Econo-Keys makes a washable keyboard that is very well suited for exam rooms, operating rooms, etc. 

Econo-Keys states the following about their keyboards:

Econo-Keys specializes in economical keyboards that are sealed and completely washable to withstand daily scrubdowns with anti-bacterial agents, enabling them to meet and exceed any hygienic protocol and reduce the spread of infectious bacteria such as MRSA, E. Coli and Hepatitis C.

The company says it protects against:

Splashing, hose-directed and submerged water

Bleach, alcohol and hospital-grade disinfectants

Corrosive, abrasive, acidic and alkaline substances

Dirt, dust, sand and other airborne debris

Extreme temperatures

John Lynn over at EMR and HIPAA has a video of the product from the Healthcare Information and Management Systems Society (HIMSS) exhibit floor of the Econo-Keys keyboard in action.

AIS’s Health Business Daily describes a New Jersey pilot program with major insurers that aims to cut provider paperwork and standardize processes.  The goal is to reduce the costs associated with determining patient eligibility and checking claim status

A typical primary care physician spends about $68,000 a year on administrative tasks such as determining patient eligibility and checking claim status. The goal of a 12-month pilot project — announced Feb. 10 — is to show how that problem might be fixed.

The pilot program will work with all the major insurance plans.

New Jersey’s five largest health plans and five physician groups will participate in the initiative, which aims to dramatically reduce administrative costs by allowing hospitals and physicians to communicate with health plans and address administrative tasks through a single Web portal.

“What we’re producing is a one-stop shop, through which physicians and their offices can contact all of the health plans they deal with” through a single Web portal. The participating health plans are Aetna Inc., Independence Blue Cross subsidiary AmeriHealth New Jersey, CIGNA Corp., Horizon Blue Cross Blue Shield and UnitedHealthcare, Inc.

Providers access access insurance information through the NaviNet web portal.

The portal is maintained by NaviNet, a health care information technology company. Several health plans that operate in New Jersey already use NaviNet. Horizon, the state’s largest health plan operator with 3.6 million members, expects to close its independent portal and move to NaviNet in March or April. During the conference call, Christy Bell, Horizon’s senior vice president of health care management, said the pilot is an opportunity for health plans and providers to move closer to standardizing administrative processes.

 Aetna has been using NaviNet’s portal for several years. More than 40% of the health plan’s network providers have access, said Aetna President Mark Bertolini. Along with helping to streamline administrative processes, he said the portal also can be used to improve health outcomes.

Source

There is a very good article over at AIS’s Health Business Daily that discusses HIPAA and HITECH violations.  With the signing of the HITECH Act as part of the ARRA stimulus bill, the penalties for HIPAA violations have increased dramatically.  The HITECH Act has also increased the enforcement of HIPAA regulations.

A privacy breach due to “willful neglect” that was corrected within 30 days and affected 100 individuals, which would have cost an organization $10,000 in prior years, will now cost a minimum of $1 million

Covered entities (CEs) — and also business associates, who are now subject to civil and criminal penalties as of this month — need to know what actions (or lack thereof) can push them into the “willful neglect” category, which carries the most severe fines. They may be surprised to learn that routine inaction or procrastination by busy organizations could be categorized as enormously costly willful neglect.

The interim final rule regarding enforcement, published in the Oct. 30, 2009, Federal Register, uses the same language as the previous enforcement rule, stating: “Willful neglect means conscious, intentional failure or reckless indifference to the obligation to comply with the administrative simplification provision violated.”

Where it gets really interesting is the description of “Willful Neglect”

The most obvious demonstration of willful neglect would be when a covered entity has no preventative policies and procedures in place and a breach occurs. Annulis notes that seven years into HIPAA compliance, it’s unlikely that a CE or BA would have no formal protocol.

Greg Young, the privacy officer at Mammoth Hospital in California, however, believes that many small doctors’ offices and clinics still lack policies and procedures because they “don’t feel it’s necessary or don’t want to spend the money. They just want to take care of their patients, not realizing that part of taking care of patients is taking care of their information.”

If you think that just writing policies and procedures will help avoid willful neglect then read on.

“The greatest danger” for an organization, according to former director of OCR Richard Campanelli, now an attorney with Baker & Daniels LLP, is having policies and procedures that no one is enforcing and that employees are not educated about. “A policy on a shelf is not going to be very helpful — it won’t be helpful in protecting privacy and security, and it won’t be helpful in responding to an investigation,” he says. Once a violation occurs, the fact that the policy exists signals to OCR that the organization knows what it should be doing and has chosen not to comply.

The take away from this article is that you need to have policies and procedures in place for both the HIPAA Privacy and Security rules.  These policies and procedures need to be enforced and communicated to all employees.  I would tend to guess that a lot of practices have policies and procedures in place for the Privacy rule.  Practices will need to develop policies and procedures that comply with the Security rule as well.  This is especially true as practices start to create electronic patient health information (ePHI) through the implementation of an EMR, digital x-rays, electronic lab results, billing information, scanned consent forms, etc. The increased use of technology such as laptops, remote access, email, portable disks and smartphones will also require the appropriate policies and procedures. 

Here is a final thought that might keep you up at night.  Imagine a spreadsheet with financial and demographic information of 250 patients that was saved unencrypted on a laptop.  The laptop was taken home by the billing manager and was stolen out of her car.  Did you have a policy and procedure which prevented her from taking the information?  Was it enforced?  Was it communicated to all employees?  Is this an unfortunate HIPAA violation or is this willful neglect? 

Over at Healthcare IT News is a story on physicians using peer to peer file sharing services such as Limewire, BitTorrent and Kazaa and the potential of exposing patient health information.  The story is based on a report from the Journal of the American Medical Informatics Association.

Here is the abstract from the JAMIA report:

Objective

There has been a consistent concern about the inadvertent disclosure of personal information through peer-to-peer file sharing applications, such as Limewire and Morpheus. Examples of personal health and financial information being exposed have been published. We wanted to estimate the extent to which personal health information (PHI) is being disclosed in this way, and compare that to the extent of disclosure of personal financial information (PFI).

Design

After careful review and approval of our protocol by our institutional research ethics board, files were downloaded from peer-to-peer file sharing networks and manually analyzed for the presence of PHI and PFI. The geographic region of the IP addresses was determined, and classified as either USA or Canada. Measurement We estimated the proportion of files that contain personal health and financial information for each region. We also estimated the proportion of search terms that return files with personal health and financial information. We ascertained and discuss the ethical issues related to this study.

Results

Approximately 0.4% of Canadian IP addresses had PHI, as did 0.5% of US IP addresses. There was more disclosure of financial information, at 1.7% of Canadian IP addresses and 4.7% of US IP addresses. An analysis of search terms used in these file sharing networks showed that a small percentage of the terms would return PHI and PFI files (ie, there are people successfully searching for PFI and PHI on the peer-to peer file sharing networks).

Conclusion

There is a real risk of inadvertent disclosure of PHI through peer-to-peer file sharing networks, although the risk is not as large as for PFI. Anyone keeping PHI on their computers should avoid installing file sharing applications on their computers, or if they have to use such tools, actively manage the risks of inadvertent disclosure of their, their family’s, their clients’, or patients’ PHI.

 

I get to have a lot of conversations with physicians, practice administrators and operations staff.  From a high level view it seems like most practices are at a stand still regarding new projects, EMR implementations, EMR conversions, and basically anything else but the status quo.  It is almost like practices are frozen like deer in the headlights.

When you take a step back and look at all the factors it is no wonder this situation exists.  Here are some themes, quotes, and thoughts that I have heard over the past few months.

We are not sure how the proposed cut in Medicare reimbursements of 21% is going to affect our revenue.

Reimbursements from private insurers have slowed down significantly and it is hurting our cash flow.

We are seeing a significant drop in patients and we believe it is recession related.

We have no confidence that we will see any money from the stimulus bill.  There is no definition of what meaningful use is or what a certified EMR is.

How can you do anything if you don’t know what the healthcare reform is going to look like or if it is even going to be passed?

We want to implement a new EMR but our data is locked in our old EMR.  There doesn’t seem to be any tools of getting the data out.

When you put it altogether you get a sense of uncertainty.  The political, economic and technology environments are covered in uncertainty.  Is it any wonder why medical practices are frozen like deer in the headlights?  I would love to hear about your practice, your concerns, and steps you are taking to address the uncertainty.

I came across an interesting video from Microsoft about how they see healthcare in the future.  It is about 4 minutes long.  It seemed to me that a lot of the technologies that they were showing are available today.  Don’t tell Microsoft but it looked like the actors in the video were using Apple iPhones and iPads.  I am not sure that is the message they were hoping to send.  For the benefit of the doubt, let’s say they were using the new Windows Phone 7 Series on a phone and tablet.  Either way, the video is pretty interesting.  The link to the YouTube video is below.

When I was a freshman at Penn State, I landed a summer internship at Merck & Co., Inc.  Within weeks of working there I knew I wanted to be the Chief Information Officer (CIO) of Merck.

A good definition of a CIO can be found at Answers.com.

A company executive who is responsible for the management, implementation and usability of information and computer technologies. The CIO will analyze how these technologies can benefit the company or improve an existing business process and will then integrate a system to realize that benefit or improvement.

My view of a CIO is a person that is responsible for the overall Information Technology (IT) including:

• Hardware (desktops, laptops, network, wide area network, Internet, firewalls, etc.).
• Software (customer relationship management [CRM] systems, accounting systems, manufacturing systems, etc.).
• Security (policies, procedures and technology to implement and enforce security).
• Support of the entire Information Technology.

A CIO must be involved with the selection of new technologies, the implementation of new technologies and must ensure that any new technology is secure and supportable within the company.

Most of the time a CIO is associated with a large enterprise but as the title of this article states, it is my belief that every medical practice should have a CIO.  Just like in large organizations, a medical practice has information technology needs.  As I mentioned in this article, as a practice implements an EMR the size of their network will grow rapidly.

Whether it is a small, midsize or large medical practice, the need for a CIO exists.  The CIO should understand the details, the workflow and the requirements of the practice.  If the practice is at the point of trying to select an EMR, the CIO should be involved in the selection process.  The CIO should understand what the functional requirements of the EMR should be but should also be concerned with the network, security and support requirements.  In addition, the CIO should be involved with the implementation and coordination of the multiple vendors (software, network, training, Internet Service Provider [ISP], lab vendors, digital x-ray vendors, etc.) to successfully implement the EMR.

Once the EMR has been implemented, the CIO will need to ensure that the system is supportable, secure, and reliable.  The CIO will need to be involved if any of the components of the information technology need to be upgraded or new components need to be added.  The CIO must ensure that an upgrade of one component does not negatively impact the functionality of other components.  The CIO will also need to be involved if there is a problem with one of the IT components. The CIO must resolve the unavoidable vendor finger-pointing that occurs when multiple vendors are involved.

A practice will need to ensure that they are compliant with all government regulations including HIPAA and the HITECH Act.  The CIO should be responsible for ensuring that the policies, procedures and proper technologies are implemented for the practice to be in compliance.  The CIO should also be involved with the monitoring and adherence to the security polices and procedures.

After 16 years, I left Merck and eventually co-founded Entegration, Inc.  For over 10 years I have been the CIO of my client’s medical practices.  I have to admit that it is one of the most rewarding jobs I could have hoped for.

On May 7, 2009 GE Healthcare announced a $6 billion marketing campaign and product development initiative that focuses on healthcare.  Since then GE Healthcare has been very busy with advertising, partnership announcements and product announcements.

If you watched the Olympics over the past two weeks you couldn’t help but see commercials for GE Healthcare.  The Take a Look commercial that announced their new handheld ultrasound machine was quite impressive.  Did anyone else have flashbacks to Star Trek and Dr. McCoy’s tricoder?  The other commercial that stood out was the one for their EHR where all the patient’s doctors stood up one by one to comment on his medical history.

In addition to the Olympic ads, GE Healthcare announced a partnership with Intel and the Mayo Clinic to study remote home monitoring.  The study will use GE/Intel remote monitoring devices. 

The year-long study, led by the Mayo Clinic, will involve 200 high-risk patients over the age of 60. It will explore and evaluate whether GE/Intel remote monitoring devices might reliably be put to use in reducing hospitalizations and emergency department visits.

Yesterday at the Healthcare Information and Management Systems Society (HIMSS) conference, GE Healthcare announced the following:

– Debut of GE’s new clinical knowledge platform that enables healthcare delivery organizations to improve performance against their quality targets.

– Launch of GE’s next-generation eHealth Solutions platform — an infrastructure offering that includes expanded services for health information exchange, a clinical portal and a patient health management system.

– Demonstration of planned enhancements to eHealth Information Exchange (HIE) which are expected to enable the HIE to view reports on healthcare quality at the provider level, state level and information exchange level based entirely on information collected from participating providers.

– Enhancing the quality of patient care and addressing the needs of IT professionals, GE Healthcare IT’s latest imaging solution debuts with new technology to bring images to the EMR using a single point of access.

– A suite of rapid implementation packages for GE’s proven electronic medical record and revenue cycle management solutions.

– Announcing the addition of thirty hospitals to the business’ latest Centricity(R) Enterprise EMR platform since November, fueling double-digit growth.

As you can see, GE Healthcare seems to be following through on it’s Healthymagination announcment.

There is a very interesting post over at The Healthcare IT Guy which shows the actual use of EMRs in the United States.  The report shows usage broken down into several catagories including the number of physicians at a site, number of exam rooms, patient volume, hospital/health system ownership, practice speciality, State and a few others.   The report is based on a survey by SK&A of 180,000 medical sites. 

Below is a sample of the full report.  Notice that overall only 36% of those surveyed reported that they have implemented an EMR.  The number of small practices with 1 -2 physicians is higher and the number of midsize practices is lower and decreases as the amount of physicians increase.  The number that is surprising is that in large practices with over 26 physicians, 71% of them have implemented an EMR.  Imagine the amount of paper charts that are generated each year for the 29% of large practices that have not implemented an EMR.

Take a look at the full report and see how your practice compares.