There is a very interesting post over at The Healthcare IT Guy which shows the actual use of EMRs in the United States.  The report shows usage broken down into several catagories including the number of physicians at a site, number of exam rooms, patient volume, hospital/health system ownership, practice speciality, State and a few others.   The report is based on a survey by SK&A of 180,000 medical sites. 

Below is a sample of the full report.  Notice that overall only 36% of those surveyed reported that they have implemented an EMR.  The number of small practices with 1 -2 physicians is higher and the number of midsize practices is lower and decreases as the amount of physicians increase.  The number that is surprising is that in large practices with over 26 physicians, 71% of them have implemented an EMR.  Imagine the amount of paper charts that are generated each year for the 29% of large practices that have not implemented an EMR.

Take a look at the full report and see how your practice compares.

While healthcare providers and their associates–which include third-party administrators, claims processors, attorneys, accountants and software providers–have been required since September 2009 to report breaches of 500 medical records or more if the records include non-encrypted data, some states have been enacting tougher laws. Now, it looks as though the federal government will be upping fines–in some cases up to $1.5 million–related to the leak of personal information, as well.

Beginning in mid-February, penalty ranges now will correspond to what the violator did or did not know. Willful neglect, for example, will cost between $10,000 and $50,000 per violation. There are several other categories of neglect and knowledge.

Of late, there have been a number of large, publicized breaches, including 15,000 compromised records of Kaiser Permanente patients and 450,000 compromised records of Health Net of Connecticut patients.

Source

I have had several conversations with doctors regarding some of their colleagues being the target of  phishing scams.  For those of you who are not familiar with the term phishing, it is defined by webopida.com as

The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.

An example of a recent physician targeted phishing scam can be found  at FierceHealthIT  with a related story here .

Some tips to identify and avoid phishing scams can be found at the American Medical Association website.

There have been many conversations regarding the amount of stimulus payments a practice can receive for using an Electronic Health Record (EHR) system.  From a high level view, the following items are important:

Medicare and Medicaid – stimulus payments will be in the form of Medicare and Medicaid reimbursements. 

Meaningful Use - Medicare and Medicaid will provide reimbursement incentives to physicians and hospitals that show “meaningful use” of an EHR. 

Certified EHR – The EHR a physician or hospital uses must be certified through the Certification Commission for Health Information Technology (CCHIT).

For an excellent overview of the amount of stimulus payments a practice can expect to receive check out the following article.  

If you want to use a quick and easy calculator to see what stimulus payments a practice may expect to receive go here.

This article provides some very good links to discussions concerning “meaningful use”.

If you are looking into various EHR solutions, makes sure you discuss with each of the vendors what their certification plans are.  If you have already implemented an EHR make sure you have the same certification conversation.

The purpose of this Blog is to educate and inform our readers regarding important health information technology topics and related news articles.  With 10 years of experience supporting medical practices and helping with Electronic Medical Records (EMR) implementations, we have a unique perspective.  We would like to share this insight with our readers.   We will try to hit on topics that we think will provide value but we also will look for feedback and guidance to what our readers feel is important.

Our goal is to make this Blog a valuable resource to our readers.  We welcome comments, criticisms and ongoing feedback.  We will know we are successful if we can turn this Blog into a two-way information sharing medium between us and our readers.

There are literally hundreds of Electronic Medical Records (EMR) systems for sale.  Some have similar feature sets while other differ in their offerings.  There are many articles, blogs, and whitepapers on picking and implementing the best EMR for a practice.  Most of these seem to focus on the software selection, the workflow process, the implementation process and ongoing support of the EMR.  What seems to be missing is the focus on the actual network and computer system that the EMR will be running on.

As a practice goes from paper charts to a full blown EMR implementation, there will be a need to grow the practice’s computer network dramatically.   With the old paper chart model, there may be a couple of computers at the front desk for patient sign in and insurance information collection.  There may also be a few computers for billing and administration.  On the whole, a practice may have a very small or limited computer network. 

On the other hand, once a practice moves toward an EMR implementation the amount of technology required increases dramatically.  The front desk will may need scanners to scan insurance cards, driver’s licenses, etc.    Additionally the front desk may check on insurance coverage which may require Internet connectivity.    Physicians will need tablet computers to enter patient information during a visit.  If a practice decides not to purchase tablet computers then perhaps each exam room will need a computer, laptop or terminal to access the EMR system.  The billing department will need access to the EMR system as well as Internet connectivity to submit insurance claims.  Workgroup or network scanners may be needed to scan old patient records into the EMR or to scan patient’s new paper information i.e. letters, referrals, etc.  Electronic fax servers may be required to send information out of an EMR to another physician’s office or the fax server may be used to receive electronic faxes and attach them to patient records within the EMR. 

In addition to the equipment mentioned above, there is the EMR itself.  The EMR may require a database server and database software such as Microsoft SQL Server.  There may be a need for a network domain controller which stores the user names and network credentials for a practice’s employees.  The EMR database may be backed up to a tape backup unit or by a remote backup service that backs up the data securely over the Internet.  The reliance on the Internet become essential and requires a dependable and fast Internet connection.  These connections can be a T1 from a phone carrier (i.e. Verizon, AT&T, Qwest, etc.), DSL or a Cable Modem.  The Internet connection should be secured via a Firewall which protects a practice’s network.

Once all of the above technology is purchased and deployed a practice may want to roll out Email for both internal and external communication.  Email with patients may require additional email encryption technology.  With all the new computers and employees that now have access to the Internet, the potential for abuse may arise.  Technology to limit employee’s access to the Internet may need to be implemented.  Additional technology to provide Disaster Recovery of the EMR or network may also need to be purchased and implemented.  Remote Access to the EMR may be required which may require additional network technology.

As you can see, a practice may go from a handful of computers to a full blow computer network with a lot of advanced technology.  The network will need to be maintained which may include verifying data backups, security patch deployment, software upgrades, preventative maintenance, etc.  In addition, the HIPAA Security Rule and HITECH Act requires that a network be secure, audited and access to patient information must be available.  These requirements bring along the need for additional technology and network maintenance processes.

We will go into detail about a lot of these technologies in future updates.  A final thought to think about when a practice is evaluating EMRs – Don’t forget about the computer network!