Posted August 1, 2014 by admin in articles

Aug 01 : 3 privacy and security challenges in MU Stage 2

Doctors Hearts
Doctors Hearts

Since the inception of meaningful use within the HITECH Act through April 2014, approximately 80 percent of all eligible hospitals received an incentive payment for demonstrating Meaningful Use requirements through the use of an EHR.

The program isn’t without challenges, however. Meeting MU Stage 2 standards has proven difficult due to the number of processes, departments and IT systems impacted. While still an achievable goal, MU attestation is now a far more difficult one.

MU Stage 2 brings new responsibilities to hospitals in terms of timeliness, compliance and sheer management of a growing number of communications. As an example, MU Stage 1 required hospitals to provide electronic copies of health information to patients within a 3-business-day timeframe. This 90 percent reduction from HIPAA’s standard 30-day response window has been a challenge for many. Adding to the difficulty, MU Stage 2 further requires hospitals to use evolving technologies like patient portals and secure messaging platforms to communicate health information.

Achieving Meaningful Use while managing the disclosure and exchange of PHI presents several new challenges for hospitals. By addressing these challenges early and comprehensively, healthcare leaders can maintain their MU momentum while also mitigating risk.

1. Processes to ensure compliance (and speed). Patient engagement requires a timely cadence of back-and-forth communication — not just because of MU requirements, but because it can help improve clinical outcomes and the patient experience. Consequently, a provider’s processes must support a faster pace as well as compliance with privacy and security regulations — a tricky combination to achieve all at once.

Patient portals and Direct Secure Messaging (DSM) are good examples of how technology can remove some of the burden from busy clinicians and staff. With secure online portals, patients can bypass some standard release of information processes and gain fast, electronic access to their health information. Provider-to-provider communications can also be simplified and made more efficient by leveraging new Direct Secure Messaging platforms. By replacing the fax machine, DSM doesn’t just alleviate security risks, but also accelerates information sharing during the transition of care process.

Reviewing all PHI disclosure processes across access, billing and discharge can reveal new ways to drive operational efficiency, speed, and security improvements. Providers will likely find many internal processes that could benefit from the broader implementation and technology adoption at the core of Meaningful Use.

2. Anticipating Unknown Terrain. When MU necessitated a slew of new features and functionality for EMRs, vendors began quickly responding to meet providers’ needs. This escalated development combined with rapid provider implementation leaves room for potential gaps — whether in design, features, functionality, or user interface. As a relatively simple example, consider a seventeen-year-old patient engaged in her care and using a hospital’s patient portal. When she turns 18, her parents should no longer have access to her health information — are providers incorporating new processes to address this or is their EMR automatically taking care of it for them? If so, how?

A broader example: Most health systems have numerous EMR providers across all facilities and practices. How are these health systems cross-coordinating among facilities to ensure providers and patients have a comprehensive understanding of how the patient portals interact? A lack of strategy creates just what MU sought to avoid — disparate and disconnected sources for patient health data. This can impede patient satisfaction and ultimately even quality of care.

3. Adoption and the human factor. Early on, one of hospital leaders’ greatest concerns about achieving Meaningful Use was CPOE, or computerized physician order entry. Why? Because CPOE depends on the complete commitment of the people entering patient data, both in accuracy and adoption. This need for accuracy and adoption applies equally to handling PHI; in particular, properly routing it across physicians to facilitate transition of care is essential.

In addition, adoption challenges exist at the organizational level. Sending referral information via Direct Secure Messaging or having patients access the medical information online are tremendous initiatives.

Researchers believe it takes about 66 days for a new task or habit to become ingrained. At their core, processes and procedures are habits – workflows repeated over and over. Annual training coupled with ongoing education can go a long way toward ensuring adherence in an environment of increased scrutiny.

Approaching meaningful use ROI sans blinders
With a critical priority like Meaningful Use, it’s easy to aim for attestation as a finish line at the expense of more significant long-term return for hospitals. Proper PHI policy and procedure management, however, is rife with details. The best strategy to maintain HIPAA compliance in the midst of fast change includes revamped processes, comprehensive training, and technology that thoroughly address the intricacies of PHI disclosure rules.

Beyond Meaningful Use, security, compliance and significant efficiency improvement are available to those who pursue it.

Gavin Krumenacker is vice president of HIE solutions and business development and Mariela Twiggs is national director of training and compliance at MRO Corp., King of Prussia, Pa.


Views Count:9,061 views
  • Join Our Newsletter

    Signup today for free and be the first to get notified on News updates.