisition can be a highly political process; by using an RFP the organization can introduce a higher degree of objectivity into that process. RFPs are also useful data collection tools when the technology being selected is established and fully developed, when there is little variability between vendor products and services, when the organization has the time to fully evaluate all options, and when the organization needs strong contract protection from the selected vendor (DeLuca & Enmark, 2002). However, not all vendors may wish to submit a response to an RFI or RFP because of costs or suitability.
There are also drawbacks to RFPs. In addition to taking considerable time to develop and review, they can become cumbersome and so detail oriented that they lose their effectiveness. For instance, it is not unusual to receive three binders full of product and service information from one vendor. If ten vendors respond to an RFP (about five is ideal), the project steering committee may be overwhelmed and find it difficult to wade through and differentiate among vendor responses. Having too much information to summarize can be as crippling to a committee in its deliberations as having too little.
Therefore a scaled-back RFP or an RFI might be a desirable alternative. An RFI might be used when the health care organization is considering only a small group of vendors or products or when it is still in the exploratory stages and has not yet established its requirements. Some facilities use an even less formal process consisting primarily of site visits and system demonstrations.
Regardless of the tool(s) used, it is important for the health care orga nization to provide sufficient detail about its current structure, strategic IT goals, and future plans so that the vendor can respond appropriately to its needs. Additionally, the RFP or RFI (or variation of either) should result in enough specific detail that the organization gets a good sense of the vendor—its services, history, vision, stability in the marketplace, and system or product functionality. The organization should be able to easily screen out vendors whose products are undeveloped or not yet fully tested (DeLuca & Enmark, 2002).
158 · C H A P T E R 5 : S Y S T E M A C Q U I S I T I O N
Explore Other Acquisition Options
In our Valley Practice case, the physicians and staff members opted to acquire an EHR system from the vendor community. Organizations such as Valley Practice often turn to the market for products that they will run on their own IT infrastructure. But there are times when they do not go to the market— they choose to leverage someone else’s infrastructure (by contracting with an application service provider or vendor who offers cloud computing services) or they build the application (by contracting with a system developer or using in-house staff members).
Option to Contract with Vendor for Cloud Computing Services
In recent years, there has been a wider availability of high-speed or broadband Internet connections, more sophisticated vendor solutions, and a growing number of options for hosting software, hardware, and infrastructure via the Internet. These services are generally referred to as cloud computing, a general term that refers to the applications delivered as services over the Internet and the hardware and software in the data centers that provide those services. Vendors and companies may use different terms to describe cloud- based services. Common options include application service provider (ASP), software as a service (SaaS), infrastructure as a service, and platform as a service. The scope of services and payment methods also can vary consider ably. However, cloud computing options generally require less upfront capital expenses, fewer IT staff members and resources, and greater scalability and access to analytic capabilities (Armbrust et al., 2010). Essentially the health care provider contracts with the vendor to host and maintain the clinical or administrative application and related hardware; the health care organization or provider simply accesses the system remotely over a network connection and pays the monthly or negotiated fees.
Why might a health care organization consider contracting with a vendor in a cloud-based service arrangement rather than purchasing an EHR system (or other application) from a vendor? There are several reasons. First, the facil ity may not have the IT staff members needed to run or support the desired system. Hiring qualified personnel at the salaries they demand may be dif ficult, and retaining them may be equally challenging. Second, cloud-based options enable health care organizations to use clinical or administrative applications with fewer up-front costs and less capital. For a small physician practice, these financial arrangements can be particularly appealing. Because
S Y S T E M A C Q U I S I T I O N P R O C E S S · 159
many vendors offer cloud-based services on fi xed monthly fees or fees based on use, organizations are better able to predict costs. Third, by contracting with a vendor to host, manage, or support IT, the health care organization can focus on its core business and not get bogged down in IT support issues, although it may still have to deal with issues of system enhancements, user needs, and the selection of new systems. Other advantages are rapid deploy ment and 24/7 technical support. They also offer scalability and fl exibility, so as the practice or organization grows or shrinks in size or volume, they pay only for the services used. Other benefits include upgrades that can be made once and applied across a network of users instantaneously; users can access services from any standardized device no matter their location; and a cloud-based network can easily accommodate changes in use (increase and decrease during certain periods).
However, cloud computing services have some disadvantages and limita tions that the health care organization should consider in its deliberations. Although rapid deployment of the application can be a tremendous advantage to an organization, the downside is the fact that the application will likely be a standard, off-the-shelf product, with little if any customization. This means that the organization has to adapt or mold its operations to the application rather than tailoring the application to meet the operational needs of the organization. A second drawback deals with technical support. Although technical support is generally available, it is unrealistic to think that the vendor’s support personnel will have intimate knowledge of the organiza tion and its operations. Frustrations can mount when one lacks in-house IT technical staff members when and where they are needed. Third, health care providers have long been concerned about data ownership, security, and privacy—worries that increase when another organization hosts their clinical data and applications. How the vendor will secure data and maintain patient privacy should be clearly specified in the contract. Likewise, to minimize downtime, the vendor should have clear plans for backing up data, preventing disasters, and recovering data.
As the industry matures, we will likely see different variations and greater choices among organizations offering cloud-based services. A recent review of the literature found cloud computing used in six primary domains: (1) telemed icine and teleconsultation, (2) medical imaging, (3) public health and patients’ self-management, (4) clinical information systems, (5) therapy, and (6) second ary use of data (Griebel et al., 2015). Additionally, cloud computing is designed to support cooperation, care coordination, and information sharing.
The health care executive considering a move to cloud computing should carefully consider the type of application moving to the cloud (clinical,
160 · C H A P T E R 5 : S Y S T E M A C Q U I S I T I O N
administrative) and the cloud service model that will be the most attractive economic option (Cloud Standards Customer Council, 2012). Health care executives should also thoroughly research the company and its products and consider factors such as company viability, target market, functionality, integration, implementation and training help desk support, security, pricing, and service levels. It is important to be able to trust the vendor and products and to choose systems and services wisely.
Option to Contract with a System Developer or Build In-House
An alternative to purchasing or leasing a system from a vendor is to contract with a developer to design a system for your organization. The developer may be employed in-house or by an outside firm. Working with a system developer can be a good option when the health care organization’s needs are highly uncertain or unique and the products available on the market do not adequately meet these needs. Developing a new or innovative application can also give the organization a significant competitive advantage. The costs and time needed to develop the application can be significant, however. It is also important to consider the long-term costs. If the developer leaves, how difficult would it be to hire and retain someone to support and maintain the system? How will problems with the system be addressed? How will the application be upgraded? What long-term value will it bring the organization? These are a few of the many questions that should be addressed in consid ering this option. It is rare for a health care organization to develop its own major clinical information system.
Evaluate Vendor Proposals
In the Valley Practice case, the project steering committee decided to focus its efforts at first on considering only EHR products available for purchase or lease in the vendor community. The committee came to this conclusion after its initial review of the EHR marketplace. Committee members felt there were a number of vendors whose products appeared to meet practice needs. They also felt strongly that in-house control of the EHR system was important to achieving the practice goal of becoming a high-tech, high-touch organiza tion, because they wanted to be able to customize the application. Realizing this, the committee had budgeted for an IT director and an IT support staff member. Members felt that the long-term cost savings from implementing an EHR would justify these two new positions.
S Y S T E M A C Q U I S I T I O N P R O C E S S · 161
Develop Evaluation Criteria
The project steering committee at Valley Practice decided to go through the RFP process. It developed criteria by which it would review and evaluate vendor proposals. Criteria were used to grade each vendor’s response to the RFP. Grading scales were established so the committee could accurately compare vendors’ responses. These grading scales involved assigning more weight to required items and less weight to those deemed merely desirable. Categories of “does not meet requirement,” “partially meets requirement,” and “meets requirement” were also used. RFP documents were compared item by item and side by side, using the grading scales established by the committee (see Table 5.1 for sample criteria). To avoid information overload, a common condition in the RFP review process, the project steering committee focused on direct responses to requirements and referred to supplemental information only as needed. Summary reports of each vendor’s response to the RFP were then prepared by a small group of committee members and distributed to the committee at large.
Hold Vendor Demonstrations
During the vendor review process, it is important to host vendor system demonstrations. The purpose of these demonstrations is to give the members
Table 5.1 Sample criteria for evaluation of RFP responses
Type of Application: Electronic Health Record System
Vendor Name: The EHR Company
Meets Partially Meets Does Not Meet Criteria Requirement Requirement Requirement
1. Alerts user to possible drug interactions
x
2. Provides user with list of alternate drugs
x
3. Advises user on dosage based on patient’s weight
x
4. Allows user to enter over the-counter medications
x (on different screen)
5. Allows easy printout of prescriptions
x
162 · C H A P T E R 5 : S Y S T E M A C Q U I S I T I O N
of the health care organization an opportunity to (1) evaluate the look and feel of the system from a user’s point of view, (2) validate how much the vendor can deliver of what has been proposed, (3) conduct system usability testing, and (4) narrow the field of potential vendors. It is often a good idea to develop demonstration scripts and require all vendors to present their systems in accordance with these scripts. Scripts generally reflect the requirements outlined in the RFP and contain a moderate level of detail. For example, a script might require demonstrating the process of registering a patient or renewing a prescription. The use of scripts can ensure that all vendors are evaluated on the same basis or functionality. At the same time, it is important to allow vendors some creativity in pre senting their product and services. When scripts are used, they need to be provided to vendors at least one month in advance of the demonstration, and vendors and health care organization must adhere to them. It is also important to have end users carry out certain functions or procedures that they would usually do in the course of the day using the vendor’s system. You might ask them to complete a system usability survey after they have had a chance to use the system and practice on several records. Figure 5.2 is an example of a system usability scale questionnaire in which end users are asked to respond to each item using a Likert scale of 1 to 5, from strongly disagree to strongly agree. Criteria should be developed and used in evaluating vendor demonstrations, just as they are for reviewing vendor responses to the RFP.
Make Site Visits and Check References
After reviewing the vendors’ RFPs and evaluating their product demonstra tions, it is advisable to make site visits and check references. By visiting other facilities that use a vendor’s products, the health care organization should gain additional insight into what the vendor would be like as a potential partner. It can be extremely benefi cial to visit organizations similar to yours. For instance, in the Valley Practice case, representatives from key practice constituencies decided to visit other ambulatory care practices to see how a specific system was being used, the problems that had been encountered, and how these problems had been addressed.
How satisfied are the staff members with the system? How responsive has the vendor been to problems? How quickly have problems been resolved? To what degree has the vendor delivered on its promises? Hearing answers to such questions firsthand from a variety of users can be extremely helpful in the vendor review process.
S Y S T E M A C Q U I S I T I O N P R O C E S S · 163
Figure 5.2 System usability scale questionnaire
Source: Brooke (1996); Lewis and Sauro (2009).
Other Strategies for Evaluating Vendors
A host of other strategies can be used to evaluate a vendor’s reputation and product and service quality. Organizational representatives might attend vendor user group conferences, review the latest market reports, consult with colleagues in the field, seek advice from consultants, and request an extensive list of system users.
Prepare a Vendor Analysis
Throughout the vendor review process, the project steering committee members should have evaluation tools in place to document their impres sions and the views of others in the organization who participate in any or all of the review activities (review of RFPs, system demonstrations, site visits, reference checks, and so forth). The committee should then prepare vendor
164 · C H A P T E R 5 : S Y S T E M A C Q U I S I T I O N
Figure 5.3 Cost-benefi t analysis
analysis reports that summarize the major findings from each of the review activities. How do the vendors compare in reputation? In quality of their product? In quality of service? How do the systems compare in terms of their initial and ongoing costs? To what degree is the vendor’s vision for product development aligned with the organization’s strategic IT goals?
Conduct a Cost-Benefi t Analysis
The final analysis should include an evaluation of the cost and benefi ts of each proposed system. Figure 5.3 shows a comparison of six vendor products. Criteria were developed to score and rank each vendor’s system. As the fi gure illustrates, the selection committee ranked vendor 4 the top choice.
The capital cost analysis may include software, hardware, network or infrastructure, third-party, and internal capital costs. The total cost of own ership should factor in support costs and the costs of the resources needed (including personnel) to implement and support the system. Once the initial and ongoing costs are identified, it is important to weigh them against the benefits of the systems being considered. Can the benefits be quantifi ed? Should they be included in the fi nal analysis?
Prepare a Summary Report and Recommendations
Assuming the capital cost analysis supports the organization in moving forward with the project, the project steering committee should compile a final report that summarizes the process and results from each major activity or event. The report may include these elements:
P R O J E C T M A N A G E M E N T T O O L S · 165
• System goals and criteria
• Process used
• Results of each activity and conclusions
• Cost-benefi t analysis
• Final recommendation and ranking of vendors
It is generally advisable to have two or three vendors in the fi nal ranking, in the event that problems arise with the first choice during contract negoti ations, the final step in the system acquisition process.
Conduct Contract Negotiations
The final step of the system acquisition process is to negotiate a contract with the vendor. This, too, can be time-consuming, and therefore it is helpful to seek expert advice from business or legal advisors. The contract outlines expectations and performance requirements, who is responsible for what (for example, training, interfaces, support), when the product is to be delivered (and vendor financial liability for failing to deliver on time), how much cus tomization can be performed by the organization purchasing the system, how confidentiality of patient information will be handled, and when payment is due. The devil is in the details, and although most technical terms are common among vendors, other language and nuances are not. Establish a schedule and a pre-implementation plan that includes a timeline for implementation of the applications and an understanding of the resource requirements for all aspects of the implementation, including cultural change management, workfl ow rede sign, application implementation, integration requirements, and infrastructure development and upgrades, all of which can consume substantial resources.
PROJECT MANAGEMENT TOOLS
Throughout the course of the system acquisition project, a lot of materials will be generated, many of which should be maintained in a project repository. A project repository serves as a record of the project steering committee’s prog ress and activities. It includes such information and documents as minutes of meetings, correspondence with vendors, the RFP or RFI, evaluation forms, and summary reports. This repository can be extremely useful when there are changes in staff members or in the composition of the committee and when the organization is planning for future projects. The project manager should assume a leadership role in ensuring that the project repository is established and main tained. Following is a sample of the typical contents of a project repository.
166 · C H A P T E R 5 : S Y S T E M A C Q U I S I T I O N
PERSPECTIVE Sample Contents of a Project Repository
• Committee charge and membership (including contact information)
• Project objectives (including method that will be used to select system)
• System goals
• Timeline of committee activities (for example, Gantt chart)
• System requirements (mandatory and desirable)
• RFP
• RFI
• Evaluation forms for
o Responses to RFPs
o Vendor demonstrations
o Site visits
o Reference checks
• Summary report and recommendations
• Project budget and resources
Managing the various aspects of the project and coordinating activities can be a challenging task, particularly in large organizations or when a lot of people are involved and many activities are occurring simultaneously. It is important that the project manager helps those involved to establish clear roles and responsibilities for individual committee members, set target dates, and agree on methods for communicating progress and problems. Many project management tools exist that can be useful here. For example, a simple Gantt chart (Figure 5.4) can document project objectives, tasks and activities, responsible parties, and target dates and milestones. A Gantt chart can also display a graphical representation of all project tasks and activities, showing which ones may occur simultaneously and which ones must be completed before another task can begin. Other tools enable one to allocate time, staff members, and financial resources to each activity. (Gantt charts and other timelines can be created with software programs such as Visio or Microsoft Project. A discussion of these tools is beyond the scope of this book but can be found in most introductory project management textbooks.)
T H I N G S T H A T C A N G O W R O N G · 167
Figure 5.4 Example of a simple Gantt chart
It is important to clearly communicate progress within the project steer ing committee and to individuals outside the committee. Senior management should be kept apprised of project progress, budget needs, and committee activities. Regular updates should be provided to senior management as well as other user groups involved in the process. Communication can be formal and informal—everything from periodic update reports at executive meetings to facility newsletter briefings to informal discussions at lunch.
THINGS THAT CAN GO WRONG
Managing the system acquisition process successfully requires strong and effective leadership, planning, organizational, and communication skills. Things can and do go wrong. Upholding a high level of objectivity and fair ness throughout the acquisition process is important to all parties involved. Failing to do so can hamper the overall success of the project. Following is a list of some common pitfalls in the system acquisition process, along with strategies for avoiding them.
Failing to manage vendor access to organizational leadership. The vendor may schedule private time with the CEO or a board member in the hope of infl uencing the decision and bypassing the project steering committee entirely. It is not unusual to hear that processes or decisions have been altered after the CEO has been on a golf outing or taken a trip to the Super Bowl with a vendor. The vendor may persuade the CEO or a board member to overturn or question the decisions of the project steering committee, crippling the decision process. Hence, it should be clearly communicated to all parties (senior management, board, and vendor) that all vendor requests and communication should be channeled through the project steering committee.
Failing to keep the process objective (getting caught up in vendor razzle-dazzle). Related to the need to manage vendor access to decision makers is the need to keep the process objective. The project
168 · C H A P T E R 5 : S Y S T E M A C Q U I S I T I O N
steering committee should assume a leadership role in ensuring that there are clearly defined criteria and methods for selecting the vendor. These criteria and methods should be known to all the parties involved and should be adhered to. In addition, it is important that the committee and other organizational representatives remain unbiased and not get so impressed with the vendor’s razzle-dazzle (in the form, for example, of exquisite dinners or fancy gadgets) that they fail to assess the vendor or the product objectively. Consider the politics of a situation but do not allow the vendor to drive the result—take the high road to avoid the appearance of favoritism.
Overdoing or underdoing the RFP. Striking a balance between too much and too little information and detail in the RFP and also determining how much weight to give to the vendors’ responses to the RFP can be challenging. The project steering committee should err on the side of being reasonable—that is, the committee should include enough information and detail that the vendor can appropriately respond to the organization’s needs and should give the vendor responses to the RFP appropriate consideration in the final decision. Organizations should also be careful that they do not assign either too much or too little weight to the RFP process.
Failing to involve the leadership team and users extensively during the selection process. A sure way to disenchant the leadership team and end users is to fail to involve them adequately in the system acquisition process. There should be ample opportunity for people at all levels of the organization who will use or be affected by the new information system to have input into its selection. Involvement can include everything from being invited and encouraged to attend vendor presentations during uninterrupted time to being asked to join a focus group in which user input is sought. It is important that the project steering committee seek input and involvement throughout the acquisition process, not simply at the end when the decision is nearly final. Far too often information system projects fail because the leadership team and end users were not actively involved in the selection of the new system. Involving people from the very beginning helps them to be an integral part of the process and the solution.
Turning negotiations into a blood sport. You want to negotiate a fair deal with the vendor and not leave the vendor’s people feeling as though they have just been “beaten” in a contest. A lopsided deal results in a disenchanted partner and can create a bad climate. Understand what is required from all parties and establish
I N F O R M A T I O N T E C H N O L O G Y A R C H I T E C T U R E · 169
performance criteria for payments and remedies for nonperformance. It is important to form a healthy, respectful long-term relationship with the vendor.
These are just a few of the many issues that can arise during the system acquisition process that the health care executive should be aware of. Failing to appropriately address these issues can interfere with the organization’s ability to successfully select and implement a system that will be adopted and widely used.
INFORMATION TECHNOLOGY ARCHITECTURE
Congruent with the selection process, it is important for health care execu tives to have an understanding of the underlying IT architecture. In other words, how does the organization choose among different technologies and ultimately bring them together into a cohesive set of health care information systems? This section addresses this important question by examining health care information system architecture.
An organization’s information systems require that a series of core technologies come together, or work together as whole, to meet the IT goals of the organization. The way that core technologies, along with the appli cation software, come together should be the result of decisions about what information systems are implemented and used within the organization and how they are implemented and used. For example, the EHR system or the patient accounting system with which users ultimately interact involves not just the application software but also the network, servers, security systems, and so forth that all come together to make the system work effectively. This coming together should never be a haphazard process. It should be engineered.
In discussing IT architecture, we will cover several topics:
• A definition of architecture
• Architecture perspectives
• Architecture examples
• Observations about architecture
A Definition of Architecture
A design and a blueprint guide the coming together of a house. The coming together of information systems is guided by information technology
170 · C H A P T E R 5 : S Y S T E M A C Q U I S I T I O N
architecture. For the house, the development of the blueprint and the design is influenced by the builder’s objectives for the house (is it to be a single-family house or an apartment building, for example) and the desired properties of the house (energy efficient or handicap accessible, for example). For an organization’s information systems, the development of an architecture is influenced by the organization’s objectives (EHRs that span multiple hospitals, for example) and the systems’ desired properties (efficient to support and having a high degree of application integration, for example).
Following the design and the blueprints, the general contractor, plumb ers, carpenters, and electricians use building materials to create the house. Following the architecture for the organization’s information systems, the IT staff members and the organization’s vendors implement the core technolo gies and application software and integrate them to create the information systems.
IT architecture consists of concepts, strategies, and principles that guide an organization’s technology choices and the manner in which the organization integrates and manages these choices. For example, an organization’s architec ture discussion concludes that the organization should use industry standard technology. This decision reflects an organizational belief that standard technol ogy will have a lower risk of obsolescence, be easier to support, and be available from a large number of IT vendors that use standard technology. Guided by its architecture decision, the organization chooses to implement networks that conform to a specific standard network protocol and decides to use the Windows operating system for its workstations.
Two additional terms are sometimes used either as synonyms for or in describing architecture: platform and infrastructure. In this text, however, we adhere to accepted distinctions among these three terms. For example, you might hear IT personnel say that “our systems run on a Microsoft, HP, and Cisco platform.” Platforms are the specific vendors and technologies that an organization chooses for its information systems. You might hear of a Windows platform or web-based platform. Platform choices should be guided by architecture discussions. You might also hear IT personnel talk about the infrastructure of the health care information system. Infrastruc ture refers to the entire base of IT that an organization uses—its networks, servers, workstations, and so on. Organizations choose specifi c platforms from specific vendors to implement their infrastructure. An organization’s infrastructure can have several platforms—CISCO for networks, Microsoft for workstations, and so on. Although infrastructure is not vendor or technology specific, it is not quite as broad a term as architecture, which encompasses much more than specific technologies and networks.
I N F O R M A T I O N T E C H N O L O G Y A R C H I T E C T U R E · 171
In creating an infrastructure, an organization will implement platforms and be guided by its IT architecture.
Architecture Perspectives
Organizations adopt various frames of reference as they approach the topic of architecture. This section will illustrate two approaches, one based on the characteristics and capabilities of the desired architecture and the other based on application integration.
Characteristics and Capabilities
Glaser (2002, p. 62) defines architecture as “the set of organizational, manage ment, and technical strategies and tactics used to ensure that the organization’s information systems have critical, organizationally defi ned characteristics and capabilities.” For example, an organization can decide that it wants an information system that has characteristics such as being agile, effi cient to support, and highly reliable.
In addition, the organization can decide that its information systems should have capabilities such as being accessible by patients from their homes or being able to incorporate clinical decision support. If it wants high reliability, it will need to make decisions about fault-tolerant computers and network redundancy. If it wants users to be able to customize their clinical information screens, this will influence its choice of a clinical information system vendor. If it wants providers to be able to structure clinical documen tation, it will need to make choices about natural language processing, voice recognition, and templates in its electronic medical record.
Architecture choices are guided by organizational decisions about the capabilities and characteristics that are desired of its information systems.
Application Integration
Another way of looking at information systems architecture is to look at how applications are integrated across the organization. One often hears vendors talk about architectures such as best of breed, monolithic, and visual integra tion. Best of breed describes an architecture that enables each department to pick the best application it can find and that then attempts to integrate these applications by means of an interface engine that manages the transfer of data between these applications—for example, it can send a transaction with registration information on a new patient from the admitting system to the laboratory system.
172 · C H A P T E R 5 : S Y S T E M A C Q U I S I T I O N
Monolithic describes the architecture of a set of applications that all come from one vendor and that all use a common database management system and common user interface.
Visual integration architecture wraps a common browser user interface around a set of diverse applications. This interface enables the user, for example, a physician, to use one set of screens to access clinical data even though those data may come from several different applications.
This view of architecture is focused on the various approaches to the integra tion of applications: integration by sharing data between applications, integration by having all applications use one database, and integration by having an inte grated access to data. This view does not address other aspects of architecture, for example, the means by which the organization might get information to mobile workers.
Architecture Examples
A few examples will help illustrate how architecture can guide IT choices. Each example begins with an architecture statement and then shows some choices about core technologies and applications and the approach to imple menting them that might result from this statement.
Statement. We would like to deliver an EHR to our small physician prac tices that is inexpensive, reliable, and easy to support. To do this we will
• Run the application from our computer room, reducing the need for practice staff members to manage their own servers and do tasks such as backups and applying application enhancements
• Run several practices on one server to reduce the cost
• Obtain a high-speed network connection, and a backup connection, from our local telephone company to provide good application performance and improve reliability
Statement. We would like to have decision-support capabilities in our clinical information systems. To do this we will
• Purchase our applications from a vendor whose product includes a very robust rules engine
• Make sure that the rules engine has the tools necessary to author new decision support and maintain existing clinical logic
• Ensure that the clinical information systems use a single database with codifi ed clinical data
I N F O R M A T I O N T E C H N O L O G Y A R C H I T E C T U R E · 173
Statement. We want all of our systems to be easy and efficient to support. To do this we will
• Adopt industry standard technology, making it easier to hire support staff members
• Implement proven technology—technology that has had most of the bugs worked out
• Purchase our application systems from one vendor, reducing the support problems and the finger-pointing that can occur between vendors when problems arise
Observations about Architecture
Organizations will often bypass the architecture discussion in their haste to “get the IT show on the road and begin implementing stuff.” Haste makes waste, as people say. It is terribly important to have thoughtful architecture discussions. There are many organizations, for example, that never took the time to develop thoughtful plans for integrating applications and that then discovered, after millions of dollars of IT investments, that this oversight meant that they could not integrate these applications or that the integration would be expensive and limited.
As we will see in Chapter Thirteen, the organizations that have been very effective in their applications of IT over many years have had a signif icant focus on architecture. They have realized that thoughtful approaches to agility, cost efficiency, and reliability have a significant impact on their ability to continue to apply technology to improve organizational perfor mance. For example, information systems that are not agile can be diffi cult (or impossible) to change as the organization’s needs evolve. This ossifi cation can strangle an organization’s progress. In addition, information systems that have reliability problems can lead an organization to be hesitant to implement new, strategically important applications—how can they be sure that this new application will not go down too often and impair their operations?
Organizational leadership must take time to engage in the architecture discussion. The health care executive does not need to be involved in decid ing which vendor to choose to provide network switches. But he or she does need a basic understanding of the core technologies in order to help guide the formation of the principles and strategies that will direct that decision. In the following example, the application integration perspective on architecture (choosing among best of breed, monolithic, and visual integration) illustrates a typical architecture challenge that a hospital might face.
174 · C H A P T E R 5 : S Y S T E M A C Q U I S I T I O N
A hospital has adopted a best-of-breed approach and, over the course of several years, has implemented separate applications that support the reg istration, laboratory, pharmacy, and radiology departments and the tran scription of operative notes and discharge summaries. An interface engine has been implemented that enables registration transactions to fl ow from the registration system to the other systems.
However, the physicians and nurses have started to complain. To retrieve a patient’s laboratory, pharmacy, and radiology records and tran scribed materials, they have to sign into each of these systems, using a separate user name and password. To obtain an overall view of a patient’s condition, they have to print out the results from each of these systems and assemble the different printouts. All of this takes too much time, and there are too many passwords to remember.
Moreover, the hospital would like to analyze its care, in an effort to improve care quality, but the current architecture does not include an inte grated database of patient results.
The hospital has two emerging architectural objectives that the current architecture cannot meet:
1. Provide an integrated view of a patient’s results for caregivers.
2. Effi ciently support the analysis of care patterns.
SUMMARY
Acquiring or selecting a new clinical or administrative information system is a major undertaking for a health care organization. It is important that the process be managed effectively. Although the time and resources needed to select a new system will vary depending on the size, complexity, and needs of the organization, certain fundamental issues should be addressed in any system acquisition project.
This chapter discussed the various activities that occur in the system acquisition process. These activities were presented in the context of a mul tiphysician group practice that wishes to replace its current paper record with an EHR system by acquiring a system from a reputable vendor. Key activities in the system selection process are (1) establishing a project steering
S U M M A R Y · 175
PERSPECTIVE Choosing the System Architecture
To address these objectives, the hospital decides to implement a browser- based application that will do the following:
• Gathers clinical data from each application and presents it in a unifi ed view for the caregivers
• Supports the entry of one user ID and password that is synchronized with the user ID and password for each application
In addition, the hospital decides to implement a database that receives clinical results from each of the applications and stores these data for access by query tools and analysis software.
To achieve its emerging objectives, the hospital has migrated from best of-breed architecture to visual integration architecture. The hospital has also extended to visual integration architecture by adding an integrated database for analysis purposes.
In analyzing what would be the best architecture to meet its new objec tives, the hospital considered monolithic architecture. It could meet its objec tives by replacing all applications with one integrated suite of applications from one vendor. However, the hospital decided that this approach would be too expensive and time-consuming. Besides, the current applications (labora tory, pharmacy, and radiology) worked well; they just weren’t integrated. The monolithic architecture approach to integration was examined and discarded.
committee and appointing a strong project manager to lead the effort, (2) defining project objectives, (3) screening the vendor marketplace, (4) deter mining system goals, (5) establishing system requirements, (6) developing and administering an RFP or RFI, (7) evaluating vendor proposals, and (8) conducting a cost-benefi t analysis on the various options. Other options such as contracting with a vendor for cloud computing service arrangements or a system developer were also discussed. This chapter presented some of the issues that can arise during the system selection process and outlined the importance of documenting and communicating project activities and prog ress. Finally, the chapter concluded with a general overview of IT architecture and its relevance in making IT investment decisions.
176 · C H A P T E R 5 : S Y S T E M A C Q U I S I T I O N
KEY TERMS
Acquisition process Cloud-based computing Cost-benefi t analysis Design phase Implementation phase Planning and analysis phase Project repository
LEARNING ACTIVITIES
Project steering committee Request for information (RFI) Request for proposal (RFP) Support and evaluation phase Systems development life cycle (SDLC) Usability testing IT architecture
1. Interview a health care executive regarding the process last used by his or her organization to acquire a new information system. How did that process compare with the system acquisition process described in this chapter?
2. Assume you are part of a project steering committee in a rural nonprofi t hospital. The hospital is interested in replacing its legacy EHR system. You offer to screen the marketplace to see what types of EHRs are available. Prepare a fifteen-minute summary report of your findings to the committee at large.
3. Conduct a literature review (including an Internet search) on various cloud-based computing services available in health care. What criteria might you use to compare them? How do they differ in terms of service, support, and fi nancing arrangements?
4. Find and critique a sample RFP for a health care organization. What did you like about it? What aspects of it did you feel could be improved? Explain.
5. This chapter described a typical physician practice that wishes to select an EHR system. Using the information in the Valley Practice scenario, draft a script for vendors to use in demonstrating their products and services to Valley Practice staff members. Include a description of the process you used to arrive at the script.
6. Working with your classmates in small groups, assume that you are a Valley Practice committee member interested in obtaining user feedback on the EHR vendor demonstrations. Develop a survey instrument that might be used to solicit and summarize participants’ responses to each vendor demonstration. Swap the survey your group designed with another group’s survey; critique each other’s work.
R E F E R E N C E S · 177
REFERENCES
American Health Information Management Association (AHIMA). (2007). The RFP process for EHR systems (updated). Retrieved February 2013 from http://library .ahima.org/xpedio/groups/public/documents/ahima/bok1_047961. hcsp?dDocName=bok1_047961
Armbrust, M., Fox, A., Griffith, R. Joseph, A. D., Katz, R., Konwinski, A., . . . & Zaharia, M. (2010). A view of cloud computing. Communications of the ACM, 53(4), 50–58.
Brooke, J. (1996). SUS: A “quick and dirty” usability scale. In P. W. Jordan, B. Thomas, I. L. McClelland, & B. A. Weerdmeester (Eds.), Usability evaluation in industry (pp. 189–194). London, UK: Taylor & Francis.
Cloud Standards Customer Council. (2012). Impact of cloud computing on health- care. Retrieved from http://www.cloud-council.org/deliverables/CSCC-Impact of-Cloud-Computing-on-Healthcare.pdf
Corrao, N. J., Robinson, A. G., Swiernik, M. A., & Naeim, A. (2010). Importance of testing for usability when selecting and implementing an electronic health or medical record system. Journal of Oncology Practice, 6(3), 120–124.
DeLuca, J., & Enmark, R. (2002). The CEO’s guide to health care information systems (2nd ed.). San Francisco, CA: Jossey-Bass.
Eisenstein, E. L., Jurwishin, D., Kushniruk, A. W., & Nahm, M. (2011). Defi ning a framework for health information technology evaluation. Studies in Health Technology and Informatics, 164, 94–99.
Glaser, J. (2002). The strategic application of information technology in health care organizations (2nd ed.) San Francisco, CA: Jossey-Bass.
Griebel, L., Prokosch, H., Kopcke, F., Toddenroth, D., Christoph, J., Leb, I., Engel, I., & Sedlmayr, M. (2015). A scoping review of cloud computing in healthcare. BMC Medical Informatics and Decision Making, 15, 17, 1–16.
Institute of Medicine (IOM). (2011). Health IT and patient privacy: Building safer systems for better care. Washington, DC: National Academies Press.
Jones, S. S., Koppel, R., Ridgley, M. S., Palen, T., Wu, S., & Harrison, M. I. (2011, Aug.). Guide to reducing unintended consequences of electronic health records. Rockville, MD: Agency for Healthcare Research and Quality.
Lewis, J. R., & Sauro, J. (2009). The factor structure of the system usability scale. In Proceedings of the Human Computer Interaction International Conference (HCII 2009), San Diego, CA.
Oz, E. (2012). Management information systems: Instructor edition (6th ed.). Boston, MA: Course Technology.
Wager, K. A., & Lee, F. W. (2006). Introduction to healthcare information systems. In M. Johns (Ed.), Health information management technology: An applied approach (2nd ed.). Chicago, IL: American Health Information Management Association.
CHAPTER 6
System Implementation and Support
LEARNING OBJECTIVES
• To be able to discuss the process that a health care organization typically goes through in implementing a health care information system.
• To be able to assess the organizational and behavioral factors that can affect system acceptance and use and strategies for managing change.
• To be able to develop a sample system implementation plan for a health care information system project, including the types of individuals who should be involved.
• To gain insight into many of the things that can go wrong during system implementations and strategies that health care manager can employ to alleviate potential problems.
• To be able to discuss the importance of training, technical support, infrastructure, and ongoing maintenance and evaluation of any health care information system project.
179
180 · C H A P T E R 6 : S Y S T E M I M P L E M E N T A T I O N A N D S U P P O R T
Once a health care organization has finalized its contract with the vendor to acquire an information system, the system implementation process begins. Selecting the right system does not ensure user acceptance and success; the system must also be incorporated effectively into the day-to-day operations of the health care organization and adequately supported or maintained. Whether the system is built in-house, designed by an outside consultant, or leased or purchased from a vendor, it will take a substantial amount of planning and work to get the system up and running smoothly and integrated into operations.
This chapter focuses on the two final stages of the system development life cycle: implementation and then support and evaluation. It describes the planning and activities that should occur when implementing a new system. Our discussion focuses on a vendor-acquired system; however, many of the activities described also apply to systems designed in-house, by an outside developer, or acquired or leased through cloud-based computing services.
Implementing a new system (or replacing an old system) can be a massive undertaking for a health care organization. Not only are there workstations to install, databases to build, and networks to test but also there are processes to redesign, users to train, data to convert, and procedures to write. There are countless tasks and details that must be appropriately coordinated and completed if the system is to be implemented on time and within budget— and widely accepted by users. Essential to the process is ensuring that the introduction of any new health care information system or workfl ow change results in improved organizational performance, such as a reduction in medication errors, an improvement in care coordination, and more effective utilization of tests and procedures.
Concerns have been raised about the potential for EHRs to result in risk to patient safety. Health care information systems such as EHRs are enor mously complex and involve not only the technology (hardware and software) but also people, processes, workflow, organizational culture, politics, and the external environment (licensure, accreditation, regulatory agencies). The Institute of Medicine published a report that offers health care organizations and vendors suggestions on how to work collaboratively to make health IT safer (IOM, 2011). Poor user-interface designs, ineffective workflow, and lack of interoperability are all considered threats to patient safety. Several of the suggested strategies for ensuring system safety are discussed in this chapter.
Along with attending to the many activities or tasks associated with system implementation, it is equally important to manage change effectively and address organizational and behavioral issues. Studies have shown that over half of all information system projects fail. Numerous political, cultural, behavioral, and ethical factors can affect the successful implementation and
S Y S T E M I M P L E M E N T A T I O N P R O C E S S · 181
use of the new system (Ash, Anderson, & Tarczy-Hornoch, 2008; Ash, Sittig, Poon, Guappone, Campbell, & Dykstra, 2007; McAlearney, Hefner, Sieck, & Huerta, 2015; Sittig & Singh, 2011). We devote a section of this chapter to strategies for managing change and the organizational and behavioral issues that can arise during the system implementation process. The chapter concludes by describing the importance of supporting and maintaining infor mation systems.
SYSTEM IMPLEMENTATION PROCESS
System implementation begins once the organization has acquired the system and continues through the early stages following the go-live date (the date when the system is put into general use for everyone). Similar to the system acquisition process, the system implementation process must have a high degree of support from the senior executive team and be viewed as an orga nizational priority. Sufficient staff, time, and resources must be devoted to the project. Individuals involved in rolling out the new system should have sufficient resources available to them to ensure a smooth transition.
The time and resources needed to implement a new health care informa tion system can vary considerably depending on the scope of the project, the needs and complexity of the organization, the number of applications being installed, and the number of user groups involved. There are, however, some fundamental activities that should occur during any system implementation, regardless of its size or scope:
• Organize the implementation team and identify a system champion.
• Clearly define the project scope and goals.
• Identify accountability for the successful completion of the project.
• Establish and institute a project plan.
Failing to appropriately plan for and manage these activities can lead to cost overruns, dissatisfied users, project delays, and even system sabotage. In fact, during the industry rush to take advantage of CMS incentive dollars, a flurry of EHR stories hit the news—with everything from CIOs and CEOs losing their jobs as a result of “failed” EHR implementations, to hospital operations screeching to a halt, to signifi cant financial problems arising from glitches in the revenue cycle. These high-profile cases brought national attention to the consequences of a failed implementation. During system implementation, facilities often see their days in accounts receivable and denials increase while cash flow slows. By organizations anticipating risks
182 · C H A P T E R 6 : S Y S T E M I M P L E M E N T A T I O N A N D S U P P O R T
to the revenue cycle prior to go-live and as part of EHR workflow, they are in a much better position to stay on track and maintain positive fi nancial performance during the transition (Daly, 2016). In today’s environment, in which capital is scarce and resources are limited, health care organizations cannot afford to mismanage implementation projects of this magnitude and importance. Examining lessons learned from others can be helpful.
Organize the Implementation Team and Identify a Champion
One of the first steps in planning for the implementation of a new system is to organize an implementation team. The primary role and function of the team is to plan, coordinate, budget, and manage all aspects of the new system implementation. Although the exact team composition will depend on the scope and nature of the new system, a team might include a project leader, system champion(s), key individuals from the clinical and administrative areas that are the focus of the system being acquired, vendor representatives, and information technology (IT) professionals. For large or complex projects, it is also a good idea to have someone skilled in project management princi ples on the team. Likewise, having a strong project leader and the right mix of people is critically important.
Implementation teams often include some of the same people involved in selecting the system; however, they may also include other individuals with knowledge and skills important to the successful deployment of the new system. For example, the implementation team will likely need at least one IT professional with technical database and network administration exper tise. This person may have had some role in the selection process but is now being called on to assume a larger role in installing the software, setting up the data tables, and customizing the network infrastructure to adequately support the system and the organization’s needs.
The implementation team should also include at least one system cham pion. A system champion is someone who is well respected in the organi zation, sees the new system as necessary to the organization’s achievement of its strategic goals, and is passionate about implementing it. In many health care settings the system champion is a physician, particularly when the organization is implementing a system that will directly or indirectly affect how physicians spend their time. The physician champion serves as an advocate of the system, assumes a leadership role in gaining buy-in from other physicians and user groups, and makes sure that physicians have ade quate input into the decision-making process. Other important qualities of
S Y S T E M I M P L E M E N T A T I O N P R O C E S S · 183
system champions are strong communication, interpersonal, and listening skills. The system champion should be willing to assist with pilot testing, to train and coach others, and to build consensus among user groups (Miller & Sim, 2004). Numerous studies have demonstrated the importance of the system champion throughout the implementation process (Ash, Stavri, Dykstra, & Fournier, 2003; Daly, 2016; Miller, Sim, & Newman, 2003; Wager, Lee, White, Ward, & Ornstein, 2000; Yackanicz, Kerr, & Levick, 2010). When implementing clinical applications that span numerous clinical areas, such as nursing, pharmacy, and physicians, having a system champion from each division can be enormously helpful in gaining buy-in and in facilitating communication among staff members. The various system champions can also assume a pivotal role in ensuring that project milestones are achieved and celebrated.
Clearly Define the Project Scope and Goals
One of the implementation team’s first items of business is to determine the scope of the project and develop tactical plans. To set the tone for the project, a senior health care executive should meet with the implementation team to communicate how the project relates to the organization’s overall strate gic goals and to assure the team of the administration’s commitment to the project. The senior executive should also explain what the organization or health system hopes the project will achieve.
The goals of the project and what the organization hopes to achieve by implementing the new system should emerge from early team discussions. The system goals defined during the system selection process (discussed in Chapter Five) should be reviewed by the implementation team. Far too often health care organizations skip this important step and never clearly define the scope of the project or what they hope to gain as a result of the new system. At other times they define the scope of the project too broadly or scope creep occurs. The goals should be specific, measurable, attainable, relevant, and timely. They should also define the organization’s criteria for success (Cusack & Poon, 2011).
Let’s look at two hypothetical examples from two providers that we will call Rutledge Retirement Community and St. Luke’s Medical Center. The implementation team at Rutledge Retirement Community defined its goal and the scope of the project and devised measures for evaluating the extent to which Rutledge achieved this goal. The implementation team at St. Luke’s Medical Center was responsible for completing Phase 1 of a three-part project; however, the scope of the team’s work was never clearly defi ned.
184 · C H A P T E R 6 : S Y S T E M I M P L E M E N T A T I O N A N D S U P P O R T
CASE STUDY
Rutledge Retirement Community
Rutledge Retirement Community in a Commission on Accreditation of Rehabilitation Facilities (CARF)–accredited continuum of care commu nity offers residential, assisted living, and skilled care to residents in southern Georgia. An implementation team was formed and charged with managing all aspects of the EHR rollout. Rutledge’s mission is to be “the premier continuum of care facility in the region providing high- quality, resident-centered care with family engagement.” Considering how to achieve this mission, the team identified the EHR as the building block needed to improve care coordination, reduce medication errors, and create communication channels with families of residents by offering a family portal. In addition to establishing this goal, the team went a step further to define what a successful EHR implementation initiative would consist of. Team members then developed a core set of metrics—reduction in medication errors, reduction in duplicate services, and increased com munication with family regarding residents’ health status. Family and caregiver satisfaction with communication were also assessed.
St. Luke’s Medical Center
St. Luke’s Medical Center set out to implement a digital medical record, planning to do so in three phases. Phase 1 would involve establishing a clinical data repository, a central database from which all ancillary clin ical systems would feed. Phase 2 would consist of the implementation of computerized physician order entry (CPOE) and nursing documentation systems, and Phase 3 would see the elimination of all outside paper reports through the implementation of a document-imaging system. St. Luke’s staff members felt that if they could complete all three phases, they would have, in essence, a true electronic or digital patient record. The implemen tation team did not, however, clearly define the scope of its work. Was it to complete Phase 1 or all three phases? Likewise, the implementation team never defined what it hoped to accomplish or how implementation of the digital record fit into the medical center’s overall mission or organizational goals. It never answered the question, How will we know if we are suc cessful? Some project team members argued that a digital record was not the same as an EHR and questioned whether the team was headed down the right path. The ambiguity of the implementation team’s scope of work led to disillusionment and a sense of failing to ever finish the project.
S Y S T E M I M P L E M E N T A T I O N P R O C E S S · 185
Identify Accountability for the Successful Completion of the Project
Four roles are important in the management of large health care information system projects:
• Business sponsor
• Business owner
• Project manager
• IT manager
Business Sponsor
The business sponsor is the individual who holds overall accountability for the project. The sponsor should represent the area of the organization that is the major recipient of the performance improvement that the project intends to deliver. For example, a project that involves implementing a new claims processing system may have the chief fi nancial offi cer as the business sponsor. A project to improve nursing workflow may ask the chief nursing officer to serve as business sponsor. A project that affects a large portion of the organization may have the CEO as the business sponsor.
The sponsor’s management or executive level should be appropriate to the magnitude of the decisions and the support that the project will require. The more significant the undertaking, the higher the organizational level of the sponsor.
The business sponsor has several duties:
• Secures funding and needed business resources—for example, the commitment of people’s time to work on the project
• Has final decision-making and sign-off accountability for project scope, resources, and approaches to resolving project problems
• Identifi es and supports the business owner(s) (discussed in the next section)
• Promotes the project internally and externally and obtains the buy-in from business constituents
• Chairs the project steering committee and is responsible for steering committee participation during the life of the project
• Helps define deliverables, objectives, scope, and success criteria with identifi ed business owners and the project manager
• Helps remove business obstacles to meeting the project timeline and producing deliverables, as appropriate
186 · C H A P T E R 6 : S Y S T E M I M P L E M E N T A T I O N A N D S U P P O R T
Business Owner
A business owner generally has day-to-day responsibility for running a func tion or a department; for example, a business owner might be the director of the clinical laboratories. A project may need the involvement of several busi ness owners. For example, the success of a new patient accounting system may depend on processes that occur during registration and scheduling (and hence the director of outpatient clinics and the director of the admitting department will both be business owners) and may also depend on adequate physician documentation of the care provided (and hence the administrator of the medical group will be another business owner).
Business owners often work on the project team. Among their several responsibilities are the following:
• Representing their department or function at steering committee and project team meetings
• Securing and coordinating necessary business and departmental resources
• Removing business obstacles to meeting the project timeline and producing deliverables, as appropriate
• Working jointly with the project manager on several tasks (as described in the next section)
Project Manager
The project manager does just that—manages the project. He or she is the person who provides the day-to-day direction setting, confl ict resolution, and communication needed by the project team. The project manager may be an IT staffer or a person in the business, or function, benefiting from the project. Among their several responsibilities, project managers accomplish the following:
• Identify and obtain needed resources.
• Deliver the project on time, on budget, and according to specifi cation.
• Communicate progress to sponsors, stakeholders, and team members.
• Ensure that diligent risk monitoring is in place and appropriate risk mitigation plans have been developed.
• Identify and manage the resolution of issues and problems.
• Maintain the project plan.
• Manage project scope.
S Y S T E M I M P L E M E N T A T I O N P R O C E S S · 187
The project manager works closely with the business owners and busi ness sponsor in performing these tasks. Together they set meeting agendas, manage the meetings, track project progress, communicate project status, escalate issues as appropriate, and resolve deviations and issues related to the project plan.
IT Manager
The IT manager is the senior IT person assigned to the project. In performing his or her responsibilities, the IT manager does the following:
• Represents the IT department
• Has final IT decision-making authority and sign-off accountability
• Helps remove IT obstacles to meeting project timelines and producing deliverables
• Promotes the project internally and externally and obtains buy-in from IT constituents
Establish and Institute a Project Plan
Once the implementation team has agreed on its goals and objectives and has identified key individuals responsible for managing the project, the next major step is to develop and implement a project plan. The project plan should have the following components:
• Major activities (also called tasks)
• Major milestones
• Estimated duration of each activity
• Any dependencies among activities (so that, for example, one task must be completed before another can begin)
• Resources and budget available (including staff members whose time will be allocated to the project)
• Individuals or team members responsible for completing each activity
• Target dates
• Measures for evaluating completion and success
These are the same components one would find in most major projects. What are the major activities or tasks that are unique to system implementation
188 · C H A P T E R 6 : S Y S T E M I M P L E M E N T A T I O N A N D S U P P O R T
projects? Which tasks must be completed first, second, and so forth? How should time estimates be determined and milestones defi ned?
System implementation projects tend to be quite large, and therefore it can be helpful to break the project into manageable components. One approach to defi ning components is to have the implementation team brain storm and identify the major activities that need to be done before the go-live date. Once these tasks have been identified, they can be grouped and sequenced based on what must be done first, second, and so forth. Those tasks that can occur concurrently should also be identified (see Figure 6.1.). A team may find it helpful to use a consultant to guide it through the imple mentation process. Or the health care IT vendor may have a suggested implementation plan; the team must make sure, however, that this plan is tailored to suit the unique needs of the organization in which the new system is to be introduced.
The subsequent sections describe the major activities common to most information system implementation projects (outlined in the “Typical Com ponents of an Implementation Plan” box) and may serve as a guide. These activities are not necessarily in sequential order; the order used should be determined by the institution in accordance with its needs and resources.
Workflow and Process Analysis
One of the first activities necessary in implementing any new system is to review and evaluate the existing workflow or business processes. Members of the implementation team might also observe the current information system in use (if there is one). Does it work as described? Where are the problem areas? What are the goals and expectations of the new system? How do orga nizational processes need to change in order to optimize the new system’s value and achieve its goals? Too often organizations never critically evaluate current business processes but plunge forward implementing the new system while still using old procedures. The result is that they simply automate their outdated and ineffi cient processes.
Before implementing any new system, the organization should evaluate existing procedures and processes and identify ways to improve workfl ow, simplify tasks, eliminate redundancy, improve quality, and improve user (customer) satisfaction. In complex settings, it can be critically important to have informatics professionals such as CMIOs and CNIOs actively involved in the implementation team in analyzing workfl ow and information fl ow (Elias, Barginere, Berry, & Selleck, 2015). Although describing them is beyond the scope of this book, many extremely useful tools and methods are available for analyzing workflow and redesigning business processes (see, for example,
190 · C H A P T E R 6 : S Y S T E M I M P L E M E N T A T I O N A N D S U P P O R T
Typical Components of an Implementation Plan
1. Workflow and process analysis
• Analyze or evaluate current process and procedures.
• Identify opportunities for improvement and, as appropriate, effect those changes.
• Identify sources of data, including interfaces to other systems.
• Determine location and number of workstations needed.
• Redesign physical location as needed.
2. System installation
• Determine system confi guration.
• Order and install hardware.
• Prepare data center.
• Upgrade or implement IT infrastructure.
• Install software and interfaces.
• Customize software.
• Test, retest, and test again . . .
3. Staff training
• Identify appropriate training method(s) to be used for each major user group.
• Prepare training materials.
Guide to Reducing Unintended Consequences of Electronic Health Records, by Jones, Koppel, Ridgley, Palen, Wu, & Harrison, 2011). Observing the old system in use, listening to users’ concerns, and evaluating information workflow can identify many of the changes needed. In addition, the vendor generally works with the organization to map its future workflow using fl ow- charts or flow diagrams. It is critical that all key areas affected by the new system participate in the workflow analysis process so that potential problems can be identified and addressed before the system goes live. For example, if a new CPOE application is to be implemented using a phased-in approach, in which the system will go-live unit by unit over a three-month process, how will the organization ensure orders are not lost or duplicated if a patient is transferred between a unit using CPOE and a unit using handwritten orders? What will downtime procedures entail? If paper orders are generated during
S Y S T E M I M P L E M E N T A T I O N P R O C E S S · 191
• Train staff members.
• Test staff member profi ciency.
• Update procedure manuals.
4. Conversion
• Convert data.
• Test system.
5. Communications
• Establish communication mechanisms for identifying and address ing problems and concerns.
• Communicate regularly with various constituent groups.
6. Preparation for go-live date
• Select date when patient volume is relatively low.
• Ensure suffi cient staff members are on hand.
• Set up mechanism for reporting and correcting problems and issues.
• Review and effect process reengineering.
7. System downtime procedures
• Develop downtime procedures.
• Train staff members on downtime procedures.
downtime, how will these orders be stored or become part of the patient’s permanent medical record?
Involving users at this early stage of the implementation process can gain initial buy-in to the idea and the scope of the process redesign. In all likelihood, the organization will need to institute a series of process changes as a result of the new system. Workflow and processes should be evaluated critically and redesigned as needed. For example, the organization may fi nd that it needs to do away with old forms or work steps, change job descriptions or job responsibilities, or add to or subtract from the work responsibilities of particular departments. Getting users involved in this reengineering process can lead to greater user acceptance of the new system.
Let’s consider an example. Suppose a multiphysician clinic is imple menting a new practice management system that includes a patient portal
192 · C H A P T E R 6 : S Y S T E M I M P L E M E N T A T I O N A N D S U P P O R T
for appointment scheduling, prescription refills, and paying bills. The clinic might wish to begin by appointing a small team of individuals knowledge able about analyzing workflow and processes to work with staff members in studying the existing process for scheduling patient appointments, refi lling prescriptions, and patient billing. This team might conduct a series of indi vidual focus groups with schedulers, physicians and nurses, and patients, and ask questions such as these:
• Who can schedule patient appointments?
• How are patient appointments made, updated, or deleted?
• Who has access to scheduling information? From what locations?
• How well does the current system work? How effi cient is the process?
• What are the major problems with the current scheduling system and process? In what ways might it be improved?
The team should tailor the focus questions so they are appropriate for each user group. The answers can then be a guide for reengineering existing processes and workflow to facilitate the new system. A similar set of questions could be asked concerning the refill of prescriptions or patient billing processes.
During the workfl ow analysis, the team should also examine where the new system’s actual workstations will be located, how many workstations will be needed, and how information will flow between manual organi zational processes (such as phone calls) and the electronic information system. Here are a few of the many questions that should be addressed in ensuring that physical layouts are conducive to the success of the new system:
• Will the workstations be portable or fixed? If users are given portable units, how will these be tracked and maintained (and protected from loss or theft)? If workstations are fixed, will they be located in safe, secure areas where patient confi dentiality can be maintained?
• How will the user interact with the new system?
• Does the physical layout of each work area need to be redesigned to accommodate the new system and the new process?
• Will additional wiring be needed?
• How will the new system affect the workfl ow within the practice among offi ce staff members, nurses, and physicians?
• Will the e-prescribing function with local pharmacies be affected by the change?
S Y S T E M I M P L E M E N T A T I O N P R O C E S S · 193
System Installation
The next step, which may be done concurrently with the workfl ow analysis, is to install the hardware, software, and network infrastructure to support the new information system and build the necessary interfaces. IT staff members play a crucial role in this phase of the project. They will need to work closely with the vendor in determining system specifications and con figurations and in preparing the computer center for installation. It may be, for example, that the organization’s current computer network will need to be replaced or upgraded. During implementation, having adequate numbers of computer workstations placed in readily accessible locations is critical. Those involved in the planning need to determine beforehand the maximum number of individuals likely to be using the system at the same time and accommodate this scenario. Vendors may recommend a certain number of workstations or use of hand-held devices; however, the organization must ensure the recommendations are appropriate.
Typically when a health care organization acquires a system from a vendor, quite a bit of customization is needed. IT personnel will likely work with the vendor in setting up and loading data tables, building interfaces, and running pilot tests of the hardware and software using actual patient and administrative data. It is not unlikely when purchasing a clinical appli cation such as order entry from a vendor, for example, that the health care organization is provided a shell or basic framework from which to build the order sets or electronic forms. A great deal of customization and building of templates occurs. Thus, it is a good idea to pay physicians for their time involved in the project. For instance, if you need a physician’s time to assist in building or reviewing order sets for the cardiology division, factor that into the resources needed for the project, perhaps by allocating two hours per week to the project for a certain period of time. Otherwise, you may be pulling physicians away from seeing patients and revenue-generating activi ties. It demonstrates the value placed on the physician’s time and commitment to the project.
We recommend piloting the system in a unit or area before rolling out the system enterprise-wide. This test enables the implementation team to evaluate the system’s effectiveness, address issues and concerns, fi x bugs, and then apply the lessons learned to other units in the organization before most people even start using the system. Vendors will often offer guiding principles and strategies that they have found effective in implementing systems.
Consideration should be given to choosing an appropriate area (for example, a department or a location) or set of users to pilot the system.
194 · C H A P T E R 6 : S Y S T E M I M P L E M E N T A T I O N A N D S U P P O R T
Following are some of the questions the implementation team should consider in identifying potential pilot sites:
• Which units or areas are willing and equipped to serve as a pilot site? Do they have suffi cient interest, administrative support, and commitment?
• Are the staff and management teams in each of these units or areas comfortable with being system guinea pigs?
• Do staff members have the time and resources needed to serve in this capacity?
• Is there a system champion in each unit or area who will lead the effort?
In migrating from one electronic system to another, such as from a legacy EHR to a new EHR, it may be more appropriate to go-live at once, instead of a more staggered or phased approach. For example, when Bon Secours Health System embarked on the implementation of an EHR system among fourteen hospitals, they decided after the second hospital EHR implementation to adopt the EHR vendor’s revenue cycle system along with the clinical application, and go-live with both systems at once (Daly, 2016). This enabled them to monitor clinical and financial indicators at the same time and ensure that the charge master and revenue cycle teams worked collaboratively prior to and following implementation.
Staff Training
Training is an essential component of any new system implementation. Although no one would argue with this statement, the implementation team will want to consider many issues as it develops and implements a training program:
• How much training is needed? Do different user groups have different training needs?
• Who should conduct the training?
• When should the training occur? What intervals of training are ideal?
• What training format is best: for example, formal, classroom-style training; one-on-one or small-group training; computer-based training; or a combination of methods?
• What is the role of the vendor in training?
S Y S T E M I M P L E M E N T A T I O N P R O C E S S · 195
• Who in the organization will manage or oversee the training? How will training be documented?
• What criteria and methods will be used to monitor training and ensure that staff members are adequately trained? Will staff members be tested on profi ciency?
• What additional training and support are available to physicians and others after go-live?
There are various methods of training. One approach, commonly known as train the trainer, relies on the vendor to train selected members of the organization who will then serve as super-users and train others in their respective departments, units, or areas. These super-users should be individ uals who work directly in the areas in which the system is to be used; they should know the staff members in the area and have a good rapport with them. They will also serve as resources to other users once the vendor repre sentatives have left. They may do a lot of one-on-one training, hand-holding, and other work with people in their areas until these individuals achieve a certain comfort level with the system. The main concern with this approach is that the organization may devote a great deal of time and resources to training the trainers only to have these trainers leave the institution (often because they’ve been lured away by career opportunities with the vendor).
Another method is to have the vendor train a pool of trainers who are knowledgeable about the entire system and who can rotate through the different areas of the organization working with staff members. The trainer pool might include IT professionals (including clinical analysts) and clinical or administrative staff members such as nurses, physicians, lab managers, and business managers.
Regardless of who conducts the training, it is important to introduce fun damental or basic concepts first and enable people to master these concepts before moving on to new ones. Studies among health care organizations that have implemented clinical applications such as CPOE systems have shown that classroom training is not nearly as effective as one-on-one coaching, particularly among physicians (Holden, 2011; Metzger & Fortin, 2003). Most systems can track physician use; physicians identified as low-volume users may be targeted for additional training.
Timing of the training is also important. Users should have ample oppor tunity to practice before the system goes live. For instance, when a nursing documentation system is being installed, nurses should have the chance to practice with it at the bedside of a typical patient. Likewise, when a CPOE system is going in, physicians should get to practice ordering a set of tests
196 · C H A P T E R 6 : S Y S T E M I M P L E M E N T A T I O N A N D S U P P O R T
during their morning rounds. This just-in-time training might occur several times, for example, three months, two months, one month, and one week before the go-live date. Its purpose is to enable users to practice on the system multiple times before go-live. Training might be supplemented with computer-based training modules that enable users to review concepts and functions at their own pace. Training has to be a priority and at least some of training should be in an environment free of distractions. Eventually staff members will want to use the system in a near-live or simulated environment. Additional staff members should be on hand during the go-live period to assist users as needed during the transition to the new system. In general, the implementation team should work with the vendor to produce a thoughtful and creative training program.
Once the details of how the new system is to work have been deter mined, it is important to update procedure manuals and make the updated manuals available to the staff members. Designated managers or representa tives from the various areas may assume a leadership role in updating proce dure manuals for their respective areas. When people must learn specifi c IT procedures such as how to log in, change passwords, and read common error messages, the IT department should ensure that this information appears in the procedure manuals and that the information is routinely updated and widely disseminated to the users. Procedure manuals serve as reference guides and resources for users and can be particularly useful when training new employees.
Effective training is important. Staff members need to be relatively com fortable with the application and need to know to whom they should turn if they have questions or concerns. We recommend having the users evaluate the training prior to go-live.
Conversion
Another important task is to convert the data from the old system to the new system and then adequately test the new system. Staff members involved in the data conversion must determine the sources of the data required for the new system and construct new files. It is particularly important that data be complete, accurate, and current before being converted to the new system. Data should be cleaned before being converted. Once converted, the data should run through a series of validation checkpoints or procedures to ensure the accuracy of the conversion.
IT staff members who are knowledgeable in data conversion proce dures should lead the effort and verify the results with key managers from the appropriate clinical and administrative areas. The specifi c conversion
S Y S T E M I M P L E M E N T A T I O N P R O C E S S · 197
procedures used will depend on the nature of the old system and its structure as well as on the configuration of the new system.
Finally, the new system will need to be tested. The main purpose of the testing is to simulate the live environment as closely as possible and deter mine how well the system and accompanying procedures work. Are there programming glitches or other problems that need to be fixed? How well are the interfaces working? How does response time compare to what was expected? The system should be populated with live data and tested again. Vendors, IT staff members, and user staff members should all participate in the testing process. As with training, one can never test too much. A good portion of this work has to be done for the pilot testing. It may need to be repeated before going live. And the pilot lessons will guide any additional testing or conversion that needs to be done. In some cases, it may be advis able to run the old and new systems in tandem (parallel conversion) for a period of time until it is evident that the new system is operating effectively. This can reduce organizational risk. Again, running parallel systems is not always feasible or appropriate. Instead, organizations may opt to implement the system using a phased approach over a period of time.
Communications
Equally as important as successfully carrying out the activities discussed so far is having an effective plan for communicating the project’s progress. This plan serves two primary purposes. First, it identifies how the members of the implementation team will communicate and coordinate their activities and progress. Second, it defines how progress will be communicated to key constituent groups, including but not limited to the board, the senior admin istrative team, the departments, and the staff members at all levels of the organization affected by the new system. The communication plan may set up formal and informal mechanisms. Formal communication may include everything from regular updates at board and administrative meetings to written briefings and articles in the facility newsletter. The purpose should be to use as many channels and mechanisms as possible to ensure that the people who need to know are fully informed and aware of the implemen tation plans. Informal communication is less structured but can be equally important. Implementing a new health care information system is a major undertaking, and it is important that all staff members (day, evening, and night shifts) be made aware of what is happening. The methods for com munication may be varied, but the message should be consistent and the information presented up-to-date and timely. For example, do not rely on e-mail communication as your primary method only to discover later that
198 · C H A P T E R 6 : S Y S T E M I M P L E M E N T A T I O N A N D S U P P O R T
your organization’s nurses do not regularly check their e-mail or have little time to read your type of message.
Preparation for System Go-Live
A great deal of work goes into preparing for the go-live date, the day the organization transitions from the old system to the new. Assuming the imple mentation team has done all it can to ensure that the system is ready, the staff members are well trained, and appropriate procedures are in place, the transition should be a smooth one. Additional staff members should be on hand and equipped to assist users as needed. It is best to plan for the system to go-live on a day when the patient census is typically low or fewer patients than usual are scheduled to be seen. Disaster recovery plans should also be in place, and staff members should be well trained on what to do should the system go down or fail. Designated IT staff members should monitor and assess system problems and errors.
System Downtime Procedures
One thing that you can count on is that systems will go down. Both sched uled and unscheduled downtime exist, and downtime procedures need to be developed and communicated well before go-live. Any negative impact will be minimized if the organization has invested in a stable and secure technical IT infrastructure and backup procedures and fail-safe systems are in place. But everyone needs to know what to do if the system is down, from the registra tion staff members to the nursing staff members to the medical staff members and the transport team. How will orders be placed? If a paper record is kept during downtime, what is the procedure for getting the documentation in electronic form when the system is up again? How will scheduled downtime be communicated to units? And all staff members? If an organization relies heavily on computerized systems to care for patients, downtime should be minimal or near 0 percent. However, business continuity procedures must be in place to ensure patient safety and continuity of care.
MANAGING CHANGE AND THE ORGANIZATIONAL ASPECTS
Implementing an information system in a health care facility can have a profound impact on the organization, the people who work there, and the patients they serve. Individuals may have concerns and apprehensions about
M A N A G I N G C H A N G E A N D T H E O R G A N I Z A T I O N A L A S P E C T S · 199
the new system: How will the new system affect my job responsibilities or productivity? How will my workload change? Will the new system cause me more or less stress? Even individuals who welcome the new system, see the need for it, and see its potential value may worry: What will I do if the system is down? Will the system impede my relationship with my patients? Who will I turn to if I have problems or questions? Will I be expected to type my notes into the system? With the new system comes change, and change can be difficult if not managed effectively.
Effecting Organizational Change
The management strategies required to manage change depend on the type of change. As one moves from incremental to fundamental change, the mag nitude and risk of the change increase enormously, as does the uncertainty about the form and success of the outcome.
Managing change has several necessary aspects:
• Leadership
• Language and vision
• Connection and trust
• Incentives
• Planning, implementing, and iterating (Keen, 1997)
Leadership
Change must be led. Leadership, often in the form of a committee of leaders, will be necessary to accomplish the following:
• Define the nature of the change.
• Communicate the rationale for and approach to the change.
• Identify, procure, and deploy necessary resources.
• Resolve issues and alter direction as needed.
• Monitor the progress of the change initiative.
This leadership committee needs to be chaired by an appropriate senior leader. If the change affects the entire organization, the CEO should chair the committee. If the change is focused on a specific area, the most senior leader who oversees that area should chair the committee.
200 · C H A P T E R 6 : S Y S T E M I M P L E M E N T A T I O N A N D S U P P O R T
Language and Vision
The staff members who are experiencing the change must understand the nature of the change. They must know what the world will look like (to the degree that this is clear) when the change has been completed, how their roles and work life will be different, and why making this change is important. The absence of this vision or a failure to communicate the importance of the vision elevates the risk that staff members will resist the change and through subtle and not-so-subtle means cause the change to grind to a halt. Change is hard for people. They must understand the nature of the change and why they should go through with what they will experience as a diffi cult transition.
Leaders might describe the vision, the desired outcome of efforts to improve the outpatient service experience, in this way:
• Patients should be able to get an appointment for a time that is most convenient for them.
• Patients should not have to wait longer than ten minutes in the reception area before a provider can see them.
• We should communicate clearly with patients about their disease and the treatment that we will provide.
• We should seek to eliminate administrative and insurance busywork from the professional lives of our providers.
These examples illustrate a thoughtful use of language. They fi rst and foremost focus on patients. But the organization also wants to improve the lives of its providers. The examples use the word should rather than the word must because it is thought that staff members won’t believe the organization can pull off 100 percent achievement of these goals, and leaders do not want to establish goals seen as unrealistic. The examples also use the word we rather than the word you. We means that this vision will be achieved through a team effort, rather than implying that those hearing this message have to bear this challenge without leadership’s help.
Connection and Trust
Achieving connection means that leadership takes every opportunity to present the vision throughout the organization. Leaders may use depart ment head meetings, medical staff forums, one-on-one conversations in the hallway, internal publications, and e-mail to communicate the vision and to keep communicating the vision. Even when they start to feel ill because
M A N A G I N G C H A N G E A N D T H E O R G A N I Z A T I O N A L A S P E C T S · 201
they have communicated the vision one thousand times, they have to com municate it another one thousand times. A lot of this communication has to be done in person, where others can see the leaders, rather than hiding behind an e-mail. The communication must invite feedback, criticism, and challenges.
The members of the organization must trust the integrity, intelligence, compassion, and skill of the leadership. Trust is earned or lost by everything that leaders do or don’t do. The members must also trust that leaders have thoughtfully come to the conclusion that the difficult change has excellent reasons behind it and represents the best option for the organization. Orga nizational members are willing to rise to a challenge, often to heroic levels, if they trust their leaders. Trust requires that leaders act in the best interests of the staff and the organization and that leaders listen and respond to the organization’s concerns.
Incentives
Organizational members must be motivated to support significant change. At times, excitement with the vision will be sufficient incentive. Alternatively, fear of what will happen if the organization fails to move toward the vision may serve as an incentive. Although important, neither fear nor rapture is necessarily suffi cient.
If organizational members will lose their jobs or have their roles changed significantly, education that prepares them for new roles or new jobs must be offered. Bonuses may be offered to key individuals, awarded according to the success of the change and each person’s contribution to the change. At times, frankly, support is obtained through old-fashioned horse-trading—if the other person will support the change, you will deliver something that is of interest to him or her (space, extra staff members, a promotion). Incentives may also take the form of awards—for example, plaques and dinners for two—to staff members who go above and beyond the call of duty during the change effort.
Planning, Implementing, and Iterating
Change must be planned. These plans describe the tasks and task sequences necessary to effect the change. Tasks can range from redesigning forms to managing the staged implementation of application systems to retraining staff members. Tasks must be allotted resources, and staff members accountable for task performance must be designated.
Implementation of the plan is obviously necessary. Because few orga nizational changes of any magnitude will be fully understood beforehand,
202 · C H A P T E R 6 : S Y S T E M I M P L E M E N T A T I O N A N D S U P P O R T
problems will be encountered during implementation. New forms may fail to capture necessary data. The estimate of the time needed to register a patient may be wrong and long lines may form at the registration desk. The planners may have forgotten to identify how certain information would flow from one department to another.
These problems are in addition to the problems that occur, for example, when task timetables slip and dependent tasks fall idle or are in trouble. The implementation of the application has been delayed and will not be ready when the staff members move to the new building—what do we do? Itera tion and adjustment will be necessary as the organization handles problems created when tasks encounter trouble and learns about glitches with the new processes and workfl ows.
Organizational and Behavioral Factors
The human factors associated with implementing a new system should not be taken lightly. A great deal of change can occur as a result of the new system. Some of the changes may be immediately apparent; others may occur over time as the system is used more fully. Many IT implementation studies have been done in recent years, and they reveal several strategies that may lead to greater organizational acceptance and use of a new system:
• Create an appropriate environment, one in which expectations are defined, met, and managed.
• Know your culture and do not underestimate user resistance.
• Allocate suffi cient resources, including technical support staff members and IT infrastructure.
• Provide adequate initial and ongoing training.
• Manage unintended consequences, especially those known to affect implementations such as CPOE and EHR systems.
• Establish strong working relationships with vendors.
Each of these strategies is described in the following sections.
Create an Appropriate Environment
If you ask a roomful of health care executives, physicians, nurses, pharma cists, or laboratory managers if they have ever experienced an IT system failure, chances are over half of the hands in the room will go up. In all likelihood the people in the room would have a much easier time describing a
M A N A G I N G C H A N G E A N D T H E O R G A N I Z A T I O N A L A S P E C T S · 203
system failure than a system success. If you probed a little further and asked why the system was a failure, you might hear comments such as these: “the system was too slow,” “it was down all the time,” “training was inadequate and nothing like the real thing,” “there was no one to go to if you had ques tions or concerns,” “it added to my stress and workload,” and the list goes on. The fact is, the system did not meet their expectations. You might not know whether those expectations were reasonable or not.
Previously we discussed the importance of clearly defining and commu nicating the goals and objectives of the new system. Related to goal defi nition is the management of user expectations. Different people may have different perspectives on what they expect from the new system; in addition, some will admit to having no expectations, and others will have joined the organiza tion after the system was implemented and consequently are likely to have expectations derived from the people currently using the system.
Expectations come from what people see and hear about the system and the way they interpret what the system will do for them or for their organiza tion. Expectations can be formed from a variety of sources—they may come from a comment made during a vendor presentation, a question that arises during training, a visit to another site that uses the same system, attendance at a professional conference, or a remark made by a colleague in the hallway. Furthermore, the main criterion used to evaluate the system’s value or success depends on the individual’s expectations and point of view. For example, the chief fi nancial officer might measure system success in terms of the fi nancial return on investment, the chief medical director might look at impact on physicians’ time and quality of care, the nursing staff members might con sider any change in their workload, public relations personnel might compare levels of patient satisfaction, and the IT staff members might evaluate the change in the number of help desk calls made since the new system was implemented. All these approaches are measures of an information system’s perceived impact on the organization or individual. However, they are not all the same, and they may not have equal importance to the organization in achieving its strategic goals.
It is therefore important for the health care executive team not only to establish and communicate clearly defi ned goals for the new system but also to listen to needs and expectations of the various user groups and to defi ne, meet, and manage expectations appropriately. Ways to manage expectations include making sure users understand that the first days or weeks of system use may be rocky, that the organization may need time to adjust to a new workflow, that the technology may have bugs, and that users should not expect problem-free system operation from the start. Clear and effective communication is key in this endeavor.
204 · C H A P T E R 6 : S Y S T E M I M P L E M E N T A T I O N A N D S U P P O R T
In managing expectations it can be enormously helpful to conduct for mative assessments of the implementation process, in which the focus is on the process as well as the outcomes. Specific metrics need to be chosen and success criteria defined to determine whether or not the system is meeting expectations (Cusack & Poon, 2011). For example, if wide-scale use is a pri ority, collection of actual numbers of transactions or use logs may be mean ingful information for the leadership team. Other categories of metrics that might be helpful are clinical outcome measures, clinical process measures, provider adoption and attitude measures, patient knowledge and attitude measures, workflow impact measures, and financial impact measures. The Agency for Healthcare Research and Quality published the Health Information Technology Evaluation Toolkit, which can serve as a guide for project teams involved in evaluating the system implementation process or project outcomes (Cusack & Poon, 2011).
Know Your Culture and Do Not Underestimate User Resistance
Before embarking on system implementation, it is critical to know your culture. Understanding the culture is important before you make the invest ment. For example, you might ask, How engaged and ready are the physicians and other clinicians for the new system? Are they comfortable with tech nology? Do you have hospitalists on staff? Or are you a community hospital in which the bulk of your medical staff members are physicians who have admitting privileges at several hospitals and make rounds only once a day? How engaged have the physicians been in the design and build of the new system? Is there strong support? If you don’t have sufficient medical staff buy-in and support or hospitalists on staff who are committed to the project, you run the risk of encountering user resistance and system failure because of inadequate use.
During the implementation process it is also important to analyze current workflow and make appropriate changes as needed. Previously we gave an example of analyzing a patient scheduling process. Patient sched uling is a relatively straightforward process. A change in this system may not dramatically change the job responsibilities of the schedulers and may have little impact on nurses’ or physicians’ time. Therefore, these groups may offer little resistance to such a change. (This is not to guarantee a lack of resistance—if you mess up a practice’s schedule, you can have a lot of angry people on your hands!) By contrast, changes in processes that involve the direct provision of patient care services and that do affect nurses’ and physicians’ time may be tougher for users to accept. The physician ordering
M A N A G I N G C H A N G E A N D T H E O R G A N I Z A T I O N A L A S P E C T S · 205
process is a perfect example. Historically most physicians were accustomed to picking up a pen and paper and handwriting an order or calling one in to the nurses’ station from their phones. With CPOE, physicians may be expected to keyboard their orders directly into the system and respond to automated reminders and decision-support alerts. A process that historically took them a few seconds to do might now take several minutes, depending on the number of prompts and reminders. Moreover, physicians are now doing things that were not asked of them before—they are checking for drug interactions, responding to reminders and alerts, evaluating whether evidence-based clinical guidelines apply to the patient, and the list goes on. All these activities take time, but in the long run they will improve the quality of patient care. Therefore, it is important for physicians to be actively involved in designing the process and in seeing its value to the patient care process.
Getting physicians, nurses, and other clinicians to accept and use clini cal information systems can be challenging even when they are involved in the implementation. At times the incentives for using the system may not be aligned with their individual needs and goals. On the one hand, for example, if the physician is expected to see a certain number of patients per day and is evaluated on patient load and if writing orders used to take thirty minutes a day with the old system and now takes sixty to ninety minutes with the new CPOE system, the physician can either see fewer patients or work more hours. One should expect to see physician resistance. On the other hand, if the physician’s performance and income is related to adherence to clinical practice guidelines, care coordination, and patient health outcomes, using the system may be far more enticing. A recent study among six health care organizations found that more senior physicians often feel a loss of power by having junior physicians more comfortable with computers than they are and a loss in power in the physicians’ ability to shift work to others (McAlearney et al., 2015). That is, with the implementation of EHRs, the physicians were now required to use the computers and input their orders rather than delegate the tasks to junior physicians or nurses.
It perhaps goes without saying that user acceptance occurs when users see or realize the value the health care information system brings to their work and the patients they serve. This value takes different forms. Some people may realize increased efficiency, less stress, greater organization, and improved quality of information, whereas others may find that the system enables them to provide better care, avoid medical mistakes, and make better decisions. In some cases an individual may not experience the value personally yet may come to realize the value to the organization as a whole.
206 · C H A P T E R 6 : S Y S T E M I M P L E M E N T A T I O N A N D S U P P O R T
Allocate Suffi cient Resources
Sufficient resources are needed during and after the new system has been implemented. User acceptance comes from confidence in the new system. Individuals want to know that the system works properly, is stable and secure, and that someone is available to help them when they have ques tions, problems, or concerns. Therefore, it is important for the organization to ensure that adequate resources are devoted to implementing and supporting the system and its users. At a minimum, adequate technical staff expertise should be available as well as sufficient IT infrastructure.
We have discussed the importance of giving the implementation team sufficient support as it carries out its charge, but what forms can this support take? Some methods of supporting the team are to make available release time, additional staff members, and development funds. Senior managers might allocate travel funds so team members can view the system in use in other facilities. They might decide that all implementation team members or super-users will receive 50 percent release time for the next six months to devote to the project. This release time will enable those involved to give up some of their normal job duties so they can focus on the project.
Providing sufficient time and resources to the implementation phase of the project is, however, only part of the overall support needed. Studies have shown that an information system’s value to the organization is typically realized over time. Value is derived as more and more people use the system, offer suggestions for enhancing it, and begin to push the system to fulfi ll its functionality. If users are ever to fully realize the system’s value, they must have access to local technical support—someone, preferably within the organi zation, who is readily available, is knowledgeable about the intricacies of the system, and is able to handle hardware and software problems. This individual should be able to work effectively with the vendor and others to fi nd solutions to system problems. Even though it is ideal to have local technical support in-house, that may be difficult in small physician offices or community-based settings. In such cases the facility may need to consider such options as (1) devoting a significant portion of an employee’s time to training so that he or she may assume a support role, (2) partnering with a neighboring organi zation that uses the same system to share technical support staff members, or (3) contracting with a local computer firm to provide the needed assistance. The vendor may be able to assist the organization in identifying and securing local technical support.
In addition to arranging for local technical support, the organization will also need to invest resources in building and maintaining a reliable, secure IT infra structure (servers, operating systems, and networks) to support the information
M A N A G I N G C H A N G E A N D T H E O R G A N I Z A T I O N A L A S P E C T S · 207
system, particularly if it is a mission-critical system. Many patient informa tion systems need to be available 24 hours a day, 7 days a week, 365 days a year. Health care professionals can come to rely on having access to timely, accurate, and complete information in caring for their patents, just as they count on having electricity, water, and other basic utilities. Failing to build the IT infrastructure that will adequately support the new clinical system can be catastrophic for the organization and its IT department.
An IT infrastructure’s lifetime may be relatively short. It is reasonable to expect that within three to ten years, the hardware, software, and network will likely need to be replaced as advances are made in technology, the orga nization’s goals and needs change, and the health care environment changes. Downtime, scheduled and unscheduled, should be limited.
Provide Adequate Training
Previously we discussed the importance of training staff members on the new system prior to the go-live date. Having a training program suited to the needs of the various user groups is very important during the implementation process. People who will use the system should be relatively comfortable with it, have had ample opportunities to use it in a safe environment, and know where to turn should they have questions or need additional assistance. It is equally important to provide ongoing training months and even years after the system has been implemented. In all likelihood the system will go through a series of upgrades, changes will be made, and users will get more comfortable with the fundamental features and will be ready to push the system to the next level. Some users will explore additional functionality on their own; others will need prodding and additional training in order to learn more advanced features.
It is also critical to provide the type of training that works best for your users’ needs and learning preferences. Do not be afraid to have dif ferent training methods for different user groups (Holden, 2011). Memorial Sloan-Kettering Cancer Center is a perfect example. It is one of the world’s oldest private cancer centers in the world. All of its physicians are employ ees of the organization. When they were first implementing their CPOE, all clinical and administrative staff members underwent group training sessions (Sklarin, Granovsky, & Hagerty-Paglia, 2011). The system was not accepted by the physicians for a variety of reasons, and training was a critical issue. Once the leadership team realized this, they regrouped, changed tactics, and added three new approaches to working with the physicians: (1) they rolled out one service at a time with one hour of personalized training to each physician of that service (additional time did not seem to help); (2) support
208 · C H A P T E R 6 : S Y S T E M I M P L E M E N T A T I O N A N D S U P P O R T
staff members were stationed at the clinical areas during the implementa tion period for individualized assistance; and (3) a physician champion was involved in workflow discussions and key in facilitating the placement of orders in the system and in helping ensure physician compliance (Sklarin et al., 2011). Understanding the culture and the physician training needs of the organization is vital when implementing a new system, as is a willingness to reevaluate the project. It is important to view the system as a long-term investment rather than a one-time purchase. The resources allocated or committed to the system should include not only the upfront investment in hardware and software but also the time, people, and resources needed to maintain and support it.
Manage Unintended Consequences
Management expertise and leadership are important elements to the success of any system implementation. Effective leaders help build a community of collaboration and trust. However, effective leadership also entails under standing the unintended consequences that can occur during complex system implementations and managing them. Unintended consequences can be positive, negative, or both, depending on one’s perspective. A decade ago, Ash and colleagues (2007) conducted interviews with key individuals from 176 US hospitals that had implemented CPOE. CPOE is one of the most complex and challenging of clinical applications to implement and a key function of EHR systems. From their work, they identified eight types of unintended consequences that implementation teams should plan for and consider when implementing CPOE.
Conflicts can also occur between paper-based and electronic systems if providers who prefer paper records annotate printouts and place them in patient charts as formal documentation, in essence creating two distinct and sometimes conflicting patient records (Jones et al., 2011).
Health care executives and implementation teams should be aware of these unintended consequences, particularly those that can adversely affect the organization, and carefully plan for and manage them.
Establish Strong Working Relationships with Vendors
Developing strong working relationships with the vendor is key. The health care executive should view the vendor as a partner and an entity with which the organization will likely have a long-term relationship. This relationship often begins when the organization first selects a new information system
M A N A G I N G C H A N G E A N D T H E O R G A N I Z A T I O N A L A S P E C T S · 209
PERSPECTIVE Unintended Consequences of CPOE
1. More work or new work. CPOEs can increase work because systems may be slow, nonstandard cases may call for more steps in ordering, training may remain an issue, some tasks may become more diffi cult, the computer forces the user to complete “all steps,” and physicians often take on tasks that were formerly done by others.
2. Workfl ow. CPOEs can greatly alter workfl ow, sometimes improv ing workfl ow for some and slowing or complicating it for others.
3. System demands. Maintenance, training, and support efforts can be signifi cant for an organization, not only in building the system but also in making improvements and enhancements to it.
4. Communication. CPOE systems affect communication within the organization; they can reduce the need to clarify orders but also lead to people failing to adequately communicate with each other in appropriate situations.
5. Emotions. Clinician reactions to CPOE can run the gamut from positive to negative.
6. New kinds of errors. Although CPOE systems are generally designed to detect and prevent errors, they can lead to new types of errors such as juxtaposition errors, in which clinicians click on the adjacent patient name or medication from a list and inadvert ently enter the wrong order.
7. Power shifts. Shifts in power may be viewed as less of a problem than some of the other unintended consequences, but CPOE can be used to monitor physician behavior.
8. Dependence on the system. Clinicians become dependent on the CPOE system, so managing downtime procedures is critical. Even then, while the system is down, CPOE users view the situation as managed chaos.
Source: Adapted from Ash et al. (2007). Reproduced with permission of Amer ican Medical Informatics Association.
210 · C H A P T E R 6 : S Y S T E M I M P L E M E N T A T I O N A N D S U P P O R T
and continues well after the system is live and operational. The system will have upgrades, new version releases, and ongoing maintenance contracts. It behooves both parties, the health care provider organization and the vendor, to clearly define expectations, resource needs, and timelines. It is important to have open, honest, and candid conversations when problems arise or dif ferences in expectation occur. Equally important is for both parties to demon strate a willingness to address needs and solve problems collaboratively.
SYSTEM SUPPORT AND EVALUATION
Information systems evolve as an organization continues to grow and change. No matter how well the system was designed and tested, errors and prob lems will be detected and changes will need to be made. IT staff members generally assume a major role in maintaining and supporting the informa tion systems in the health care organization. When errors or problems are detected, IT staff members correct the problem or work with the vendor to see that the problem is fixed. Moreover, the vendor may detect glitches and develop upgrades or patches that will need to be installed.
Many opportunities for enhancing and optimizing the system’s perfor mance and functionality will arise well after the go-live date. The organiza tion will want to ensure that the system is adequately maintained, supported, and further developed over time. Selecting and implementing a health care information system is an enormous investment. This investment must be maintained, just as one would maintain one’s home. In fact, health care orga nizations that have implemented EHR systems are now actively in the midst of optimizing use of the system in practice (Sachs & Long, 2016). Optimiza tion can take the form of additional training, revised workflows, adding new features or functionality, or using data from the system for quality improve ment initiatives, as examples. Optimizing systems and assessing their value is discussed in Chapter Seven.
As with other devices, information systems have a life cycle and even tually need to be replaced. Health care organizations typically go through a process whereby they plan, design, implement, and evaluate their health care information systems. Too often in the past the organization’s work was viewed as done once the system went live. It has since been discovered how vital system maintenance and support resources are and how important it is to evaluate the extent to which the system goals are being achieved.
Evaluating or accessing the value of the health care information system is increasingly important. Acquiring and implementing systems requires large investments, and stakeholders, including boards of directors, are demanding to know the actual and future value of these projects. Evaluations must be
S U M M A R Y · 211
viewed as an integral component of every major health information system project and not an afterthought. Chapter Seven is devoted to this topic.
SUMMARY
Implementing a new information system in a health care organization requires a significant amount of planning and preparation. The health care organization should begin by appointing an implementation team compris ing experienced individuals, including representatives from key areas in the organization, particularly areas that will be affected by or responsible for using the new system. Key users should be involved in analyzing existing processes and procedures and making recommendations for changes. A system champion should be part of the implementation team and serve as an advocate in soliciting input, representing user views, and spearheading the project. When implementing a clinical application, it is important that the system champion be a physician or clinician, someone who is able to represent the views of the care providers.
Under the direction of a highly competent implementation team, a number of important activities should occur during the system rollout. This team should assume a leadership role in ensuring that the system is effectively incorporated into the day-to-day operations of the facility. This generally requires the organization to (1) analyze workflow and processes and perform any necessary process reengineering, (2) install and configure the system, (3) train staff members, (4) convert data, (5) adequately test the system, and (6) communicate project progress using appropriate forums at all levels throughout the organization. Attention should be given to the countless details associated with ensuring that downtime and backup procedures are in place, security plans have been developed, and the organization is ready for the go-live date.
During the days immediately following system implementation, the orga nization should have sufficient staff members on hand to assist users and provide individual assistance as needed. A stable and secure IT infrastructure should be in place to ensure minimal, ideally zero, downtime and adequate response time. The IT department or other appropriate unit or representative should have a formal mechanism in place for reporting and correcting errors, bugs, and glitches in the system.
Once the system has gone live, it is critical for the organization to have in place the plans and resources needed to adequately maintain and support the new system. Technical staff members and resources should be available to the users. Ongoing training should be an integral part of the organization’s plans to support and further develop the new system. In addition, the leadership
212 · C H A P T E R 6 : S Y S T E M I M P L E M E N T A T I O N A N D S U P P O R T
team should have in place a thoughtful plan for evaluating the implementa tion process and assessing the value of the health care information system.
Beyond taking ultimate responsibility for completion of the activities needed to implement and support and evaluate the new system, the health care executive should assume a leadership role in managing change and the organizational and human aspects of the new system. Information systems can have a profound impact on health care organizations, the people who work there, and the patients they serve. Acquiring a good product and having the right technical equipment and expertise are not enough to ensure system success. Health care executives must also be attuned to the human aspects of introducing new IT into the care delivery process.
KEY TERMS
Business owner System champion Business sponsor System implementation Implementation team Train the trainer IT manager Unintended consequences Managing change User resistance Project manager Workflow and process analysis
LEARNING ACTIVITIES
1. Visit a health care organization that has recently implemented or replaced a health care information system. What process did it use to implement the system? How does that process compare with the one described in this chapter? How successful was the organization in implementing the new system? To what do staff members attribute this success?
2. Search the literature for a recent article on a system implementation project. Briefl y describe the process used to implement the system and the lessons learned. How might this particular facility’s experiences be useful to others? Explain.
3. Physician acceptance and use of clinical information systems are often cited as challenges. What do you think the health care leadership team can or should do to foster acceptance by physicians? Assume that a handful of physicians in your organization are actively resisting a new clinical information system. How would you approach and address their resistance and concerns?
R E F E R E N C E S · 213
4. Assume you are working with an implementation team in installing a new nursing documentation system for a home health agency. Historically, all its nursing documentation was recorded in paper form. The home health agency has little computerization beyond basic registration information and has no IT staff members. What recommendations might you offer to the implementation team as it begins the work of installing the new nursing documentation system?
5. Discuss the risks to a health care organization in failing to allocate suffi cient support and resources to a newly implemented health care information system.
6. Assume you are the CEO of a large group practice (seventy-fi ve physi cians) that implemented an EHR system two years ago. The physicians are asking for an evaluation of the system and its impact on quality, costs, and patient satisfaction. Devise a plan for evaluating the EHR system’s impact on the organization in these three areas.
7. Read the executive summary of the Institute of Medicine’s (2011) report entitled Health IT and Patient Privacy: Building Safer Systems for Better Care. How can the introduction of health IT that is designed to enhance or improve patient quality and safety lead to patient safety concerns? Do you agree that patient safety is a partnership between the health care organization and health IT vendor when implementing health care information systems? Explain the role of each and your rationale.
REFERENCES
Ash, J. S., Anderson, N. R., & Tarczy-Hornoch, P. (2008). People and organization issues in research systems implementation. Journal of the American Medical Informatics Association, 15, 283–289.
Ash, J. S., Sittig, D. F., Poon, E. G., Guappone, K., Campbell, E., & Dykstra, R. (2007). The extent and importance of unintended consequences related to computerized provider order entry. Journal of the American Medical Informatics Association, 14(4), 415–423.
Ash, J. S., Stavri, P., Dykstra, R., & Fournier, L. (2003). Implementing computerized physician order entry: The importance of special people. International Journal of Medical Informatics, 69(2–3), 235–250.
Cusack, C., & Poon, E. (2011). Health information exchange evaluation toolkit. Agency for Healthcare Research and Quality. Retrieved February 2013 from http://healthit.ahrq.gov/portal/server.pt/community/health_it_tools_and_ resources/919/health_information_exchange_(hie)_evaluation_toolkit/27870
214 · C H A P T E R 6 : S Y S T E M I M P L E M E N T A T I O N A N D S U P P O R T
Daly, R. (2016). The EHR evolution: New priorities and implementation changes. Healthcare Financial Management (Feb.), 45–50.
Elias, B., Barginere, M., Berry, P. A., & Selleck, C. S. (2015). Implementation of an electronic health records system within an interprofessional model of care. Journal of Interprofessional Care, 29(6), 551–554.
Holden, R. J. (2011). What stands in the way of technology-mediated patient safety improvements? A study of facilitators and barriers to physicians’ use of elec tronic health records. Journal of Patient Safety, 7(4), 193–202.
Institute of Medicine (IOM). (2011). Health IT and patient privacy: Building safer systems for better care. Washington, DC: National Academies Press.
Jones, S. S., Koppel, R., Ridgley, M. S., Palen, T., Wu, S., & Harrison, M. I. (2011, Aug.). Guide to reducing unintended consequences of electronic health records. Rockville, MD: Agency for Healthcare Research and Quality.
Keen, P. (1997). The process edge. Boston, MA: Harvard Business School Press.
McAlearney, A. S., Hefner, J. L., Sieck, C. J., & Huerta, T. R. (2015). The journey through grief: Insights from a qualitative study of electronic health record implementation. Health Services Research, 50(2), 462–488.
Metzger, J., & Fortin, J. (2003). Computerized physician order entry in commu nity hospitals: Lessons from the fi eld. Oakland, CA: California HealthCare Foundation.
Miller, R. H., & Sim, I. (2004). Physicians’ use of electronic medical records: Barri ers and solutions. Health Affairs, 23(2), 116–126.
Miller, R. H., Sim, I., & Newman, J. (2003). Electronic medical records: Lessons from small physician practices. Oakland, CA: California HealthCare Foundation.
Sachs, P. B., & Long, G. (2016). Process for managing and optimizing radiology work flow in the electronic health record environment. Journal of Digital Imaging, 29, 43–46.
Sittig, D. F., & Singh, H. (2011). Defining health information technology-related errors: New developments since To Err Is Human. Archives of Internal Medi cine, 171(14), 1281–1284.
Sklarin, N. T., Granovsky, S., & Hagerty-Paglia, J. (2011). Electronic health record implementation at an academic cancer center: Lessons learned and strategies for success. American Society of Clinical Oncology, pp. 411–415.
Wager, K. A., Lee, F., White, A., Ward, D., & Ornstein, S. (2000). Impact of an electronic medical record system on community-based primary care practices. Journal of the American Board of Family Practice, 13(5), 338–348.
Yackanicz, L., Kerr, R., & Levick, D. (2010). Physician buy-in for EMRs. Journal of Healthcare Information Management, 24(2), 41–44.
CHAPTER 7
Assessing and Achieving Value in Health Care Information Systems
LEARNING OBJECTIVES
• To be able to discuss the nature of IT-enabled value.
• To review the components of the IT project proposal.
• To be able to understand steps to improve IT project value realization.
• To be able to discuss factors that ensure value delivery.
215
216 · C H A P T E R 7 : A S S E S S I N G A N D A C H I E V I N G V A L U E I N H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
Virtually all the discussion in this book focuses on the knowledge and man agement processes necessary to achieve one fundamental objective: organi zational investments in IT resulting in a desired value. That value might be the furtherance of organizational strategies, improvement in the performance of core processes, or the enhancement of decision making. Achieving value requires the alignment of IT with overall strategies, thoughtful governance, solid information system selection and implementation approaches, and effec tive organizational change.
Failure to achieve desired value can result in significant problems for the organization. Money is wasted. Execution of strategies is hamstrung. Organizational processes can be damaged.
This chapter carries the IT value discussion further. Specifically, it covers the following topics:
• The definition of IT-enabled value
• The IT project proposal
• Ensuring the delivery of value
• Analyses of the IT value challenge
DEFINITION OF IT-ENABLED VALUE
We can make several observations about IT-enabled value:
• IT value can be tangible and intangible.
• IT value can be signifi cant.
• IT value can be variable across organizations.
• IT value can be diverse across IT proposals.
• A single IT investment can have a diverse value proposition.
• Different IT investments have different objectives and hence different value propositions and value assessment techniques.
These observations will be discussed in more detail in the following sections.
Tangible and Intangible
Tangible value can be measured whereas intangible value is very diffi cult, perhaps practically impossible, to measure.
D E F I N I T I O N O F I T - E N A B L E D V A L U E · 217
Some tangible value can be measured in terms of dollars:
• Increases in revenue
• Reductions in labor costs: for example, through staff layoffs, overtime reductions, or shifting work to less expensive staff members
• Reductions in supply costs: for example, because of improvements in purchasing
• Reductions in maintenance costs for computer systems
• Reductions in use of patient care services: for example, fewer lab tests are performed or care is conducted in less expensive settings
Some tangible value can be measured in terms of process improvements:
• Fewer errors
• Faster turnaround times for test results
• Reductions in elapsed time to get an appointment
• A quicker admissions process
• Improvement in access to data
• Improvements in the percentage of care delivery that follows medical evidence
Some tangible value can be measured in terms of strategically important operational and market outcomes:
• Growth in market share
• Reduction in turnover
• Increase in brand awareness
• Increase in patient and provider satisfaction
• Improvement in reliability of computer systems
By contrast, intangible value can be very difficult to measure. The orga nization is trying to measure such things as
• Improved decision making
• Improved communication
• Improved compliance
• Improved collaboration
218 · C H A P T E R 7 : A S S E S S I N G A N D A C H I E V I N G V A L U E I N H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
• Increased agility
• Becoming more state of the art
• Improved organizational competencies: for example, becoming better at managing chronic disease
• Becoming more customer friendly
Signifi cant
IT can be leveraged to achieve significant organization value. The following are some example studies:
A study that compared the quality of diabetes care between physician practices that used EHRs and practices that did not found that the EHR sites had composite standards for diabetes care that were 35.1 percent higher than paper-based sites and had 15 percent better care outcomes (Cebul, Love, Jain, & Herbert, 2011).
EMC (a company that makes data storage devices and other information technologies) reported a reduction of $200 million in health care costs over ten years through the use of data analytics, lifestyle coaches, and remote patient monitoring to help employees manage health risks and chronic diseases (Mosquera, 2011).
A cross-sectional study of hospitals in Texas (Amarasingham, Plantinga, Diener-West, Gaskin, & Powe, 2009) found that higher levels of the automation of notes and patient records were associated with a 15 percent decrease in the adjusted odds of a fatal hospitalization. Higher scores in the use of computerized provider order entry (CPOE) were associated with 9 percent and 55 percent decreases in the adjusted odds of death for myocardial infarction and coronary artery bypass graft procedures, respectively. For all cases of hospitalization, higher levels of clinical decision-support use were associated with a 16 percent decrease in the adjusted odds of complications. And higher levels of CPOE, results reporting, and clinical decision support were associated with lower costs for all hospital admissions.
A clinical decision support (CDS) module, embedded within an EHR, was used to provide early detection of situations that could result in venous thromboembolism (VTE). A study of the impact of the module showed that the VTE rate declined from 0.954 per one thousand patient days to 0.434 comparing baseline to full VTE CDS. Compared to baseline, patients benefi tting from VTE CDS were 35 percent less likely to have a VTE (Amland et. al., 2015).
D E F I N I T I O N O F I T - E N A B L E D V A L U E · 219
Variable
Even when they implement the same system, not all organizations experience the same value. Organizational factors such as change management prowess and governance have a significant impact on an organization’s ability to be successful in implementing health information technology.
As an example of variability, two children’s hospitals implemented the same EHR (including CPOE) in their pediatric intensive care units. One hospital experienced a significant increase in mortality (Han et al., 2005), whereas the other did not (Del Beccaro, Jeffries, Eisenberg, & Harry, 2006). The hospital that did experience an increase in mortality noted that several implementation factors contributed to the deterioration in quality; specifi c order sets for critical care were not created, changes in workflow were not well executed, and orders for patients arriving via critical care transporta tion could not be written before the patient arrived at the hospital, delaying life-saving treatments.
Even when organizations have comparable implementation skill levels, the value achieved can vary because different organizations decide to focus on different objectives. For example, some organizations may decide to improve the quality of diabetes care, and others may emphasize the reduction in care costs. Hence, if an outcome is of modest interest to an organization and it devotes few resources to achieving that outcome, it should not be surprised if the outcome does not materialize.
Diverse across Proposals
Consider three proposals (real ones from a large integrated delivery system) that might be in front of organizational leadership for review and approval: a disaster notification system, a document imaging system, and an e-procurement system. Each offers a different type of value to the organization.
The disaster notification system would enable the organization to page critical personnel, inform them that a disaster—for example, a train wreck or biotoxin outbreak—had taken place, and tell them the extent of the disaster and the steps they would need to take to help the organization respond to the disaster. The system would cost $520,000. The value would be “better preparedness for a disaster.”
The document imaging system would be used to electronically store and retrieve scanned images of paper documents, such as payment recon ciliations, received from insurance companies. The system would cost $2.8 million, but would save the organization $1.8 million per year ($9 million over the life of the system) through reductions in the labor required to look
220 · C H A P T E R 7 : A S S E S S I N G A N D A C H I E V I N G V A L U E I N H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
for paper documents and in the insurance claim write-offs that occur because a document cannot be located.
The e-procurement system would enable users to order supplies, ensure that the ordering person had the authority to purchase supplies, transmit the order to the supplier, and track the receipt of the supplies. Data from this system could be used to support the standardization of supplies, that is, to reduce the number of different supplies used. Such standardization might save $500,000 to $3 million per year. The actual savings would depend on physician willingness to standardize. The system would cost $2.5 million.
These proposals refl ect a diversity of value, ranging from “better disaster response” to a clear financial return (document imaging) to a return with such a wide potential range (e-procurement) that it could be a great invest ment (if you really could save $3 million a year) or a terrible investment (if you could save only $500,000 a year).
Diverse in a Single Investment
Picture archiving and communication systems (PACS) are used to store radiol ogy (and other) images, support interpretation of images, and distribute the information to the physician providing direct patient care. These systems are an example of the diversity of value that can result from one IT investment. A PACS can do the following:
• Reduce costs for radiology film and the need for fi lm librarians.
• Improve service to the physician delivering care, through improved access to images.
• Improve productivity for the radiologists and for the physicians delivering care (both groups reduce the time they spend looking for images).
• Generate revenue, if the organization uses the PACS to offer radiology services to physician groups in the community.
This one investment has a diverse value proposition; it has the poten tial to deliver cost reduction, productivity gains, service improvements, and revenue gains.
Different Analyses for Different Objectives
The Committee to Study the Impact of Information Technology on the Per formance of Service Activities (1994), organized by the National Research
D E F I N I T I O N O F I T - E N A B L E D V A L U E · 221
Council (NRC), has identified six categories of IT investments in service industries, reflecting different objectives. The techniques used to assess IT investment value should vary by the type of objective that the IT investment intends to support. One technique does not fit all IT investments.
Infrastructure
IT investments may be for infrastructure that enables other investments or applications to be implemented and deliver desired capabilities. Examples of infrastructure are data communication networks, workstations, and clinical data repositories. A delivery system–wide network enables a large organiza tion to implement applications to consolidate clinical laboratories, implement organization-wide collaboration tools, and share patient health data between providers.
It is difficult to quantitatively assess the impact or value of infrastructure investments because of the following:
• They enable applications. Without those applications, infrastructure has no value. Hence, infrastructure value is indirect and depends on application value.
• The allocation of infrastructure value across applications is complex. When millions of dollars are invested in a data communication network, it may be diffi cult or impossible to determine how much of that investment should be allocated to the ability to create delivery system–wide EHRs.
• A good IT infrastructure is often determined by its agility, potency, and ability to facilitate integration of applications. It is very diffi cult to assign return on investment (ROI) numbers or any meaningful numerical value to most of these characteristics. What, for instance, is the value of being agile enough to speed up the time it takes to develop and enhance applications?
Information system infrastructure is as hard to evaluate as other organi zational infrastructure, such as having talented, educated staff members. As with other infrastructure,
• Evaluation is often instinctive and experientially based.
• In general, underinvesting can severely limit the organization.
• Investment decisions involve choosing between alternatives that are assessed for their ability to achieve agreed-on goals. For example,
PERSPECTIVE Four Types of IT Investment
Complementing the NRC study, Jeanne Ross and Cynthia Beath (2002) studied the IT investment approaches of thirty companies from a wide range of industries. They identifi ed four classes of investment:
• Transformation. These IT investments had an impact that would affect the entire organization or a large number of business units. The intent of the investment was to effect a signifi cant improvement in overall performance or change the nature of the organization.
• Renewal. Renewal investments were intended to upgrade core IT infrastructure and applications or reduce the costs or improve the quality of IT services. Examples of these investments include appli cation replacements, upgrades of the network, or expansion of data storage.
• Process improvement. These IT investments sought to improve the operations of a specific business entity—for example, to reduce costs and improve service.
• Experiments. Experiments were designed to evaluate new infor mation technologies and test new types of applications. Given the results of the experiments, the organization would decide whether broad adoption was desirable.
Different organizations will allocate their IT budgets differently across these classes. An office products company had an investment mix of experiments (15 percent), process improvement (40 percent), renewal (25 percent), and transformation (20 percent). An insurance fi rm had an investment mix of experiments (3 percent), process improvement (25 percent), renewal (18 percent), and transformation (53 percent).
The investment allocation is often an after-the-fact consideration— the allocation is not planned, it just “happens.” However, ideally, the organization decides its desired allocation structure and does so before the budget discussions. An organization with an ambitious and perhaps radical strategy may allocate a very large portion of its IT investment to the transformation class, whereas an organization with a conservative, stay-the-course strategy may have a large process improvement portion to its IT investments.
Source: Ross and Beath (2002, p. 54).
222
D E F I N I T I O N O F I T - E N A B L E D V A L U E · 223
if an organization wishes to improve security, it might ask whether it should invest in network monitoring tools or enhanced virus protection. Which of these investments would enable it to make the most progress toward its goal?
Mandated
Information system investment may be necessary because of mandated initia tives. Mandated initiatives might involve reporting quality data to accrediting organizations, making required changes in billing formats, or improving disas ter notification systems. Assessing these initiatives is generally approached by identifying the least expensive and the quickest to implement alternative that will achieve the needed level of compliance.
Cost Reduction
Information system investments directed to cost reduction are generally highly amenable to ROI and other quantifiable dollar-impact analyses. The ability to conduct a quantifiable ROI analysis is rarely the question. The ability of management to effect the predicted cost reduction or cost avoidance is often a far more germane question.
Specific New Products and Services
IT can be critical to the development of new products and services. At times the information system delivers the new service, and at other times it is itself the product. Examples of information system–based new services include bank cash-management programs and programs that award airline mileage for credit card purchases. A new service offered by some health care provid ers is a personal health record that enables a patient to communicate with his or her physician and to access care guidelines and consumer-oriented medical textbooks.
The value of some of these new products and services can be quanti fiably assessed in terms of a monetary return. These assessments include analyses of potential new revenue, either directly from the service or from service-induced use of other products and services. An ROI analysis will need to be supplemented by techniques such as sensitivity analyses of consumer response. Despite these analyses, the value of this IT investment usually has a speculative component. This component involves consumer utilization, competitor response, and impact on related businesses.
224 · C H A P T E R 7 : A S S E S S I N G A N D A C H I E V I N G V A L U E I N H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
Quality Improvement
Information system investments are often directed to improving the quality of service or medical care. These investments may be intended to reduce waiting times, improve the ability of physicians to locate information, improve treat ment outcomes, or reduce errors in treatment. Evaluation of these initiatives, although quantifiable, is generally done in terms of service parameters that are known or believed to be important determinants of organizational success. These parameters might be measures of aspects of organizational processes that customers encounter and then use to judge the organization, for example, waiting times in the physician’s office. A quantifiable dollar outcome for the service of care quality improvement can be very difficult to predict. Service quality is often necessary to protect current business, and the effect of a failure to continuously improve service or medical care can be difficult to project.
Major Strategic Initiative
Strategic initiatives in information technology are intended to signifi cantly change the competitive position of the organization or redefine the core nature of the enterprise. In health care it is unusual that information systems are the centerpiece of a redefinition of the organization, although as we discussed in Chapter Four IT is a critical foundation for provider efforts to manage population health. However, several other industries have attempted IT-centric transformations.
Amazon is an effort to transform retailing. Venmo (which enables micro- payments between individuals) is an effort to disrupt aspects of the branch bank. There can be a ROI core or component to analyses of such initiatives, because they often involve major reshaping or reengineering of fundamental organizational processes. However, assessing the ROIs of these initiatives and their related information systems with a high degree of accuracy can be very difficult. Several factors contribute to this diffi culty:
• These major strategic initiatives usually recast the organization’s markets and its roles. The outcome of the recasting, although visionary, can be diffi cult to see with clarity and certainty.
• The recasting is evolutionary; the organization learns and alters itself as it progresses over what are often lengthy periods of time. It is diffi cult to be prescriptive about this evolutionary process. Most accountable care organizations are confronting this phenomenon.
• Market and competitor responses can be diffi cult to predict.
T H E I T P R O J E C T P R O P O S A L · 225
IT value is diverse and complex. This diversity indicates the power of IT and the diversity of its use. Nonetheless, the complexity of the value propo sition means that it is difficult to make choices between IT investments and also difficult to assess whether the investment ultimately chosen delivered the desired value or not.
THE IT PROJECT PROPOSAL
The IT project proposal is a cornerstone in examining value. Clearly, ensur ing that all proposals are well crafted does not ensure value. To achieve value, alignment with organizational strategies must occur, factors for sus tained IT excellence must be managed, budget processes for making choices between investments must exist, and projects must be well managed. However, the proposal (as will be discussed in Chapter Thirteen) does describe the intended outcome of the IT investment. The proposal requests money and an organizational commitment to devote management atten tion and staff effort to implementing an information system. The proposal describes why this investment of time, effort, and money is worth it—that is, the proposal describes the value that will result. In this section we discuss the value portion of the proposal and some common problems encountered with it.
Sources of Value Information
As project proponents develop their case for an IT investment, they may be unsure of the full gamut of potential value or of the degree to which a desired value can be truly realized. The organization may not have had experience with the proposed application and may have insufficient analyst resources to perform its own assessment. It may not be able to answer such questions as, What types of gains have organizations seen as a result of implementing a population health system? To what degree will IT be a major contributor to our efforts to improve patient access through telehealth?
Information about potential value can be obtained from several sources (discussed in Appendix A). Conferences often feature presentations that describe the efforts of specific individuals or organizations in accomplish ing initiatives of interest to many others. Industry publications may offer relevant articles and analyses. Several industry research organizations—for example, Gartner and the Advisory Board—can offer advice. Consultants can be retained who have worked with clients who are facing or have addressed
226 · C H A P T E R 7 : A S S E S S I N G A N D A C H I E V I N G V A L U E I N H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
similar questions. Vendors of applications can describe the outcomes experi enced by their customers. And colleagues can be contacted to determine the experiences of their organizations.
Garnering an understanding of the results of others is useful but insuffi cient. It is worth knowing that Organization Y adopted computerized provider order entry (CPOE) and reduced unnecessary testing by x percent. However, one must also understand the CPOE features that were critical in achieving that result and the management steps taken and the process changes made in concert with the CPOE implementation.
Formal Financial Analysis
Most proposals should be subjected to formal financial analyses regardless of their value proposition. Several types of financial measures are used by organizations. An organization’s finance department will work with lead ership to determine which measures will be used and how these measures will be compiled.
Two common financial measures are net present value and internal rate of return:
1. Net present value is calculated by subtracting the initial investment from the future cash fl ows that result from the investment. The cash can be generated by new revenue or cost savings. The future cash is discounted, or reduced, by a standard rate to refl ect the fact that a dollar earned one or more years from now is worth less than a dollar one has today (the rate depends on the time period considered). If the cash generated exceeds the initial investment by a certain amount or percentage, the organization may conclude that the IT investment is a good one.
2. Internal rate of return is the discount rate at which the present value of an investment’s future cash fl ow equals the cost of the investment. Another way to look at this is to ask, Given the amount of the investment and its promised cash, what rate of return am I getting on my investment? On the one hand, a return of 1 percent is not a good return (just as one would not think that a 1 percent return on one’s savings was good). On the other hand, a 30 percent return is very good.
Table 7.1 shows the typical form of a financial analysis for an IT application.
Table 7.1 Financial analysis of a patient accounting document imaging system
Current Year Year 1 Year 2 Year 3 Year 4 Year 5 Year 6 Year 7
COSTS One-time capital expense $1,497,466 $1,302,534 System operations System maintenance — 288,000 $288,000 $288,000 $288,000 $288,000 $288,000 $288,000 System maintenance — 152,256 152,256 152,256 152,256 152,256 152,256 152,256 TOTAL COSTS 1,497,466 1,742,790 440,256 440,256 440,256 440,256 440,256 440,256 BENEFITS Revenue gains Rebilling of small — 651,000 868,000 868,000 868,000 868,000 868,000 868,000
secondary balances Medicaid billing — 225,000 300,000 300,000 300,000 300,000 300,000 300,000
documentation Disallowed Medicare — — — — 100,000 100,000 100,000 100,000
bad debt audit Staff savings Projected staff savings — 36,508 136,040 156,504 169,065 169,065 169,065 171,096 Operating savings Projected operating — 64,382 77,015 218,231 222,550 226,436 226,543 229,935
savings TOTAL BENEFITS — 976,891 1,381,055 1,542,735 1,659,615 1,663,502 1,663,608 1,669,031 CASH FLOW (1,497,466) (765,899) 940,799 1,102,479 1,219,359 1,223,246 1,223,352 1,228,775 CUMULATIVE CASH (1,497,466) (2,263,365) (1,322,566) (220,087) 999,272 2,222,517 3,445,869 4,674,644
FLOW NPV (12% discount ) 1,998,068 IRR 33%
228 · C H A P T E R 7 : A S S E S S I N G A N D A C H I E V I N G V A L U E I N H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
Comparing Different Types of Value
Given the diversity of value, it is very challenging to compare IT proposals that have different value propositions. How does one compare a proposal that promises to increase revenue and improve collaboration to one that offers improved compliance, faster turnaround times, and reduced supply costs?
At the end of the day, judgment is used to choose one proposal over another. Health care executives review the various proposals and associated value statements and make choices based on their sense of organizational priorities, available monies, and the likelihood that the proposed value will be seen. These judgments can be aided by developing a scoring approach that enables leaders to apply a common metric across proposals. For example, the organization might decide to score each proposal according to how much value it promises to deliver in each of the following areas:
• Revenue impact
• Cost reduction
• Patient or customer satisfaction
• Quality of work life
• Quality of care
• Regulatory compliance
• Potential learning value
In this approach, each of these areas in each proposal is assigned a score, ranging from 5 (signifi cant contribution to the area) to 1 (minimal or no con tribution). The scores are then totaled for each proposal, and, in theory, one picks those proposals with the highest aggregate scores. In practice, IT invest ment decisions are rarely that purely algorithmic. However, such scoring can be very helpful in sorting through complex and diverse value propositions:
• Scoring forces the leadership team to discuss why different members of the team assigned different scores—why, for example, did one person assign a score of 2 for the revenue impact of a particular proposal and another person assign a 4? These discussions can clarify people’s understandings of proposal objectives and help the team arrive at a consensus on each project.
• Scoring means that the leadership team will have to defend any decision not to fund a project with a high score or to fund one with a low score. In the latter case, team members will have to discuss why they are all in favor of a project when it has such a low score.
T H E I T P R O J E C T P R O P O S A L · 229
PERSPECTIVE Prerequisites for Effective IT Project Prioritization
Jeanne Ross and Emmett Johnson (2009) identifi ed four prerequisites to effective IT project prioritization.
Explicit operating vision of the business. An operating vision is more than the sum of the operations of individual departments. Rather, it is a solid understanding of how the organization wants to operate as a whole. For example, how will the organization manage patients with a chronic disease? What processes must be in place to ensure a superior patient experience?
Operating visions lead to enterprise-wide requirements for integration and standardization. IT projects should support this vision and conform to these requirements.
Business process owners. Process owners are those senior leaders who are responsible for the performance of core organization processes, such as patient access. These owners must sponsor IT initiatives and be held accountable for their successful completion and value delivery. These owners are in a good position to understand the IT priorities of their processes.
Transparent IT operating costs. Organizational leadership must understand IT costs and the drivers of those costs. This understanding prepares them to thoughtfully assess the risks and benefits of proposed new systems and to identify alternative approaches to achieving desired process gains.
Rigorous project governance. Excellent IT governance must exist for the overall IT agenda (to be discussed in Chapter Twelve) and for individual projects (to be discussed in Chapter Thirteen).
Source: Ross and Johnson (2009).
The organization can decide which proposal areas to score and which not to score. Some organizations give different areas different weights—for example, reducing costs might be considered twice as important as improving organizational learning. The resulting scores are not binding, but they can
230 · C H A P T E R 7 : A S S E S S I N G A N D A C H I E V I N G V A L U E I N H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
be helpful in arriving at a decision about which projects will be approved and what value is being sought.
Tactics for Reducing the Budget
Proposals for IT initiatives may originate from a wide variety of sources in an organization. The IT group will submit proposals, as will department directors and physicians. Many of these proposals will not be directly related to an overall strategy but may nevertheless be good ideas that if implemented would lead to improved organizational performance. So it is common for an organization to have more proposals than it can fund. For example, during the IT budget discussion, the leadership team may decide that although it is looking at $2.2 million in requests, the organization can afford to spend only $1.7 million, so $500,000 worth of requests must be denied. Table 7.2 presents a sample list of requests.
Table 7.2 Requests for new information system projects
Community General Hospital
Project Name Operating Cost
TOTAL $2,222,704 Clinical portfolio development 38,716 Enterprise monitoring 70,133 HIPAA security initiative 36,950 Accounting of disclosure—HIPAA 35,126 Ambulatory Center patient tracking 62,841 Bar-coding infrastructure 64,670 Capacity management 155,922 Chart tracking 34,876 Clinical data repository 139,902 CRP research facility 7,026 Emergency Department data warehouse 261,584 Emergency Department order entry 182,412 Medication administration system 315,323 Order communications 377,228 Transfusion services replacement system 89,772 Wireless infrastructure 44,886 Next-generation order entry 3,403 Graduate medical education duty hours 163,763
T H E I T P R O J E C T P R O P O S A L · 231
Reducing the budget in situations such as this requires a value discus sion. The leadership is declaring some initiatives to have more value than others. Scoring initiatives according to criteria is one approach to addressing this challenge.
In addition to such scoring, other assessment tactics can be employed, prior to the scoring, to assist leaders in making reduction decisions.
• Some requests are mandatory. They may be mandatory because of a regulation requirement (such as a new Medicare rule) or because a current system is so obsolete that it is in danger of crashing— permanently—and it must be replaced soon. These requests must be funded.
• Some projects can be delayed. They are worthwhile, but a decision on them can be put off until next year. The requester will get by in the meantime.
• Key groups within IT, such as the staff members who manage clinical information systems, may already have so much on their plate that they cannot possibly take on another project. Although the organization wants to do the project, it would be ill-advised to do so now, and so the project can be deferred to next year.
• The user department proposing the application may not have strong management or may be experiencing some upheaval; hence, implementing a new system at this time would be risky. The project could be denied or delayed until the management issues have been resolved.
• The value proposition or the resource estimates or both are shaky. The leadership team does not trust the proposal, so it could be denied or sent back for further analysis. Further analysis means that the proposal will be examined again next year.
• Less expensive ways of addressing the problems cited in the proposal may exist, such as a less expensive application or a non-IT approach. The proposal could be sent back for further analysis.
• The proposal is valuable, and the leadership team would like to move it forward. However, the team may reduce the budget, enabling progress to occur but at a slower pace. This delays realizing the value but ensures that resources are devoted to making progress.
These tactics are routinely employed during budget discussions aimed at trying to get as much value as possible given fi nite resources.
232 · C H A P T E R 7 : A S S E S S I N G A N D A C H I E V I N G V A L U E I N H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
Common Proposal Problems
During the review of IT investment proposals, organizational leadership might encounter several problems related to the estimates of value and the estimates of the resources needed to obtain the value. If undetected, these problems might lead to a significant overstatement of potential return or understatement of costs. An overstatement or understatement, obviously, may result in significant organizational unhappiness when the value that people thought they would see never materializes and never could have materialized.
Fractions of Effort
Proposal analyses might indicate that the new IT initiative will save fractions of staff time, for example, that each nurse will spend fifteen minutes less per shift on clerical tasks. To suggest a total value, the proposal might multiply as follows (this example is highly simplified): 200 nurses × 15 minutes saved per 8-hour shift × 250 shifts worked per year = 12,500 hours saved. The math might be correct, and the conclusion that 12,500 hours will become available for doing other work such as direct patient care might also be correct. But the analysis will be incorrect if it then concludes that the organization would thus “save” the salary dollars of six nurses (assuming 2,000 hours worked per year per nurse).
Saving fractions of staff effort does not always lead to salary savings, even when there are large numbers of staff members, because there may be no practical way to realize the savings—to, for example, lay off six nurses. If, for example, there are six nurses working each eight-hour shift in a par ticular nursing unit, the fifteen minutes saved per nurse would lead to a total savings of 1.5 hours per shift. But if one were then to lay off one nurse on a shift, it would reduce the nursing capacity on that shift by eight hours, damaging the unit’s ability to deliver care. Saving fractions of staff member effort does not lead to salary savings when staff members are geographically highly fragmented or when they work in small units or teams. It leads to possible salary savings only when staff members work in very large groups and some work of the reduced staff members can be redistributed to others.
Reliance on Complex Behavior
Proposals may project with great certainty that people will use systems in specific ways. For example, several organizations expect that consumers will use Internet-based quality report cards to choose their physicians and
T H E I T P R O J E C T P R O P O S A L · 233
hospitals. However, few consumers appear to actually rely on such sites. Organizations may expect that nurses will readily adopt systems that help them discharge patients faster. However, nurses often delay entering dis charge transactions so that they can grab a moment of peace in an otherwise overwhelmingly busy day.
System use is often not what was anticipated. This is particularly true when the organization has no experience with the relevant class of users or with the introduction of IT into certain types of tasks. The original value projection can be thrown off by the complex behaviors of system users. People do not always behave as we expect or want them to. If user behavior is uncertain, the organization would be wise to pilot an application and learn from this demonstration.
Unwarranted Optimism
Project proponents are often guilty of optimism that reflects a departure from reality. Proponents may be guilty of any of four mistakes:
• They assume that nothing will go wrong with the project.
• They assume that they are in full control of all variables that might affect the project—even, for example, quality of vendor products and organizational politics.
• They believe that they know exactly what changes in work processes will be needed and what system features must be present, when what they really have, at best, are close approximations of what must happen.
• They believe that everyone can give full time to the project and forget that people get sick or have babies and that distracting problems unrelated to the project will occur, such as a sudden deterioration in the organization’s fiscal performance, and demand attention.
Decisions based on such optimism eventually result in overruns in project budgets and timetables and compromises in system goals. Overruns and compromises change the value proposition.
Shaky Extrapolations
Projects often achieve gains in the first year of their implementation, and proponents are quick to project that such gains will continue during the remaining life of the project. For example, an organization may see 10 percent
234 · C H A P T E R 7 : A S S E S S I N G A N D A C H I E V I N G V A L U E I N H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
of its physicians move from using dictation when developing a progress note to using structured, computer-based templates. The organization may then erroneously extrapolate that each year will see an additional 10 percent shift. In fact, the fi rst year might be the only year in which such a gain will occur. The organization has merely convinced the more computer-facile physicians to change, and the rest of the physicians have no interest in ever changing.
Underestimating the Effort
Project proposals might count the IT staff member effort in the estimates of project costs but not count the time that users and managers will have to devote to the project. A patient care system proposal, for instance, may not include the time that will be spent by dozens of nurses working on system design, developing workflow changes, and attending training. These efforts are real costs. They often lead to the need to hire temporary nurses to provide coverage on the inpatient care units, or they might lead to a reduced patient census because there are fewer nursing hours available for patient care. Such miscounting of effort understates the cost of the project.
Fairy-Tale Savings
IT project proposals may note that the project can reduce the expenses of a department or function, including costs for staff members, supplies, and effort devoted to correcting mistakes that occur with paper-based pro cesses. Department managers will swear in project approval forums that such savings are real. However, when asked if they will reduce their budgets to reflect the savings that will occur, these same managers may become sig nificantly less convinced that the savings will result. They may comment that the freed-up staff member effort or supplies budgets can be redeployed to other tasks or expenses. The managers may be right that the expenses should be redeployed, and all managers are nervous when asked to reduce their budgets and still do the same amount of work. However, the savings expected have now disappeared.
Failure to Account for Post-Implementation Costs
After a system goes live, the costs of the system do not go away. System maintenance contracts are necessary. Hardware upgrades will be required. Staff members may be needed to provide enhancements to the application. These support costs may not be as large as the costs of implementation, but
E N S U R I N G T H E D E L I V E R Y O F V A L U E · 235
they are costs that will be incurred every year, and over the course of several years they can add up to some big numbers. Proposals often fail to adequately account for support costs.
ENSURING THE DELIVERY OF VALUE
Achieving value from IT investments requires management effort. There is no computer genie that descends on the organization once the system is live and waves its wand and—shazzam!—value has occurred. Achieving value is hard work but doable work. Management can take several steps to ensure the delivery of value (Dragoon, 2003; Glaser, 2003a, 2003b). These steps are discussed in the sections that follow.
Make Sure the Homework Was Done
IT investment decisions are often based on proposals that are not resting on solid ground. The proposer has not done the necessary homework, and this elevates the risk of a suboptimal return.
Clearly, the track record of the investment proposer will have a signifi cant infl uence on the investment decision and on leaders’ thinking about whether or not the investment will deliver value. However, regardless of the proposer’s track record, an IT proposal should enable the leadership team to respond with a strong yes to each of the following questions:
• Is it clear how the plan advances the organization’s strategy?
• Is it clear how care will improve, costs will be reduced, or service will be improved? Are the measures of current performance and expected improvement well researched and realistic? Have the related changes in operations, workflow, and organizational processes been defi ned?
• Are the senior leaders whose areas are the focus of the IT plan clearly supportive? Could they give the project proposal presentation?
• Are the resource requirements well understood and convincingly presented? Have these requirements been compared to those experienced by other organizations undertaking similar initiatives?
• Have the investment risks been identifi ed, and is there an approach to addressing these risks?
• Do we have the right people assigned to the project, have we freed up their time, and are they well organized?
236 · C H A P T E R 7 : A S S E S S I N G A N D A C H I E V I N G V A L U E I N H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
Answering with a no, a maybe, or an equivocal yes to any of these ques tions should lead one to believe that the discussion is perhaps focusing on an expense rather than an investment.
Require Formal Project Proposals
It is a fact of organizational life that projects are approved as a result of hallway conversations or discussions on the golf course. Organizational life is a political life. While recognizing this reality, the organization should require that every IT project be written up in the format of a proposal and that each proposal should be reviewed and subjected to scrutiny before the organization will commit to supporting it. However, an organization may also decide that small projects—for example, those that involve less than $25,000 in costs and less than 120 person-hours—can be handled more informally.
Increase Accountability for Investment Results
Few meaningful organizational initiatives are accomplished without estab lishing appropriate accountability for results. Accountability for IT investment results can be improved by taking three major steps.
First, the business owner of the IT investment should defend the invest- ment—for example, the director of clinical laboratories should defend the request for a new laboratory system and the director of nursing should defend the need for a new nursing system. The IT staff members will need to work with the business owner to define IT costs, establish likely implementation time frames, and sort through application alternatives. But the IT staff members should never defend an application investment.
Second, as will be discussed in Chapter Thirteen, project sponsors and business owners must be defined, and they must understand the accountabil ity that they now have for the successful completion of the project.
Third, the presentation of these projects should occur in a forum that routinely reviews such requests. Seeing many proposals, and their results, over the course of time will enable the forum participants to develop a sea soned understanding of good versus not-so-good proposals. Forum members are also able to compare and contrast proposals as they decide which ones should be approved. A manager might wonder (and it’s a good question), “If I approve this proposal, does that mean that we won’t have resources for another project that I might like even better?” Examining as many proposals together as possible enables the organization to take a portfolio view of its potential investments.
E N S U R I N G T H E D E L I V E R Y O F V A L U E · 237
Figure 7.1 IT investment portfolio
Source: Adapted from Arlotto and Oakes (2003). Copyright 2003 Healthcare Informa tion and Management Systems Society (HIMSS) Used with permission.
Figure 7.1 displays an example of a project investment portfolio repre sented graphically. The size of each bubble reflects the magnitude of a par ticular IT investment. The axes are labeled “reward” (the size of the expected value) and “risk” (the relative risk that the project will not deliver the value). Other axes may be used. One commonly used set of axes consists of “support of operations” and “support of strategic initiatives.”
Diagrams such as the one in Figure 7.1 serve several functions:
• They summarize IT activity on one piece of paper, enabling leaders to consider a new request in the context of prior commitments.
• They help to ensure a balanced portfolio, promptly revealing imbalances such as a clustering of projects in the high-risk quadrant.
• They help to ensure that the approved projects cover an appropriate spectrum of organizational needs: for example, that projects are directed to revenue cycle improvement, to operational improvement, and to patient safety.
Manage the Project Well
One guaranteed way to reduce value is to mangle the management of the implementation project. Implementation failures or signifi cant budget
238 · C H A P T E R 7 : A S S E S S I N G A N D A C H I E V I N G V A L U E I N H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
PERSPECTIVE Types of Portfolio Investments
Peter Weill and Sinan Aral (2006) note that organizations should manage their IT investments as a portfolio. Specifically, they describe four types of IT investments in a portfolio.
Infrastructure. Infrastructure refers to the core information technology that serves as the foundation for all applications. Examples of infrastructure include networks, servers, operating systems, and mobile devices.
Transactional. Transactional systems are those applications that support the core operations processes. Examples of transactional systems include CPOE, scheduling, clinical laboratory automation, and clinician documentation.
Informational. Informational IT assets are those that support decision making such as clinical decision support, quality measurement and analyses, market assessment, and budget performance.
Strategic. Strategic investments are IT systems that are critical to the furthering of an organization’s strategy. These investments could be infrastructure, transactional, and informational, but they differ in that they are clearly directed to furthering a strategic initiative as distinct from being helpful to support ongoing operations.
Weill and Aral note that different industries have different allo cations of IT investments across these categories. Financial services emphasize infrastructure in an effort to ensure high reliability and low costs. However, retail has emphasized informational as they seek to understand customer buying patterns.
Source: Weill and Aral (2006).
and timetable overruns or really unhappy users—any of these can dilute value.
Among the many factors that can lead to mangled project management are the following:
• The project’s scope is poorly defi ned.
• The accountability is unclear.
E N S U R I N G T H E D E L I V E R Y O F V A L U E · 239
• The project participants are marginally skilled.
• The magnitude of the task is underestimated.
• Users feel like victims rather than participants.
• All the world has a vote and can vote at any time.
Many of these factors were discussed in Chapters Five and Six.
Manage Outcomes
Value is not an automatic result of implementing an information system. Value must be managed into existence. Figure 7.2 depicts a reduction in days in accounts receivable (AR) at a physician practice. During the interval depicted, a new practice management system was implemented. The practice did not see a precipitous decline in days in AR (a sign of improved revenue performance) in the time immediately following the implementation in the second quarter of 2015. The practice did see a progressive improvement in days in AR because someone was managing that improvement using the new capabilities that came with the new system.
If the gain in revenue performance had been an “automatic” result of the information system implementation, the practice would have seen a quick, sharp drop in days in AR. Instead it saw a gradual improvement over time. This gradual change reflects the following:
• The gain occurred through day-in, day-out changes in operational processes, fine-tuning of system capabilities, and follow-ups in staff training.
Figure 7.2 Days in accounts receivable
240 · C H A P T E R 7 : A S S E S S I N G A N D A C H I E V I N G V A L U E I N H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
• A person had to be in charge of obtaining this improvement. Someone had to identify and make operational changes, manage changes in system capabilities, and ensure that needed training occurred.
Conduct Post-Implementation Audits
Rarely do organizations revisit their IT investments to determine if the promised value was actually achieved. They tend to believe that once the implementation is over and the change settles in, value will have been auto matically achieved. This is unlikely.
Post-implementation audits can be conducted to identify value achieve ment progress and the steps still needed to achieve maximum gain. An organization might decide to audit two to four systems each year, selecting systems that have been live for at least six months. During the course of the audit meeting, these five questions can be asked:
1. What goals were expected at the time the project investment was approved?
2. How close have we come to achieving those original goals?
3. What do we need to do to close the goal gap?
4. How much have we invested in system implementation, and how does that compare to our original budget?
5. If we had to implement this system again, what would we do differently?
Post-implementation audits assist value achievement by the following:
• Signaling leadership interest in ensuring the delivery of results
• Identifying steps that still need to be taken to ensure value
• Supporting organizational learning about IT value realization
• Reinforcing accountability for results
Celebrate Value Achievement
Business value should be celebrated. Organizations usually hold parties shortly after applications go live. These parties are appropriate; a lot of people worked very hard to get the system up and running and used. However, up and running and used does not mean that value has been delivered. In addi tion to go-live parties, organizations should consider business value parties,
E N S U R I N G T H E D E L I V E R Y O F V A L U E · 241
celebrations conducted once the value has been achieved—for example, a party that celebrates the achievement of service improvement goals. Go-live parties alone risk sending the inappropriate signal that implementation is the end point of the IT initiative. Value delivery is the end point.
Leverage Organizational Governance
The creation of an IT committee of the board of directors can enhance organi zational efforts to achieve value from IT investments. At times the leadership team of an organization is uncomfortable with some or all of the IT conversa tion. Board members may not understand why infrastructure is so expensive or why large implementations can take so long and cost so much. They may feel uncomfortable with the complexity of determining the likely value to be obtained from IT investments. The creation of a subcommittee made up of the board members most experienced with such discussions can help to ensure that hard questions are being asked and that the answers are sound.
Shorten the Deliverables Cycle
When possible, projects should have short deliverable cycles. In other words, rather than asking the organization to wait twelve or eighteen months to see the first fruits of its application implementation labors, make an effort to deliver a sequence of smaller implementations. For example, one might conduct pilots of an application in a subset of the organization, followed by a staged rollout. Or one might plan for serial implementation of the fi rst 25 percent of the application features.
Pilots, staged rollouts, and serial implementations are not always doable. When they are possible, however, they enable the organization to achieve some value earlier rather than later, support organizational learning about which system capabilities are really important and which were only thought to be important, facilitate the development of reengineered operational pro cesses, and create the appearance (whose importance is not to be underesti mated) of more value delivery.
Benchmark Value
Organizations should benchmark their performance in achieving value against the performance of their peers. These benchmarks might focus on process performance—for example, days in accounts receivable or average time to get an appointment. An important aspect of value benchmarking
242 · C H A P T E R 7 : A S S E S S I N G A N D A C H I E V I N G V A L U E I N H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
is the identification of the critical IT application capabilities and related operational changes that enabled the achievement of superior results. This understanding of how other organizations achieved superior IT-enabled per formance can guide an organization’s efforts to continuously achieve as much value as possible from its IT investments.
Communicate Value
Once a year the IT department should develop a communication plan for the twelve months ahead. This plan should indicate which presentations will be made in which forums and how often IT-centric columns will appear in organizational newsletters. The plan should list three or so major themes— for example, specific regional integration strategies or efforts to improve IT service—that will be the focus of these communications. Communication plans try to remedy the fact that even when value is being delivered, most people in the organization may not be fully aware of it.
ANALYSES OF THE IT VALUE CHALLENGE
The IT investment and value challenge plagues all industries. It is not a problem peculiar to health care. The challenge has been with us for fi fty years, ever since organizations began to spend money on big mainframes. This challenge is complex and persistent, and we should not believe we can fully solve it. We should believe we can be better at dealing with it. This section highlights the conclusions of several studies and articles that have examined this challenge.
Factors That Hinder Value Return
The Committee to Study the Impact of Information Technology on the Perfor mance of Service Activities (1994) found these major contributors to failures to achieve a solid return on IT investments:
• The organization’s overall strategy is wrong, or its assessment of its competitive environment is inadequate.
• The strategy is fine, but the necessary IT applications and infrastructure are not defined appropriately. The information system, if it is solving a problem, is solving the wrong problem.
• The organization fails to identify and draw together well all the investments and initiatives necessary to carry out its plans. The IT
A N A L Y S E S O F T H E I T V A L U E C H A L L E N G E · 243
investment then falters because other changes, such as reorganization or reengineering, fail to occur.
• The organization fails to execute the IT plan well. Poor planning or less than stellar management can diminish the return from any investment.
Value may also be diluted by factors outside the organization’s control. Weill and Broadbent (1998) noted that the more strategic the IT investment, the more its value can be diluted. An IT investment directed to increasing market share may have its value diluted by non-IT decisions and events—for example, pricing decisions, competitors’ actions, and customers’ reactions. IT investments that are less strategic but have business value—for example, improving nursing productivity—may be diluted by outside factors—for example, shortages of nursing staff members. And the value of an IT invest ment directed toward improving infrastructure characteristics may be diluted by outside factors—for example, unanticipated technology immaturity or business difficulties confronting a vendor.
The Investment-Performance Relationship
A study by Strassmann (1990) examined the relationship between IT expendi tures and organizational effectiveness. Data from an Information Week survey of the top one hundred users of IT were used to correlate IT expenditures per employee with profits per employee. Strassmann concluded that there is no overall obvious direct relationship between expenditure and organizational performance. This finding has been observed in several other studies (for example, Keen, 1997). It leads to several conclusions:
• Spending more on IT is no guarantee that the organization will be better off. There has never been a direct correlation between spending and outcomes. Paying more for care does not give one correspondingly better care. Clearly, one can spend so little that nothing effective can be done. And one can spend so much that waste is guaranteed. But moving IT expenditures from 4 percent of the operating budget to 6 percent of the operating budget does not inherently lead to a 50 percent increase in desirable outcomes.
• Factors other than the appropriateness of the tool to the task also infl uence the relationship between IT investment and organizational performance. These factors include the nature of the work (for example, IT is likely to have a greater impact on bank performance
244 · C H A P T E R 7 : A S S E S S I N G A N D A C H I E V I N G V A L U E I N H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
than on consulting firm performance), the basis of competition in an industry (for example, cost per unit of manufactured output versus prowess in marketing), and an organization’s relative competitive position in the market.
The Value of the Overall Investment
Many analyses and academic studies have been directed to answering this broad question: How can an organization assess the value of its overall invest ments in IT? Assessing the value of the aggregate IT investment is different from assessing the value of a single initiative or other specifi c investment. And it is also different from assessing the caliber of the IT department.
Developing a definitive, accurate, and well-accepted way to answer this question has so far eluded all industries and may continue to be elusive. Nonetheless there are some basic questions that can be asked in pursuit of answering the larger question. Interpreting the answers to these basic ques tions is a subjective exercise, making it difficult to derive numerical scores. Bresnahan (1998) suggests fi ve questions:
1. How does IT infl uence the customer experience?
2. Do patients and physicians, for example, find that organizational processes are more effi cient, less error prone, and more convenient?
3. Does IT enable or retard growth? Can the IT organization support effectively the demands of a merger? Can IT support the creation of clinical product lines—for example, cardiology—across the integrated delivery system?
4. Does IT favorably affect productivity?
5. Does IT advance organizational innovation and learning?
Progressive Realization of IT Value
Brown and Hagel (2003) made three observations about IT value. First, IT value requires innovation in business practices. If an organiza
tion merely computerizes existing processes without rectifying (or at times eliminating) process problems, it may have merely made process problems occur faster. In addition, those processes are now more expensive because there is a computer system to support. Providing appointment scheduling systems may not make waiting times any shorter or enhance patients’ ability to get an appointment when they need one.
A N A L Y S E S O F T H E I T V A L U E C H A L L E N G E · 245
All IT initiatives should be accompanied by efforts to materially improve the processes that the system is designed to support. IT often enables the organization to think differently about a process or expand its options for improving a process. If the process thinking is narrow or unimaginative, the value that could have been achieved will have been lost, with the organiza tion settling for an expensive way to achieve minimal gain.
For example, if Amazon had thought that the Internet enabled it to simply replace the catalogue and telephone as a way of ordering something, it would have missed ideas such as presenting products to the customer based on data about prior orders or enabling customers to leave their own ratings of books and music.
Second, the economic value of IT comes from incremental innovations rather than “big bang” initiatives. Organizations will often introduce very large computer systems and process change all at once. Two examples of such big bangs are the replacement of all systems related to the revenue cycle and the introduction of a new EHR over the course of a few weeks.
Big bang implementations are very tricky and highly risky. They may be haunted by series of technical problems. Moreover, these systems introduce an enormous number of process changes affecting many people. It is excep tionally difficult to understand the ramifications of such change during the analysis and design stages that precede implementation. A full understand ing is impossible. As a result, the implementing organization risks material damage. This damage destroys value. It may set the organization back, and even if the organization grinds its way through the disruption, the resulting trauma may make the organization unwilling to engage in future ambitious IT initiatives.
By contrast, IT implementations (and related process changes) that are more incremental and iterative reduce the risk of organizational damage and permit the organization to learn. The organization has time to understand the value impact of phase n and then can alter its course before it embarks upon phase n + 1. Moreover, incremental change leads the organization’s members to understand that change, and realizing value, are never-ending aspects of organizational life rather than things to be endured every couple of years.
Third, the strategic impact of IT investments comes from the cumulative effect of sustained initiatives to innovate business practices. If economic value is derived from a series of thoughtful, incremental steps, then the aggregate effect of those steps should be a competitive advantage. Most of the time, organizations that wind up dominating an industry do so through incremen tal movement over the course of several years (Collins, 2001).
Persistent innovation by a talented team, over the course of years, will result in significant strategic gains. The organization has learned how to
246 · C H A P T E R 7 : A S S E S S I N G A N D A C H I E V I N G V A L U E I N H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
improve itself, year in and year out. Strategic value is a marathon. It is a long race that is run and won one mile at a time.
Companies with Digital Maturity
CapGemini (2012) examined digital innovations at four hundred large com panies. The study examined the digital maturity of these companies and compared this maturity with the performance of the companies. Digital maturity is defined according to two variables:
• Digital intensity, or the extent to which the company had invested in technology-enabled initiatives to change how the company operates. Example investments included advanced analytics, social media, digital design of products, and real-time monitoring of operations.
• Transformation management intensity, or the extent of the leadership capabilities necessary to drive digital transformation throughout the company. Example capabilities included vision, governance, and ability to change culture.
The study examined the degree to which digital intensity and transfor mation-management intensity separated those that performed well from those that did not. (See Figure 7.3.)
The study found that companies that had low scores on both intensity dimensions fared the poorest (24 percent less profitable than their competi tors), whereas companies that had high scores on both intensity dimensions performed the best (26 percent more profitable than their competitors).
However, the study found that transformation-management intensity was more important than digital intensity. Companies that had high transformation- management intensity but low digital intensity performed 9 percent better than their competitors. And companies that had high digital intensity but low transformation intensity were 11 percent less profitable than competitors.
Transformation ability was more important than investment in IT although IT investments enabled transformation skills to achieve more value.
SUMMARY
IT value is complex, multifaceted, and diverse across and within proposed initiatives. The techniques used to analyze value must vary with the nature of the value.
S U M M A R Y · 247
Figure 7.3 Digital intensity versus transformation intensity
Source: CapGemini (2012). CapGemini Consulting and the MIT Center for Digital Business, “The Digital Advantage: How digital leaders outperform their peers in every industry,” Nov. 5, 2012. Used with permission.
The project proposal is the core means for assessing the potential value of an IT initiative. IT proposals have a commonly accepted structure. And approaches exist for comparing proposals with different types of value prop ositions. Project proposals often present problems in the way they estimate value—for example, they may unrealistically combine fractions of effort saved, fail to appreciate the complex behavior of system users, or underesti mate the full costs of the project.
Many factors can dilute the value realized from an IT investment. Poor linkage between the IT agenda and the organizational strategy, the failure to set goals, and the failure to manage the realization of value all contribute to dilution.
There are steps that can be taken to improve the achievement of IT value. Leadership can ensure that project proponents have done their homework, that accountability for results has been established, that formal proposals
248 · C H A P T E R 7 : A S S E S S I N G A N D A C H I E V I N G V A L U E I N H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
are used, and that post-implementation audits are conducted. Even though there are many approaches and factors that can enhance the realization of IT-enabled value, the challenges of achieving this value will remain a man agement issue for the foreseeable future.
Health care organization leaders often feel ill-equipped to address the IT investment and value challenge. However, no new management techniques are required to evaluate IT plans, proposals, and progress. Leadership teams are often asked to make decisions that involve strategic hunches (such as a belief that developing a continuum of care would be of value) about areas where they may have limited domain knowledge (new surgical modalities) and where the value is fuzzy (improved morale). Organizational leaders should treat IT investments just as they would treat other types of invest ments; if they don’t understand, believe, or trust the proposal or its proponent, they should not approve it.
KEY TERMS Digital maturity Internal rate of return IT project proposal
LEARNING ACTIVITIES
IT value Net present value Value realization
1. Interview the CIO of a local health care provider or payer. Discuss how his or her organization assesses the value of IT investments and ensures that the value is delivered.
2. Select two articles from a health care IT trade journal that describe the value an organization received from its IT investments. Critique and compare the articles.
3. Select two examples of intangible value. Propose one or more approaches that an organization might use to measure each of those values.
4. Prepare a defense of the value of a signifi cant investment in an electronic health record system.
REFERENCES
Amarasingham, R., Plantinga, L., Diener-West, M., Gaskin, D. J., & Powe, N. R. (2009). Clinical information technologies and inpatient outcomes. Archives of Internal Medicine, 169(2), 108–114.
R E F E R E N C E S · 249
Amland, R., Dean, B., Yu, H., Ryan, H., Orsund, T., Hackman, J., & Roberts, S. (2015). Computerized clinical decision support to prevent venous thrombo embolism among hospitalized patients: Proximal outcomes from a multi-year quality improvement project. Journal for Healthcare Quality, 37(4), 221–231.
Arlotto, P., & Oakes, J. (2003). Return on investment: Maximizing the value of healthcare information technology. Chicago, IL: Healthcare Information and Management Systems Society.
Bresnahan, J. (1998, July 15). What good is technology? CIO Enterprise, pp. 25–26, 28, 30.
Brown, J., & Hagel, J. (2003). Does IT matter? Harvard Business Review, 81, 109–112.
CapGemini. (2012). The digital advantage: How digital leaders outperform their peers in every industry. Paris, France: CapGemini.
Cebul, R. D., Love, T. E., Jain, A. K., & Herbert, C. J. (2011). Electronic health records and the quality of diabetes care. New England Journal of Medicine, 365, 825–833.
Collins, J. (2001). Good to great. New York, NY: HarperCollins.
Committee to Study the Impact of Information Technology on the Performance of Service Activities. (1994). Information technology in the service society. Washington, DC: National Academies Press.
Del Beccaro, M. A., Jeffries, H. E., Eisenberg, M. A., & Harry, E. D. (2006). Com puterized provider order entry implementation: No association with increased mortality rates in an intensive care unit. Pediatrics, 118(1), 290–295.
Dragoon, A. (2003, Aug. 15). Deciding factors. CIO, pp. 49–59.
Glaser, J. (2003a, March). Analyzing information technology value. Healthcare Financial Management, pp. 98–104.
Glaser, J. (2003b, Sept.). When IT excellence goes the distance. Healthcare Finan cial Management, pp. 102–106.
Han, Y. Y., Carcillo, J. A., Venkataraman, S. T., Clark, R.S.B., Watson, R. S., Nguyen, T. C., Bayir, H., & Orr, R. A. (2005). Unexpected increased mortality after implementation of a commercially sold computerized physician order entry system. Pediatrics, 116(6), 1506–1512.
Keen, P. (1997). The process edge. Boston, MA: Harvard Business School Press.
Mosquera, M. (2011). How PHRs boosted shareholder value at EMC. Govern ment Health IT. Retrieved August 2011 from http://govhealthit.com/news/ some-employers-say-phrs-cut-healthcare-costs
Ross, J., & Beath, C. (2002). Beyond the business case: New approaches to IT investment. MIT Sloan Management Review, 43(2), 51–59.
Ross, J. W., & Johnson, E. (2009). Prioritizing IT investments. Research Briefi ng, IX(3). Cambridge, MA: MIT Center for Information Systems Research.
250 · C H A P T E R 7 : A S S E S S I N G A N D A C H I E V I N G V A L U E I N H E A L T H C A R E I N F O R M A T I O N S Y S T E M S
Strassmann, P. (1990). The business value of computers. New Canaan, CT: Informa tion Economics Press.
Weill, P., & Aral, S. (2006). Generating premium returns on your IT investments. MIT Sloan Management Review, 47(2), 54–60.
Weill, P., & Broadbent, M. (1998). Leveraging the new infrastructure. Boston, MA: Harvard Business School Press.
CHAPTER 8
Organizing Information Technology Services
LEARNING OBJECTIVES
• To be able to describe the roles, responsibilities, and major functions of the IT department or organization.
• To be able to discuss the role and responsibility of the chief information offi cer (CIO), chief medical informatics offi cer (CMIO), chief security offi cer (CSO), chief technology offi cer (CTO), and other key IT staff members.
• To be able to describe the different ways IT services might be organized and governed within a health care organization.
• To be able to identify key attributes of highly effective IT organizations.
• To be able to describe the role and function of the data analytics department or unit.
• To be able to develop a plan for evaluating the effectiveness of the IT function within an organization.
251
252 · C H A P T E R 8 : O R G A N I Z I N G I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S
By now you should have an understanding of health care data, the various clinical and administrative applications that are used to manage those health care data, and the processes of selecting, acquiring, and implement ing health care information systems. You should also have a basic under standing of the core technologies that are common to many health care applications, and you can appreciate some of what it takes to ensure that information systems are reliable and secure.
In many health care organizations, an information technology (IT) func tion requires staff members who are involved in these and other IT-related activities—everything from customizing a software application to setting up and maintaining a wireless network to performing system backups. In a solo physician practice, this responsibility may lie with the office manager or lead physician. In a large hospital setting, this responsibility may lie with the IT department in conjunction with the medical staff, the administration, and the major departmental units—for example, admissions, fi nance, radiology, and nursing.
Some health care organizations outsource a portion or all of their IT services; however, they are still responsible for ensuring that those services are of high quality and support the IT needs of the organization. This respon sibility cannot be delegated entirely to an outside vendor or IT fi rm. Health care executives must manage IT resources just as they do human, fi nancial, and other facility resources.
This chapter provides an overview of the various functions and respon sibilities that one would typically find in the IT department of a large health care organization. We describe the different groups or units that are typically seen in an IT department. We review a typical organizational structure for IT and discuss the variations that are often seen in that structure and the reasons for them. This chapter also presents an overview of the senior IT management roles and the roles with which health care executives will often work in the course of projects and IT initiatives. IT outsourcing, in which the health care organization asks an outside vendor to run IT, is reviewed. Finally, we examine approaches to evaluating the efficiency and effectiveness of the IT department.
INFORMATION TECHNOLOGY FUNCTIONS
The IT department has been an integral part of most hospitals or health care systems since the early days of mainframe computing. If the health care facil ity was relatively large and complex and used a fair amount of information technology, one would find IT staff members behind the scenes developing or enhancing applications, building system interfaces, maintaining databases,
I N F O R M A T I O N T E C H N O L O G Y F U N C T I O N S · 253
managing networks, performing system backups, and carrying out a host of other IT support activities. Today the IT department is becoming increasingly important, not only in hospitals but also in all health care organizations that use IT to manage clinical and administrative data and processes.
Throughout this chapter we refer to the IT department usually found in an integrated health care system. We chose this setting because it is typically the most complex and IT intensive. Moreover, many of the principles that apply to managing IT resources in this setting also apply in other types of health care facilities, such as an ambulatory care clinic or rural commu nity health center. The breadth and scope of the services provided may differ considerably, however, depending on the extent to which IT is used in the organization.
IT Department Responsibilities
The IT department has several responsibilities:
• Ensuring that an IT plan and strategy have been developed for the organization and that the plan and strategy are kept current as the organization evolves; these activities are discussed in Chapter Twelve
• Working with the organization to acquire or develop and implement needed new applications; these processes were discussed in Chapters Five and Six
• Providing day-to-day support for users: for example, fi xing broken workstations, responding to questions about application use, training new users, and applying vendor-supplied upgrades to existing applications
• Managing the IT infrastructure: for example, performing backups of databases, installing network connections for new organizational locations, monitoring system performance, and securing the infrastructure from denial of service attacks
• Examining the role and relevance of emerging information technologies
Core Functions
To fulfill their responsibilities, all IT departments have four core functions. Depending on the size of the IT group and the diversity of applications and responsibilities, a function may require several subsidiary departments or subgroups.
254 · C H A P T E R 8 : O R G A N I Z I N G I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S
Operations and Technical Support
The operations and technical support function manages the IT infrastruc ture—for example, the servers, networks, operating systems, database man agement systems, and workstations. This function installs new technology, applies upgrades, troubleshoots and repairs the infrastructure, performs “housekeeping” tasks such as backups, and responds to user problems, such as a printer that is not working.
This function may have several IT subgroups:
• Data center management: manages the equipment in the organization’s computer center
• Network engineers: manage the organization’s network technologies
• Server engineers: oversee the installation of new servers and perform such tasks as managing server space utilization
• Database managers: add new databases, support database query tools, and respond to database problems such as fi le corruptions
• Security: ensure that virus and intrusion detection software is current, physical access to the computer room is constrained, disaster recovery plans are current, and processes are in place to manage application and system passwords
• Help desk: provide support to users who call in with problems such as broken offi ce equipment, trouble operating an application, a forgotten password, or uncertainty about how to perform a specifi c task on the computer
• Deployments: install new workstations and printers, move workstations when groups move to new buildings, and the like
• Training: train organization staff members on new applications and offi ce software, such as presentation development applications
Applications Management
The applications management group manages the processes of acquiring new application systems, developing new application systems, implementing these new systems, providing ongoing enhancement of applications, troubleshoot ing application problems, and working with application suppliers to resolve these problems.
This function may have several IT groups:
• Groups that focus on major classes of applications: for example, a financial systems group and a clinical systems group
I N F O R M A T I O N T E C H N O L O G Y F U N C T I O N S · 255
• Groups dedicated to specifi c applications (this is most likely in large organizations): for example, a group to support the applications in the clinical laboratory or in radiology
• An applications development group (this is found in organizations that perform a signifi cant amount of internal development)
• Groups that focus on specifi c types of internal development: for example, a web or mobile device development group
Specialized Groups
Health care organizations may develop groups that have very specialized func tions, depending on the type of organization or the organization’s approach to IT. For example:
• Groups that support the needs of the research community in academic medical centers
• Process redesign groups in organizations that engage in a signifi cant degree of process reengineering during application implementation
• Decision-support groups that help users and management perform analyses and create reports from corporate databases—for example, quality-of-care reports or financial performance reports
In addition, the chief information offi cer (CIO), who is the most senior IT executive, is often responsible for managing the organization’s telecom munications function—the staff members who manage the phone system, overhead paging system, and nurse call systems. Depending on the organiza tion’s structure and the skill and interests of the CIO, one occasionally fi nds these other organizational functions reporting to the CIO. These additional functions are often added because of the executive skills of the CIO and not strictly because they are IT-related:
• The health information management or medical records department
• The function that handles the organization’s overall strategic plan development
• The marketing department
IT Administration
Depending on the size of the IT department, one may find groups that focus on supporting IT administrative activities. These groups may perform such tasks as these:
256 · C H A P T E R 8 : O R G A N I Z I N G I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S
• Overseeing the development of the IT strategic plan
• Managing contracts with vendors
• Developing and monitoring the IT budget
• Providing human resource support for the IT staff members
• Providing support for the management of IT projects: for example, developing project status reports or providing project management training
• Managing the space occupied by an IT department or group
A typical organizational structure for an IT department in a large health system is shown in Figure 8.1.
Figure 8.1 shows the enterprise-wide CIO, a deputy CIO, and CIOs for each of the major divisions, for example, an academic medical center and the phy sician network of the health system. The division CIOs must ensure that the IT needs of each division are met and that the division needs are considered during the development and execution of enterprise-level initiatives such as the implementation of a common revenue cycle system.
Figure 8.1 also shows roles for specialized functions: telehealth, genomics IT, research, medical imaging, and medical informatics. The figure shows the operations and technical support groups (technical services and operations and network services and communications), application management groups (clinical systems and finance and administrative systems), the IT administra tion group (IS administration), and health information management.
Finally, the fi gure shows the presence of a CTO (chief technology offi cer) and CISO (chief information security officer), which will be discussed in the following section on IT senior leadership roles.
IT Senior Leadership Roles
Within the overall IT group, several positions and roles are typically present ranging from senior leadership—for example, the chief information offi cer— to staff members who do the day-in, day-out work of implementing applica tion systems—for example, systems analysts. In the following sections we will describe several senior-level IT positions:
• Chief information offi cer (CIO)
• Chief technology offi cer (CTO)
• Chief information security offi cer (CISO)
• Chief clinical informatics offi cer (CCIO), specifi cally the chief medical information offi cer (CMIO)
258 · C H A P T E R 8 : O R G A N I Z I N G I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S
This is not an exhaustive list of all possible senior-level positions, but the discussion provides an overview of typical roles and functions.
The Chief Information Offi cer
Many midsize and large health care organizations employ a chief information officer (CIO). The CIO not only manages the IT department but also is seen as the executive who can successfully lead the organization in its efforts to apply IT to advance its strategies.
The role of the CIO in health care and other industries has been the subject of research and debate over the years (Glaser & Kirby, 2009; Glaser & Williams, 2007). Studies conducted by College of Healthcare Information Management Executives (CHIME) (1998, 2008) have chronicled the evolu tion of the health care CIO. This evolution has involved debates on CIO reporting relationships, salaries, and titles and the role of the CIO in an organization’s strategic planning. Through extensive research, CHIME has identified seven key attributes, or competencies, exhibited by high- performing CIOs (CHIME, 2008). CHIME provides intensive “boot camp” training ses sions for its CIO members to aid in their professional development of these competencies.
Earlier work by Earl and Feeney (1995) found that CIOs from a wide range of industries who added value to their respective organizations had many of these same characteristics:
• Obsessively and continuously emphasize business imperatives so that they focus the IT direction correctly
• Have a track record of delivery that causes IT performance problems to drop off management’s agenda
• Interpret for the rest of the leadership team the meaning and nature of the IT success stories of other organizations
• Establish and maintain good working relationships with the members of the organization’s leadership
• Establish and communicate the IT performance record.
• Concentrate the IT development efforts on those areas of the organization where the most leverage is to be gained
• Work with the organization’s leadership to develop a shared vision of the roles and contributions of IT
• Make important general contributions to business thinking and operations
-
I N F O R M A T I O N T E C H N O L O G Y F U N C T I O N S · 259
PERSPECTIVE Seven Key Attributes of a High Performing CIO
1. Sets vision and strategy. Collaborates well with senior leaders to set organization vision and strategy and to determine how technology can best serve the organization.
2. Integrates information technology for business success. Applies knowledge of the organization’s systems, structures, and functions to determine how best to advance the performance of the business with technology.
3. Makes change happen. Is able to lead the organization in making the process changes necessary to fully capitalize on IT investments.
4. Builds technological confi dence. Helps the business assess the value of IT investments and the steps needed to achieve that value.
5. Partners with customers. Interacts with internal and external cus tomers to ensure continuous customer satisfaction.
6. Ensures information technology talent. Creates a work environ ment and community that draws, develops, and retains top IT talent.
7. Builds networks and community. Develops and maintains profes sional networks with internal and external sources and effectively leverages those networks to further the effective use of IT.
Source: CHIME (2008).
Earl and Feeney (1995) also found that the value-added CIO, as a person, has integrity, is goal directed, is experienced with IT, and is a good consul tant and communicator. Those organizations that have such a CIO tend to describe IT as critical to the organization, find that IT thinking is embedded in business thinking, note that IT initiatives are well focused, and speak highly of IT performance.
Organizational excellence in IT doesn’t just happen. It is managed and led. If the health care organization decides that the effective application of IT is a major element of its strategies and plans, it will need a very good CIO. Failure to hire and retain such talent will severely hinder the organization’s aspirations.
260 · C H A P T E R 8 : O R G A N I Z I N G I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S
Whom the CIO should report to has been a topic of industry debate and an issue inside organizations as well. CIOs will often argue that they should report to the chief executive officer (CEO). This argument is not wrong nor is it necessarily right. The CIO does need access to the CEO and clearly should be a member of the executive committee and actively involved in strategy discussions. However, the CIO needs a boss who is a good mentor, provides appropriate political support, and is genuinely interested in the application of IT. Chief fi nancial officers (CFOs) and chief operating officers (COOs) can be terrific in these regards. In general about one-third of all health care provider CIOs report to the CEO, one-third report to the CFO, and one-third report to the COO.
The Chief Technology Offi cer
The chief technology offi cer (CTO) has several responsibilities. The CTO must guide the definition and implementation of the organization’s tech nical architecture. This role includes defining technology standards (for example, defining the operating systems and network technologies the organization will support), ensuring that the technical infrastructure is current (for example, that major vendor releases and upgrades have been applied), and ensuring that all the technologies fit. The CTO’s role in ensuring fit is similar to an architect’s role in ensuring that the materi als used to construct a house come together in a way that results in the desired house.
The CTO is also responsible for tracking emerging technologies, identi fying the ones that might provide value to the organization, assessing them, and when appropriate, working with the rest of the IT department and the organization to implement these technologies. For example, the CTO may be asked to investigate the possible usefulness of the Internet of Things. The CTO role is not often found in smaller organizations but is increasingly common in larger ones. In smaller organizations, the CIO also wears the CTO hat.
The Chief Information Security Offi cer
As will be discussed in Chapter Nine, the chief information security offi cer (CISO) is a relatively new position that has emerged as a result of the growing threats to information security and the health care organization’s need to comply with federal and state security regulations. The primary role and functions of the CISO are to ensure that the health care organization has an effective information security plan, appropriate technical and administrative procedures are in place to ensure that information systems are secure and
I N F O R M A T I O N T E C H N O L O G Y F U N C T I O N S · 261
safe from tampering or misuse, and appropriate disaster recovery procedures exist.
The Chief Clinical Informatics Offi cer
There are several roles that fall under the broad umbrella of the chief clinical informatics officer (AMIA Task Force Report on CCIO Knowledge, Education and Skillset Requirements, 2016). These roles include the chief nursing infor matics officer (CNIO) and the chief pharmacy informatics officer. Of these roles the chief medical information offi cer (CMIO) is the most common (approximately 30 percent of CIOs employ a CMIO (AMIA Task Force Report on CCIO Knowledge, Education and Skillset Requirements, 2016) although still a relatively new position. The CMIO position emerged as a result of the growing interest in adopting clinical information systems and leveraging those systems to improve care. The CMIO is usually a physician, and this role may be filled through a part-time commitment by a member of the orga nization’s medical staff.
Murphy (2011) identified the skills of the CCIO (including the CMIO and CNIO):
• Guide an EHR selection process
• Define a clinical information systems governance process
• Engage senior executives in an EHR culture and practice changes
• Advise on implementation methodologies and the sequencing of EHR modules
• Identify the value proposition and key performance indicator metrics of EHR use
• Determine an EHR enhancement request system and prioritization process
• Staff ongoing clinical process improvement initiatives
• Educate about health technology and the interactions between people and process changes
• Develop strong relationships with key stakeholders in the organization
The CIO, CTO, CISO, and CMIO all play important roles in helping to ensure that information systems acquired and implemented are consistent with the strategic goals of the health care organization, are well accepted and effectively used, and are adequately maintained and secured. Sample job descriptions for the CIO and the CMIO positions are given in Appendix B.
262 · C H A P T E R 8 : O R G A N I Z I N G I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S
IT Staff Roles
The IT leadership team cannot carry out the organization’s IT agenda uni laterally. The department’s work relies heavily on highly trained, qualifi ed professional and technical staff members to perform a host of IT-related functions. In this section are brief descriptions of some key professionals who work in IT:
• The project leader
• The systems analyst
• The programmer
• The database administrator
• The network administrator
The Project Leader
The project leader manages IT projects such as the implementation of a new revenue cycle application, deployment of infrastructure in a new medical office building, or determination of the need for a new system. At times project leaders are staff members from user departments, though in general they are members of the IT department. This role was discussed in more depth in Chapter Six.
The Systems Analyst
The role of the systems analyst will vary considerably depending on the analyst’s background and the needs of the organization. Some analysts have a strong computer programming background, whereas others have a business orientation or come from clinical disciplines, such as nursing, pharmacy, or the laboratory. In fact, because of the increased interest in the adoption of clinical information systems, systems analysts with clinical backgrounds in nursing, pharmacy, medical technology, and the like (often referred to as clinical systems analysts) are in high demand. Most systems analysts work closely with managers and end users in identifying information system needs and problems, evaluating workflow, and determining strategies for optimiz ing the use and effectiveness of particular systems.
When an organization decides to develop a new information system, systems analysts are often called on to determine what computer hardware and software will be needed. They prepare specifi cations, fl owcharts, and process diagrams for computer programmers to follow.
I N F O R M A T I O N T E C H N O L O G Y F U N C T I O N S · 263
They work with programmers and vendor staff members to test new systems and system upgrades, recommend solutions, and determine whether program requirements have been met. They may also prepare cost-benefi t and return-on-investment analyses to help management decide whether imple menting a proposed system will deliver the desired value.
The Programmer
Programmers write, test, and maintain the programs that computers must follow to perform their functions. They also conceive, design, and test logical structures for solving problems with computers. Many technical innovations in programming—advanced computing technologies and sophisticated new languages and programming tools—have redefined the role of programmers and elevated much of the programming work done today.
Programmers are often grouped into two broad types—applications pro grammers and systems programmers. Applications programmers write programs to handle specific user tasks, such as a program to track inven tory within an organization. They may also revise existing packaged soft ware or customize generic applications such as integration technologies. Systems programmers write programs to maintain and control infrastruc ture software, such as operating systems, networked systems, and database systems. They are able to change the sets of instructions that determine how the network, workstations, and central processing units within a system handle the various jobs they have been given and how they com municate with peripheral equipment such as other workstations, printers, and disk drives.
The Database Administrator
Database administrators work with database management systems soft ware and determine ways to organize and store data. They identify user requirements, set up computer databases, and test and coordinate modifi cations to these systems. An organization’s database administrator ensures the performance of the database systems, understands the platform on which the databases run, and adds new users to the systems. Because they may also design and implement system security, database administrators often plan and coordinate security measures. With the volume of sensitive data growing rapidly, data integrity, backup systems, and database secu rity have become increasingly important aspects of the job for database administrators.
264 · C H A P T E R 8 : O R G A N I Z I N G I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S
The advent of payment reform is placing increasing pressure on providers to improve the effi ciency and quality of clinical, operational, and fi nancial performance. Moreover, the arrival of population health requires that pro viders define their populations and manage the health and care received by that population. These pressures result in the need for a group that pro vides superior analytics support to the organization.
Most providers have had an analytics group for some time. Providers have used analytics to measure referral patterns, DRG performance, payer mix, and expected reimbursement and patient volumes. However, these pressures have elevated the importance of this group and often expanded their staff and the scope of their work.
This group can be a department within the IT organization but increas ingly the group reports up through a non-IT function, usually the function responsible for clinical quality or fi nance.
Wadsworth (2016) defines a proposed structure and role for a typical provider analytics group. A content and analytics team, composed of data architects and outcomes analysts, mines the data contained in an enterprise data warehouse (which is the aggregation, across the organization, of the clinical, financial, operational, and market data deemed most important to the organization). The team works with a senior leadership committee to identify potential areas of organizational improvement. The commit tee prioritizes the areas and assigned workgroups to engage in process improvement.
Workgroups are teams that identify steps that should be taken to improve clinical, operational, and financial performance of a particular area (e.g., pharmacy) or process (e.g., total joint replacement). This work usually defines a current state and outlines a desired future state. The core
The Network Administrator
It is essential that the organization has an adequate network or network infrastructure to support all its clinical and administrative applications and also its general applications (such as e-mail, intranets, and videoconferenc ing). Networks come in many variations, so network administrators are needed to design, test, and evaluate systems such as local area networks
I N F O R M A T I O N T E C H N O L O G Y F U N C T I O N S · 265
PERSPECTIVE Analytics Department
of the workgroup typically consists of a physician lead, an operations lead, and a nurse who understands the patient workfl ow.
Members of the workgroup typically fulfill these functions:
• Data architect: Builds a solid architecture to capture and provide data from disparate source systems into an integrated platform
• Application administrator: Ensures source-system applications func tion to capture needed data elements
• Outcomes analyst: Mines data to identify statistically valid trends and variability that may exist
• Knowledge manager: Acts as a liaison between the technical and clinical teams; usually staffed by a nurse, this critical role helps the technical team understand and interpret clinical data as he or she seeks to build algorithms that mimic clinical workfl ow
• Clinical implementation team (CIT): Consists of practicing clinicians who own a clinical process within an organization, will champion adoption of the improvements, and guide the rollout of the improve ment process
• Guidance team: Provides governance over all the workgroups and CITs under a clinical program—for example, a guidance team for the women and children’s clinical program may oversee three separate workgroups focusing on gynecology, pregnancy, or normal newborn; takes into account resources, organizational readiness, and political climate to determine which workgroups receive priority; reports to the senior leadership committee
Source: Wadsworth (2016).
(LANs), wireless networks, the Internet, intranets, and other data commu nications systems. Networks can range from a connection between two offices in the same building to globally distributed connectivity to voice mail and e-mail systems across a host of different health care organizations. Network administrators perform network modeling, analysis, and planning; they may also research related products and make hardware and software recommendations.
266 · C H A P T E R 8 : O R G A N I Z I N G I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S
Staff Positions in High Demand
As the technology evolves (for example, advances in analytics) and the focus of organizations shifts (for example, shifts to population health) various IT staff roles will become in high demand. The core positions will always be needed but new roles and refinements of existing roles emerge constantly. In 2016 high-demand positions (across industries) include these functions (Florentine, 2015):
• User interface designers
• Web infrastructure developers
• Network engineers
• Security and cyber security professionals
• Mobile application developers
• Systems analysts
• Industry knowledgeable project managers
• Cloud application architects
• Data scientists
When positions are in high demand organizations may face signifi cant challenges hiring the staff members they need; salaries may be very high, availability will be limited, and organization’s will need to sell themselves to prospective recruits. A CHIME (2012) survey of CIOs found 67 percent were experiencing IT staff shortages. The positions in greatest demand were clinical information systems project managers and systems analysts.
Staff Attributes
In addition to ensuring that it has the appropriate IT functions and IT roles (and that the individuals filling these roles are competent), the health care organization must ensure that the IT staff members have certain attributes. These attributes are unlikely to arise spontaneously; they must often be managed into existence. An assessment of the IT function (as discussed further on in this chapter) can highlight problems in this area and then lead to management steps designed to improve staff member attributes.
High-performing IT staff members have several general characteristics:
• They execute well. They deliver applications, infrastructure, and services that refl ect a sound understanding of organizational needs.
O R G A N I Z I N G I T S T A F F M E M B E R S A N D S E R V I C E S · 267
These deliverables occur on time and on budget so that those involved in a project give the project team high marks for professional comportment.
• They are good consultants. They advise organizational members on the best approach to the application of IT given the problem or opportunity. They advise when IT may be inappropriate or the least important component of the solution. This advice ranges from help desk support to systems analyses to new technology recommendations to advice on the suitability of IT for furthering an aspect of organizational strategy.
• They provide world-class support. Information systems require daily care and feeding and problem identifi cation and correction. This support needs to be exceptionally effi cient and effective.
• They stay current in their field of expertise. They keep up to date on new techniques and technologies that may improve the ability of the organization to apply IT effectively.
ORGANIZING IT STAFF MEMBERS AND SERVICES
Now that we have introduced the various roles and functions found in the health care IT arena, we will examine how these roles and functions can be organized. Essentially, three factors influence the structure of the IT department:
• Degree of IT centralization or decentralization
• Core IT competencies
• Departmental attributes
Degree of IT Centralization or Decentralization
A critical factor in determining the structure for the IT department is the degree of centralization of organizational decision making. A health care organization might be a highly structured hierarchy in which decisions are made by a few senior leaders. Conversely, an organization might delegate authority to make many decisions to the department level or to the hospital level in an integrated delivery system, resulting in decentralized decision making. Referring to Figure 8.1, in a highly centralized organization, divi sion CIOs may not be necessary because virtually all decisions are made at the enterprise level. Conversely, in a highly decentralized organization, the
268 · C H A P T E R 8 : O R G A N I Z I N G I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S
central role of corporate director, clinical systems shown in Figure 8.1 may not be necessary because all EHR decisions are made at the local level.
The following describes some of the advantages to centralizing IT ser vices (Oz, 2006):
• Enforcement of hardware and software standards. In a centralized structure, the organization typically develops software and hardware standards, which can lead to cost savings, facilitate the exchange of data among systems, make installations easier, and promote sharing of applications.
• Efficient administration of resources. Centralizing the administration of contracts and licenses and inventories of hardware and software can lead to greater effi ciency.
• Better staffi ng. Because it results in a pool of IT staff members from which to choose, the centralized approach may be able to identify and assign the most appropriate individuals to a particular project.
• Easier training. In a centralized department, staff members can specialize in certain areas (hardware, software, networks) and do not need to be jacks of all trades.
• Effective planning of shared systems. A centralized IT services unit typically sees the big picture and can facilitate the deployment of systems that are to be used by all units of a health care system or across organizational boundaries.
• Easier strategic IT planning. A strategic IT plan should be well aligned with the overall strategic plan of the organization. This alignment may be easier when IT management is centralized.
• Tighter control by senior management. A centralized approach to managing IT services permits senior management to maintain tighter control of the IT budget and resources.
The following describes some of the advantages to a decentralized struc ture (Oz, 2006):
• Better fit of IT to business needs. The individual IT units are familiar with their business unit’s or department’s needs and can develop or select systems that fi t those needs more closely.
• Quick response time. The individual IT units are typically better equipped to respond promptly to requests or can arrange IT projects to fi t the priorities of their business unit or department.
O R G A N I Z I N G I T S T A F F M E M B E R S A N D S E R V I C E S · 269
• Encouragement of end user development of applications. In a decentralized IT services structure, end users are often encouraged to develop their own small applications to increase productivity.
• Innovative use of information systems. Given that IT staff members are closer in proximity to users and know their needs, the decentralized structure may have a better chance of implementing innovative systems.
Most IT services in a health care organization are not fully centralized or decentralized but a combination of the two. For example, training and support for applications may be decentralized, with other IT functions such as application development, network support, and database management being managed centrally. The size, complexity, and culture of the health care organization might also determine the degree to which IT services should be managed centrally.
For example, in an ambulatory care clinic with three sites that are fairly autonomous, it may be appropriate to divide IT services into three functional units, each dedicated to a specific clinic. In a larger, more complex orga nization, such as an integrated delivery network (with multiple hospitals, outpatient clinics, and physician practices), it may be appropriate to form a centralized IT services unit that is responsible for specific IT areas such as systems planning and integration, network administration, and telecommuni cations, with all other functions being managed at the individual facility level.
There is no right level of centralization. Centralized organizations can be as effective as decentralized organizations. Ideally, the management and structure of IT will parallel that of the executive team’s management phi losophy; centralized management tends to want centralized control over IT, whereas decentralized management is more likely to be comfortable with IT that can be locally responsive.
Core IT Competencies
Organizations should identify a small number of areas that constitute core IT capabilities and competencies. These are areas where getting an A+ from the “customers” matters. For example, an organization focused on transforming its care processes would want to ensure A+ competency in this area and would perhaps settle for B− competency in its supply chain operations. An organization dedicated to being very effi cient would want A+ competency in areas such as supplier management and productivity improvement and would perhaps settle for a B− in delivering superb customer service.
270 · C H A P T E R 8 : O R G A N I Z I N G I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S
This definition of core competencies has a bearing on the form of the IT organization. If A+ competency is desired in care transformation, the IT department should be organized into functions that specialize in supporting care transformation—for example, a clinical information systems implemen tation group and a care reengineering group.
Partners HealthCare, for example, defined three areas of core capabilities: base support and services, care improvement, and technical infrastructure.
Base Support and Services
The category of core capabilities at Partners HealthCare included two subcategories:
• Frontline support: for example, mobile device problem resolution
• Project management skills
The choice of these areas of emphasis resulted in many management actions and steps—for example, the selection of criteria to be used during annual performance reviews. The emphasis on frontline support also led to the creation of an IT function responsible for all frontline support activities, including the help desk, workstation deployments, training, and user account management. The emphasis on project management led to the creation of a project management office to assist in monitoring the status of all projects and a project center of excellence to offer training on project management and established project management standards.
Care Improvement
Central to the Partners agenda was the application of IT to improve the process of care. One consequence was to establish, as a core IT capa bility, the set of skills and people necessary to innovatively apply IT to medical care improvement. An applied medical informatics function was established to oversee a research and development agenda. Staff members skilled in clinical information systems application development were hired. A group of experienced clinical information system implementers was established.
An IT unit of health services researchers was formed to analyze defi cien cies in care processes, identify IT solutions that would reduce or eliminate these deficiencies, and assess the impact of clinical information systems on care improvement. Organizational units possessing unique technical and
O R G A N I Z I N G I T S T A F F M E M B E R S A N D S E R V I C E S · 271
clinical knowledge in radiology imaging systems and telemedicine were also created.
Technical Infrastructure
Because Partners HealthCare recognized the critical role of a well-conceived, well-executed, and well-supported technical architecture, infrastructure architecture and design continued to serve as a core competency. A technol ogy strategy function was created, and the role of chief technology offi cer was created. Significant attention was paid to ensuring that extremely talented architectural and engineering staff members were hired along with staff members with terrific support skills.
Departmental Attributes
IT departments, similar to people, have characteristics or attributes. They may be agile or ossified. They may be risk tolerant or risk averse. These characteristics can be stated, and strategies to achieve desired characteris tics can be defined and implemented. To illustrate, this section will discuss briefly two characteristics—agility and innovativeness—and discuss how they might affect the organization of IT functions. These two characteristics are representative and are generally viewed as desirable.
There are many steps that an organization can take to increase its overall agility and also that of the IT department (Glaser, 2008a). For example, it is likely to try to chunk its initiatives so that there are multiple points at which a project can be reasonably stopped and yet still deliver value. Thus, the rollout of an EHR might call for implementation at ten clinics per year but could be stopped temporarily at four clinics and still deliver value to those four. Chunking allows an organization and its departments to quickly shift emphasis from one project to another.
An agile IT department will have the ability to form and disband teams quickly (perhaps every three months) as staff members move from project to project. This requires that organizational structures and reporting relation ships be flexible so staff members can move rapidly between projects. It also means that during a project, the project manager is (temporarily anyway) the boss of the project team members. The team members might report to someone else according to the organizational chart, but their real boss at this time is the project manager. Because team members might move rapidly from project to project, they might have several bosses during the course of a year. And a person might be the boss on one project and the subordinate on another project. (Many consulting firms operate with this model.) Agile
272 · C H A P T E R 8 : O R G A N I Z I N G I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S
organizations and departments are organized less around functions and more around projects. The IT structure must accommodate continuous project team formation, and project managers must have signifi cant authority.
An organization or department that wants to be innovative might take steps such as implementing reward systems that encourage new ideas and successful implementation of innovative applications and also punishment systems that are loath to discipline those involved in experiments that failed (Glaser, 2008b). The innovative IT department might create dedicated research and development groups. It might form teams composed of IT and vendor staff members in an effort to cross-fertilize each group with the ideas of the other. It might also permit staff members to take sabbaticals or accept internships with other departments in the organization in an effort to expand IT members’ awareness of organizational operations, cultures, and issues.
IN-HOUSE VERSUS OUTSOURCED IT
For many years, health care organizations have generally provided IT ser vices in-house. By in-house we mean that the organization hired its own IT staff members and formed its own IT department. In recent years, however, health care organizations have shown a growing interest in outsourcing part or all of their IT services. Outsourced IT means that an organization asks a third party to provide the IT staff members and be responsible for the management of IT.
The reasons for outsourcing IT functions are varied. Some health care organizations may simply not have staff members with the skills, time, or resources needed to take on new IT projects or provide suffi cient IT service. Others may choose to outsource certain IT functions, such as help desk ser vices or website development, so that internal IT staff members can focus their time on implementing or supporting applications central to the organi zation’s strategic goals.
Outsourcing IT may enable organizations to better control costs. Because a contract is typically established for a defined scope of work to be done over a specific period of time, the IT function becomes a line item that can be more effectively budgeted over time. This does not mean, however, that outsourcing IT services is necessarily more cost-effective than providing IT services in-house.
At times, new organizational leadership finds an IT function that is in disastrous condition. After years of mismanagement, applications may func tion poorly, the infrastructure may be unstable, and the IT staff members may be demoralized. An outsourcing company may be brought in as a form of rescue mission.
I N - H O U S E V E R S U S O U T S O U R C E D I T · 273
A number of factors come into play and should be considered when eval uating whether outsourcing part or all of IT services is in the best interest of the organization. The following questions should be asked:
• Does our organization have IT staff members with the knowledge and skills needed to provide necessary services? Effectively manage projects? Adequately support current applications and infrastructure?
• How easy or diffi cult is it to recruit and retain qualifi ed IT staff members?
• What are our organization’s major IT priorities? How equipped is our organization to address these priorities? Do we have the right mix of skills, time, and resources?
• What benefi ts might be realized from outsourcing this IT function? What are the risks? Do the benefi ts outweigh the risks?
• What parts, if any, of the IT department does it make the most sense to outsource?
• If we opt to outsource IT services, with whom do we want to do business? How will we monitor and evaluate IT performance and service? What provisions will we make in the contract with the outsourcing company to ensure timeliness and quality of service? How will the terms of the contract be monitored?
It is important to evaluate the cost and effectiveness of the IT function and services, whether they are performed by in-house staff members or outsourced. There are pros and cons to each approach, and the organization must make its decision based on its strategy goals and priorities. There is no silver bullet or one solution for all.
Related to decisions to outsource all or a portion of the organization’s IT staff are decisions to have a third-party supplier run the organization’s applica tions in the third party’s data center. Cloud computing growth has been explo sive recently. Gartner (2013) estimates that by the time this book is published the majority of business computing will involve a cloud. The cloud approach can be full (all of an organization’s applications are run on a third-party cloud) or hybrid (the third party runs some applications and the organization runs the remaining applications in its data centers).
Cloud computing can be less expensive, easier to scale, and more able to adopt newer technologies. Keeping some applications internally enables the organization to maintain control over sensitive or critical applications and data.
274 · C H A P T E R 8 : O R G A N I Z I N G I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S
PERSPECTIVE Future Demands on the IT Function
Broaden the knowledge base. For the IT staff members steeped in inpa tient care, knowledge of hospital operations must expand to include knowledge of the operations and needs of long-term care facilities, patient support communities, and small physician practices. Under standing of the intricacies of fee-for-service must expand to include pay ments based on bundles and capitation.
Skills in managing complex implementations will still be neces sary, but those skills must broaden to include redesigning processes that traverse care settings, turning clinical decision-support logic to achieve chronic care outcomes, and assisting clinicians and managers in developing the analytics capabilities necessitated by new payment arrangements.
Address IT innovation and management. The IT staff members must grapple with IT innovation that continues at a remarkable pace. Social media use continues to grow and become more sophisticated and capable. Mobile personal devices have become the device of choice for personal and professional activities. Big data has exceptional potential, although it is cloaked in a dense fog of hype.
In addition, the organization’s dependence on IT for it to function heightens the importance of a well-managed and secure IT infrastruc ture and application base.
A shift in strategic emphasis. With the EHR core in place (cour tesy of Meaningful Use), the IT function must shift from focusing on the large-scale implementation of EHRs to extending that investment to support care management, enabling the management of a population’s health, introducing extensive evidence-based decision support, develop ing superior analytics capabilities, creating and redesigning processes, and improving the effi ciency of clinical and administrative processes.
Step up leadership skills. Leadership skills and attributes include emotional intelligence, communication skills, integrity, business under standing, and the ability to hire, grow, and manage a world-class team. As the pressures on operations and clinical practice increase, there will be a growing premium placed on having superlative leadership skills.
Source: Glaser (2016).
E V A L U A T I N G I T E F F E C T I V E N E S S · 275
EVALUATING IT EFFECTIVENESS
Whether IT services are provided by in-house staff or are outsourced, it is important to evaluate IT performance. Is the function efficient? Does it deliver good service? Is it on top of new developments in its field? Does the function have a strong management team?
At times, health care executives become worried about the performance of an IT function. Other organizations have IT functions that seem to accom plish more or spend less. Management and physicians frequently express dissatisfaction with IT: nothing is getting done, it costs too much, or it takes too long to get a new application implemented. Many factors may result in user dissatisfaction: poor expectation setting, unclear priorities, limited funding, or inadequate IT leadership. An assessment of IT services can help management understand the nature of the problems and identify opportuni ties for improvement.
One desirable approach to assessing IT services is to use outside consul tants. Consultants can bring a level of objectivity to the assessment process that is difficult to achieve internally. They can also share their experiences, having worked with a variety of different health care organizations and having observed different ways of handling some of the same issues or problems.
Whether the assessment is done by internal staff members or by consul tants, several key areas should be addressed:
• Governance
• Budget development and resource allocation
• System acquisition
• System implementation
• IT service levels
Governance
How effective is the governance structure? To what degree are IT strategies well aligned with the organization’s overall strategic goals? Is the CIO actively involved in strategy discussions? Does senior leadership discuss IT agenda items on a regular basis? We will discuss governance in Chapter Thirteen.
Budget Development and Resource Allocation
The IT budget is often compared to the IT budgets of comparable health care organizations. The question behind a budget benchmark is, Are we spending
276 · C H A P T E R 8 : O R G A N I Z I N G I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S
too much or too little on IT? Budget benchmarks are expressed in terms of the IT operating budget as a percentage of the overall organization’s operating budget and the IT capital budget as a percentage of the organization’s total capital budget.
These budget benchmarks are useful and in some sense required because most boards of directors expect to see them. Management has to be careful in interpreting the results, however. These percentages do not necessarily reflect the quality of IT services or the extent and size of the organization’s application base or infrastructure. Hence, one can find a poorly performing IT group that has implemented little having the same percentage of the organi zation’s budgetary resources as a world-class IT group that has implemented a stunning array of applications.
Spending a high percentage of the operating budget does not per se mean that the organization is spending too much and should reduce its IT budget. The organization may have decided to ramp up its IT investments in order to achieve certain strategic objectives. A low percentage—for example, 1 percent—does not necessarily mean that underinvestment is occurring and the IT budget should be significantly increased. The organization may be very efficient, or it may have decided that given its strategies its investments should be made elsewhere.
We will discuss the IT budget and resource allocation in Chapter Thirteen.
System Acquisition
How effective are system acquisitions? How long did they take? What process was used to select the systems? We discussed system acquisition in Chapter Five.
System Implementation
Are new applications delivered on time, within budget, and according to specification? Do the participants in the implementation speak fondly of the professionalism of the IT staff members or do they view IT staff members as forms of demonic creatures? We discussed system implementation in Chapter Six.
IT Service Levels
IT staff members deliver service every day—for example, they manage system performance, respond to help desk calls, and manage projects. The quality of these services can be measured. An assessment of the IT function invariably
E V A L U A T I N G I T E F F E C T I V E N E S S · 277
reviews these measures and the management processes in place to monitor and improve IT services. IT users in the organization are interested in mea sures such as these:
• Infrastructure. Are the information systems reliable, that is, do they rarely “go down”? Are response times fast?
• Day-to-day support. Does the help desk quickly, patiently, and effectively resolve my problems? If I ask for a new workstation, does it arrive in a reasonable period of time?
• Consultation. Are the IT folks good at helping me think through my IT needs? Are they realistic in helping me to understand what the technology will and will not do?
An organization faces a challenge in defining what level of IT service it would like and also how much it is willing to pay for IT services. All of us would love to have systems analysts with world-class consulting skills, but we may not be able to afford their salaries. Similarly, all of us would love to have systems that never go down and are as fast as greased lightning, but we might not be willing to pay the cost of engineering very, very high reliability and blazing speed. The IT service conversation attempts to establish formal and measurable levels of service and the cost of providing that service. The organization seeks an informed conversation about the desirability and the cost of improving the service or the possibility of degrading the service in an effort to reduce costs.
In general, it can be very difficult to measure quality and consequences of consultative services. This makes it difficult to understand whether it is worth investing to improve the service other than at the service extremes. For example, it can be clear that you need to fire a very ineffective systems analyst and that you need to treat your all-star analyst very well. But it may not be clear whether paying $10,000 extra for an IT staff member is worth it or not.
Formal, measurable service levels can be established for many infrastruc ture attributes and day-to-day support. Moreover, industry benchmarks exist for these measures. Common infrastructure metrics are as follows:
• Reliability: for example, the percentage of time that systems have unscheduled downtime
• Response time: for example, how quickly an application moves from one screen to the next
• Resiliency: for example, how quickly a system can recover after it goes down
278 · C H A P T E R 8 : O R G A N I Z I N G I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S
Glaser (2006) proposes a series of questions that can be used to assess the IT function. These questions cover the areas of infrastructure and applica tion performance, execution, and strategic alignment.
Infrastructure and Application Performance External and internal auditors’ reports on IT controls and management. Do these reports note material problems with significant downtime, failure to perform adequate management of the data center, and adequacy of security controls? IT infrastructure management processes. Does IT track downtime and what steps have been taken to reduce it? Are they current with vendor releases? How does IT manage virus protection? When the infrastructure has problems, what are the procedures for responding?
Execution Achieving desired application outcomes. Picking three recent implementations, what were the objectives? To what degree were the objectives achieved? If the organization fell short in achieving objectives, why did this happen? User engagement. Do implemented systems improve the operation of key departments? Was the training good? Were the IT group and the vendor responsive to issues and problems?
• Software bugs: for example, the number of bugs detected in an application per line of program code or hour of use
Common day-to-day support metrics are as follows:
• The percentage of help desk calls that are resolved within twenty-four hours
• The percentage of help desk calls that are not resolved after fi ve days
• The percentage of help desk calls that are repeat calls, that is, the problem was not resolved the fi rst time
• The time that elapses between ordering a workstation and its installation
E V A L U A T I N G I T E F F E C T I V E N E S S · 279
PERSPECTIVE Assessing the IT Function
Managing the implementation. Were clear project charters developed? Are sound project management techniques used? Do most projects get done on time and on budget? Frontline support. Does the IT organization measure its service? Has the IT organization established service goals? Was the organization’s management involved in setting those goals? Departmental IT liaisons. Who are the IT liaisons to major user depart ments? Do they do a good job? Do the liaisons keep the department up-to date on IT plans? Are liaisons considered to be members of the department’s team?
Alignment of the IT Agenda with the Organization’s Agenda IT linkage to organizational strategy. Can the major elements of the organization’s strategy be mapped to the IT initiatives needed to support the strategic plan? Is there a regular senior leadership discussion of the IT agenda, and does the leadership take responsibility for making decisions about which IT initiatives to fund? Governance. What processes and committees are used to set priorities? Is the process for setting the IT budget well understood, effi cient, suffi ciently rigorous, and perceived as fair? Is there a well-accepted approach for acquiring new applications?
Source: Glaser (2006).
It is important that the management team define the desired level of IT service. For example, is the goal to achieve an uptime of 99.99 percent, or does the organization want to have 90 percent of help desk calls closed within twenty-four hours? If the service levels are deemed to be inadequate, a discussion can be held with IT managers to identify the costs of achieving a higher level of service. Additional staff members may be needed at the help desk, or the organization may need to develop a redundant network to improve resiliency. Conversely, if the organization needs to reduce IT costs, the management team may need to examine the service consequences of reducing the number of help desk staff members.
The assessment of the IT function requires examining areas that range from strategy development to service levels. And the assessment can use a
280 · C H A P T E R 8 : O R G A N I Z I N G I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S
PERSPECTIVE Managing Core IT Processes
Agarwal and Sambamurthy (2002) have identified eight core IT pro cesses that must be managed well for an IT department to be effective:
1. Human capital management involves the development of IT staff skills and the attraction and retention of IT talent.
2. Platform management is a series of activities that designs the IT architecture and constructs and manages the resulting infrastructure.
3. Relationship management centers on developing and maintaining relationships between the IT function and the rest of the organiza tion and on partnerships with IT vendors.
4. Strategic planning links the IT agenda and plans to the organiza tion’s strategy and plans.
5. Financial management encompasses a wide range of management processes—developing the IT budget, defining the business case for IT investments, and benchmarking IT costs.
6. Value innovation involves identifying new ways for IT to improve business operations and ensuring that IT investments deliver value.
7. Solutions delivery includes the selection, development, and imple mentation of applications and infrastructure.
8. Services provisioning centers on the day-to-day support of applica tions and infrastructure—for example, the help desk, workstation deployments, and user training.
Source: Agarwal and Sambamurthy (2002).
variety of data collection techniques. Appendix B contains a sample survey used by an IT services department to assess user satisfaction.
Answers to these questions provide an indication, clearly rough, of how well the IT function is being run and, to a degree, of whether the aggregate IT investment is providing value. All these questions come from commonsense management beliefs about what is involved in running an organization well and tests of IT domain knowledge.
K E Y T E R M S · 281
SUMMARY
It is critical that health care organizations have access to appropriate IT staff members and resources to support their health care information systems and system users. IT staff members perform several common functions and have several common roles. In large organizations, the IT department often has a management team comprising the chief information offi cer, chief technol ogy officer, chief information security officer, and chief medical information officer, who provide leadership to ensure that the organization fulfi lls its IT strategies and goals. Having a CIO with strong leadership skills, vision, and experience is critical to the organization achieving its strategic IT goals. Working with the CIO and IT management team, one will often find a team of professional and technical staff members including systems analysts, com puter programmers, network administrators, database administrators, web designers, and support personnel. Each brings a unique set of knowledge and skills to support the IT operations of the health care organization.
The organizational structure of the IT department is influenced by several factors: level of centralization, core IT competencies, and desired attributes of the IT department.
IT services may be provided by in-house staff members or outsourced to an outside vendor or company. Many factors come into play in deciding if and when to outsource all or part of the IT services. Availability of staff members, time constraints, financial resources, and the executive management team’s view of IT may determine the appropriateness of outsourcing.
Whether IT services are provided in-house or outsourced, it is important for the management team to assess the efficiency and effectiveness of IT ser vices. The governance structure, how the IT resources are allocated, the track record of system acquisitions and system implementations, and user satisfac tion with current IT service levels are some of the key elements that should be examined in any assessment. Consultants may be employed to conduct the assessment and offer the organization an outsider’s objective view.
KEY TERMS
Application management Governance Chief information offi cer (CIO) IT centralization and decentralization Chief information security offi cer Network administrators
(CISO) Operations and technical support Chief medical information offi cer Outsourced IT
(CMIO) Programmers Chief technology offi cer (CTO) Systems analyst Database administrators
282 · C H A P T E R 8 : O R G A N I Z I N G I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S
LEARNING ACTIVITIES
1. Visit an IT department in a health care facility in your community and interview the CIO or department director. Examine the IT department’s organizational structure. What functions or services does the IT department provide? How centralized are IT services within the organization? Does the organization employ a CMIO, CISO, or CTO? If so, what are each person’s job qualifi cations and responsibilities?
2. Find an article in the literature that outlines either the advantages or disadvantages or both of outsourcing IT. Discuss the fi ndings with your classmates. What have others learned about outsourcing that may be important to your organization?
3. Plan and organize a panel discussion with CIOs from local health care facilities. Find out what some of their greatest challenges are and what a typical day is like for them. To what degree are their organizations facing workforce shortages? In what areas, if any? What strategies do they employ to recruit and retain top-notch staff members?
4. Investigate any one of the following roles and interview someone working in this type of position. Find out the individual’s roles, responsibilities, qualifi cations, background, experience, and challenges.
o Chief medical information offi cer
o Chief information security offi cer
o Chief technology offi cer
o Clinical systems analyst
o Mobile application developer
REFERENCES
Agarwal, R., & Sambamurthy, V. (2002). Organizing the IT function for business innovation leadership. Chicago, IL: Society for Information Management.
AMIA Task Force Report on CCIO Knowledge, Education and Skillset Requirements (2016). The chief clinical informatics offi cer (CCIO). Washington, DC: American Medical Informatics Association.
College of Healthcare Information Management Executives (CHIME). (1998). The healthcare CIO: A decade of growth. Ann Arbor, MI: Author.
R E F E R E N C E S · 283
College of Healthcare Information Management Executives (CHIME). (2008). The seven CIO success factors. Retrieved April 2008 from http://www.cio-chime.org/ events/ciobootcamp/measure.asp
College of Healthcare Information Management Executives (CHIME). (2012). Demand persists for experienced health IT staff. Retrieved in April 2016 from http://www.hhnmag.com/ext/resources/inc-hhn/pdfs/resources/CHIME_Work force-_survey_report-2012.pdf
Earl, M., & Feeney, D. (1995). Is your CIO adding value? McKinsey Quarterly, 2, 144–161.
Florentine, S. (2015). 10 hot IT skills for 2016. Retrieved April 2016 from http:// www.cio.com/article/3014161/careers-staffi ng/10-hot-it-job-skills-for-2016 .html#slide1
Gartner. (2013). Gartner says cloud computing will become the bulk of new IT spend by 2016. Retrieved April 2016 from http://www.gartner.com/newsroom/id/ 2613015
Glaser, J. (2006, Jan.). Assessing the IT function in less than one day. Healthcare Financial Management, pp. 104–108.
Glaser, J. (2008a, April). Creating IT agility. Healthcare Financial Management, pp. 36–39.
Glaser, J. (2008b, Feb. 6). The four cornerstones of innovation. Most Wired Online.
Glaser, J. (2016, Feb. 8). The evolution of the health care chief information offi cer. H&HN Daily.
Glaser, J., & Kirby, J. (2009). Evolution of the healthcare CIO. Healthcare Financial Management, 63(11), 38–41.
Glaser, J., & Williams, R. (2007). The definitive evolution of the role of the CIO. Journal of Healthcare Information Management, 21(1), 9–11.
Murphy, J. (2011). The nursing informatics workforce: Who are they and what do they do? Nursing Economics, 42(11), 20–23.
Oz, E. (2006). Management information systems: Instructor edition (4th ed.). Boston, MA: Course Technology.
Wadsworth, J. (2016). The best organizational structure for healthcare analytics. Health Catalyst. Retrieved May 31, 2016, from https://www.healthcatalyst.com/ best-organizational-structure-healthcare-analytics
Laws, Regulations, and Standards That Affect Health Care
Information Systems
PART THREE
285
CHAPTER 9
Privacy and Security
LEARNING OBJECTIVES
• To be able to distinguish among privacy, confi dentiality, and security as they relate to health information.
• To be able to identify the purpose of the Privacy Act of 1974 and 42 C.F.R. (Code of Federal Regulations) Part 2, Confi dentiality of Substance Abuse Patient Records.
• To be able to describe and discuss the impact of the HIPAA Privacy, Security, and Breach Notifi cation rules.
• To be able to identify threats to health care information and information systems caused by humans (intentional and unintentional), natural causes, and the environment.
• To be able to understand the purpose and key components of the health care organization security program and the need to mitigate security risks.
• To be able to discuss the increased need for and identify resources to improve cybersecurity in health care organizations.
287
288 · C H A P T E R 9 : P R I V A C Y A N D S E C U R I T Y
Privacy is an individual’s constitutional right to be left alone, to be free from unwarranted publicity, and to conduct his or her life without its being made public. In the health care environment, privacy is an individual’s right to limit access to his or her health care information. In spite of this constitutional protection and other legislated protections discussed in this chapter, approx imately 112 million Americans (a third of the United States population) were affected by breaches of protected health information (PHI) in 2015 (Koch, 2016). Three large insurance-related corporations accounted for nearly one hundred million records being exposed (Koch, 2016). In one well-publicized security breach at Banner Health, where hackers gained entrance through food and beverage computers, approximately 3.7 million individuals’ infor mation was accessed, much of it health information (Goedert, 2016).
Health information privacy and security are key topics for health care administrators. In today’s ever-increasing electronic world, where the Inter net of Things is on the horizon and nearly every health care organization employee and visitor has a smart mobile device that is connected to at least one network, new and more virulent threats are an everyday concern. In this chapter we will examine and define the concepts of privacy, confi den tiality, and security as they apply to health information. Major legislative efforts, historic and current, to protect health care information are outlined, with a focus on the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification rules. Different types of threats, intentional and unintentional, to health information will be discussed. Basic requirements for a strong health care organization security program will be outlined, and the chapter will conclude with the cybersecurity challenges in today’s environment of mobile and cloud-based devices, wearable fitness trackers, social media, and remote access to health information.
PRIVACY, CONFIDENTIALITY, AND SECURITY DEFINED
As stated, privacy is an individual’s right to be left alone and to limit access to his or her health care information. Confi dentiality is related to privacy but specifically addresses the expectation that information shared with a health care provider during the course of treatment will be used only for its intended purpose and not disclosed otherwise. Confidentiality relies on trust. Security refers to the systems that are in place to protect health infor mation and the systems within which it resides. Health care organizations must protect their health information and health information systems from a range of potential threats. Certainly, security systems must protect against unauthorized access and disclosure of patient information, but they must also be designed to protect the organization’s IT assets—such as the networks,
L E G A L P R O T E C T I O N O F H E A L T H I N F O R M A T I O N · 289
hardware, software, and applications that make up the organization’s health care information systems—from harm.
LEGAL PROTECTION OF HEALTH INFORMATION
There are many sources for the legal and ethical requirements that health care professionals maintain the confidentiality of patient information and protect patient privacy. Ethical and professional standards, such as those pub lished by the American Medical Association and other organizations, address professional conduct and the need to hold patient information in confi dence. Accrediting bodies, such as the Joint Commission, state facility licensure rules, and the government through Centers for Medicare and Medicaid, dictate that health care organizations follow standard practice and state and federal laws to ensure the confidentiality and security of patient information.
Today, legal protection specially addressing the unauthorized disclosure of an individual’s health information generally comes from one of three sources (Koch, 2016):
• Federal HIPAA Privacy, Security, and Breach Notifi cation rules
• State privacy laws. These laws typically apply more stringent protections for information related to specifi c health conditions (HIV/ AIDS, mental or reproductive health, for example).
• Federal Trade Commission (FTC) Act consumer protection, which protects against unfair or deceptive practices. The FTC issued the Health Breach Notifi cation Rule in 2010 to require certain businesses not covered by HIPAA, including PHR vendors, PHR-related entities, or third-party providers for PHR vendors or PHR-related entities to notify individuals of a security breach.
However, there are two other major federal laws governing patient privacy that, although they have been essentially superseded by HIPAA, remain important, particularly from a historical perspective.
• The Privacy Act of 1974 (5 U.S.C. §552a; 45 C.F.R. Part 5b; OMB Circular No. A-108 [1975])
• Confi dentiality of Substance Abuse Patient Records (42 U.S.C. §290dd- 2, 42 C.F.R. Part 2)
The Privacy Act of 1974
In 1966, the Freedom of Information Act (FOIA) was passed. This legis lation provides the American public with the right to obtain information
290 · C H A P T E R 9 : P R I V A C Y A N D S E C U R I T Y
from federal agencies. The act covers all records created by the federal government, with nine exceptions. The sixth exception is for personnel and medical information, “the disclosure of which would constitute a clearly unwarranted invasion of personal privacy.” There was, however, concern that this exception to the FOIA was not strong enough to protect federally created patient records and other health information. Consequently, Con gress enacted the Privacy Act of 1974. This act was written specifi cally to protect patient confidentiality only in federally operated health care facil ities, such as Veterans Administration hospitals, Indian Health Service facilities, and military health care organizations. Because the protection was limited to those facilities operated by the federal government, most general hospitals and other nongovernment health care organizations did not have to comply. Nevertheless, the Privacy Act of 1974 was an important piece of legislation, not only because it addressed the FOIA exception for patient information but also because it explicitly stated that patients had a right to access and amend their medical records. It also required facilities to maintain documentation of all disclosures. Neither of these things was standard practice at the time.
Confidentiality of Substance Abuse Patient Records
During the 1970s, people became increasingly aware of the extra-sensitive nature of drug and alcohol treatment records. This led to the regulations currently found in 42 C.F.R. (Code of Federal Regulations) Part 2, Con fidentiality of Substance Abuse Patient Records. These regulations have been amended twice, with the latest version published in 1999. They offer specific guidance to federally assisted health care organizations that provide referral, diagnosis, and treatment services to patients with alcohol or drug problems. Not surprisingly, they set stringent release of information stan dards, designed to protect the confidentiality of patients seeking alcohol or drug treatment.
HIPAA
HIPAA is the first comprehensive federal regulation to offer specifi c protection to private health information. Prior to the enactment of HIPAA there was no single federal regulation governing the privacy and security of patient-specifi c information, only the limited legislative protections previously discussed. These laws were not comprehensive and protected only specific groups of individuals.
L E G A L P R O T E C T I O N O F H E A L T H I N F O R M A T I O N · 291
The Health Insurance Portability and Accountability Act of 1996 consists of two main parts:
• Title I addresses health care access, portability, and renewability, offering protection for individuals who change jobs or health insurance policies. (Although Title I is an important piece of legislation, it does not address health care information specifi cally and will therefore not be addressed in this chapter.)
• Title II includes a section titled, “Administrative Simplifi cation.”
The requirements establishing privacy and security regulations for pro tecting individually identifiable health information are found in Title II of HIPAA. The HIPAA Privacy Rule was required beginning April 2003 and the HIPAA Security Rule beginning April 2005. Both rules were subsequently amended and the Breach Notification Rule was added as a part of the HITECH Act in 2009.
The information protected under the HIPAA Privacy Rule is specifi cally defined as PHI, which is information that
• Relates to a person’s physical or mental health, the provision of health care, or the payment for health care
• Identifi es the person who is the subject of the information
• Is created or received by a covered entity
• Is transmitted or maintained in any form (paper, electronic, or oral)
Unlike the Privacy Rule, the Security Rule addressed only PHI transmitted or maintained in electronic form. Within the Security Rule this information is identified as ePHI.
The HIPAA rules also define covered entities (CEs), those organizations to which the rules apply:
• Health plans, which pay or provide for the cost of medical care
• Health care clearinghouses, which process health information (for example, billing services)
• Health care providers who conduct certain fi nancial and administrative transactions electronically (These transactions are defined broadly so that the reality of HIPAA is that it governs nearly all health care providers who receive any type of third-party reimbursement.)
292 · C H A P T E R 9 : P R I V A C Y A N D S E C U R I T Y
If any CE shares information with others, it must establish contracts to protect the shared information. The HITECH Act amended HIPAA and added “Business Associates” as a category of CE. It further clarified that certain entities, such as health information exchange organizations, regional health information organizations, e-prescribing gateways, or a vendor that contracts with a CE to allow the CE to offer a personal health record as a part of its EHR, are business associates if they require access to PHI on a routine basis (Coppersmith, Gordon, Schermer, & Brokelman, PLC, 2012).
HIPAA Privacy Rule
Although the HIPAA Privacy Rule is a comprehensive set of federal standards, it permits the enforcement of existing state laws that are more protective of individual privacy, and states are also free to pass more stringent laws. Therefore, health care organizations must still be familiar with their own state laws and regulations related to privacy and confi dentiality.
The major components to the HIPAA Privacy Rule in its original form include the following:
• Boundaries. PHI may be disclosed for health purposes only, with very limited exceptions.
• Security. PHI should not be distributed without patient authorization unless there is a clear basis for doing so, and the individuals who receive the information must safeguard it.
• Consumer control. Individuals are entitled to access and control their health records and are to be informed of the purposes for which information is being disclosed and used.
• Accountability. Entities that improperly handle PHI can be charged under criminal law and punished and are subject to civil recourse as well.
• Public responsibility. Individual interests must not override national priorities in public health, medical research, preventing health care fraud, and law enforcement in general.
With HITECH, the Privacy Rule was expanded to include creation of new privacy requirements for HIPAA-covered entities and business associates. In addition, the rights of individuals to request and obtain their PHI are strengthened, as is the right of the individual to prevent a health care orga nization from disclosing PHI to a health plan, if the individual paid in full out of pocket for the related services. There were also some new provisions
L E G A L P R O T E C T I O N O F H E A L T H I N F O R M A T I O N · 293
for accounting of disclosures made through an EHR for treatment, payment, and operations (Coppersmith et al., 2012).
The HIPAA Privacy Rule attempts to sort out the routine and nonroutine use of health information by distinguishing between patient consent to use PHI and patient authorization to release PHI. Health care providers and others must obtain a patient’s written consent prior to disclosure of health informa tion for routine uses of treatment, payment, and health care operations. This consent is fairly general in nature and is obtained prior to patient treatment. There are some exceptions to this in emergency situations, and the patient has a right to request restrictions on the disclosure. However, health care providers can deny treatment if they feel that limiting the disclosure would be detrimental. Health care providers and others must obtain the patient’s specific written authorization for all nonroutine uses or disclosures of PHI, such as releasing health records to a school or a relative.
Exhibit 9.1 is a sample release of information form used by a hospital, showing the following elements that should be present on a valid release form:
• Patient identifi cation (name and date of birth)
• Name of the person or entity to whom the information is being released
• Description of the specifi c health information authorized for disclosure
• Statement of the reason for or purpose of the disclosure
• Date, event, or condition on which the authorization will expire, unless it is revoked earlier
• Statement that the authorization is subject to revocation by the patient or the patient’s legal representative
• Patient’s or legal representative’s signature
• Signature date, which must be after the date of the encounter that produced the information to be released
Health care organizations need clear policies and procedures for releasing PHI. A central point of control should exist through which all nonroutine requests for information pass, and all disclosures should be well documented.
In some instances, PHI can be released without the patient’s authoriza tion. For example, some state laws require disclosing certain health infor mation. It is always good practice to obtain a patient authorization prior to releasing information when feasible, but in state-mandated cases it is not required. Some examples of situations in which information might need to be disclosed to authorized recipients without the patient’s consent are the
294 · C H A P T E R 9 : P R I V A C Y A N D S E C U R I T Y
Exhibit 9.1 Sample release of information form
Source: © 2017 Medical University Hospital Authority. All rights reserved. This form is provided “as is” without any warranty, express or implied, as to its legal effect or completeness. Forms should be used as a guide and modifi ed to meet the laws of your state. Use at your own risk.
L E G A L P R O T E C T I O N O F H E A L T H I N F O R M A T I O N · 295
presence of a communicable disease, such as AIDS and sexually transmitted diseases, which must be reported to the state or county department of health; suspected child abuse or adult abuse that must be reported to designated authorities; situations in which there is a legal duty to warn another person of a clear and imminent danger from a patient; bona fide medical emergencies; and the existence of a valid court order.
The HIPAA Security Rule
The HIPAA Security Rule is closely connected to the HIPAA Privacy Rule. The Security Rule governs only ePHI, which is defined as protected health information maintained or transmitted in electronic form. It is important to note that the Security Rule does not distinguish between electronic forms of information or between transmission mechanisms. ePHI may be stored in any type of electronic media, such as magnetic tapes and disks, optical disks, servers, and personal computers. Transmission may take place over the Internet or on local area networks (LANs), for example.
The standards in the final rule are defined in general terms, focusing on what should be done rather than on how it should be done. According to the Centers for Medicare and Medicaid Services (CMS, 2004), the fi nal rule spec ifies “a series of administrative, technical, and physical security procedures for covered entities to use to assure the confi dentiality of electronic protected health information (ePHI). The standards are delineated into either required or addressable implementation specifications.” A required specifi cation must be implemented by a CE for that organization to be in compliance. However, the CE is in compliance with an addressable specification if it does any one of the following:
• Implements the specifi cation as stated
• Implements an alternative security measure to accomplish the purposes of the standard or specifi cation
• Chooses not to implement anything, provided it can demonstrate that the standard or specifi cation is not reasonable and appropriate and that the purpose of the standard can still be met; because the Security Rule is designed to be technology neutral, this fl exibility was granted for organizations that employ nonstandard technologies or have legitimate reasons not to need the stated specifi cation (AHIMA, 2003)
The standards contained in the HIPAA Security Rule are divided into sections, or categories, the specifics of which we outline here. You will notice
296 · C H A P T E R 9 : P R I V A C Y A N D S E C U R I T Y
overlap among the sections. For example, contingency plans are covered under both administrative and physical safeguards, and access controls are addressed in several standards and specifi cations.
The HIPAA Security Rule
The HIPAA Security Administrative Safeguards section of the Final Rule contains nine standards:
1. Security management functions. This standard requires the CE to implement policies and procedures to prevent, detect, contain, and correct security violations. There are four implementation specifi cations for this standard:
• Risk analysis (required). The CE must conduct an accurate and thorough assessment of the potential risks to and vulnerabilities of the confi dentiality, integrity, and availability of ePHI.
• Risk management (required). The CE must implement security measures that reduce risks and vulnerabilities to a reasonable and appropriate level.
• Sanction policy (required). The CE must apply appropriate sanctions against workforce members who fail to comply with the CE’s security policies and procedures.
• Information system activity review (required). The CE must implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.
2. Assigned security responsibility. This standard does not have any implementation specifi cations. It requires the CE to identify the individual responsible for overseeing development of the organization’s security policies and procedures.
3. Workforce security. This standard requires the CE to implement policies and procedures to ensure that all members of its workforce have appropriate access to ePHI and to prevent those workforce members who do not have access from obtaining access. There are three implementation specifi cations for this standard:
• Authorization and/or supervision (addressable). The CE must have a process for ensuring that the workforce working with ePHI has adequate authorization and supervision.
L E G A L P R O T E C T I O N O F H E A L T H I N F O R M A T I O N · 297
• Workforce clearance procedure (addressable). There must be a process to determine what access is appropriate for each workforce member.
• Termination procedures (addressable). There must be a process for terminating access to ePHI when a workforce member is no longer employed or his or her responsibilities change.
4. Information access management. This standard requires the CE to implement policies and procedures for authorizing access to ePHI. There are three implementation specifi cations within this standard. The first (not shown here) applies to health care clearinghouses, and the other two apply to health care organizations:
• Access authorization (addressable). The CE must have a process for granting access to ePHI through a workstation, transaction, program, or other process.
• Access establishment and modifi cation (addressable). The CE must have a process (based on the access authorization) to establish, document, review, and modify a user’s right to access a workstation, transaction, program, or process.
5. Security awareness and training. This standard requires the CE to implement awareness and training programs for all members of its workforce. This training should include periodic security reminders and address protection from malicious software, log-in monitoring, and password management. (These items to be addressed in training are all listed as addressable implementation specifi cations.)
6. Security incident reporting. This standard requires the CE to implement policies and procedures to address security incidents.
7. Contingency plan. This standard has fi ve implementation specifi cations:
• Data backup plan (required)
• Disaster recovery plan (required)
• Emergency mode operation plan (required)
• Testing and revision procedures (addressable); the CE should periodically test and modify all contingency plans
• Applications and data criticality analysis (addressable); the CE should assess the relative criticality of specifi c applications and data in support of its contingency plan
8. Evaluation. This standard requires the CE to periodically perform technical and nontechnical evaluations in response to changes that may affect the security of ePHI.
298 · C H A P T E R 9 : P R I V A C Y A N D S E C U R I T Y
9. Business associate contracts and other arrangements. This standard outlines the conditions under which a CE must have a formal agreement with business associates in order to exchange ePHI.
The HIPAA Security Physical Safeguards section contains four standards:
1. Facility access controls. This standard requires the CE to implement policies and procedures to limit physical access to its electronic information systems and the facilities in which they are housed to authorized users. There are four implementation specifi cations with this standard:
• Contingency operations (addressable). The CE should have a process for allowing facility access to support the restoration of lost data under the disaster recovery plan and emergency mode operation plan.
• Facility security plan (addressable). The CE must have a process to safeguard the facility and its equipment from unauthorized access, tampering, and theft.
• Access control and validation (addressable). The CE should have a process to control and validate access to facilities based on users’ roles or functions.
• Maintenance records (addressable). The CE should have a process to document repairs and modifi cations to the physical components of a facility as they relate to security.
2. Workstation use. This standard requires the CE to implement policies and procedures that specify the proper functions to be performed and the manner in which those functions are to be performed on a specifi c workstation or class of workstation that can be used to access ePHI and that also specify the physical attributes of the surroundings of such workstations.
3. Workstation security. This standard requires the CE to implement physical safeguards for all workstations that are used to access ePHI and to restrict access to authorized users.
4. Device and media controls. This standard requires the CE to implement policies and procedures for the movement of hardware and electronic media that contain ePHI into and out of a facility and within a facility. There are four implementation specifi cations with this standard:
• Disposal (required). The CE must have a process for the fi nal disposition of ePHI and of the hardware and electronic media on which it is stored.
L E G A L P R O T E C T I O N O F H E A L T H I N F O R M A T I O N · 299
• Media reuse (required). The CE must have a process for removal of ePHI from electronic media before the media can be reused.
• Accountability (addressable). The CE must maintain a record of movements of hardware and electronic media and any person responsible for these items.
• Data backup and storage (addressable). The CE must create a retrievable, exact copy of ePHI, when needed, before movement of equipment.
The HIPAA Security Technical Safeguards section has fi ve standards:
1. Access control. This standard requires the CE to implement technical policies and procedures for electronic information systems that maintain ePHI in order to allow access only to those persons or software programs that have been granted access rights as specifi ed in the administrative safeguards. There are four implementation specifi cations within this standard:
• Unique user identifi cation (required). The CE must assign a unique name or number for identifying and tracking each user’s identity.
• Emergency access procedure (required). The CE must establish procedures for obtaining necessary ePHI in an emergency.
• Automatic log-off (addressable). The CE must implement electronic processes that terminate an electronic session after a predetermined time of inactivity.
• Encryption and decryption (addressable). The CE should implement a mechanism to encrypt and decrypt ePHI as needed.
2. Audit controls. This standard requires the CE to implement hardware, software, and procedures that record and examine activity in the information systems that contain ePHI.
3. Integrity. This standard requires the CE to implement policies and procedures to protect ePHI from improper alteration or destruction.
4. Person or entity authentication. This standard requires the CE to implement procedures to verify that a person or entity seeking access to ePHI is in fact the person or entity claimed.
5. Transmission security. This standard requires the CE to implement technical measures to guard against unauthorized access to ePHI
300 · C H A P T E R 9 : P R I V A C Y A N D S E C U R I T Y
being transmitted across a network. There are two implementation specifi cations with this standard:
• Integrity controls (addressable). The CE must implement security measures to ensure that electronically transmitted ePHI is not improperly modifi ed without detection.
• Encryption (addressable). The CE should encrypt ePHI whenever it is deemed appropriate.
The Policies, Procedures, and Documentation section has two standards:
1. Policies and procedures. This standard requires the CE to establish and implement policies and procedures to comply with the standards, implementation specifi cations, and other requirements.
2. Documentation. This standard requires the CE to maintain the policies and procedures implemented to comply with the Security Rule in written form. There are three implementation specifi cations:
• Time limit (required). The CE must retain the documentation for six years from the date of its creation or the date when it was last in effect, whichever is later.
• Availability (required). The CE must make the documentation available to those persons responsible for implementing the policies and procedures.
• Updates (required). The CE must review the documentation periodically and update it as needed.
HIPAA Breach Notifi cation Rule
The HIPAA Breach Notifi cation Rule requires CEs and their business associ ates to provide notification following a breach of unsecured protected health information. “‘Unsecured’ PHI is PHI that has not been rendered unusable, unreadable, or indecipherable to unauthorized persons through the use of a technology or methodology specified by the Secretary in guidance” (US Department of Health and Human Services, n.d.c). To meet the requirement of “secured” PHI, it must have been encrypted using a valid encryption process, or the media on which the PHI is stored have been destroyed. Paper or other hard copy media, such as film, must be shredded or otherwise destroyed so that it cannot be read or reconstructed. Electronic media must be “sanitized” according to accepted standards so that PHI cannot be retrieved (US Depart ment of Health and Human Services, n.d.c).
L E G A L P R O T E C T I O N O F H E A L T H I N F O R M A T I O N · 301
The notification requirements include, depending on the circumstances, notification to these sources:
• Individuals affected
• The Health and Human Services Secretary (via the Offi ce for Civil Rights [OCR])
• Major media outlets
All individuals affected by breaches of unsecured PHI must be notifi ed within a reasonable length of time—less than sixty days—after the breach is discovered. If the CE does not have sufficient information to contact ten or more individuals directly, the notification must be made on the home page of its website for at least ninety days or by a major media outlet. A CE that experiences a breach involving five hundred or more individuals must, in addition to sending individual notices, provide notice to a major media outlet serving the area. This notification must also be made within sixty days. All breaches must also be reported to the secretary of HHS; the breaches involv ing more than five hundred individuals must be reported within sixty days; all others may be reported on an annual basis (US Department of Health and Human Services, n.d.b).
HIPAA Enforcement and Violation Penalties
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is responsible for enforcing HIPAA Privacy and Security rules. In addi tion, HITECH gave state attorneys general the authority to bring civil actions on behalf of the residents of their states for HIPAA violations. From April 2003 until May 2016, OCR has received over 134,000 HIPAA complaints and has initiated 879 compliance reviews. The resolution of the complaints and reviews is as follows (US Department of Health and Human Services, 2016):
• Settled thirty-fi ve cases resulting in $36,639,200 in penalties
• Resolved 24,241 cases by requiring a change in privacy practices and corrective actions by, or providing technical assistance to, CEs or business associates
• Identifi ed 11,018 cases as no violation and 79,865 cases as non-eligible
HIPAA criminal and civil penalties for noncompliance are applied using a tiered schedule that ranges from $100 for a single violation, when the individual did not know he or she was not in compliance, to $1,500,000 for multiple violations because of willful neglect. It is important to note that
302 · C H A P T E R 9 : P R I V A C Y A N D S E C U R I T Y
Table 9.1 HIPAA violation categories
Violation Category Category Fine*
Category 1: A violation that the CE was unaware of, and Minimum fine of $100 per could not have realistically avoided, had a reasonable violation up to $50,000 amount of care been taken to abide by HIPAA rules
Category 2: A violation that the CE should have been Minimum fine of $1,000 per aware of but could not have avoided even with a violation up to $50,000 reasonable amount of care (but falling short of willful neglect of HIPAA rules)
Category 3: A violation suffered as a direct result of Minimum fine of $10,000 per “willful neglect” of HIPAA rules, in cases in which an violation up to $50,000 attempt has been made to correct the violation
Category 4: A violation of HIPAA rules constituting Minimum fine of $50,000 per willful neglect, and no attempt has been made to violation correct the violation
*The fines are issued per violation category, per year that the violation was allowed to persist. The maximum fine per violation category, per year, is $1,500,000. Source: What are the penalties for HIPAA violations? (2015).
civil penalties cannot be levied in situations when the violation is corrected within a specified period of time.
The structure for HIPAA violations reflect four categories of violations and associated penalties. Table 9.1 outlines the categories and penalties.
In addition to these civil penalties, a HIPAA violation may result in crim inal charges. The criminal penalties are divided into the following three tiers (What are the penalties for HIPAA violations, 2015):
• Tier 1: Reasonable cause or no knowledge of violation—Up to one year in jail
• Tier 2: Obtaining PHI under false pretenses—Up to fi ve years in jail
• Tier 3: Obtaining PHI for personal gain or with malicious intent—Up to ten years in jail
As stated, most HIPAA violations are resolved with corrective action. In 2015 six financial penalties were issued. However, a serious violation can cost a health care organization a significant about of money. One such case resulting in a substantial financial settlement is outlined in the Perspective. The top ten largest fines levied for HIPAA violations as of August 2016 are listed in Table 9.2.
L E G A L P R O T E C T I O N O F H E A L T H I N F O R M A T I O N · 303
Table 9.2 Top ten largest fines levied for HIPAA violations as of August 2016
Fine Individuals Awarded
Organization Affected ($ million) Data Awarded
Advocate Health Care: Lacked appropriate safeguards, including an unencrypted laptop was left in a vehicle overnight
New York Presbyterian Hospital and Columbia University: PHI accessible on Google and other search engines
Cignet Health: Did not allow patients access to medical records and refused to cooperate with OCR
Feinstein Institute for Medical Research: Lacked appropriate safeguards leading to theft
Triple-S Management Corp (Blue Cross/ Blue Shield licensee in Puerto Rico): Did not deactivate user IDs and passwords, allowing previous employees to access PHI
University of Mississippi Medical Center: Did not manage risks appropriately, although aware of risks and vulnerabilities
Oregon Health & Science University: Lacked safeguards with regards to stolen laptop and used cloud storage without a business associate agreement in place
CVS Pharmacy: Improperly disposed of PHI such as prescription labels
New York Presbyterian Hospital: Allowed filming of two patients for a TV series creating the potential for PHI to be compromise. (Note: Hospital continues to maintain it was not a violation.)
Concentra Health Services: Failed to remediate an identifi ed lack of encryption after an unencrypted laptop was stolen
4 million 5.55 August 2016
6,800 4.8 May 2014
41 4.3 February 2011
Unknown 3.9 March 2016
398,000 3.5 November 2015
10,000 2.75 July 2016
7,000 2.7 July 2016
Unknown 2.25 January 2009
Unknown 2.2 April 2016
870 1.73 April 2014
Source: Bazzoli (2016).
-
304 · C H A P T E R 9 : P R I V A C Y A N D S E C U R I T Y
PERSPECTIVE $750,000 HIPAA Settlement Underscores
the Need for Organization Wide Risk Analysis
The University of Washington Medicine (UWM) has agreed to settle charges that it potentially violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule by failing to implement policies and procedures to prevent, detect, contain, and correct security violations. UWM is an affiliated covered entity, which includes designated health care components and other entities under the control of the Univer sity of Washington, including University of Washington Medical Center, the primary teaching hospital of the University of Washington School of Medicine. Affiliated covered entities must have in place appropriate poli cies and processes to assure HIPAA compliance with respect to each of the entities that are part of the affiliated group. The settlement includes a mon etary payment of $750,000, a corrective action plan, and annual reports on the organization’s compliance efforts.
The US Department of Health and Human Services Office for Civil Rights (OCR) initiated its investigation of the UWM following receipt of a breach report on November 27, 2013, which indicated that the electronic protected health information (e-PHI) of approximately 90,000 individuals was accessed after an employee downloaded an email attachment that con tained malicious malware. The malware compromised the organization’s IT system, affecting the data of two different groups of patients: (1) approx imately 76,000 patients involving a combination of patient names, medical record numbers, dates of service, and/or charges or bill balances; and (2) approximately 15,000 patients involving names, medical record numbers, other demographics such as address and phone number, dates of birth, charges or bill balances, Social Security numbers, insurance identifi cation or Medicare numbers.
OCR’s investigation indicated UWM’s security policies required its affiliated entities to have up-to-date, documented system-level risk assess ments and to implement safeguards in compliance with the Security Rule. However, UWM did not ensure that all of its affiliated entities were prop erly conducting risk assessments and appropriately responding to the potential risks and vulnerabilities in their respective environments.
Source: HHS.gov (2015). Used with permission.
T H R E A T S T O H E A L T H C A R E I N F O R M A T I O N · 305
THREATS TO HEALTH CARE INFORMATION
What are the threats to health care information systems? In general, threats to health care information systems fall into one of these three categories:
• Human tampering threats
• Natural and environmental threats, such as fl oods and fi re
• Environmental factors and technology malfunctions, such as a drive that fails and has no backup or a power outage
Threats to health care information systems from human beings can be intentional or unintentional. They can be internal, caused by employees, or external, caused by individuals outside the organization.
Intentional threats include knowingly disclosing patient information without authorization, theft, intentional alteration of data, and intentional destruction of data. The culprit could be a computer hacker, a disgruntled employee, or a prankster. Cybercrime directed at health information systems has increased signifi cantly in recent years. In the 2014–2015 two-year period, more than 90 percent of health care organizations reported a health infor mation security breach, and of these reports, nearly half were because of criminal activity (Koch, 2016). Intentional destruction or disruption of health care information is generally caused by some form of malware, a general term for software that is written to “infect” and subsequently harm a host computer system. The best-known form of malware is the computer virus, but there are others, including the particularly virulent ransomware, attacks from which are on the rise in health care.
The following list includes common forms of malware with a brief description of each (Comodo, 2014):
• Viruses are generally spread when software is shared among computers. It is a “contagious” piece of software code that infects the host system and spreads itself.
• Trojans (or Trojan Horses) are a type of virus specifi cally designed to look like a safe program. They can be programmed to steal personal information or to take over the resources of the host computer making it unavailable for its intended use.
• Spyware tracks Internet activities assisting the hacker in gathering information without consent. Spyware is generally hidden and can be diffi cult to detect.
306 · C H A P T E R 9 : P R I V A C Y A N D S E C U R I T Y
• Worms are software code that replicates itself and destroys fi les that are on the host computer, including the operating system.
• Ransomware is an advanced form of malware that hackers use to cripple the organization’s computer systems through malicious code, generally launched via an e-mail that is opened unwittingly by an employee, a method known as phishing. The malicious code then encrypts and locks folders and operating systems. The hacker demands money, generally in the form of bitcoins, a type of digital currency, to provide the decryption key to unlock the organization’s systems (Conn, 2016).
Some of the causes of unintentional health information breaches are lack of training in proper use of the health information system or human error. Users may unintentionally share patient information without proper autho rization. Other examples include users sharing passwords or downloading information from nonsecure Internet sites, creating the potential for a breach in security. Some of the more common forms of internal breaches of security across all industries are the installation or use of unauthorized software, use of the organization’s computing resources for illegal or illicit communi cations or activities (porn surfing, e-mail harassment, and so forth), and the use of the organization’s computing resources for personal profit. Losing or improperly disposing of electronic devices, including computers and porta ble electronic devices, also constitute serious forms of unintentional health information exposure. In 2015, the OCR portal, which lists breach incidents potentially affecting five hundred or more individuals, reported more than seventy-five thousand individuals’ data were breached either because of loss or improper disposal of a device containing PHI (OCR, n.d.).
Threats from natural causes, such as fi re or flood, are less common than human threats, but they must also be addressed in any comprehensive health care information security program. Loss of information because of environ mental factors and technical malfunctions must be secured against by using appropriate safeguards.
THE HEALTH CARE ORGANIZATION’S SECURITY PROGRAM
The realization of any of the threats discussed in the previous section can cause significant damage to the organization. Resorting to manual operations if the computers are down for days, for example, can lead to organizational chaos. Theft or loss of organizational data can lead to litigation by the indi viduals harmed by the disclosure of the data and HIPAA violations. Malware
T H E H E A L T H C A R E O R G A N I Z A T I O N ’ S S E C U R I T Y P R O G R A M · 307
can corrupt databases, corruption from which there may be no recovery. The function of the health care organization’s security program is to iden tify potential threats and implement processes to remove these threats or mitigate their ability to cause damage. The primary challenge of developing an effective security program in a health care organization is balancing the need for security with the cost of security. An organization does not know how to calculate the likelihood that a hacker will cause serious damage or a backhoe will cut through network cables under the street. The organization may not fully understand the consequences of being without its network for four hours or four days. Hence, it may not be sure how much to spend to remove or reduce the risk.
Another challenge is maintaining a satisfactory balance between health care information system security and health care data and information avail ability. As we saw in Chapter Two, the major purpose of maintaining health information and health records is to facilitate high-quality care for patients. On the one hand, if an organization’s security measures are so stringent that they prevent appropriate access to the health information needed to care for patients, this important purpose is undermined. On the other hand, if the orga nization allows unrestricted access to all patient-identifiable information to all its employees, the patients’ rights to privacy and confidentiality would certainly be violated and the organization’s IT assets would be at considerable risk.
The ONC (2015) publication Guide to Privacy and Security of Electronic Health Information for health care providers includes a chapter describing a seven-step approach for implementing a security management process. The guidance is directed at physician practices or other small health care organizations, and it does not include specific technical solutions. Specifi c solutions for security protection will be driven by the organization’s overall plan and will be managed by the organizations IT team. Larger organizations must also develop comprehensive security programs and will follow the same basic steps, but it will likely have more internal resources for security than smaller practices.
Each step in the ONC security management process for health care pro viders is listed in the following section.
Step 1: Lead Your Culture, Select Your Team, and Learn
This step includes six actions:
1. Designate a security offi cer, who will be responsible for developing and implementing the security practices to meet HIPAA requirements and ensure the security of PHI.
308 · C H A P T E R 9 : P R I V A C Y A N D S E C U R I T Y
2. Discuss HIPAA security requirements with your EHR developer to ensure that your system can be implemented to meet the security requirements of HIPAA and Meaningful Use.
3. Consider using a qualifi ed professional to assist with your security risk analysis. The security risk analysis is the opportunity to discover as much as possible about risks and vulnerabilities to health information within the organization.
4. Use tools to preview your security risk analysis. Examples of available tools are listed within Step 3.
5. Refresh your knowledge base of the HIPAA rules.
6. Promote a culture of protecting patient privacy and securing patient information. Make sure to communicate that all members of the organization are responsible for protecting patient information.
Step 2: Document Your Process, Findings, and Actions
Documenting the processes for risk analysis and implementation of safe guards is very important, not to mention a requirement of HIPAA. The fol lowing are some examples cited by the ONC of records to retain:
• Policies and procedures
• Completed security checklists (ESET, n.d.)
• Training materials presented to staff members and volunteers and any associated certifi cates of completion
• Updated business associate (BA) agreements
• Security risk analysis report
• EHR audit logs that show utilization of security features and efforts to monitor users’ actions
• Risk management action plan or other documentation that shows appropriate safeguards are in place throughout your organization, implementation timetables, and implementation notes
• Security incident and breach information
Step 3: Review Existing Security of ePHI (Perform Security Risk Analysis)
Risk analysis assesses potential threats and vulnerabilities to the “confi den tiality, integrity and availability” (ONC, 2015, p. 41) of PHI. Several excellent
T H E H E A L T H C A R E O R G A N I Z A T I O N ’ S S E C U R I T Y P R O G R A M · 309
Table 9.3 Resources for conducting a comprehensive risk analysis
OCR’s Guidance on Risk http://www.hhs.gov/hipaa/for-professionals/security/ Analysis Requirements under guidance/fi nal-guidance-risk-analysis/index.html the HIPAA Rule
OCR Security Rule Frequently http://www.hhs.gov/hipaa/for-professionals/faq Asked Questions (FAQs)
ONC SRA (Security Risk https://www.healthit.gov/providers-professionals/ Assessment) Tool for small security-risk-assessment practices
National Institute of Standards https://scap.nist.gov/hipaa/ and Technology (NIST) HIPAA Security Rule Toolkit
government-sponsored guides and toolsets available for conducting a compre hensive risk analysis are listed in Table 9.3 with a corresponding web address.
The three basic actions recommended for the organization’s fi rst compre hensive security risk analysis are as follows:
1. Identify where ePHI exists.
2. Identify potential threats and vulnerabilities to ePHI.
3. Identify risks and their associated levels.
Step 4: Develop an Action Plan
As discussed, the HIPAA Security Plan provides flexibility in how to achieve compliance, which allows an organization to take into account its specifi c needs. The action plan should include five components. Once in place, the plan should be reviewed regularly by the security team, led by the security offi cer.
1. Administrative safeguards
2. Physical safeguards
3. Technical safeguards
4. Organizational standards
5. Policies and procedures
Table 9.4 lists common examples of vulnerabilities and mitigation strat egies that could be employed.
310 · C H A P T E R 9 : P R I V A C Y A N D S E C U R I T Y
Table 9.4 Common examples of vulnerabilities and mitigation strategies
Security Examples of Security Component Examples of Vulnerabilities Mitigation Strategies
Administrative safeguards
Physical safeguards
Technical safeguards
Organizational standards
No security offi cer is designated.
Workforce is not trained or is unaware of privacy and security issues.
Facility has insuffi cient locks and other barriers to patient data access.
Computer equipment is easily accessible by the public.
Portable devices are not tracked or not locked up when not in use.
Poor controls enable inappropriate access to EHR.
Audit logs are not used enough to monitor users and other HER activities.
No measures are in place to keep electronic patient data from improper changes.
No contingency plan exists.
Electronic exchanges of patient information are not encrypted or otherwise secured.
No breach notifi cation and associated policies exist.
BA agreements have not been updated in several years.
Security offi cer is designated and publicized.
Workforce training begins at hire and is conducted on a regular and frequent basis.
Security risk analysis is performed periodically and when a change occurs in the practice or the technology.
Building alarm systems are installed.
Offi ces are locked.
Screens are shielded from secondary viewers.
Secure user IDs, passwords, and appropriate role-based access are used.
Routine audits of access and changes to EHR are conducted.
Anti-hacking and anti-malware software is installed.
Contingency plans and data backup plans are in place.
Data are encrypted.
Regular reviews of agreements are conducted and updates made accordingly.
T H E H E A L T H C A R E O R G A N I Z A T I O N ’ S S E C U R I T Y P R O G R A M · 311
Security Examples of Security Component Examples of Vulnerabilities Mitigation Strategies
Policies and procedures
Generic written policies and procedures to ensure HIPAA security compliance were purchased but not followed.
The manager performs ad hoc security measures.
Written policies and procedures are implemented and staff members are trained.
Security team conducts monthly review of user activities.
Routine updates are made to document security measures.
Source: ONC (2015).
Step 5: Manage and Mitigate Risks
The security plan will reduce risk only if it is followed by all employees in the organization. This step has four actions associated with it.
1. Implement your plan.
2. Prevent breaches by educating and training your workforce.
3. Communicate with patients.
4. Update your BA contracts.
Step 6: Attest for Meaningful Use Security Related Objective
Organizations can attest to the EHR Incentive Program security-related objective after the security risk analysis and correction of any identifi ed defi ciencies.
Step 7: Monitor, Audit, and Update Security on an Ongoing Basis
The security officer, IT administrator, and EHR developer should work together to ensure that the organization’s monitoring and auditing functions are active and configured appropriately. Auditing and monitoring are neces sary to determine the adequacy and effectiveness of the security plan and infrastructure, as well as the “who, what, when, where and how” (ONC, 2015, p. 54) patients’ ePHI is accessed.
312 · C H A P T E R 9 : P R I V A C Y A N D S E C U R I T Y
BEYOND HIPAA: CYBERSECURITY FOR TODAY’S WIRED ENVIRONMENT
Clearly, HIPAA is an important legislative act aimed at protecting health data and information. However, in today’s increasingly wired environment, health care organizations face threats that were not present when HIPAA was enacted. In June 2016, 41 percent of all data breaches were because of cyber crime—hacking. In July of the same year a single hacker was responsible for 30 percent of the health care data breached (Sullivan, 2016). Experts argue that health care organizations are easy targets for cybercriminals because they are inadequately prepared. The average health care provider spends less than 6 percent of its total IT budget on security, compared to the government, which spends 16 percent, and the banking industry, which spends between 12 and 15 percent. By one estimate the increase in cybercrime against health care organizations is because of, at least in part, PHI’s value on the black market, estimating that PHI is fi fty times more valuable than fi nancial infor mation (Koch, 2016; Siwicki, 2016).
The reality of today’s environment is that there are more entry points into health care information networks and computers than ever before. Mobile devices, cloud use, the use of smart consumer products, health care devices with Internet connectivity, along with more employees connecting to health care networks from remote locations create an increased need for cyberse curity in health care organizations. One recent survey found that among medical students and physicians 93.7 percent owned smartphones and 82.9 percent had used them in a clinical setting. Perhaps the most surprising aspect of the survey was that none of respondents believed using the devices increased risk of breaching patient information (Buchholz, Perry, Weiss, & Cooley, 2016).
So-called mHealth technologies, which include entities that support per sonal health records and cloud-based or mobile applications that collect patient information directly from patients or allow uploading of health-related data from wearable devices, are also on the rise, as is the use of health- related social media sites. These technologies were not addressed in HIPAA and, therefore, do not meet the criteria as a CE (DeSalvo & Samuels, 2016).
To provide assistance to health care organizations to combat cyber attacks and improve cybersecurity, the ONC (n.d.) published the Top 10 Tips for Cybersecurity in Health Care. The first tip reminds health care organiza tions to establish a security culture, the same initial tip in their guidance for developing a security plan, clearly emphasizing the importance of this aspect of any security program. The other tips in the publication contain some more specific ways to mitigate the threat from cyber attacks. These tips are listed
B E Y O N D H I P A A : C Y B E R S E C U R I T Y F O R T O D A Y ’ S W I R E D E N V I R O N M E N T · 313
with specific checkpoints to ensure security (ONC, n.d.). The full version of the top-ten document is available at HealthIT.gov.
Protect Mobile Devices
• Ensure your mobile devices are equipped with strong authentication and access controls.
• Ensure laptops have password protection.
• Enable password protection on handheld devices (if available). Take extra physical control precautions over the device if password protection is not provided.
• Protect wireless transmissions from intrusion.
• Do not transmit unencrypted PHI across public networks (e.g., Internet, Wi-Fi).
• When it is absolutely necessary to commit PHI to a mobile device or remove a device from a secure area, encrypt the data.
• Do not use mobile devices that cannot support encryption.
• Develop and enforce policies specifying the circumstances under which devices may be removed from the facility.
• Take extra care to prevent unauthorized viewing of the PHI displayed on a mobile device.
Maintain Good Computer Habits
• Uninstall any software application that is not essential to running the practice (e.g., games, instant message clients, photo-sharing tools).
• Do not simply accept defaults or “standard” confi gurations when installing software.
• Find out whether the EHR developer maintains an open connection to the installed software (a “back door”) in order to provide updates and support.
• Disable remote file sharing and remote printing within the operating system (e.g., Windows Operating System).
• Automate software updates to occur weekly (e.g., use Microsoft Windows Automatic Update).
• Monitor for critical and urgent patches and updates that require immediate attention and act on them as soon as possible.
314 · C H A P T E R 9 : P R I V A C Y A N D S E C U R I T Y
• Disable user accounts for former employees quickly and appropriately.
• If an employee is to be involuntarily terminated, close access to the account before the notice of termination is served.
• Prior to disposal, sanitize computers and any other devices that have had data stored on them.
• Archive old data files for storage if needed or clean them off the system if not needed, subject to applicable data retention requirements.
• Fully uninstall software that is no longer needed (including trial software and old versions of current software).
• Work with your IT team or other resources to perform malware, vulnerability, configuration, and other security audits on a regular basis.
Use a Firewall
• Unless your electronic health record (EHR) and other systems are totally disconnected from the Internet, you must install a fi rewall to protect against intrusions and threats from outside sources.
• Larger health care organizations that use a local area network (LAN) should consider a hardware fi rewall.
Install and Maintain Antivirus Software
• Use an antivirus product that provides continuously updated protection against viruses, malware, and other code that can attack your computers through web downloads, CDs, e-mail, and fl ash drives.
• Keep antivirus software up-to-date.
• Most antivirus software automatically generates reminders about these updates, and many are configurable to allow for automated updating.
Plan for the Unexpected
• Create data backups regularly and reliably.
• Begin backing up data from day one of a new system.
• Ensure the data are being captured correctly.
B E Y O N D H I P A A : C Y B E R S E C U R I T Y F O R T O D A Y ’ S W I R E D E N V I R O N M E N T · 315
• Ensure the data can be quickly and accurately restored.
• Use an automated backup system, if possible.
• Consider storing the backup far away from the main system.
• Protect backup media with the same type of access controls described in the next section.
• Test backup media regularly for their ability to restore data properly, especially as the backups age.
• Have a sound recovery plan. Know the following:
o What data was backed up (e.g., databases, pdfs, tiffs, docs)
o When the backups were done (time frame and frequency)
o Where the backups are stored
o What types of equipment are needed to restore them
• Keep the recovery plan securely at a remote location where someone has responsibility for producing it in the event of an emergency.
Control Access to PHI
• Configure your EHR system to grant PHI access only to people with a “need to know.”
o This access control system might be part of an operating system (e.g., Windows), built into a particular application (e.g., an e-prescribing module), or both.
• Manually set file access permissions using an access control list.
o This can only be done by someone with authorized rights to the system.
o Prior to setting these permissions, identify which files should be accessible to which staff members.
• Configure role-based access control as needed.
o In role-based access, a staff member’s role within the organization (e.g., physician, nurse, billing specialist, etc.) determines what information may be accessed.
• Assign staff members to the correct roles and then set the access permissions for each role correctly on a need-to-know basis.
The following case on access control provides additional examples of access control.
316 · C H A P T E R 9 : P R I V A C Y A N D S E C U R I T Y
Mary Smith is the director of the health information management department in a hospital. Under a user-based access control scheme, Mary would be allowed read-only access to the hospital’s laboratory information system because of her personal identity—that is, because she is Mary Smith and uses the proper log-in and password(s) to get into the system. Under a role-based control scheme, Mary would be allowed read-only access to the hospital’s lab system because she is part of the health information management department and all department employees have been granted read-only privileges for this system. If the hospital were to adopt a context-based control scheme, Mary might be allowed access to the lab system only from her own workstation or another workstation in the health information services department, pro- vided she used her proper log-in and password. If she attempted to log in from the emergency department or another administrative offi ce, she might be denied access. The context control could also involve time of day. Because Mary is a daytime employee, she might be denied access if she attempted to log in at night.
CASE STUDY
Access Control
Use Strong Passwords
• Choose a password that is not easily guessed. Following are some examples of strong password characteristics:
o At least eight characters in length (the longer the better)
o A combination of uppercase and lowercase letters, one number, and at least one special character, such as a punctuation mark
• Strong passwords should not include personal information:
o Birth date
o Names of self, family members, or pets
o Social Security number
o Anything that is on your social networking sites or could otherwise be discovered easily by others
• Use multifactor authentication for more security. Multifactor authentication combines multiple authentication methods, such as a password plus a fingerprint scan; this results in stronger security
B E Y O N D H I P A A : C Y B E R S E C U R I T Y F O R T O D A Y ’ S W I R E D E N V I R O N M E N T · 317
protections. If you e-prescribe controlled substances, you must use multifactor authentication for your accounts.
• Configure your systems so that passwords must be changed on a regular basis.
• To discourage staff members from writing down their passwords, develop a password reset process to provide quick assistance in case of forgotten passwords.
Limit Network Access
• Prohibit staff members from installing software without prior approval.
• When a wireless router is used, set it up to operate only in encrypted mode.
• Prohibit casual network access by visitors.
• Check to make sure file sharing, instant messaging, and other peer-to peer applications have not been installed without explicit review and approval.
Control Physical Access
• Limit the chances that devices (e.g., laptops, handhelds, desktops, servers, thumb drives, CDs, backup tapes) may be tampered with, lost, or stolen.
• Document and enforce policies limiting physical access to devices and information:
o Keep machines in locked rooms.
o Manage keys to facilities.
o Restrict removal of devices from a secure area.
National Institute of Standards and Technology (NIST) Cybersecurity Framework
Recognizing the severity of the rise in cybercrime, President Obama issued an executive order in February 2013 to “enhance the security and resilience of the Nation’s critical infrastructure” (Executive Order 13636). As a result the National Institute of Standards and Technology (NIST) was directed to develop, with help of stakeholder organizations, a voluntary cybersecurity
318 · C H A P T E R 9 : P R I V A C Y A N D S E C U R I T Y
Exhibit 9.2 Cybersecurity framework core
Source: NIST (2016).
S U M M A R Y · 319
framework to reduce cyber-attack risks. The resulting NIST cybersecurity framework consists of three components (NIST, n.d.):
1. The Framework Core consists of “fi ve concurrent and continuous Functions—Identify, Protect, Detect, Respond, Recover.” The functions provide “the highest level, strategic view of an organization’s management of cybersecurity risk” (NIST, n.d., p. 4). The functions are divided into categories and subcategories as shown in Exhibit 9.2.
2. The Framework Implementation Tiers characterize an organization’s actual cybersecurity practices compared to the framework, using a range of tiers from partial (Tier 1) to adaptive (Tier 4).
3. The Framework Profi le documents outcomes obtained by reviewing all of the categories and subcategories and comparing them to the organization’s business needs. Profiles can be identifi ed as “current,” documenting where the organization is now, or as “target,” where the organization would like to be in the future.
Since its initial publication in 2014, the HHS, OCR, and the ONC have cited the framework as an important tool for health care organizations to consider when developing a comprehensive security program. In 2016, OCR published a crosswalk that maps the HIPAA Security Rule to the NIST frame work, which can be found at HHS.gov/hipaa (US Department of Health and Human Services, n.d.a).
SUMMARY
In this chapter we gained insight into why health information privacy and security are key topics for health care administrators. In today’s ever- increasing electronic world with new and more virulent threats, the security of health information is an ongoing concern. In this chapter we exam ined and defined the concepts of privacy, confidentiality, and security and explored major legislative efforts, historical and current, to protect health care information, with a focus on the HIPAA Privacy, Security, and Breach Notification rules. Different types of threats, human, natural and environmental, intentional and unintentional, were identified, with a focus on the increase in cybercrime. Basic requirements for a strong health care organization security program were outlined and the chapter ended with a discussion of the cybersecurity challenges within the current health care environment.
320 · C H A P T E R 9 : P R I V A C Y A N D S E C U R I T Y
KEY TERMS
42 C.F.R. (Code of Federal Regulations) Part 2, Confi dentiality of Substance Abuse Patient Records
Access control Antivirus software Backups Business associate contracts Confi dentiality Cybercriminals Cybersecurity Electronic health record (EHR) Electronic protected health
information (ePHI) Federal Trade Commission (FTC) Act Firewall Hacker Health Insurance Portability and
Accountability Act (HIPAA) HIPAA Breach Notifi cation Rule HIPAA Privacy Rule HIPAA Security Administrative
Safeguards
LEARNING ACTIVITIES
HIPAA Security Physical Safeguards HIPAA Security Rule HIPAA Security Technical Safeguards Malware National Institute of Standards and
Technology (NIST) NIST Cybersecurity Framework Office for Civil Rights (OCR) Passwords Privacy Privacy Act of 1974 Protected health information (PHI) Ransomware Security Security management Spyware Threats Trojan Viruses Vulnerabilities Worms
1. Do an Internet search for a recent article discussing a signifi cant breach under the HIPAA Privacy and Security rules. Write a summary of the article. Discuss how the organization cited in the article could have prevented or mitigated the risk of the breach.
2. Contact a health care provider to talk with the person responsible for maintaining the legal health record. Ask about the organization’s release of information, retention, and destruction policies. Do they comply with the requirements of HIPAA? Explain why or why not.
3. Contact a physician’s offi ce or clinic and ask if the organization has a security plan. Discuss the process that staff members undertook to complete the plan, or develop an outline of a plan for them.
4. Visit the Offi ce for Civil Rights Enforcement Activities and Results website. Read at least fi ve case examples involving HIPAA security violations. What do these cases have in common? What are their
R E F E R E N C E S · 321
differences? Do all of the Security Rule violations you read also involve Privacy Rule violations? What were your impressions of the types of cases you read and their resolutions?
REFERENCES
American Health Information Management Association (AHIMA). (2003). Final Rule for HIPAA security standards. Chicago, IL: Author.
Bazzoli, F. (2016, Aug. 9). 12 largest fines levied for HIPAA violations. Health Data Management. Retrieved August 9, 2016, from http://www.healthdatamanagement .com/list/12-largest-fi nes-levied-for-hipaa-violations
Buchholz, A., Perry, B., Weiss, L. B., & Cooley, D. (2016). Smartphone use and per ceptions among medical students and practicing physicians. Journal of Mobile Technology in Medicine, 5(1), 27–32. doi:10.7309/jmtm.5.1.5
Centers for Medicare and Medicaid Services (CMS). (2004). HIPAA administrative simplification: Security—Final Rule. Retrieved November 2004 from http:// www.cms.hhs.gov/hipaa/hipaa2/regulations/security
Comodo. (2014, Aug. 4). Malware versus viruses: What’s the difference? Retrieved August 10, 2016, from https://antivirus.comodo.com/blog/computer-safety/ malware-vs-viruses-whats-difference/
Conn, J. (2016, Feb. 18). Hospital pays hackers $17,000 to unlock EHRs frozen in “ransomware” attack. Retrieved November 11, 2016, from http://www .modernhealthcare.com/article/20160217/NEWS/160219920
Coppersmith, Gordon, Schermer, & Brockelman, PLC. (2012). HITECH Act expands HIPAA privacy and security rules. Retrieved March 2012 from http://www .azhha.org/member_and_media_resources/documents/HITECHAct.pdf
DeSalvo, K. B., & Samuels, J. (2016, July 19). Examining oversight of the privacy & security of health data collected by entities not regulated by HIPAA. Health IT Buzz. Retrieved August 10, 2016, from https://www.healthit.gov/buzz-blog/ privacy-and-security-of-ehrs/examining-oversight-privacy-security-health-data collected-entities-not-regulated-hipaa/
Goedert, J. (2016, Aug. 8). Hack of Banner systems highlights the need for more fi re- walls. Retrieved August 10, 2016, from http://www.healthdatamanagement .com/news/hack-of-banner-systems-highlights-the-need-for-more-fi rewalls?utm_ medium=email
HHS.gov. (2015). $750,000 HIPAA settlement underscores the need for organization- wide risk analysis. Retrieved from http://www.hhs.gov/about/news/2015/12/14/ 750000-hipaa-settlement-underscores-need-for-organization-wide-risk-analysis.html
ESET. (n.d.). HIPAA security checklist [Brochure]. Retrieved August 8, 2016, from https://www.healthit.gov/sites/default/fi les/comments_upload/hipaa-security checklist.pdf
322 · C H A P T E R 9 : P R I V A C Y A N D S E C U R I T Y
Koch, D. D. (2016, Spring). Is HIPAA Security Rule enough to protect electronic personal health information (PHI) in the cyber age? Journal of Health Care Finance. Retrieved August 8, 2016, from http://www.healthfi nancejournal.com/ index.php/johcf/article/view/67
National Institute of Standards and Technology (NIST). (2016). Framework for improving critical infrastructure cybersecurity. Retrieved from http://www.nist .gov/cyberframework/upload/CSF-for-law-policy-symposium.pdf
National Institute of Standards and Technology (NIST). (n.d.). Cybersecurity frame work. Retrieved August 10, 2016, from http://www.nist.gov/cyberframework/
ONC. (2015). Guide to privacy and security of electronic health information. Retrieved from https://www.healthit.gov/sites/default/fi les/pdf/privacy/privacy and-security-guide.pdf
ONC. (n.d.). Top 10 tips for cybersecurity in health care [Brochure]. Retrieved August 8, 2016, from https://www.healthit.gov/sites/default/fi les/Top_10_Tips_ for_Cybersecurity.pdf
Siwicki, B. (2016, May 17). Cybersecurity special report: Ransomware will get worse, hackers targeting whales, medical devices and IoT trigger new vulnera bilities. Healthcare IT News. Retrieved August 10, 2016, from http://www .healthcareitnews.com/node/525131
Sullivan, T. (2016, Aug. 9). “DarkOverLord” ransomware accounts for nearly 30 percent of health data breaches in July. Healthcare IT News. Retrieved August 10, 2016, from http://www.healthcareitnews.com/news/darkoverlord ransomware-accounts-nearly-30-percent-health-data-breaches-july
Office for Civil Rights (OCR). (n.d.). HHS Breach Portal. Retrieved August 8, 2016, from https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
US Department of Health and Human Services. (2016, Sept. 30). Enforcement highlights. Retrieved August 8, 2016, from http://www.hhs.gov/hipaa/for professionals/compliance-enforcement/data/enforcement-highlights/index.html
US Department of Health and Human Services. (n.d.a). Addressing gaps in cyberse curity: OCR releases crosswalk between HIPAA Security Rule and NIST cyberse curity framework. Retrieved August 10, 2016, from http://www.hhs.gov/hipaa/ for-professionals/security/nist-security-hipaa-crosswalk/
US Department of Health and Human Services. (n.d.b). Breach Notifi cation Rule. Retrieved August 8, 2016, from http://www.hhs.gov/hipaa/for-professionals/ breach-notifi cation/index.html
US Department of Health and Human Services. (n.d.c). Guidance to render unse cured protected health information unusable, unreadable, or indecipherable to unauthorized individuals. Retrieved August 8, 2016, from http://www.hhs.gov/ hipaa/for-professionals/breach-notifi cation/guidance/index.html
What are the penalties for HIPAA violations? (2015, June 14). HIPAA Journal. Retrieved from http://www.hipaajournal.com/what-are-the-penalties-for-hipaa violations-7096/
CHAPTER 10
Performance Standards and Measures
LEARNING OBJECTIVES
• To be able to explain the signifi cant role of health information in national private and public quality improvement initiatives.
• To be able to compare and contrast licensure, certifi cation, and accreditation processes.
• To be able to discuss the role of the Joint Commission and the National Committee for Quality Assurance in ensuring the quality of care in the United States.
• To be able to understand performance measurement development in the United States.
• To be able to identify the roles of specifi c public and private organizations in the development and endorsement of national performance measures.
• To be able to understand the origins and uses of major health care comparative data sets.
323
324 · C H A P T E R 1 0 : P E R F O R M A N C E S T A N D A R D S A N D M E A S U R E S
This chapter examines public and private organizations and processes that establish standards for ensuring that health records are maintained accu rately and completely and that they contain the data and information needed to define and report a wide range of measures to determine the quality and efficiency of health care. These activities are very important and have a sig nifi cant influence on providers and HIT capabilities, significant enough for us to devote an entire chapter to them.
Health care organizations and health plans use data and information to measure performance against internal and external standards; to compare performance to other like organizations; to demonstrate performance to licensing, certifying, and accrediting bodies; and to demonstrate performance for reimbursement purposes. This chapter begins with an examination of the licensure, certifi cation, and accreditation of health care facilities and health plans, followed by an overview of key comparative data sets often used by health care organizations in benchmarking performance. The chapter concludes with a description of the national initiatives using performance measures to improve the quality and safety of health care, including those affecting provider reimbursement.
In the section titled “Licensure, Certification, and Accreditation,” we define these processes, list the accrediting organizations recognized by CMS, and examine the missions and general functions of the Joint Commission and the National Committee for Quality Assurance (NCQA). These discus sions focus on how the licensure, certification, and accreditation processes not only use health information to measure performance but also how they influence the health care information that is collected.
“Measuring the Quality of Care” begins with a historical perspective of major milestones in the national agenda for health care quality improvement, followed by a discussion of the current efforts to improve health care quality and patient safety, focusing on the efforts that involve using health care data and information to measure performance. Quality measures are created and validated by a range of organizations, private and public. However, in the recent years significant progress has been made in aligning these measures across organizations. Another significant movement related to quality mea surement in the United States is implementation of value-based reimbursement programs, which are based on established performance criteria. The govern ment plans for significant growth in these programs over the next decade.
LICENSURE, CERTIFICATION, AND ACCREDITATION
Health care organizations, such as hospitals, nursing homes, home health agencies, and the like, must be licensed to operate. If they wish to fi le
L I C E N S U R E , C E R T I F I C A T I O N , A N D A C C R E D I T A T I O N · 325
Medicare or Medicaid claims, they must also be certified, and if they wish to demonstrate quality performance, they will undergo an accreditation process. What are these processes, and how are they related? If a health care organi zation is licensed, certified, and accredited, how will this affect the health care information that it creates, uses, and maintains? In this section we will examine each of these processes, their impact on the health care organiza tions, and their relationships with one another.
Licensure
Licensure is the process that gives a facility legal approval to operate. As a rule, state governments oversee the licensure of health care facilities, and each state sets its own licensure laws and regulations. All facilities must have a license to operate, and it is generally the state department of health or a similar agency that carries out the licensure function. Licensure regulations tend to emphasize areas such as physical plant standards, fire safety, space allocations, and sanitation. They may also contain minimum standards for equipment and personnel. A few states tie licensure to professional standards and quality of care, but not all. In their licensure regulations, states gener ally set minimum standards for the content, retention, and authentication of patient medical records. Exhibit 10.1 is an excerpt from the South Carolina licensure regulations for hospitals. This excerpt governs patient medical record content (with the exception of newborn patient records, which are addressed in a separate section of the regulations). Although each state has its own set of medical record content standards, these are fairly typical in scope and content.
An initial license is required before a facility opens its doors, and this license to operate must generally be renewed annually. Some states allow organizations with the Joint Commission or other accreditation to forgo a formal licensure survey conducted by the state; others require the state survey regardless of accreditation status. As we will see in the section on accreditation, the accrediting bodies’ standards are more detailed and more stringent than the typical state licensure regulations. Also, most accreditation standards are updated annually; most licensure standards are not.
Certifi cation
Certification gives a health care organization the authority to participate in the federal Medicare and Medicaid programs. Legislation passed in
326 · C H A P T E R 1 0 : P E R F O R M A N C E S T A N D A R D S A N D M E A S U R E S
Exhibit 10.1 Medical Record Content: Excerpt from South Carolina Standards for Licensing Hospitals and Institutional General Infi rmaries
601.5 Contents: A. Adequate and complete medical records shall be written for all patients admitted to the hospital and newborns delivered in the hospital. All notes shall be legibly written or typed and signed. Although use of ini tials in lieu of licensed nurses’ signatures is not encouraged, initials will be accepted provided such initials can be readily identified within the medical record. A minimum medical record shall include the following information:
1. Admission Record: An admission record must be prepared for each patient and must contain the following information, when obtainable: Name; address, including county; occupation; age; date of birth; sex; marital status; religion; county of birth; father’s name; mother’s maiden name; husband’s or wife’s name; dates of military service; health insur ance number; provisional diagnosis; case number; days of care; social security number; the name of the person providing information; name, address and telephone number of person or persons to be notified in the event of emergency; name and address of referring physician; name, address and telephone number of attending physician; date and hour of admission;
2. History and physical within 48 hours after admission;
3. Provisional or working diagnosis;
4. Pre-operative diagnosis;
1972 mandated that hospitals had to be reviewed and certified to receive reimbursement from Medicare and Medicaid programs (CMS, n.d.a). At that time the Health Care Financing Administration, now the Centers for Medicare and Medicaid Services (CMS), developed a set of minimum standards known as the conditions of participation (CoPs). CMS con tracts with state agencies to inspect facilities to make sure they meet these minimum standards, organized by facility functions and services. See Exhibit 10.2 for the CoP standards section governing medical record content.
L I C E N S U R E , C E R T I F I C A T I O N , A N D A C C R E D I T A T I O N · 327
5. Medical treatment;
6. Complete surgical record, if any, including technique of operation and findings, statement of tissue and organs removed and post-operative diagnosis;
7. Report of anesthesia;
8. Nurses’ notes;
9. Progress notes;
10. Gross pathological findings and microscopic;
11. Temperature chart, including pulse and respiration;
12. Medication Administration Record or similar document for recording of medications, treatments and other pertinent data. Nurses shall sign this record after each medication administered or treatment rendered;
13. Final diagnosis and discharge summary;
14. Date and hour of discharge summary;
15. In case of death, cause and autopsy findings, if autopsy is performed;
16. Special examinations, if any, e.g., consultations, clinical laboratory, x-ray and other examinations.
Source: South Carolina Department of Health and Environmental Control, Stan dards for Licensing Hospitals and Institutional General Infi rmaries, Regulation 61–16 § 601.5 (2010).
Accreditation
Accreditation is an external review process that an organization elects to undergo; it is voluntary and has fees associated with it. The accrediting agency grants recognition to organizations that meet its predetermined per formance standards. The review process and standards are devised and regu lated by the accrediting agency. By far the best-known health care accrediting agency in the United States is the Joint Commission, but there are others. The National Committee for Quality Assurance (NCQA) is a leading accrediting agency for health plans.
328 · C H A P T E R 1 0 : P E R F O R M A N C E S T A N D A R D S A N D M E A S U R E S
Exhibit 10.2 Medical Record Content: Excerpt from the Conditions of Participation for Hospitals
Sec. 482.24 Condition of participation: Medical record services.
(c) Standard: Content of record. The medical record must contain information to justify admission and continued hospitalization, support the diagnosis, and describe the patient’s progress and response to medications and services.
(1) All entries must be legible and complete, and must be authen ticated and dated promptly by the person (identified by name and discipline) who is responsible for ordering, providing, or evaluating the service furnished.
(i) The author of each entry must be identified and must authenti cate his or her entry.
(ii) Authentication may include signatures, written initials or com puter entry.
(2) All records must document the following, as appropriate:
(i) Evidence of a physical examination, including a health history, performed no more than 7 days prior to admission or within 48 hours after admission.
(ii) Admitting diagnosis.
(iii) Results of all consultative evaluations of the patient and appro priate findings by clinical and other staff involved in the care of the patient.
(iv) Documentation of complications, hospital acquired infections, and unfavorable reactions to drugs and anesthesia.
(v) Properly executed informed consent forms for procedures and treatments specifi ed by the medical staff, or by Federal or State law if applicable, to require written patient consent.
(vi) All practitioners’ orders, nursing notes, reports of treatment, med ication records, radiology, and laboratory reports, and vital signs and other information necessary to monitor the patient’s condition.
(vii) Discharge summary with outcome of hospitalization, disposi tion of case, and provisions for follow-up care.
(viii) Final diagnosis with completion of medical records within 30 days following discharge.
Source: Conditions of Participation: Medical Record Services, 42 C.F.R. §§ 482.24c et seq. (2007).
L I C E N S U R E , C E R T I F I C A T I O N , A N D A C C R E D I T A T I O N · 329
Although accreditation is voluntary, there are financial and legal incen tives for health care organizations to seek accreditation. In order to elimi nate duplicative processes, Section 1865 of the Social Security Act “permits providers and suppliers ‘accredited’ by an approved national accreditation organization (AO) to be exempt from routine surveys by State survey agen cies to determine compliance with Medicare conditions” (CMS, 2015). This is often referred to as deemed status. Table 10.1 lists the 2015 approved AOs with corresponding program types and websites.
Table 10.1 2015 approved CMS accrediting organizations
Accrediting Organization Program Types Website
Accreditation Association for Ambulatory Health Care (AAAHC)
Accreditation Commission for Health Care, Inc. (ACHC)
American Association for Accreditation of Ambulatory Surgery Facilities (AAAASF)
American Osteopathic Association/Healthcare Facilities Accreditation Program (HFAP)
Center for Improvement in Healthcare Quality (CIHQ)
Community Health Accreditation Program (CHAP)
DNV GL—Healthcare (DNV GL)
The Compliance Team (TCT)
The Joint Commission (TJC)
ASC (ambulatory surgery center)
HHA (home health agency) Hospice
ASC OPT (outpatient physical therapy) RHC (rural health clinics)
ASC CAH (critical access hospital) Hospital
Hospital
HHA Hospice
CAH Hospital
RHC
ASC CAH HHA Hospice Hospital Psychiatric hospital
www.aaahc.org
www.achc.org
www.aaaasf.org
www.hfap.org
www.cihq.org
www.chapinc.org
www.dnvglhealthcare.com
www.thecomplianceteam.org
www.jointcommission.org
330 · C H A P T E R 1 0 : P E R F O R M A N C E S T A N D A R D S A N D M E A S U R E S
Similar to CMS, many states also recognize accreditation in lieu of their own licensure surveys. Other benefits for an organization are that accreditation
• May be required for reimbursement from payers (including CMS)
• Validates the quality of care within the organization
• May favorably infl uence liability insurance premiums
• May enhance access to managed care contracts
• Gives the organization a competitive edge over nonaccredited organizations
The Joint Commission
The Joint Commission’s stated mission is “to continuously improve health care for the public, in collaboration with other stakeholders, by evaluating health care organizations and inspiring them to excel in providing safe and effec tive care of the highest quality and value” (The Joint Commission, n.d.). The Joint Commission on Accreditation of Hospitals (as the Joint Commission was first called) was formed as an independent, not-for-profi t organization in 1951, as a joint effort of the American College of Surgeons, American College of Physicians, American Medical Association, and American Hospital Association. The Joint Commission has grown and evolved to set standards for and accredit nearly twenty-one thousand health care orga nizations and programs in the United States. In addition to hospitals, the Joint Commission has accreditation programs for health care organizations that offer ambulatory care, behavioral health care, home care, long-term care, and office-based surgery. They also provide an accreditation program for organizations that offer laboratory services (The Joint Commission, 2016, n.d.).
In order to maintain accreditation, a health care organization must undergo an on-site survey by a Joint Commission survey team every three years. Laboratories must be surveyed every two years. This survey is con ducted to ensure that the organization continues to meet the established standards. The standards themselves are the result of an ongoing, dynamic process that incorporates the experience and perspectives of health care professionals and others throughout the country. New standards manuals are published annually and health care organizations are responsible for knowing and incorporating any changes as they occur.
Categories of accreditation (The Joint Commission, 2016) that an organi zation can achieve are the following:
L I C E N S U R E , C E R T I F I C A T I O N , A N D A C C R E D I T A T I O N · 331
• Preliminary accreditation: for organizations that demonstrate compliance with selected standards under the Early Survey Policy, which allows organizations to undergo a survey prior to having the ability to demonstrate full compliance. Organizations that receive preliminary accreditation will be required to undergo a second on-site survey.
• Accreditation: for organizations that demonstrate compliance with all standards.
• Accreditation with follow-up survey: for organizations that are not in compliance with specifi c standards and require a follow-up survey within thirty days to six months.
• Contingent accreditation: for organizations that fail to address all requirements in an accreditation with follow-up survey decision or for organizations that do not have the proper license or other similar issue at the time of the initial survey. A follow-up survey is generally required within thirty days.
• Preliminary denial of accreditation: for organizations for which there is justifi cation for denying accreditation. This decision is subject to appeal.
• Denial of accreditation: for organizations that fail to meet standards and that have exhausted all appeals.
The Joint Commission focus on quality of care provided in health care facilities dates back to the early 1900s, when the American College of Sur geons began surveying hospitals and established a hospital standardization program. With the program came the question, how is quality of care mea sured? One of the early concerns of the standardization program was the lack of documentation in patient records. The early surveyors found that documentation was so poor that they had no way to judge the quality of care provided. The Joint Commission’s emphasis on health care information and the documentation of care has continued to the present. Not only do the Joint Commission reporting requirements rely heavily on patient information but also the current survey process uses “tracer methodology,” through which the surveyors analyze the organization’s systems by tracing the care provided to individual patients. Patient records provide the road maps for the tracer methodology. The absence of quality health records would have a direct impact on the accreditation process. The following sections discuss Joint Commission standards that directly influence the creation, maintenance, and use of health care information. These sections further illustrate how the overall accreditation process relies on the availability of high-quality health care information (The Joint Commission, 2016).
332 · C H A P T E R 1 0 : P E R F O R M A N C E S T A N D A R D S A N D M E A S U R E S
The Joint Commission Record of Care (RC), Treatment, and Services Standards
The Joint Commission Record of Care (RC), Treatment, and Services standards provide information about the requirements for the content of a complete health record, regardless of its format. The RC standards for an ambulatory care program dictate that the organization will do the following:
• Maintain complete and accurate clinical record.
• Ensure clinical record entries are authenticated appropriately by authorized persons.
• Ensure documentation in clinical records is timely.
• Audit their clinical records.
• Retain their clinical records according to relevant laws and regulations.
• Ensure clinical records contain specifi c information that refl ects the patient’s care, treatment, or services.
• Ensure clinical records accurately refl ect operative and high-risk procedures and use of sedation and anesthesia.
• Ensure documentation of proper use of restraints and seclusion.
• Ensure ambulatory care records contain a summary list.
• Ensure qualifi ed staff members receive and record verbal orders. (The Joint Commission, 2014b)
Each RC standard has specific elements that must be addressed. For more information, refer to the most recent edition of the appropriate Comprehensive Accreditation Manual. All Joint Commission–accredited organizations have access to the complete manual.
The Joint Commission Information Management Standards
The Joint Commission Information Management (IM) standards refl ect the Joint Commission’s belief that quality information management infl uences quality care. In the overview of the IM standards, the Joint Commission states, “Every episode of care generates health information that must be managed systematically” (emphasis is the authors’). Information is a resource that must be managed similar to any other resource within the organization.
L I C E N S U R E , C E R T I F I C A T I O N , A N D A C C R E D I T A T I O N · 333
Whether the information management systems employed by the organization are basic or sophisticated, the functions should include features that allow for the following:
• Categorizing, filing, and maintaining all data and information used by the organization
• Accurately capturing health information generated by delivery of care, treatment, and services
• Accessing information by those authorized users who need the information to provide safe, quality care (The Joint Commission, 2014a)
The IM standards apply to noncomputerized systems and systems employ ing the latest technologies. The first standard within the IM chapter focuses on information planning. The organization’s plan for IM should consider the full spectrum of data generated and used by the organization as well as the flow of information within and to and from external organizations. Identi fying and understanding the flow of information is critical to meeting the organization’s needs for data collection and distribution while maintaining the appropriate level of security (The Joint Commission, 2014a). The remain ing IM standards address the requirements for health care organizations:
• Provide continuity of the information management process, including managing system interruptions and maintaining backup systems.
• Ensure the privacy, security, and integrity of health information.
• Manage data collection, including use of standardized data sets and terminology and limiting the use of abbreviations.
• Manage health information retrieval, dissemination, and transmission.
• Provide knowledge-based information resources twenty-four hours a day, seven days a week.
• Ensure the accuracy of the health information. (The Joint Commission, 2011, 2014a)
National Committee for Quality Assurance
The National Committee for Quality Assurance (NCQA) is the leading accred iting body for health plans, including health maintenance organizations (HMOs), Preferred Provider Organizations (PPOs), and Point of Service (POS)
334 · C H A P T E R 1 0 : P E R F O R M A N C E S T A N D A R D S A N D M E A S U R E S
plans in the United States. In addition, the NCQA also accredits the following programs:
• Disease management
• Case management
• Wellness and health promotion
• Accountable care organizations
• Wellness and health promotion
• Managed behavioral health care organizations (NCQA, n.d.a)
The full list of NCQA accreditation requirements are published on its website at www.ncqa.org. The 2015 Health Plan Accreditation Program requirements include specific criteria divided into the following sections:
• Quality management and improvement (QI)
• Utilization management (UM)
• Credentialing and recredentialing (CR)
• Members’ rights and responsibilities (RR)
• Member connections (MEM)
• Medicaid benefi ts and services (MED)
• Health Effectiveness Data and Information Set (HEDIS) performance measures (see the “Measuring the Quality of Care” section for more information about HEDIS) (NCQA, 2015).
MEASURING THE QUALITY OF CARE
Two landmark Institute of Medicine (IOM) reports, To Err Is Human: Build ing a Safer Health System, published in 2000 (Kohn, Corrigan, & Donaldson), and Crossing the Quality Chasm: A New Health System for the 21st Century, published in 2001, are often cited as marking the beginning of the modern era of national health care quality and patient safety initiatives. The two reports led to increased awareness of the severity of patient safety and quality issues and helped frame the national landscape of improvement efforts. To Err Is Human estimated that as many as ninety-eight thousand people died in hospitals each year as a result of preventable medical errors. The report found that most errors could be traced to poor processes and systems and recommended development and implementation of improved perfor mance standards, including those associated with licensure, certifi cation, and
M E A S U R I N G T H E Q U A L I T Y O F C A R E · 335
accreditation. Crossing the Quality Chasm specifically outlined six aims for establishing quality health care, stating that health care in the United States should be (CMSS, 2014; Kohn, Corrigan, & Donaldson, 2000; IOM, 2001):
1. Safe
2. Effective
3. Patient-centered
4. Timely
5. Effi cient
6. Equitable
One of the challenges to meeting these aims was determining how to mea sure success in each area. What are the standards and performance measures associated with these important aims?
Types of Measures
Whether at the local organizational level or at a national level, quality improvement requires the identification of standards that define quality care and measurement of performance to determine whether or not the identifi ed standards are met. Quality measures are used across the full continuum of care, from individual physicians to health plans. As we will examine in this chapter, there are literally hundreds of different health care quality measures in use today. These existing quality measures can generally be categorized into four types: structure, process, outcome, and patient experience. Table 10.2 summarizes the types of measures, descriptions, and examples of each.
Data Sources for Measures
Whether quality measures are applied by an individual physician or by a federal agency, they rely on valid and reliable data. A few of the common sources of health care data used in performance measurement are listed in the following sections.
Administrative Data
Administrative data submitted to private and government payers have the advantage of being easy to obtain. Private and public payers have very large claims databases.
336 · C H A P T E R 1 0 : P E R F O R M A N C E S T A N D A R D S A N D M E A S U R E S
Table 10.2 Major types of quality measures
Type Description Example
Structure Assesses the characteristics of a care setting, including facilities, personnel, and policies related to care delivery
Process Determines if the services provided to patients are consistent with routine clinical care
Outcome Evaluates patient health as a result of the care received
Patient Experience
Provides feedback on patients’ experiences of care
Does an intensive care unit (ICU) have a critical care specialist on staff at all times?
Does a doctor ensure that his or her patients receive recommended cancer screenings?
What is the survival rate for patients who experience a heart attack?
Do patients report that their provider explains their treatment options in ways that are easy to understand?
Source: Morris (2014).
Disease Registries
Public health agencies, including state and federal agencies collect data on patients with specific conditions. These disease registries often go beyond administrative claims data.
Health Records
The EHR is recognized as a rich source of detailed patient information. However, the full potential of the EHR as an easy-to-use source of reliable data has not been reached. More work on standardization and tools for data extraction is needed. Data extraction from paper records is labor intensive and, therefore, expensive to implement. As you have seen in previous chapters, Meaningful Use criteria address the need for EHR data extraction and sharing.
Qualitative Data
Qualitative data from patient surveys or interviews are often used for patient experience measures (Morris, 2014).
Measurement Development
Regardless of the data source, the resulting measures must not only be reli able and valid but also feasible to collect (CMSS, 2015). There are dozens
M E A S U R I N G T H E Q U A L I T Y O F C A R E · 337
of public and private organizations that develop health care–related perfor mance measures. The following paragraphs identify a few of the key players and their respective role in the development of recognized measures.
The NCQA is responsible for the HEDIS measures, one of the oldest and most widely used sets of health care performance measures in the United States. More than 90 percent of health plans in the United States collect and report HEDIS data. HEDIS data is not only used for accreditation of health plans but also for the basis of health plan comparison and quality improvement.
The Joint Commission also has a long history of developing and using performance measures as a component of accreditation. In 1987, the Joint Commission revamped its accreditation process with the goal of incorpo rating standardized performance measures. This initiative led to the devel opment of ORYX program. The current ORYX program is closely aligned with CMS quality initiatives, using many of the same measures. Hospitals seeking Joint Commission Accreditation in 2016 were required to report on six of nine sets of chart (paper)-abstracted clinical quality measures (CQMs) or six of eight electronic clinical quality measures (eCQMs) (The Joint Commission, 2015b).
CQMs are identified and updated by CMS each year. Selected CQMs are used in the EHR Incentive Programs for eligible professionals and other CMS quality initiatives (discussed following in this chapter). The CMS does not develop all of the CQMs but rather relies on private organizations, such as NCQA, the Joint Commission, the American Medical Association Physician Consortium for Performance Improvement (AMA-PCPI), and a host of other health care societies, collaboratives, and alliances, as well as government agencies, such as AHRQ, Centers for Disease Control and Pre vention (CDC), and Health Resources and Services Administration (HRSA) for most of them. Table 10.3 is an excerpt from the CQMs for the 2014 EHR Incentive Programs. Note that each measure is defined by a unique identifi er, National Quality Forum (NQF) number, a measure description, numera tor and denominator statements, measure steward, and Physicians Quality Reporting System (PQRS) number. Note: The PQRS role in quality improve ment and performance measurement is discussed in more detail following in this chapter.
The NQF is a nonprofit, member organization whose mission is “to lead national collaboration to improve health and healthcare quality through mea surement” (NQF, n.d.). It was created in 1999 and includes board members from private and public sectors, including providers, purchasers, and repre sentatives from AHRQ, CDC, CMS, and HRSA. The NQF maintains a large, searchable database of performance measures. Measures can be searched on
Table 10.3 Excerpt of CQMs for 2014 EHR Incentive Programs
CMS eMeasure NQF Measure Title and Measure Numerator Denominator Measure ID No. NQS Domain Description Statement Statement Steward PQRS No.
CMS69v5 0421 Preventive Care and Screening: Body Mass Index (BMI) Screening and Follow-Up Plan
Domain: Population/Public Health
CMS132v5 0564 Cataracts:
Complications within Thirty Days Following Cataract Surgery Requiring Additional Surgical Procedures
Percentage of patients aged eighteen years and older with a BMI documented during the current encounter or during the previous six months AND with a BMI outside of normal parameters, a follow-up plan is documented during the encounter or during the previous six months of the current encounter
Normal Parameters:
Age eighteen years and older BMI = > 18.5 and < 25 kg/m2
Percentage of patients aged eighteen years and older with a diagnosis of uncomplicated cataract who had cataract surgery and had any of a specifi ed list of surgical procedures in the thirty days following cataract surgery which would indicate the
Patients with a documented BMI during the encounter or during the previous six months, AND when the BMI is outside of normal parameters, a follow-up plan is documented during the encounter or during the previous six months of the current encounter
Patients who had one or more specifi ed operative procedures for any of the following major complications within thirty days following cataract
All patients eighteen and older on the date of the encounter with at least one eligible encounter during the measurement period
All patients aged eighteen years and older who had cataract surgery and no signifi cant
Centers for 128 Medicare
GPRO & Medicaid Services PREV-9
PCPI(R) 192
Foundation
(PCPI[R])
Domain: Patient Safety
CMS133v5 0565 Cataracts: 20/40 or Better Visual Acuity within Ninety Days Following Cataract Surgery
Domain: Clinical Process/ Effectiveness
CMS158v5 N/A Pregnant Women That Had HBsAg Testing
Domain: Clinical Process/ Effectiveness
occurrence of any of the following major complications: retained nuclear fragments, endophthalmitis, dislocated or wrong power IOL, retinal detachment, or wound dehiscence
Percentage of patients aged eighteen years and older with a diagnosis of uncomplicated cataract who had cataract surgery and no signifi cant ocular conditions impacting the visual outcome of surgery and had best-corrected visual acuity of 20/40 or better (distance or near) achieved within 90 days following the cataract surgery
This measure identifi es pregnant women who had a HBsAg (hepatitis B) test during their pregnancy
surgery: retained nuclear fragments, endophthalmitis, dislocated or wrong power IOL, retinal detachment, or wound dehiscence
Patients who had best-corrected visual acuity of 20/40 or better (distance or near) achieved within ninety days following cataract surgery
Patients who were tested for hepatitis B surface antigen (HBsAg) during pregnancy within 280 days prior to delivery
ocular conditions impacting the surgical complication rate
All patients PCPI(R) 191 aged eighteen
Foundation years and
(PCPI[R]) older who had cataract surgery
All female Optum 369 patients aged twelve and older who had a live birth or delivery during the measurement period
(Continued)
Table 10.3 (Continued)
CMS eMeasure NQF Measure Title and Measure Numerator Denominator Measure ID No. NQS Domain Description Statement Statement Steward PQRS No.
CMS159v5 0710 Depression Remission at Twelve Months
Domain: Clinical Process/ Effectiveness
Patients age eighteen and older with major depression or dysthymia and an initial Patient Health Questionnaire (PHQ-9) score greater than nine who demonstrate remission at twelve months (+/- 30 days after an index visit) defi ned as a PHQ-9 score less than fi ve. This measure applies to both patients with newly diagnoses and existing depression whose current PHQ-9 score indicates a need for treatment.
Patients who achieved remission at twelve months as demonstrated by a twelve month (+/- 30 days grace period) PHQ-9 score of less than fi ve
Patients age eighteen and older with a diagnosis of major depression or dysthymia and an initial PHQ-9 score greater than nine during the index visit
MN 370 Community
GPRO Measurement
MH-1
Source: CMS (n.d.f).
M E A S U R I N G T H E Q U A L I T Y O F C A R E · 341
the NQF website (www.qualityforum.org) by any combination of the follow ing dimensions:
• Endorsement Status (e.g. Endorsed, Not Endorsed)
• Measure Status (Time Limited, Reserved)
• Measure Format (eMeasure, Measure)
• Measure Steward (e.g., NCQA, CMS, The Joint Commission)
• Use in Federal Program (e.g., Meaningful Use, Medicare Shared Savings Program)
• Clinical Condition/Topic Area (e.g., Cancer, Infectious Disease)
• Cross-Cutting Area (e.g., Overuse, Safety, Disparities)
• Care Setting (e.g., Ambulatory Care, Home Health, Hospital)
• National Quality Strategy Priorities (e.g., Affordable Care, Patient Safety)
• Actual/Planned Use (e.g., Public Reporting, Payment Program)
• Data Source (e.g., Administrative Data, Electronic Clinical Data, Healthcare Provider Survey)
• Level of Analysis (e.g., Clinician, Facility, Health Plan)
• Target Population (Children’s Health)
Figure 10.1 is a screenshot from the NQF website showing a few of the thousand-plus measures in the database that are classified as Home Health.
Figure 10.1 Screenshot from NQF
Source: National Quality Forum (2016). Copyright ©2016 National Quality Forum. Used with permission.
342 · C H A P T E R 1 0 : P E R F O R M A N C E S T A N D A R D S A N D M E A S U R E S
Comparative Health Care Data Sets
Comparative health care data sets and information are often aligned with organizations’ quality improvement efforts. An organization might collect data on one or more of the specific performance measures, such as those previously identified, and then use this information to compare its perfor mance to other similar organizations or state average results, for example. The process of comparing one or more performance measures against a stan dard is called benchmarking. Benchmarking may be limited to internally set standards; however, frequently it employs one or more externally generated benchmark or standard.
Providers may select from many publicly and privately available health care data sets for benchmarking purposes. Many of the organizations iden tified in the previous section not only develop standards but also provide searchable websites that enable consumers and providers to compare results of their measures across multiple organizations. Although each comparative data set is unique, they can be loosely categorized by purpose: patient satis faction, practice patterns, or clinical data. The following paragraphs identify some of the more well-known and frequently used comparative data sets and list their associated searchable website when applicable.
Patient Satisfaction Data Sets
Patient satisfaction data generally come from survey data. Several private organizations, such as NRC+Picker, Press Ganey, and the health care division of Gallup, provide extensive consulting services to health care organizations across the country. One of these services is to conduct patient satisfac tion surveys. Some health care organizations undertake patient satisfaction surveys on their own. The advantage of using a national organization is the comparative database it offers, which organizations can use for benchmark ing purposes.
Some of the most widely used groups of patient experience surveys in the public arena were developed under the Agency for Healthcare Research and Quality (AHRQ) Consumer Assessment of Healthcare Providers and Systems (CAHPS) program. CAHPS originated in 1995 to assess participants’ perspectives on their health plans. Since that time the program has evolved to include the following surveys:
• Health Plan
• Clinician & Group
• Hospital
M E A S U R I N G T H E Q U A L I T Y O F C A R E · 343
• Home Health Care
• In-Center Hemodialysis
• Nursing Home
• Surgical Care
• American Indian
• Dental Plan
• Experience of Care and Health Outcomes (for mental health and substance abuse services)
CAHPS surveys are available to any organization. Federal agencies, such as CMS, use the CAHPS survey results, but the results are also used by health systems, physician practices, hospitals, and other health care provid ers in their quality improvement efforts (AHRQ, 2016). The Hospital CAHPS (HCAHPS) results are available to consumers as a part of CMS Hospital Compare (discussed under “Clinical Data Sets”) and from the AHRQ website. Information about the CAHPS comparative data and access to the database and chart books is located at http://www.ahrq.gov/cahps/cahps-database/ comparative-data/index.html (AHRQ, 2016).
Practice Patterns Data Set
The Dartmouth Atlas is a widely used, interactive, online tool that enables health care organizations to compare data across a wide variety of parame ters. The project is a privately funded program through the Dartmouth Insti tute for Health Policy and Clinical Practice, which primarily uses Medicare data to document variations in the use of medical resources across the United States. To access the Dartmouth Atlas, go to http://www.dartmouthatlas.org (The Dartmouth Institute, n.d.).
Clinical Data Sets
The Joint Commission and CMS are committed to the improvement of clinical outcomes, and as a part of that commitment they provide consumers with comparative data that encompasses clinical measures. The Joint Commis sion’s Quality Check has evolved since its introduction in 1994 to become a comprehensive guide to health care organizations in the United States. Visitors to www.Qualitycheck.org can search for health care organizations by a variety of parameters, identify accreditation status, and compare hospital performance measures in terms of the Joint Commission’s (2015a) National
344 · C H A P T E R 1 0 : P E R F O R M A N C E S T A N D A R D S A N D M E A S U R E S
Patient Safety Goals. The 2016 National Patient Safety Goals for Hospitals describes sixteen specific goals, including these:
• Identifying patients correctly
• Improving staff member communication
• Using medicines safely
• Using alarms safely
• Preventing infection
• Identifying patient safety risks
• Preventing mistakes in surgery (The Joint Commission, 2016)
Hospital Compare is the CMS-sponsored interactive, online comparative data set. Located at www.medicare.gov/hospitalcompare, this data set con tains information about the quality of care at over four thousand Medicare- certified hospitals. The interactive tool enables consumers to compare clinical and patient satisfaction data. The purpose of the tool is to promote informed decision making by consumers of hospital care and to encourage hospitals to improve the quality of care they provide (CMS, n.d.b). In addition to Hospital Compare, CMS sponsors public reporting of other health care organizations, such as nursing homes, home health agencies, and kidney dialysis facilities (CMS, n.d.d).
Comparative Data for Health Plans
In addition to data sets used by providers, the NCQA website enables consum ers to have access to comparative data for health plans through a variety of report cards. The majority of the comparative data is derived from HEDIS and CAHPS. NCQA health care report cards are found at http://reportcard.ncqa. org. NCQA also offers a subscription service for a more detailed interactive tool, Quality Compass (NCQA, n.d.b, n.d.c).
FEDERAL QUALITY IMPROVEMENT INITIATIVES
As stated at the beginning of the chapter, the publication of the IOM reports addressing serious quality concerns marked a new era of government ini tiatives to improve the quality of patient care. Multiple new programs were established and new efforts to link Medicare and Medicaid reimbursement to quality care were undertaken. In this section we will examine the Patient Safety Act, the National Quality Strategy, and a selection of related government
F E D E R A L Q U A L I T Y I M P R O V E M E N T I N I T I A T I V E S · 345
programs aimed at improving the quality of health care through performance measurement including the related aspects of the Medicare Access & CHIP Reauthorization Act of 2015 (MACRA).
The Patient Safety Act
The IOM To Err Is Human: Building a Safer Health System (Kohn, Corrigan, & Donaldson, 2000) outlined serious concerns about and the need to improve the safety and quality of health care in the United States. Despite the ongoing efforts by voluntary accrediting bodies to ensure high-quality care, this report identified a critical need for reporting and analyzing individual facility and aggregate data related to adverse events. To address the need to capture information to improve health care quality and prevent harm to patients, the Patient Safety and Quality Improvement Act of 2005 (Patient Safety Act) was passed by Congress “to promote shared learning to enhance quality and safety nationally.” To implement the act, the Department of Health and Human Services issued the Patient Safety Rule (effective January 2009), which authorized the identifi cation of Patient Safety Organizations (PSOs). As of August 2016, there were eighty-two PSOs in twenty-eight states. PSOs are responsible for the collection and analysis of health information that is referred to in the Final Rule as patient safety work product (PSWP). The PSWP contains identifiable patient information that is covered by specifi c privilege and confidentiality protections (AHRQ, n.d.a).
The types of patient safety events that are reported under these protec tions include the following:
• Incidents: patient safety events that reached the patient, whether or not there was harm involved
• Near misses (or close calls): patient safety events that did not reach the patient
• Unsafe conditions: circumstances that increase the probability of a patient safety event occurring
To facilitate these activities, AHRQ has created Common Formats, which are “common definitions and reporting formats to help providers uniformly report patient safety events” (AHRQ, n.d.b).
National Quality Strategy
The requirement for a National Strategy for Quality Improvement in Health Care (National Quality Strategy) was established by the Affordable Care Act
346 · C H A P T E R 1 0 : P E R F O R M A N C E S T A N D A R D S A N D M E A S U R E S
and subsequently published in 2011. More than three hundred groups and individuals representing all aspects of the health care industry and public provided input. It has subsequently been updated on an annual basis, but the three broad aims and six priorities have remained consistent. The three broad aims used to “guide and assess national efforts to improve health and the quality of health care” (AHRQ, 2011) are as follows:
1. Better care: Improve the overall quality by making health care more patient-centered, reliable, accessible, and safe.
2. Healthy people/healthy communities: Improve the health of the US population by supporting proven interventions to address behavioral, social, and environmental determinants of health in addition to delivering higher-quality care.
3. Affordable care: Reduce the cost of quality health care for individuals, families, employers, and government
To achieve these aims, the National Quality Strategy identifies the fol lowing six priorities:
1. Making care safer by reducing harm caused in the delivery of care
2. Ensuring that each person and family are engaged as partners in their care
3. Promoting effective communication and coordination of care
4. Promoting the most effective prevention and treatment practices for the leading causes of mortality, starting with cardiovascular disease
5. Working with communities to promote wide use of best practices to enable healthy living
6. Making quality care more affordable for individuals, families, employers, and governments by developing and spreading new health care delivery models
The strategy goes further by recommending that all sectors of the health care system (individuals, families, payers, providers, employers, and com munities) employ one or more of the following “levers” to “align” with the National Quality Strategy (NQS)(AHRQ, 2011):
• Measurement and feedback: Provide performance feedback to plans and providers to improve care.
• Public reporting: Compare treatment results, costs, and patient experience for consumers.
F E D E R A L Q U A L I T Y I M P R O V E M E N T I N I T I A T I V E S · 347
• Learning and technical assistance: Foster learning environments that offer training, resources, tools, and guidance to help organizations achieve quality improvement goals.
• Certification, accreditation, and regulation: Adopt or adhere to approaches to meet safety and quality standards.
• Consumer incentives and benefi t designs: Help consumers adopt healthy behaviors and make informed decisions.
• Payment: Reward and incentivize providers to deliver high-quality, patient-centered care.
• Health information technology: Improve communication, transparency, and effi ciency for better coordinated health and health care.
• Innovation and diffusion: Foster innovation in health care quality improvement, and facilitate rapid adoption within and across organizations and communities.
• Workforce development: Invest in people to prepare the next generation of health care professionals and support lifelong learning for providers.
CMS Quality Programs
The Centers for Medicare and Medicaid (CMS) released its specifi c Quality Strategy in 2016, which is based on the NQS. Adhering to the same broad aims in the NQS, CMS developed a strategy to improve health care delivery by the following means:
• Using incentives to improve care
• Tying payment to value through new payment models
• Changing how care is given through
o Better teamwork
o Better coordination across health care settings
o More attention to population health
o Putting the power of health care information to work (CMS, 2016)
Since 2001, CMS has engaged in a variety of Quality Initiatives, including initiatives that result in public reporting of performance measures as previ ously discussed. The Physician Quality Reporting System (PQRS) encourages individual “eligible professionals” (EPs) (e.g., physicians) and group practices
348 · C H A P T E R 1 0 : P E R F O R M A N C E S T A N D A R D S A N D M E A S U R E S
to assess and report the quality of care provided to their patients. EPs and group practices that do not report on quality measures as outlined for Medi care Part B covered services risk a negative payment adjustment. There are several mechanisms for reporting PQRS data, including EHRs (CMS, n.d.g).
Using PQRS reporting to determine reimbursement for Medicare Part B is one of many mechanisms through which CMS incentivizes improved quality of care. CMS has multiple value-based or pay-for-performance programs aimed at tying reimbursements to demonstration of quality. CMS’s original value-based programs were an attempt to link performance on endorsed quality measures to reimbursement. These programs included the following:
• Hospital Value-Based Purchasing (HVBP) program rewards acute care hospitals for quality care using incentives.
• Hospital Readmissions Reduction (HRR) program rewards acute care hospitals that reduce unnecessary hospital readmissions for certain conditions, such as acute myocardial infarction, health failure, pneumonia, chronic obstructive pulmonary disease, elective hip or knee replacement, and coronary artery bypass surgery.
• Hospital-Acquired Conditions (HAC) program determines whether or not an acute care hospital should be paid a reduced amount based on performance across health-acquired infections and unacceptable adverse events.
• Value Modifi er (VM) program (also known as Physician Value-Based Modifi er or PVBM) rewards physicians (and, beginning in 2018, other primary care professionals, for example, physician assistants and nurse practitioners) for high-quality, lower-cost performance using an adjustment (modifi er) for each claim.
Three other value-based programs are applied to end-stage renal disease programs, skilled nursing facilities, and home health programs.
Beyond these traditional value-based programs, CMS encourages inno vative, alternative models of care through the CMS Innovation Center. These models are designed to promote lower-cost, higher-quality care. All depend on appropriate reporting of performance measures (CMS, n.d.h).
The Medicare Access and CHIP Reauthorization Act (MACRA)
The Medicare Access and CHIP Reauthorization Act (MACRA) was enacted in 2015. MACRA is one aspect of CMS’s push toward improving quality
F E D E R A L Q U A L I T Y I M P R O V E M E N T I N I T I A T I V E S · 349
and value. In January 2015, the Department of Health and Human Services announced two goals for value-based payments and alternative payment models (APMs):
• Goal 1: 30 percent of Medicare payments are tied to quality or value through APMs by the end of 2016; 50 percent by the end of 2018.
• Goal 2: 85 percent of Medicare fee-for-service payments are tied to quality or value by the end of 2016; 90 percent by the end of 2018.
They also invited private sector payers to match or exceed these same goals.
MACRA affects physician providers, moving HHS closer to meeting these goals. Key elements to MACRA are the following:
• Changes the way Medicare rewards physicians and practitioners for value over volume
• Streamlines multiple quality programs directed at physicians and practitioners under the new Merit-based Incentive Payment System (MIPS)
• Provides bonus payments for physician and practitioners participation in eligible APMs (see Chapter One for examples of APMs)
MIPS will incorporate aspects of three existing quality and value pro grams: PQRS, Value-based Modifier, and the Medicare EHR Incentive Program. The resulting set of performance measures will be divided into the following categories to calculate a score (between 0 and 100) for eligible professionals. Each category of performance will be weighted as shown in Table 10.4.
Health care providers meeting the established threshold score will receive no adjustment to payment; those scoring below will receive a negative adjust ment and those above, a positive adjustment. Exceptional performers may receive bonus payments (CMS, n.d.c, n.d.e).
Table 10.4 MIPS performance categories
Category Weight (%)
Quality 50
Advancing care information 25
Clinical practice improvement activities 15
Resource use 10
350 · C H A P T E R 1 0 : P E R F O R M A N C E S T A N D A R D S A N D M E A S U R E S
Figure 10.2 Projected timetable for implementation of MACRA
Source: CMS (n.d.e).
The exact implementation dates for MACRA were not set by the publica tion date for this textbook; however, the projected timetable for implementa tion of the various aspects of the law is shown in Figure 10.2 (CMS, n.d.c).
SUMMARY
In this chapter we examined how health care organizations and health plans use data and information to demonstrate performance to licensing, certify ing, and accrediting bodies; to measure performance against internal and external standards; to compare performance to other similar organizations; and to demonstrate performance for reimbursement purposes. This chapter began with an examination of the licensure, certification, and accreditation of health care facilities and health plans, followed by an overview of key com parative data sets often used by health care organizations in benchmarking performance. The chapter further explored major milestones in the national agenda for health care quality improvement, followed by a discussion of the current efforts to improve health care quality and patient safety, focusing on the efforts that involve using health care data and information to measure performance. The private and public organizations responsible for developing and endorsing national quality measures were introduced, and the progress that has been made in aligning these measures across these organizations was discussed. The chapter concluded with an overview of the signifi cant movement toward value-based reimbursement programs and plans for sig nificant growth in these programs over the next decade.
Clearly, there is a bewildering and complex set of measures with many organizations involved. Consequently, many measures being collected are
K E Y T E R M S · 351
inconsistent across the organizations requiring them. There are differences of opinion about which measures to be collected and the specifi c defi nitions of these measures. Efforts are under way, largely driven by CMS, to align measures to ease the collection burden for health care providers. However, today’s reality remains an overwhelmingly complex web of standards and measurement requirements.
EHRs have been cited as the solution for easing the collection burden for health care organizations and providers. However, the most current EHR systems are limited in their ability to collect the required measures. The result is that organizations and providers must resort to manual data collection. In other chapters in this text we have explored reasons for the current limita tions of EHRs in this area, including provider resistance because of the time burden. There is a largely unresolved tension in the health care community and HIT industry between the desire to collect accurate and timely measures and the provider resistance to entering the data into the EHR in a standard, retrievable format.
KEY TERMS
Accreditation Dartmouth Atlas Accreditation organization (AO) Deemed status Administrative data Disease registries Agency for Healthcare Research and EHR Incentive Programs
Quality (AHRQ) Electronic clinical quality measures Alternative payment models (eCQMs)
(APMs) Eligible professionals American Medical Association Health Effectiveness Data and
Physician Consortium for Information Set (HEDIS) Performance Improvement Health records (AMA-PCPI) Health Resources and Services
Centers for Disease Control and Administration (HRSA) Prevention (CDC) Hospital-acquired conditions (HAC)
Centers for Medicare and Medicaid Hospital CAHPS (HCAHPS) Services (CMS) Hospital Compare
Certifi cation Hospital Readmissions Reduction Clinical quality measures (CQMs) (HRR) Common formats Hospital Value-Based Purchasing Comparative health care data sets (HVBP) Conditions of participation (CoPs) The Joint Commission Consumer Assessment of Healthcare The Joint Commission Information
Providers and Systems (CAHPS) Management (IM) standards
352 · C H A P T E R 1 0 : P E R F O R M A N C E S T A N D A R D S A N D M E A S U R E S
The Joint Commission Record of Care NCQA health care report cards (RC), Treatment, and Services Patient Safety Act standards Patient Safety Organizations (PSOs)
Licensure Performance measures The Medicare Access and CHIP Physician Value-Based Modifi er
Reauthorization Act (MACRA) (PVBM) Merit-based Incentive Payment System Physicians Quality Reporting System
(MIPS) (PQRS) number National Committee for Quality Qualitative data
Assurance (NCQA) Quality Check National Patient Safety Goals Quality measures National Quality Forum (NQF) Value Modifi er (VM) National Strategy for Quality
Improvement in Health Care (National Quality Strategy)
LEARNING ACTIVITIES
1. Research two local health care organizations—one acute care facility and one other type of organization. Determine each organization’s current licensure, accreditation, and certifi cation status. How are these processes related within your state? Do the processes differ between the two types of health care organizations?
2. Visit the Joint Commission website at www.jointcommission.org. What accreditation programs (other than the Hospital Accreditation Program) does the Joint Commission have? List the programs and their respective missions.
3. Visit the NCQA website at www.ncqa.org and look up at least two health plans with which you are familiar. What do the report cards tell you about these plans? Do you find this information useful? Why or why not?
4. Visit the patient safety organization website at www.pso.ahrq.gov. Does your state have a PSO? If not, identify a PSO from a neighboring state. Research the PSO and report on how long it has operated and who its clients are.
5. Use Hospital Compare and the Joint Commission Quality Check to research three hospitals in your region of the country. Write a report outlining your findings. Would any of the information you discovered infl uence your choice of care for you or your family? Why or why not?
R E F E R E N C E S · 353
6. Research the current status of the CMS Quality programs discussed in this chapter. Write an update for this section of the chapter.
7. Research the current year’s National Quality Strategy. Has it changed since this book was published? List the differences and comment on the changes.
8. Use the NQF website to identify four specifi c performance measures that are endorsed by NQF for physician practices. Research each measure to identify how each measure is calculated, including the source of the data, the numerator, and the denominator. Do you think these measures are a good refl ection of quality practice? Why or why not?
REFERENCES
Agency for Healthcare Research and Quality (AHRQ). (2011). National quality strategy (NQS). Retrieved August 31, 2016, from http://www.ahrq.gov/ workingforquality/nqs/nqs2011annlrpt.pdf
Agency for Healthcare Research and Quality (AHRQ). (2016, July). Comparative data. Retrieved August 31, 2016, from http://www.ahrq.gov/cahps/cahps database/comparative-data/index.html
Agency for Healthcare Research and Quality (AHRQ). (n.d.a). About the PSO program. Retrieved August 31, 2016, from https://pso.ahrq.gov/about
Agency for Healthcare Research and Quality (AHRQ). (n.d.b). Common formats. Retrieved August 31, 2016, from https://pso.ahrq.gov/common
Centers for Medicare and Medicaid (CMS). (2015, Sept.). CMS-approved accrediting organizations contacts for prospective clients. Retrieved August 30, 2016, from https://www.cms.gov/Medicare/Provider-Enrollment-and-Certifi cation/ SurveyCertifi cationGenInfo/Downloads/Accrediting-Organization-Contacts for-Prospective-Clients-.pdf
Centers for Medicare and Medicaid (CMS). (2016). CMS quality strategy 2016. Retrieved August 31, 2016, from https://www.cms.gov/medicare/quality initiatives-patient-assessment-instruments/qualityinitiativesgeninfo/downloads/ cms-quality-strategy.pdf
Centers for Medicare and Medicaid (CMS). (n.d.a). Accreditation of Medicare- certified providers & suppliers. Retrieved August 21, 2016, from https://www .cms.gov/Medicare/Provider-Enrollment-and-Certifi cation/ SurveyCertifi cationGenInfo/Accreditation-of-Medicare-Certifi ed-Providers and-Suppliers.html
Centers for Medicare and Medicaid (CMS). (n.d.b). Hospital compare. Retrieved August 31, 2016, from https://www.medicare.gov/hospitalcompare
354 · C H A P T E R 1 0 : P E R F O R M A N C E S T A N D A R D S A N D M E A S U R E S
Centers for Medicare and Medicaid (CMS). (n.d.c). MACRA. Retrieved August 31, 2016, from https://www.cms.gov/Medicare/Quality-Initiatives-Patient-Assess- ment-Instruments/Value-Based-Programs/MACRA-MIPS-and-APMs/MACRA MIPS-and-APMs.html
Centers for Medicare and Medicaid (CMS). (n.d.d). Medicare. Retrieved August 31, 2016, from https://www.cms.gov/Medicare
Centers for Medicare and Medicaid (CMS). (n.d.e). The Medicare Access & CHIP Reauthorization Act of 2015: Path to value. Retrieved August 31, 2016, from https://www.cms.gov/Medicare/Quality-Initiatives-Patient-Assessment Instruments/Value-Based-Programs/MACRA-MIPS-and-APMs/MACRA LAN-PPT.pdf
Centers for Medicare & Medicaid Services (n.d.f). The merit-based incentive payment system: MIPS scoring methodology overview. Retrieved August 4, 2016, from https://www.cms.gov/Medicare/Quality-Initiatives-Patient-Assessment- Instruments/Value-Based-Programs/MACRA-MIPS-and-APMs/MIPS-Scoring Methodology-slide-deck.pdf
Centers for Medicare and Medicaid (CMS). (n.d.g). Physician quality reporting system. Retrieved August 31, 2016, from https://www.cms.gov/Medicare/ Quality-Initiatives-Patient-Assessment-Instruments/PQRS/index.html?redirect= /pqri
Centers for Medicare and Medicaid (CMS). (n.d.h). Value-based programs. Retrieved August 31, 2016, from https://www.cms.gov/Medicare/Quality-Initiatives Patient-Assessment-Instruments/Value-Based-Programs/Value-Based-Programs .html
Council of Medical Specialty Societies (CMSS). (2014, Nov.). The measurement of health care performance (3rd ed.). Retrieved August 21, 2016, from http://cmss .org/wp-content/uploads/2015/07/CMSS-Quality-Primer-layout.fi nal.pdf
The Dartmouth Institute (n.d.) Understanding of the efficiency and effectiveness of the health care system. Retrieved August 31, 2016, from http://www .dartmouthatlas.org/
Institute of Medicine Committee (IOM) on Quality in America. (2001). Crossing the quality chasm: A new health system for the 21st century. Washington, DC: National Academy Press.
The Joint Commission. (2011). Comprehensive accreditation manual for hospitals. Oakbrook Terrace, IL: Author.
The Joint Commission. (2014a, Aug.). Program: Ambulatory. Chapter: information management (e-dition). Retrieved August 21, 2016, from http://foh.hhs.gov/tjc/ im/standards.pdf
The Joint Commission. (2014b, Aug.). Program: Ambulatory. Chapter: Record of care, treatment and services (e-dition). Retrieved August 21, 2016, from http://foh .hhs.gov/tjc/roc/standards.pdf
R E F E R E N C E S
The Joint Commission. (2015a, Nov. 5). Hospital: 2016 national patient safety goals. Retrieved August 31, 2016, from https://www.jointcommission.org/ hap_2016_npsgs/
The Joint Commission. (2015b, Sept. 2). Joint Commission measure sets effective January 1, 2016. Retrieved August 21, 2016, from https://www.jointcommission .org/joint_commission_measure_sets_effective_january_1_2016/
The Joint Commission. (2016, April 27). Accreditation process overview. Retrieved August 21, 2016, from https://www.jointcommission.org/accreditation_process_ overview/
The Joint Commission. (n.d.). About the Joint Commission. Retrieved August 21, 2016, from https://www.jointcommission.org/about_us/about_the_joint_ commission_main.aspx
Kohn, L. T., Corrigan, J., & Donaldson, M. S. (2000). To err is human: Building a safer health system. Washington, DC: National Academy Press.
Morris, C. (2014, May). Measuring health care quality: An overview of quality mea sures (Issue brief). FamiliesUSA. Retrieved August 21, 2016, from http:// familiesusa.org/sites/default/fi les/product_documents/HIS_Quality Measurement_Brief_fi nal_web.pdf
National Committee for Quality Assurance (NCQA). (2015). 2015 NCQA health plan accreditation standards. Retrieved August 21, 2016 from http://www.ncqa.org/ programs/accreditation/health-plan-hp
National Committee for Quality Assurance (NCQA). (n.d.a). About NCQA. Retrieved August 21, 2016, from http://www.ncqa.org/about-ncqa
National Committee for Quality Assurance (NCQA). (n.d.b). Quality compass. Retrieved August 21, 2016, from http://www.ncqa.org/tabid/177/Default.aspx
National Committee for Quality Assurance (NCQA). (n.d.c). Report cards. Retrieved August 21, 2016, from http://www.ncqa.org/report-cards
National Quality Forum (NQF). (n.d.). About us. Retrieved August 31, 2016, from http://www.qualityforum.org/About_NQF/
· 355
CHAPTER 11
Health Care Information System Standards
LEARNING OBJECTIVES
• To be able to give examples of the methods by which standards are developed: ad hoc, de facto, government mandate, and consensus.
• To be able to identify and discuss the role of organizations that currently have a signifi cant impact on the adoption of health care information standards in the United States.
• To be able to identify and discuss the role of federal initiatives and legislation that have a signifi cant impact on the adoption of health care information standards in the United States.
• To be able to identify examples within the major types of health care information standards and the organizations that develop or approve them.
• To understand the importance of health care IT standards to the future of the US health care delivery system.
357
358 · C H A P T E R 1 1 : H E A L T H C A R E I N F O R M A T I O N S Y S T E M S T A N D A R D S
Throughout this text we have examined a variety of different types of stan dards that affect, directly or indirectly, the management of health information systems. In Chapter Ten we examined health care performance standards; Chapter Two looked at data quality standards, Chapter Nine at security stan dards, and so on. In this chapter we will examine yet another category of standards that affect health care data and information systems: health care information system (HCIS) standards. In all cases the standards examined represent the measuring stick or set of rules against which an entity, such as an organization or system, will compare its structures, processes, or func tions to determine compliance. In the case of the HCIS standards discussed in this chapter the aim is to provide a common set of rules by which health care information systems can communicate. Systems that conform to different standards cannot possibly communicate with one another. Portability, data exchange, and interoperability among different health information systems can be achieved only if they can “communicate.” For a simple analogy, think about traveling to a country where you do not speak the language. You would not be able to communicate with that country’s citizens without a common language or translator. Think of the common language you adopt as the stan dard set of rules to which all parties agree to adhere. Once you and others agree on a common language, you and they can communicate. You may still have some problems, but generally these can be overcome.
By nature HCIS standards include technical specifications, which make it less easy for the typical health care administrator to fully understand them. In addition, a complex web of public and private organizations create, manage, and implement HCIS standards, resulting in standards that are not always aligned, making the standards even more difficult to fully grasp. In fact, some may actually compete with one another. In addition to the complex web of standards specifically designed for HCIS, there are many general IT standards that affect health care information systems. Networking standards, such as Ethernet and Wi-Fi, employed by health care organizations are not specifi c to health care. Extensible markup language (XML) is widely accepted as a standard for sharing data using web-based technologies in health care and other industries. There are many other examples that are beyond the scope of this text. Our focus will be on the standards that are specific to HCIS.
With HIPAA came the push for adoption of administrative transaction and data exchange standards. This effort has been largely successful; claims are rou tinely submitted via standard electronic transaction protocols. However, although real progress has been made in recent years, complete interoperability among health care information systems remains elusive. Chapter Three examined the need for interoperability among health care information systems to promote better health of our citizens; Chapter Two discussed the lack of standardization
H C I S S T A N D A R D S O V E R V I E W · 359
in EHRs as an issue with using EHR data in research; and Chapter Nine outlined problems associated with misalignment of quality and performance measures, in part because of a lack of interoperability and standardization in EHRs and other health care information systems. Interoperability, as defined by the ONC (2015) in its publication Connecting Health Care for the Nation: A Shared Nation wide Interoperability Roadmap, results from multiple initiatives, including payment, regulatory, and other policy changes to support a collaborative and connected health care system. The best political and social infrastructures, however, will not succeed in achieving interoperability without supportive technologies.
This chapter is divided into three main sections. The first section is an overview of HCIS standards, providing general information about the types of standards and their purposes. The second section examines a few of the major initiatives, public and private, responsible for creating, requiring, or implementing HCIS standards. Finally, the last section of the chapter exam ines some of the most commonly adopted HCIS standards, including examples of the standards when possible.
HCIS STANDARDS OVERVIEW
Keith Boone, a prolific blogger and writer on all topics related to HIT stan dards, once wrote, “Standards are like potato chips. You always need more than one to get the job done” (Boone, 2012b). In general, the health care IT community discusses HCIS standards in terms of their specifi c function, such as privacy and security, EHRs, electronic prescribing (e-prescribing), lab reporting, and so on, but the reality is that achieving one of these or other functions requires multiple standards directed at different levels within the HCIS. For example, there is a need for standards at the level of basic com munication across the Internet or other network (Transporting), standards for structuring the content of messages communicated across the network (Data Interchange and Messaging), standards that describe required data elements for a particular function, such as the EHR or clinical summary (Content), and standards for naming or classifying the actual data, such as units of measure, lab tests, diagnoses, and so on (Vocabulary/Terminology). Unfortunately, there is no universal model for categorizing the plethora of HCIS standards. In this chapter we will look at standards described as Data Interchange and Messaging, Content, and Vocabulary/Terminology standards.
Standards, as we have seen, are the sets of rules for what should be included for the needed function and system level. This is only a portion of the challenge in implementing standards. The other challenge is how are the standards used for a particular function or use case? Much of the work
360 · C H A P T E R 1 1 : H E A L T H C A R E I N F O R M A T I O N S Y S T E M S T A N D A R D S
today toward achieving interoperability of health care information systems is concerned with the how. Organizations that develop standards may also create specific implementation guides for using the standard in a partic ular use case. (To further complicate the already complicated standards environment, these implementation guides are sometimes referred to as standards.) Other organizations, such as the ONC, develop frameworks for implementing standards, and several government initiatives, such as HIPAA and HITECH, have set requirements for implementing specific standards or sets of standards.
STANDARDS DEVELOPMENT PROCESS
When seeking to understand why so many different IT and health care infor mation standards exist, it is helpful to look first at the standards development process that exists in the United States (and internationally). In general the methods used to establish health care IT standards can be divided into four categories (Hammond & Cimino, 2006):
1. Ad hoc. A standard is established by the ad hoc method when a group of interested people or organizations agrees on a certain specifi cation without any formal adoption process. The Digital Imaging and Communications in Medicine (DICOM) standard for health care imaging came about in this way.
2. De facto. A de facto standard arises when a vendor or other commercial enterprise controls such a large segment of the market that its product becomes the recognized norm. The SQL database language and the Windows operating system are examples of de facto standards. XML is becoming a de facto standard for health care and other types of industry messaging.
3. Government mandate. Standards are also established when the government mandates that the health care industry adopt them. Examples are the transaction and code sets mandated by the Health Insurance Portability and Accountability Act (HIPAA) regulations.
4. Consensus. Consensus-based standards come about when representatives from various interested groups come together to reach a formal agreement on specifications. The process is generally open and involves considerable comment and feedback from the industry. This method is employed by the standards developing organizations (SDOs) accredited by the American National Standards Institute (ANSI). Many health care information standards are developed by this method, including Health Level Seven (HL7)
S T A N D A R D S D E V E L O P M E N T P R O C E S S · 361
standards and the health-related Accredited Standards Committee (ASC) standards.
The relationships among standard-setting organizations can be confus ing, to say the least. Not only do many of the acronyms sound similar but also the organizations themselves, as voluntary, member-based organizations, can set their own missions and goals. Therefore, although there is a formally recognized relationship among the International Organization for Standard ization (ISO), ANSI, and the SDOs, there is also some overlap in activities. Table 11.1 outlines the relationships among the formal standard-setting orga nizations and for each one gives a brief overview of important facts and a current website.
Table 11.1 Relationships among standards-setting organizations
Organizations Facts Website
International Organization for Standardization (ISO)
American National Standards Institute (ANSI)
Standards Developing Organizations (SDOs)
• Members are national standards bodies from many different countries around the world.
• Oversees the fl ow of documentation and international approval of standards development under the auspices of the its member bodies
• US member of ISO
• Accredits standards development organizations (SDOs) from a wide range of industries, including health care
• Does not develop standards but accredits the organizations that develop standards
• Publishes more than ten thousand standards developed by accredited SDOs
• Must be accredited by ANSI
• Develop standards in accordance with ANSI criteria
• Can use the label “Approved American National Standard”
• Approximately two hundred SDOs are accredited; twenty of these produce 90 percent of the standards.
www.iso.org
www.ansi.org
www.standardsportal .org
Source: ANSI (n.d.a, n.d.b, n.d.c); ISO (n.d.).
362 · C H A P T E R 1 1 : H E A L T H C A R E I N F O R M A T I O N S Y S T E M S T A N D A R D S
All the ANSI-accredited SDOs must adhere to the guidelines established for accreditation; therefore, they have similar standard-setting processes. According to ANSI, this process includes the following:
• Consensus on a proposed standard by a group or “consensus body” that includes representatives from materially affected or interested parties
• Broad-based public review and comment on draft standards
• Consideration of and response to comments submitted by voting members of the relevant consensus body and by public review commenters
• Incorporation of approved changes into a draft standard
• Right to appeal by any participant that believes that due process principles were not suffi ciently respected during the standards development in accordance with the ANSI-accredited procedures of the standards developer (ANSI, n.d.c)
The IT industry in general has experienced a movement away from the process of establishing standards via the accredited SDOs. The Internet and World Wide Web standards, for example, were developed by groups with much less formal structures. However, the accredited SDOs continue to have a significant impact on the IT standards for the health care industry.
Boone (2012a) lists the following organizations as major developers of HIT standards in the United States, which includes a mix of accredited SDOs and other developers. Each organization’s specific areas for standard devel opment are indicated in parentheses. ANSI-accredited SDOs are indicated with an “*.”
• International Standards Organization (ISO) [various]
• ASTM International (ASTM) [various]*
• Accredited Standards Committee (ASC) X12 [Insurance Transactions]*
• Health Level Seven International (HL7) [various]*
• Digital Imaging and Communication in Medicine (DICOM) [Imaging]
• National Council for Prescription Drug Programs (NCPDP) [ePrescribing]
• Regienstrief (LOINC) [Laboratory Vocabulary]
S T A N D A R D S D E V E L O P M E N T P R O C E S S · 363
• International Health Terminology SDO (IHTSDO) [Clinical Terminology]
In addition, Boone (2012a) identifies the following “other” organizations as having a major impact on HIT:
• World Wide Web Consortium (W3C) [XML, HTML]
• Internet Engineering Task Force (IETF) [Internet]
• Organization for the Advancement of Structured Information Standards (OASIS) [Business use of XML]
He further identifies key groups known as “profiling bodies” (Boone, 2012a) that use existing standards to create comprehensive implementation guides. Two examples of profiling bodies are Integrating the Healthcare Enterprise (IHE) and the ONC, which focus on guidance for implementing clinical interoperability standards.
PERSPECTIVE European Committee for Standardization (CEN)
Although the focus of this chapter is standards developed within the United States, it is important to recognize there are other standards organizations worldwide. For example, the European Committee for Standardization (CEN) was created in Brussels in 1975. In 2010 CEN partnered with another European standards developing organi zation, the European Committee for Electrotechnical Standardization (CENELEC), to form the CEN-CENELEC Management Centre (CCMC) in Brussels, Belgium. The CCMC current membership includes national standards bodies from thirty-three European countries (CEN-CENE LEC, n.d.).
The Technical Committee within CEN that oversees health care informatics standards is CEN TC 251, which consists of two working groups:
• WG1: Enterprise and Information
• WG2: Technology and Applications
Source: CEN (n.d.).
364 · C H A P T E R 1 1 : H E A L T H C A R E I N F O R M A T I O N S Y S T E M S T A N D A R D S
FEDERAL INITIATIVES AFFECTING HEALTH CARE IT STANDARDS
There are many federal initiatives that affect health care IT standards. In this section we look at federal initiatives for health care IT standards as a part of HIPAA, CMS e-prescribing, CMS EHR Incentive Program, and the Offi ce of the National Coordinator for Health Information Technology (ONC), includ ing the Interoperability Roadmap.
HIPAA
In August 2000, the US Department of Health and Human Services published the final rule outlining the standards to be adopted by health care organi zations for electronic transactions and announced the designated standard maintenance organizations (DSMOs). In publishing this rule, which has been modified as needed, the federal government mandated that health care organizations adopt certain standards for electronic transactions and stan dard code sets for these transactions and identified the standards organiza tions that would oversee the adoption of standards for HIPAA compliance. The DSMOs have the responsibility for the development, maintenance, and modification of relevant electronic data interchange standards. HIPAA trans action standards apply to all covered entities’ electronic data interchange (EDI) related to claims and encounter information, payment and remittance advice, claims status, eligibility, enrollment and disenrollment, referrals and authorizations, coordination of benefits, and premiums payment. The current HIPAA transaction standards are ASC X12N version 5010 (which accommo dates ICD-10) along with NCPDP D.0 for pharmacy transactions (CMS, 2016b). In addition to these transaction standards, several standard code sets were established for use in electronic transactions, including ICD-10-CM, ICD-10 PCS, HCPCS, CPT, and Code on Dental Procedures and Nomenclature (CDT) (CMS, 2016a).
Centers for Medicare and Medicaid E-prescribing
The Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA) established a Voluntary Prescription Drug Benefit program. There is no requirement in this act that providers write prescriptions electronically, but those who choose to do so must comply with specific e-prescribing stan dards. The current published CMS e-prescribing standards consist of three sets of existing health care IT standards as “foundation” standards, which include NCPDP’s SCRIPT Standard for e-Prescribing, ASC X12N standard for
F E D E R A L I N I T I A T I V E S A F F E C T I N G H E A L T H C A R E I T S T A N D A R D S · 365
Health Care Eligibility Benefit and Response, and NCPDP’s telecommunica tions standard. In addition, the final rule identifies three additional electronic tools to be used in implementing e-prescribing:
• NCPDP Formulary and Benefi t Standard Implementation Guide, which provides information about drugs covered under the benefi ciary’s benefi t plan
• NCPDP SCRIPT Medication History Transactions, which provides information about medications a benefi ciary has been taking
• Fill Status Notifi cation (RxFill), which allows prescribers to receive an electronic notice from the pharmacy regarding the benefi ciary’s prescription status (CMS, 2013)
Centers for Medicare and Medicaid EHR Incentive Programs
As discussed previously, the Medicare and Medicaid EHR Incentive Programs were established as a part of the HITECH Act to encourage eligible providers (EPs) and eligible hospitals (EHs) to demonstrate Meaningful Use of certifi ed EHR technology. EHR certification for Stage 1 and Stage 2 Meaningful Use requires EPs and EHs to meet specific criteria. Certifi cation requirements are organized according to objectives, measures, specific criteria, and stan dards. Not all criteria include specific standards, but many do. Examples of standards required by 2014 certification rules include using the HL7 Imple mentation Guide for CDA in meeting the criteria for providing patients the ability to view online, download, and transmit information about a hospital. Other standards include SNOMED CT, which is required for coding a patient’s smoking status, RxNorm, which is required for medications, and LOINC, which is required for laboratory tests, among others (HealthIT.gov, 2014).
Office of the National Coordinator for Health Information Technology
As discussed in previous chapters the Office of the National Coordinator for Health Information Technology (ONC) was established in 2004 and charged with providing “leadership for the development and nationwide implemen tation of an interoperable health information technology infrastructure to improve the quality and efficiency of health care” (HHS, 2008). In 2009, the role of the ONC was strengthened when the HITECH Act legislatively man dated ONC to provide this leadership and oversight (HHS, 2012). Today, the ONC is “the principal federal entity charged with coordination of nationwide
Federally Required Cost
Test Tool Availability
No Free N/A
Exhibit 11.1 Excerpt from ONC 2016 Interoperability Standards Advisory
Section I: Best Available Vocabulary/Code Set/Terminology Standards and Implementation Specifi cations
I-A: Allergies
Interoperability Need: Representing patient allergic reactions
Standard/ Implementation Standards Process Implementation Adoption
Type Specifi cation Maturity Maturity Level
SNOMED CT Final Production Standard
Limitations, Dependencies, and Preconditions for Applicable Value Set(s): Consideration:
• SNOMED CT may not be suffi cient to differentiate Value Set Problem urn:oid:2.16.840.1.113883.3.88.12.3221.7.4 between an allergy or adverse reaction, or the level of severity
Interoperability Need: Representing patient allergens: medications
Standard/ Implementation
Type Specifi cation
RxNorm
NDF-RT
Source: ONC (2016).
Federally Required Cost
Test Tool Availability
Yes Free N/A
No Free N/A
Standards Process Maturity
Implementation Maturity
Adoption Level
Standard Final Production
Standard Final Production Unknown
O T H E R O R G A N I Z A T I O N S I N F L U E N C I N G H E A L T H C A R E I T S T A N D A R D S · 367
efforts to implement and use the most advanced health information technol ogy and the electronic exchange of health information” (HealthIT.gov, n.d.).
Current ONC initiatives, in addition to implementing HITECH, include implementation of health care IT standards for interoperability. In Chapter Three, the ONC Interoperability Roadmap was introduced and key milestones related to payment reform and outcomes were outlined. The Roadmap also outlines key milestones for the development and implementation of tech nologies to support interoperability (ONC, 2015). Beginning in 2015, the ONC published its fi rst Interoperability Standards Advisory, which has been subsequently updated annually. This Advisory document outlines the ONC-identified “best available” standards and implementation specifi cations for clinical IT interoperability. The identified standards and specifi cations in the 2016 Advisory are grouped into three sections:
• Best Available Vocabulary/Code Set/Terminology Standards and Implementation Specifi cations, which address the “semantics,” or standard meanings of codes and terms needed for interoperability
• Best Available Content/Structure Standards and Implementation Specifi cations, which address the “syntax,” or rules by which the common data elements can be shared to achieve interoperability
• Best Available Standards and Implementation Specifi cation for Services, which address infrastructure components needed to achieve interoperability (ONC, 2016)
Each specific standard is identified and defined by six characteristics: process maturity, implementation maturity, adoption level, federal require ment status, cost, and whether a testing tool is available. The Advisory also includes hyperlinks to the standards and implementation guides cited. Exhibit 11.1 is an excerpt from the 2016 Advisory.
OTHER ORGANIZATIONS INFLUENCING HEALTH CARE IT STANDARDS
The following organizations certainly do not represent the full list of bodies that are involved with health care IT standards development and implemen tation. However, they do represent a few of the most signifi cant nongovern ment contributors. ASTM International and HL7 International are accredited SDOs with standards specifically addressing health care information. IHE is a recognized profiling body influencing the implementation of interoperability standards.
368 · C H A P T E R 1 1 : H E A L T H C A R E I N F O R M A T I O N S Y S T E M S T A N D A R D S
ASTM International
ASTM International was formerly known as the American Society for Testing and Materials. ASTM International has more than thirty thousand members from across the globe, and they are responsible for publishing more than twelve thousand standards. ASTM standards range from those that dictate traffic paint to cell phone casings (ASTM, n.d.a, n.d.b). The ASTM Standards for Healthcare Services, Products and Technology include medical device standards and health information standards. The health information stan dards are managed by the ASTM Committee E31, which focuses on “the development of standards that help doctors and health care practitioners preserve and trans