(Editor's note: This guest blog was written by Julie A. Dooling, RHIA, AHIMA Director, HIM Practice Excellence.)

When an unexpected event occurs in healthcare, instincts kick in, and professionals execute what they have learned through training.

There are two types of disaster threats: natural and man-made. While we have recently experienced numerous acts of nature such as tornado, flood, and super storms, the Boston bombing, unfortunately, reminds us of man-made disasters' devastating powers. 

Intentional man-made threats are categorized as: theft, civil unrest (rioting and looting), terrorism and computer virus, worms, hacking , and other nefarious schemes of man. In comparison, unintentional man-made threats are categorized as: transportation accidents such as a plane crash, chemical contamination such as spilled toxins, or flooding or fire due to mechanical or faulty systems.

As HIM professionals, we know a business continuity plan (BCP) is essential to protect patient safety, secure health information from damage, ensure stability in continuity of care situations, and provide an environment for orderly and timely recovery of information. The major components of the BCP are:  risk assessment and analysis, downtime and contingency planning, disaster recovery, data backup and emergency mode operations. 

We also know that the BCP has little meaning without associated training. The BCP should include the formation of internal incident response teams with ongoing training throughout the year. Practicing and maintaining skills and expertise will only enhance a healthcare professional's instinct in a disaster situation. 

Identifying patients is one of the most challenging and difficult operational issues during times of disaster. HIM professionals possess the necessary experience, skill set, and knowledge instrumental to perform this function. If the situation does not impede electricity and internet connectivity, consider yourself lucky. Today's electronic health record (EHR) systems and personal health record (PHR) systems can help with correctly identifying patients, and  access to historical information will assist with safely treating the patient.

However, if the situation calls for a ready-to-use system for admission and registration due to lack of access to electronic systems, the following will help with patient identification:

• Pre-numbered tags that can be attached to the patient in multiple ways (clipped or tied).
• The use of check boxes on the tag or colored tags to determine gender, hair color, race, eye color and age (child, adolescent, adult).
• A consistent process to identify unknown patients (unable to speak, comatose, etc).
• Patients may have valuables that will need to be collected and tracked. Organizations should determine the best manner of collection and storage of such valuables within their facilities and what personnel should lead this process.
• Location of where the patient arrived.  During disaster, there could be many entry points.

Knowing the disposition or location of the patient at the time of discharge requires a formal process. Having a process in place to locate and report dispositions will prove invaluable. This is especially true when high volumes of inquiries regarding patient information are likely to occur. Consider these processes: 

• What kind of system will be used to track this information?
• Are their processes for documenting on paper vs. electronic systems?
• Are there preprinted forms that should be used for the paper process?
• Are there workarounds for reconciling medication lists, documentating allergies and contraindications, since these are likely captured as "flags" in the EHR.
• How will volunteer healthcare providers know where to supply this information during a disaster?  In a large scale disaster, healthcare providers who do not have privileges on your staff will present at your facility wanting to volunteer their skills and expertise.  A plan of action will need to be developed for approving and expediting privileges and scheduling shifts.

Post disaster, it's important to evaluate the crisis and the response to learn and share with others. Performing a data autopsy should include all decisions that were made regarding data management. Questions to ask include:

• What documentation was created?
• Where was documentation created?
• What systems were used?
• What was the time frame of the disaster?
• How many patients were treated?

Finally, HIM professionals must implement a plan that empowers all pertinent stakeholders to update records with any missing identifiers and assist in the billing process. Since the normal admission and discharge procedures will have been abbreviated, this plan will help in recovering any missing patient information that would otherwise compromise the record's integrity. 

(Editor's Note: This guest blog was written by Jill Hoffman, managing editor of Executive Insight.) 

At the third annual PharmEHR Summit April 17, leaders in the electronic health record (EHR) and pharmaceutical industries gathered to discuss the status of EHR adoption and potential collaboration between EHR and pharmaceutical companies.

The summit, hosted by PDR Network and held in Philadelphia's Wannamaker Building, kicked off with opening remarks by Richard Altus, president of PDR Network. Altus gave a roundup of how EHR adoption has evolved over the last three years. Among his points, he noted:

• Sixty-eight percent of physician practices have completed some type of EHR implementation, according to Black Book Research.
• Over 350,000 eligible professionals have registered for Meaningful Use (MU) attestation, according to a December 2012 CMS report.
• The EHR market is expected to grow 21% in 2013, per a survey published in the Feb. 22 Black Book Rankings.
• Development of interoperable EHR solutions has become a priority, as evidenced by the CommonWell Health Alliance - an independent, not-for-profit trade organization open to all HIT vendors and committed to the idea that a patient's data should be available to patients and providers, regardless of where care occurs.
• Remote patient monitoring and communications will become a focus, as healthcare organizations transition to ACO models.

During a discussion on EHR adoption, MU and patient engagement requirements, Douglas Gentile, MD, MBA, CMO, Allscripts, said several factors were contributing to EHR and e-Prescribing adoption rates, but one primary factor was fueling growth: "This is being driven by money, particularly Meaningful Use money."

New Workflow

When physicians implement EHRs, it completely changes their workflow - from documentation to looking up patient information to billing and discharge. "We literally live in the EHR," Gentile said.

One of the biggest problems for the physician becomes filtering the wealth of information offered up by the EHR. In many cases, the physician has become the bottleneck for handling and managing many tasks that used to be overseen by other staff members, Gentile explained. To be successful, EHR solutions must find a way to move these administrative processes back to the appropriate staff.

Patient Portals

The growth of patient portals was another area Gentile touched on. The Office of the National Coordinator for Health Information Technology has made patient engagement a priority, with the belief that greater engagement will lead to decreased healthcare costs and better outcomes. Providers have developed a variety of portal environments, using EHRs to deliver information to patients and communicate with them, in an effort toward meeting MU patient education and engagement requirements.

"Patients want and expect to interact with providers online, including Baby Boomers," Gentile said.

The ROI for patient portals is now being realized, as providers are able to push time-consuming paperwork, patient registration procedures and questionnaires to the portals, Gentile said.

Pharmaceutical Partner Opportunities

With the growing need to manage chronic diseases, physicians will have to do more than prescribe drugs; they will need to make sure the patient understands his disease and is taking medications correctly, to affect behavior change. Providing patient education through the patient portal is one way to do this, said Edward Fotsch, MD, executive chairman, PDR Network.

Since pharmaceutical companies are experts in their products, the companies, through partnerships with EHR companies, could offer new communication on a given drug, beyond the usual monograph, as well as educational programs and financial packages/rewards for using their products. Interactivity could avail the companies with feedback from patients on how they are responding to their medications.

The key to such solutions: customization. "Patients want information tailed to them," Fotsch said.

EHR Interoperability

A panel of EHR and pharmaceutical company representatives discussed why the EHR "flavor-of-the -month" mentality is problematic, the need to communicate across multiple platforms and obstacles with delivering granular information to the right place with today's fractionated technologies. Talk also revolved around how pharmaceutical companies can help with drug efficacy questions in the hope of treating patients more effectively and less expensively.

The Future

In a session titled "EHRs: The View from Wall Street," Sean Wieland, senior research analyst, Piper Jaffrey, made bear and bull cases for EHRs (he is bullish on EHRs) and painted a future in which a doctor is standing in line at Starbucks and pounding through his EHR. However, he said changes will need to happen to make that vision a reality, as EHR vendors are challenged by outdated technology platforms (e.g., client servers running Citrix), and said cloud technology is where things are heading. The Common Well interoperability effort/Google approach "has to happen," Wieland added.

Michael Golub, MD, FACP, CMO, Digitas Health, a former ER physician, noted in "EHRs: The Clinician's Perspective" that time is the currency of this century. EHRs can help physicians gain time through clinical decision support tools offering evidenced-based medicine recommendations. They "help doctors make fast, smart, accurate decisions at the point of care," he said. By the same token, EHRs add time-consuming tasks to the physician workflow. The take-home lesson: EHR use depends on usability, Dr. Golub said, pointing out that many physicians are moving on to the second generation of EHRs.

(This guest blog was written by Bill Sinn, marketing director, healthcare practice, Pitney Bowes Software.)

It's only three years since the Affordable Care Act (ACA) was signed into law by President Obama, and the industry is already seeing huge changes. For instance, the U.S. has expanded the number of citizens receiving preventative care, increased Medicaid payments for primary care doctors, and improved the coordination and quality of patient care by bundling payments.

More change is still forthcoming. Among other laws yet to be instated, the ACA will be providing affordable and qualified health benefit plans and increasing access to Medicaid. But the ACA is doing more than expanding healthcare coverage to all Americans - it's also enforcing new programs and regulations intended to cut healthcare costs for both the government and its citizens.

Along with the increase in the amount of patients and the coinciding spike in customer records and communication, health information professionals are particularly impacted by new regulations aiming to reduce readmission into hospitals. 

Essentially, if patients are readmitted to a hospital unnecessarily within 30 days of being discharged, the hospital faces fines in the form of reduced Medicare reimbursements from the government. In fact, 2,000 hospitals were already penalized in the first month of the program - some as much as $1 million. So now, when patients are released, the hospital is more accountable for their care and has a vested financial interest in their treatment programs.

This change requires a fundamental shift in approach. Hospital visits no longer end when a patient is discharged. Health professionals need to better track and communicate with the patient to ensure they attend follow-up appointments with physicians and take the correct medication and preventative actions to improve their condition.

To start, there are practical steps hospitals should take when patients are discharged. 

When creating discharge instructions, it's important to ensure that the directions and recommendations contained within are actionable. This is achievable by utilizing today's advanced location intelligence technologies to help pinpoint pharmacies, urgent care facilities and physicians closest to the patient. By providing information about where patients can go for the best care - instead of the emergency room - they can work to keep the patient out of the hospital.

But the improved interaction and communication doesn't end there. The need to collaborate with care givers, long-term care facilities and physicians offices becomes paramount, which is where the shift in health professionals' jobs comes into play.

Collaboration is Crucial

Patients typically work with three to five different organizations after a hospital visit - none of whom communicate efficiently with each other, if at all. So how can health information professionals manage to keep up and keep compliant with this new regulation when they're dependent on other partners?

To realistically reduce hospital readmission, secure cloud solutions and mechanisms for managing patient data across silos and partners are now essential. The cloud can make it easier and more efficient for health professionals to track patient care. Advanced master data management (MDM) and customer communication management (CCM) solutions deployed in a cloud environment can aggregate patient data to see what communication went to the patient and if anything else is needed. Hospitals will be able to see, for example, if a physician's office is recommending an exercise or supplement that will complement the treatment. If not, the hospital can provide a prompt recommendation.

This collaborative approach enables healthcare providers to send reminders about appointments and increases transparency between all the organizations that are involved in the patients' road to recovery. Healthcare providers who have embraced collaboration in the cloud are ahead of the game.

What about your organization?

The long-awaited Final Rule implementing HITECH Act amendments to HIPAA simplifies outsourcing in health IT by requiring business associates to safeguard protected health information in the same manner as covered entities.  Nearly three years after proposing regulatory amendments to the HIPAA privacy and security rules, the Department of Health and Human Services has finalized its "omnibus" revisions. 

The most far-reaching of these revisions greatly expands the applicability of the HIPAA security rule to include business associates of covered entities, such as hospitals and clinics and their subcontractors.  Business associates and their subcontractors are now directly subject to the HIPAA Security Rule, parts of the HIPAA Privacy Rule, and enforcement from the HHS Office for Civil Rights (OCR), meaning that, like covered entities, business associates and their subcontractors can be audited, investigated for data breaches, and penalized by HHS, and now by State Attorneys General, for security lapses.

This expansion of regulatory authority is intended to make it clear that an organization that functions as a business associate of a covered entity is responsible to protect the privacy and security of protected health information (PHI) in the same manner as the covered entity itself, no matter where the entity is found in the outsourcing chain.  This should also make covered entities more confident about outsourcing portions of their business knowing that their contractors and subcontractors are also directly subject to federal law. 

Under the HIPAA Security Rule, covered entities and business associates are required to conduct risk assessments to determine the extent of their security vulnerability and mitigate identified risks through security controls at the administrative, physical, and technical levels. This is standard IT business practice, but OCR conducted random audits of healthcare businesses and found that most (2/3) had not completed this foundational and critical activity in support of the privacy and security of information they held.  Covered entities are still required to conduct a risk assessment; however they can outsource many IT functions to vendors who are willing to meet the new requirements and sign an appropriate BAA.

At Verizon, for example, we have conducted thorough risk assessments and built stringent security controls into our industry-specific offerings for healthcare.  We have configured at least two of our large data centers to meet the security requirements of HIPAA as well as other federal and international security standards, such as the Federal Information Security Management Act (FISMA). We also have created a standard BAA that meets all the new HIPAA requirements so that a covered entity or one of its business associates can outsource IT functions to Verizon with confidence, whether that is networking, identity services, or cloud computing, without having to develop a HIPAA compliant BAA.

In a competitive job market you need an edge. ADVANCE has launched a new job board with tools and features that can help you stay a step ahead of those using standard search tools. ADVANCE has been in the healthcare employment business for almost 30 years giving us a loyal client base. When top healthcare employers have a tough position to fill, they turn to ADVANCE. We have an expertise in what healthcare employers are looking for. And now, we have enhanced tools to get your information in front of the people who want to hire you.

Anyone looking for a job knows timing is everything. Employers need to fill positions quickly, and with so many applicants they are able to make their decision fast. Our job board allows you to apply to any job in seconds with just a few clicks then track the status of your application.

Even if you are not actively looking for a job, it helps to have your résumé circulated so that when that once-in-a-lifetime position opens up, your résumé is found. You will be able to see how many employers have viewed your profile.

Go to www.AdvanceHealthcareJobs.com and search by job title, employer or location. Just checking in? Do a quick search. When you are serious about finding a position, an advanced search lets you set parameters to find your perfect job.

When you see the search results you can expand job postings to preview opportunities at a glance and sort results with an interactive navigation bar. You can save up to five searches to help you keep track of the positions that might be right for you. You can also set notifications to be alerted when new jobs are available.

Create a Résumé

The days of buying a pack of "résumé paper" and stuffing envelopes are over. Everyone must have an electronic version of their résumé ready to upload. ADVANCE can help you create a professional presentation that will represent the skills you bring to a new employer. Use the free Resume Builder to create the perfect resume. You can choose from three easy methods: step by step, copy and paste or upload.

One of the tricks of being noticed by potential employers is to target your résumé to meet their needs. With Résumé Builder, you can manage up to five résumés in the system. You can also create cover letters right on the job board and manage five different versions.

As a healthcare professional, you know you don't "just have a job." You are a committed, well-educated professional dedicated to your industry. ADVANCE recognizes building a career in healthcare is more than filling out applications so the site also offers comprehensive salary statistics, articles that give helpful career advice, and even a healthcare career blog.

Take advantage of getting an edge on finding your first or next position in healthcare. Go to www.AdvanceHealthcareJobs.com. You can sign in with your Facebook or LinkedIn account. You can also share open positions via social media or e-mail job postings directly to your friends and colleagues.

If you were to walk into almost any healthcare organization's business office, you would probably find that staff and Accounts Receivables (A/R) follow the traditional payer-centric model. There is typically the "Government Team" (Medicare, Medicaid and Tricare), the "Commercial Team" (Blues, UHC and Aetna), the "Self Pay Team," and other supporting players that do not discriminate by payer (i.e., Payment Posting).  Individuals within these payer-centric teams are often broken into smaller groupings by specific payer. Some organizations divide work by department or specialty to align the staff with key areas within the organization.  One could debate for hours the pros and cons of dividing the work in this way or that. Over the years, your business office has probably tried multiple ways to slice-and-dice the A/R.

Seven years ago, I was introduced to a slightly different concept for denial management.  The concept centered on organizing workflow by denials rather than by payer.  Staff could still sort work by payer, but the central concept for building work lists was to focus on the categorization of the denials.  Therefore, all coding related denials were grouped together, front-end issues grouped, and so on. 

The reason for this grouping methodology was to group "like" processes together so you could identify trends in workflow breakdowns.  For example, if a rep was assigned to work all coding-related denials, he/she could easily identify trends. Perhaps a specific CPT was not being paid by specific payers or was coded inappropriately. 

Normally you would lose this trending when you group denials by payer.  For example, reps may only touch a coding-related denial every 20 accounts and lose sight of a trend.  This sets reps up to become proficient in specific workflows.  They become "masters" of upfront registration and insurance or "masters" of coding workflow.  They essentially become change agents in your organization for bridging the gap between back office and front office.  They help the front end to understand its impact on the revenue cycle by working with them to change workflows and optimize revenue capture and reporting. 

This concept may be new to some organizations, and others may have been doing this for years. I have to admit I was not sold on the idea at first as I was brought up in the school of "payer centricity."  The idea of not having my staff focus on a specific payer at a time was a little unnerving at first.  Then I began discussing it with different organizations and heads of business offices and I quickly came to understand the benefits of this methodology.  The aspect that seemed to interest people most was the idea that they could get better trending and use the business office to "complete the loop" in the revenue cycle workflow.  By trending and reporting on emerging trends, they could bridge the divide that often separates the business office from the front end.

Considerations

If this sounds like an interesting concept to you, there are some considerations to take into account before moving ahead.

To move to a workflow-centric model, you would need to:

● Re-evaluate your staff members on their ability to understand workflows instead of payer requirements. Their productivity measurements would have to be re-tooled. For example, the person who works Coordination of Benefit (COB) denials will get through more accounts than the rep assigned to coding related denials. You want your measurements to reflect the amount of effort it takes to resolve the issue.

● Make modifications to your denial management system. Consider the technical changes that are needed to accommodate the new workflow. Establish a clear design of how staff will access work and update account status. Consider dividing the work into queues such as:

• Additional Information Required (documentation, COB, etc.)
• Coding
• Credentialing
• Verification (Demographics & Insurance)
• Timely Filing
• Liability (MVA and Workers Comp)
• Referrals/Authorizations
• Duplicate

● Decide whether to break out the no activity/account follow-up to a separate team of people.

● Establish a communication plan for identifying and reporting trends to business office management and subsequently to the source of the "issue" or denial. The goal is to establish a collaborative relationship in which the A/R reps are change agents who educate and advise on negative impacts to the revenue stream and advocate for workflow changes.

● Promote your A/R reps. The most common complaint of an A/R rep is there is nowhere to go in the business office other than management. Start your new reps on COB and insurance eligibility-related denials. Allow them to "graduate" to more complex related denials (i.e., coding-related denials).

If you are already doing this, please feel free to share comments for your peers on how this methodology works/doesn't work.  I think it is worth mentioning as many of us are still stuck in the payer centric model and wondering if there is another way of doing business.  One size doesn't fit all, but it's always interesting to discuss and debate new philosophies and other possibilities until we find one that fits.  Healthcare business is only getting more complicated by the day and we may need some evolution and creativity to stay ahead of the curve. 

Sondra Bruderer, a consulting manager with Hayes Management Consulting, has more than 14 years of experience in revenue cycle management, patient access management, operational and technology assessments, optimization services, process redesign, policy and procedure development, system implementations, management, and project management.

(This guest blog was written by Kayla M. Zirbes of The College of Saint Scholastica. Zirbes is an AHIMA student advisory council member and AHIMA Hill Day 2013 participant.)

As a member of the American Health Information Management Association's Student Advisory Council (SAC), I have benefited from many unique opportunities to become active within the health information management profession.

On March 19, I was able to advocate at Hill Day in Washington, D.C., for RAC audits, unique patient identifiers, as well as the HIM profession as a whole. I also was able to assist HIM professionals with developing a social media presence to help promote the profession leading up to AHIMA Hill Day, during Hill Day, and beyond.

At Hill Day, the SAC hosted a social media help station to promote social media connections between AHIMA members and legislators. It was our goal to help all AHIMA advocates become active on Facebook and Twitter by following their legislative members and proactively commenting and messaging to promote the HIM profession. The station produced great results and led to interactive conversations in person and over social media.

Hosting the social media station gave SAC members a chance to enhance the presence of future HIM professionals and also gave students the opportunity to network with current advocacy leaders within the profession. It was a great opportunity to build connections, discuss HIM issues, and learn more about the political aspects of advocacy.

Following the social media station and advocacy symposium, AHIMA members used their new social media skills to make the most of their presence at Hill Day. As a participant, it was exciting to watch members use Twitter to reach out to their Congress members and promote the Hill Day issue set. During the day, I used Twitter to quote presenters and legislators whom I was able to meet, enabling others to follow my experience.

The social media station will enhance our profession's image and our ability to network and advocate year round. Utilizing social media enables us to stay in touch with other members as well as the association, which helps unify and enhance our experience.

On a personal note, my highlight was the fantastic experience I had meeting with my state representative, Rep. Rick Nolan of Minnesota. He was extremely accommodating, so much so that he allowed AHIMA members to go with him to a voting session, followed by a personal tour of the Capitol building. He then took the time to discuss our issue set and seemed responsive to our requests. Having the opportunity to meet with my representative was a once-in-a-lifetime experience. It isn't every day that a student gets to meet their legislator and can advocate for something meaningful for their profession.

Cloud computing and storage is an undeniable migration path and IT strategy.

Overall spending on cloud technology is expected to reach an estimated $150 billion annually by 2014, according to a recent Gartner Group study. And within healthcare, 35 percent of health IT professionals surveyed said their organization was implementing or maintaining cloud computing in 2012, up from 30 percent in 2011, according to a new survey by Vernon Hills, Ill., technology vendor CDW.

However, not every software application in healthcare is a candidate for moving to the cloud. And many old myths about cloud computing and cloud storage continue to confuse both covered entities (CEs) and business associates (BAs).

The HIPAA omnibus rule, released in January 2013, basically incorporates the HITECH Act security provisions into HIPAA, confirming the security and privacy requirements in the utilization of technology in healthcare. Below are five key changes under the HIPAA Omnibus Rule:

1. BAs of CEs are now directly liable for compliance of certain privacy and security rules.
2. The rule strengthens the limitations on the use and disclosure of PHI for marketing and fundraising, and it prohibits the sale of PHI without individual authorization.
3. It adopts the increased and tiered civil monetary penalty structured by the HITECH Act.
4. It mandates breach notification for unsecured PHI under the HITECH Act.
5. It modifies the HIPAA privacy rule as required by the GINA (Genetic Information Nondiscrimination Act), prohibiting health plans from using or disclosing genetic information.

With the increased focus on cloud computing, healthcare organizations should develop a set of criteria that helps evaluate potential cloud vendors and their compliance with these requirements. Here is a list to help healthcare providers get started.

Risk Assessment

In order to protect themselves, CEs should perform a risk analysis on all potential cloud vendors. The risk assessment should include policies, privacy and security awareness training, account management, physical security, business continuity, incident response, and media disposal.  Maintain assessment documents and vendor responses for six years and have them readily accessible should Office of Civil Rights auditors come knocking.

Contracts

Review your existing Business Associate Agreements (BAAs) with cloud computing partners and ensure they are updated to comply with HIPAA omnibus. For example, contract language should be specific as to the service, usage, and location of the data to be stored in the cloud.

For cloud-based partners using multi-tenant hardware, specific technical and procedural controls for sequestering information by CE or BA should be stated and included in contracts. An indemnity clause must be included stating that the cloud vendor carries enough insurance to cover a breach.

Audit

Know if the existing or potential cloud vendor has been audited. Do they have a current SSAE report? If there were findings, is there a documented remediation plan? Are regular, internal audits conducted, and is the cloud vendor willing to share the results?

Encryption

Does the vendor provide encryption for the communication of information and the data at rest? Encryption is the best way to protect data and prevent breaches. HITECH requires that communication pathways and data storage devices are encrypted.  Ask cloud vendors to define their encryption methodologies for both.

Business Continuity

Business continuity has always been a must have with cloud-based solutions. Some of the new omnibus requirements make it even more important for CEs and BAs. Questions to answer include:

• How redundant is the vendor's power?
• How many power feeds does the vendor utilize?
• How many Internet feeds?
• How often do they perform tests of their systems?
• Do they keep their equipment sufficiently maintained?

Cloud solutions will keep your PHI private, secure, safe, and in compliance with HIPAA's omnibus rule. Your effective due diligence ensures that they do.

Healthcare reform in the U.S. is rapidly moving in the direction of making providers more accountable for both cost and quality performance. The term "accountable care" is used to describe the new environment. Groups of providers assume responsibility for care across the continuum with reimbursement tied to quality and cost performance. An organized, systematic approach to care coordination is central to successful accountable care to reduce barriers to patients receiving appropriate services and achieving clinical goals.

Much of the work on care coordination to date has focused on patients with one or more chronic conditions. Under accountable care, the same types of screening for needs and extra support will be applied more broadly, with healthier members of the population receiving low-density coordination and higher risk patients receiving more monitoring and support. The foundation for care coordination is a patient coordination plan identifying goals set by the care team and the patient and the care coordination interventions geared to assisting in reaching the goals. For each patient, the plan is based on the unique set of socio-demographic and medical challenges that could be barriers to achieving goals. The work of care coordination is performed by members of the direct care team, as well as dedicated care coordinators.

Under accountable care, a medical home (for most patients, a primary care practice) is at the center of how care is organized for each patient. There are several models for implementing care coordination around the medical home. In the integrated model, the care coordination teams are fully integrated into local staffing and care teams. Another model, often subsidized by an external payer, relies on an external care coordination team working side-by-side, or embedded, with care teams that are within the medical home. Sometimes care coordination efforts are focused on a particular care event such as a hospitalization. These care coordination efforts are temporarily focused on a particular patient and are designed to facilitate effective transitions in the care process. Finally, there are the care coordination teams that are entirely external to the medical home - these efforts are typically provided by payers, or employer sponsors of healthcare coverage.

Transitions in care from one level or site of care to another represent a particular challenge for care coordination designers because they are a point at which many "hand offs" occur, and the opportunity for miscommunication is significant. Recent public focus on preventing avoidable readmissions is, in many ways, an acknowledgement of the risks associated with poorly executed transitions in care. Despite considerable research on risk factors and interventions to reduce risks, there is no magic bullet indicating what mix of interventions will minimize the risk for each patient. One thing that is clear is that while comprehensive discharge planning and post-discharge care and support improve outcomes for high-risk patients, they also will require care management infrastructure separate from that in the patient's medical home. 

HIT is critical to efficient care coordination for large numbers of patients. HITECH Meaningful Use calls for the capture of some of the critical patient information needed and builds the foundation for communicating patient-specific information among clinical partners of the medical home such as hospitals and specialist practices. However, HITECH is the floor, not the end point of the HIT needed for accountable care, and organizations that pursue the program with that mindset, rather than just focused on the thresholds defined for the incentives, will get there faster.

For more discussion of this topic, refer to a CSC white paper: http://www.csc.com/health_services/insights/93365-preparing_for_accountable_care_coordinated_care?ref=ls

(Editor’s note: This guest blog was written by Russ Reese, AS, a development manager for M*Modal.)

It seems inevitable that billing for dictation/transcription must move to a different metric. There are at least two candidates: data points and minutes. By "data points," I mean a scheme where the customer is charged based on the number of pieces of data returned. When I say "minutes," I am referring to using the length of the dictation as the metric for billing.

(This guest blog was written from HIMSS 2013 by Adrianne O'Brien of Executive Insight.)

As hospitals strive for increased patient engagement to improve outcomes and reduce readmissions, that engagement means more IT solutions, which means more opportunity for data breaches.

At the HIMSS conference on March 5, David Kennedy of Trusted SEC launched his "Hacking Your Life" session with sobering stats. In 2012, there were 327 breaches in the medical industry. The medical field is more likely to get hit with breaches than any other industry, and in terms of protective solutions, it's about five years behind other industries. The types of attacks in the medical industry are, noted Kennedy, "basic" (spear-phishing, social engineering), and they're not new; they've been around since the mid-to-late ‘90s.

Kennedy breezily described how a hacker could break into a hospital's IT infrastructure undetected. The hacker could create a fake online HIPAA form for employees to fill out, supposedly in order to keep receiving benefits. Mentioning benefits creates a sense of urgency. The form could mention that it would only take 1-2 minutes to fill out, removing the barrier of time. The form could also note that it's coming from a secure site. Who would question it? Employees would then log in with their user name and password, which the hacker would then steal and use to get into the benefits system.

After describing how his company simulated a breach into one hospital (he was able to hack into the HVAC system, showing the hospital execs how he could raise the temperature in operating rooms, wreaking havoc with their sterile environments and killing patients; the physicians "freaked out"), Kennedy talked solutions.

Hospital execs should simulate an attacker and how he or she will gain access to the infrastructure, find exposures and validate that the right defenses are in place. Don't focus your security program on HIPAA or Meaningful Use. Instead, focus on identifying flaws and segmenting critical points in your hospital's infrastructure. Lastly, hold security vendors responsible.

(This guest blog was written from HIMSS 2013 by Adrianne O'Brien of Executive Insight.)

We're blogging from the annual HIMSS conference in New Orleans! A group of healthcare/hospital CIOs navigated the miles of exhibit space at the Ernest N. Morial Convention Center and the 32,718 registered attendees to present a panel discussion on the findings of the 24th annual leadership survey. An interesting part of the discussion was about EHRs. About 74 percent of hospitals, the panel was asked, are shopping for a new EHR solution. Why?

"There have been some organizations that haven't been successful, so they're looking to reset," said Steve Fanning, vice president, healthcare industry strategy, Infor.

"The training of staff is hugely important," noted Mitzi Cardenas, senior VP strategy, business development/CIO, Truman Medical Center. "We've had a successful [HIT] implementation because of excellent staff training."

Mike Rozmus, VP and CIO, RMH Healthcare, noted that his facility's EHR implementation depended on a combination of "classroom and computer training - and at-the-elbow support."

"You also have to explain why we're implementing," added Fanning. "That must be communicated to physicians."

In anticipation of the HIMSS 2013 Annual Conference and Exhibition to be held March 3 to 7 at the Ernest N. Morial Convention Center, New Orleans, ADVANCE interviewed Bonnie Cassidy, MPA, RHIA, FAHIMA, FHIMSS, senior director of HIM Innovation at Nuance and AHIMA approved ICD-10-CM/PCS trainer. Cassidy spent the majority of her career on the consulting side and now is focused on ICD-10 and computer-assisted coding. She shared her enthusiasm for HIMSS' annual convention, which offers a multitude of educational offerings and networking opportunities for health information management professionals. HIMSS is expected to attract more than 35,000 attendees who want to utilize information technology and management systems for the betterment of healthcare. This year's theme is, "Health IT. Right Time. Right Place. It's On."

Q: These are exciting and fast-changing times for HIM professionals. How will attending HIMSS 2013 help them stay up to date?

A: HIM professionals everywhere are well entrenched in managing the integrity of patient identity in health information. At the same time, they are working on multiple initiatives, certainly Meaningful Use, health information exchange, and ICD-10. And as they move forward, healthcare reform is going to be very data-driven. I think HIMSS is a tremendous opportunity for HIM professionals to benefit from the perspectives of both the operations level and the senior executives who will be there. It's a great opportunity for hands-on practice and experience.

Q: What is on your list of "can't miss" events at the meeting?

A: This is a critical time for ICD-10 to take front stage. The preconference ICD-10 symposium is a great event to attend before HIMSS officially kicks off. The whole theme is about implementation and optimization of ICD-10, and doing everything you can to work on these initiatives simultaneously. The preconference will discuss how to manage competing priorities and position yourself as a leader amidst this transition.

During the convention, there is an ICD-10 presentation each day. It's a wide spread of information, from compliance to ICD-10 testing, to financial impact and payment reform. We have a lot of peers participating in panels as well as sessions. On Thursday, I'll be the speaker for Session 192: Information Governance Includes Core Record Set for Coding Compliance.

HIMSS is so great because as we're getting further along the ICD-10 roadmap, many presenters are describing more real-life experiences. It's not theory; it's real-life people operating within large academic medical centers who started the process several years ago and have a lot to share in terms of lessons learned.

Q: What advice do you have for conference attendees to make the most of their time at the conference?

A: If you've never been to HIMSS, you know it's probably the largest trade show for the healthcare industry. Take a look ahead of time at the program, do your homework, and schedule appointments for demos. You don't want to get there and not know where to begin. Make sure you mark the sessions you don't want to miss, and strategically plot them out during your day. HIMSS is huge! So it's important to wear good shoes, and it's worth noting that far more attendees take a business casual approach. HIMSS is very focused on education, learning and networking but in a relaxed atmosphere.

Q: What new products and services will you be on the lookout for in the exhibit hall?

A: The exhibit hall can be overwhelming. A tremendous amount of floor space is needed to fit all the vendors. All sorts of different products and services are out there, and attendees can really touch and feel what they want to know more about. Many exhibits and booths will be related to ICD-10, data analytics, and reporting tools. I'm expecting much of the buzz on the exhibit floor will be people questioning if Oct. 1, 2014, is really going to be the compliance deadline.

I think more and more we'll be seeing new trends in computer-assisted coding and more on application of clinical language understanding in the concurrent model of clinical documentation improvement. At Nuance, booth No. 4025 at HIMSS, we're looking at what that can do for data analytics and quality metrics. You want to leverage technology for as much as you can to capitalize on electronic structured data. Attendees will be hungry for information to see what their peers are doing to leverage such technology.

Q: In what ways can HIMSS help professionals take a leadership role in 2013, as HIM captures the attention of more healthcare administrators, professionals, and consumers?

A: Definitely, HIMSS attendees should go out of their way to meet people and do the networking that you don't have the opportunity to do at home. Don't be shy about meeting new people and introducing yourself at various social settings. Special networking events are available for everyone, from young professionals to fellows. Certainly the vendors will be doing a great deal of entertaining as well. Accept a few of the invitations that you receive.

(Editor's Note: This guest blog was written by Chris Giancola, principal at CSC Healthcare Group.)

In November, the Health and Human Services Office of the Inspector General released an early assessment of the oversight of the national electronic health records adoption incentive program, more formally known as the meaningful use of certified health information technology within the HITECH section of the American Recovery and Reinvestment Act of 2009. In its assessment, the OIG took stock of how the two agencies chiefly responsible for administering the program, Central Medicare Services (CMS) and the Office of the National Coordinator of Health Information Technology (ONC), are doing.

After performing a careful study involving both interviews and the examination of work products, the OIG offered up four recommendations - two to each agency - as to how those agencies could correct the shortcomings that the OIG observed. Those recommendations were that:

1. The ONC should require that certified EHR technology be capable of producing reports for all measures that a provider or hospital is attesting to.
2. The ONC should improve the certification process for EHR technology to ensure that the reports coming out of the EHR in support of the attestation are accurate.
3. CMS should issue guidance, with specific examples of documentation that professionals and hospitals should maintain, to support their compliance.
4. CMS should conduct audits before issuing payments to providers and hospitals, as well as after the payment has been made.

The recommendations are reasonable, both agencies agreed with the OIG's assessment, and both have agreed to take all but one of these recommendations into consideration. The assessment was performed on Stage 1 processes and procedures, and the agencies had already taken steps to self-correct. In fact, ONC implemented the second recommendation when it issued its own test data for the 2014 edition of its EHR certification process here.

The sticking point has come on the fourth recommendation. Eligible physicians and hospitals in the meaningful use incentive program are asked to attest that they are satisfying the requirements of each objective in the rule in order to receive payment. The OIG believes that because there is no attempt made by CMS to verify that any of the information being submitted is actually true before issuing an incentive payment to the provider or hospital, that there is a possibility of fraud and waste that is too big to ignore. The OIG's recommendation to CMS is simple: Trust the provider or hospital to attest honestly, but verify the information they submit in their attestation.

But, the OIG has no authority to compel CMS to adopt its recommendation, and CMS has pushed back with the belief that audits that occur pre-payment are overly burdensome and would discourage or slow participation by providers.

Both parties have legitimate points. Given the tight timelines for achieving each stage of meaningful use, it would be unreasonable to expect that a material number of audits could take place in an appropriate and relevant timeframe. By the OIG's own assessment, fewer than 20 percent of all attestations contained information that could possibly flag the submission as being worthy of an audit. The resources that it would take to perform effective pre-payment audits might cost more to perform than the savings those audits might yield, making their net value actually negative.

However, OIG insists there are reasonable steps that CMS could take to add a modicum of oversight before payments are made, such as by modifying the attestation system itself to check the internal consistency of the information being submitted (e.g., check that the provider declares the same count of patients in the denominators of more than one measure when those counts are supposed to be the same across those different measures). The attestation website is wholly within CMS' control, and its validation logic would apply immediately to all participating organizations without having to allocate scarce resources, or delay payment to most EPs and hospitals, to learn their "story" in order to perform a thoughtful pre-payment audit.

(Editor's Note: This guest blog was written by Alisa Ray, executive director, CCHIT.)

The advent of health information exchanges (HIE) has added a new level of complexity to the challenges facing both healthcare providers and health information management professionals. Even as we work to establish interoperability among EHRs within individual health systems, we also must facilitate interoperability among myriad EHR systems and HIEs.

High costs, technical differences, and long wait times for interface development are barriers we must surmount in order to share data among healthcare providers and across state lines.  Fortunately, the job just got easier thanks to a public-private partnership of states, public agencies, federally funded HIEs and HIT vendors that was announced just last month. The partnership has established a program to test and certify the ability of EHRs and other health IT to reliably transfer health data within and across organizational and state boundaries. The Certification Commission for Health Information Technology (CCHIT), the nation's oldest and most experienced HIT certification body, has been selected to carry out the testing and certification process.

The effort is being led by the EHR/HIE Interoperability Workgroup (IWG), a New York eHealth Collaborative (NYeC)-led consortium of states and vendors; and Healtheway, the newly formed public-private partnership of the eHealth Exchange, a network of organizations representing hundreds of hospitals, thousands of providers and millions of patients across the country.

The coalition comprises 15 states, 37 technology vendors, and 34 HIEs representing more than 50 percent of the U.S. population. They've created a robust, highly automated testing program to verify whether a system is capable of exchanging health information with many other systems. The coalition harmonized a set of functional, technical, and test specifications that enable true plug-and-play connectivity to simplify EHR and HIE development. The program will test the ability to send and receive encrypted health information over the Internet, look up and retrieve patient records, and produce a tightly constrained patient record summary that reduces variances and implementation-specific customization. These capabilities will enhance the ability of providers to meet their goals for coordinating patient care. 

Vendors have agreed to bring their products for testing according to these specifications, and participating states have agreed to promote the value of EHR and HIE products certified in the program. Testing will ensure that providers' EHR software has the capability to connect to their local HIE and enable communities and states to share patient health information.  

As the compliance testing body, CCHIT will certify that the interfaces between the HIT and HIEs are consistent across multiple states and systems. We also are an Office of the National Coordinator (ONC) authorized certification body and an accredited testing laboratory for EHRs. We are collaborating with AEGIS.net on the testing software, which is being developed under an open source license.

This project is a perfect fit for CCHIT's public mission as a nonprofit certification organization. Our experience in preparing organizations to certify their HIT products and our highly automated testing protocols will help health IT companies get their technology to market quickly and prepare provider and HIE participants to share information more efficiently.