Key Considerations for Hospitals Making the Move to EHRs

Will the economic stimulus package signed into law by President Obama in February accelerate the broad adoption of electronic health records? The expected impact of the bill has been widely discussed since it was enacted.
According to a study that appeared last year in the New England Journal of Medicine, only 17% of office-based physicians are using some sort of EHR. Hospitals have also been slow to go electronic. Another study appearing in the NEJM found that just 1.5% of non-federal hospitals have a comprehensive EHR system across all clinical units.
So while many hospitals and physicians have taken initial steps with automation, they have yet to adopt comprehensive systems. High costs, the difficulty of changing the clinical culture from a paper-based workflow, and the current economic downturn (resulting in reduced budgets, layoffs, a drop in patients, and difficulties in getting credit) have all impeded caregivers’ ability to invest in new systems.
But the reluctance to embrace EHRs could dissolve soon as a result of the stimulus package and healthcare reform, observers say.
The $787 billion package, officially known as the American Recovery and Reinvestment Act (ARRA), sets aside $17 billion in direct incentive payments to physicians and hospitals that adopt EHRs, plus significant indirect funds to enable adoption and remove technology barriers. Some analysts put the complete number as high as $36 billion. Efforts to reform healthcare have focused on improving the quality of patient care and reducing costs through information technology.
This article looks at some of the special challenges hospitals face as they make the move to electronic health records.
The bottom line: Do more with less
Under the new law, a hospital that adopts certified EHR technology will be rewarded with increased Medicare or Medicaid reimbursements. Incentive payments will go to hospitals that demonstrate “meaningful use” of certified EHR technology during each incentive payment year starting in 2011. To encourage hospitals to adopt EHR technology early, the total possible amount of incentive payments will decrease the longer a hospital waits to become an EHR user and eventually will turn into “penalties” by ways of decreasing Medicare reimbursement..
To qualify as a meaningful user of EHR technology, a hospital must demonstrate that its EHR technology enables it to prescribe electronically, exchange data with other providers, and generate reports on how it performs on certain “clinical quality measures.” Also, the EHR system in use must be certified. (These are the proposed criteria, which have yet to be finalized.)
The federal government estimates that the conversion to digital records will save $12 billion in healthcare spending over 10 years, which presumably would result in lower Medicare and Medicaid outlays, as well as positive impacts for employers and citizens alike.
But a new study finds that the current economic conditions are making it difficult for hospitals to adopt “meaningful” EHR systems.
According to the PricewaterhouseCoopers Health Research Institute report, “Rock and a Hard Place: An Analysis of the $36 Billion Impact From Health IT Stimulus Funding,” healthcare providers are struggling to find money to implement EHR systems because the economic recession has depleted capital resources and forced them to make cuts in their IT budgets.
A separate PricewaterhouseCoopers survey of 100 hospital CIOs found that 82% of hospitals already have cut their IT budgets by an average of 10%, while 10% have cut their budgets by more than 30%. Two-thirds of the CIOs surveyed said they anticipate making additional cuts in IT spending by the end of this year.
In such an environment, it is clearly difficult to commit to large projects like the implementation of an EHR. For many hospitals, it’s a matter of having to do more with less. Hospitals need to be efficient in their IT systems to reduce costs so that they can invest in clinical automation and EHRs, and support them cost-effectively.
More stringent privacy and security requirements
Under the health IT provisions of the stimulus package, all entities that handle protected health information must comply with HIPAA (Health Insurance Portability and Accountability Act) security and privacy regulations. Under the new Breach Notification for Unsecured Protected Health Information; Interim Final Rule, which becomes effective September 23, the stimulus law also calls for health care providers to:
  • Notify all affected patients within 60 days of a security breach
  • Report security breaches to the HHS secretary and prominent local media outlets if the incident affects more than 500 individuals
  • Track all personal health information disclosures
  • Upon patient request, provide an account of every disclosure for the previous three years
In addition, the new law expands HIPAA regulations to business associates, tightens rules on when patient information can be used for marketing, increases penalties for noncompliance, and enables significantly more aggressive enforcement.

Today’s distributed business environment

The push for more widespread adoption of EHRs comes at a time when the requirements for a secure infrastructure are more challenging then ever, especially given today’s distributed business environment. Increasingly, hospitals’ IT networks are connected to clinics, physician remote offices, remote contractors, suppliers, university networks, and other external parties. At the same time, managed and unmanaged endpoints, including laptops and other mobile devices inside and outside the hospital, are proliferating. As a result, security perimeters must expand beyond the internal network to numerous critical endpoints.

In this constantly evolving environment, traditional security measures alone, such as firewalls, antivirus, and intrusion detection systems/intrusion prevention systems, are no longer sufficient.
Hospitals must also comply with multiple standards and regulations regarding patient data privacy, including those issued by The Joint Commission, HIPAA, and individual states. As a result, they are implementing methods to monitor and report access to critical systems and information.
Security best practices
Symantec recommends that hospitals adopt a comprehensive and automated enterprise security plan, beginning with the creation of a roadmap that includes best practices such as:
  • Performing comprehensive risk assessments
  • Identifying critical endpoints based on criticality of uptime, importance to business processes, and susceptibility to a security or privacy incident
  • Defining cost-effective measures to secure critical endpoints, including mobile devices and databases, and minimize data leakage
  • Implementing automation for ongoing measurement of existing security effectiveness, adherence to security policies, and regulatory compliance
  • Implementing automation for monitoring, quickly identifying and responding to policy violations, and reporting on security and privacy on multiple levels—from executive dashboards to detailed reports for IT staff
  • Protecting sensitive patient information from breaches by implementing data loss prevention

Managing storage complexity

As can be imagined, the adoption of EHRs also has profound implications for hospitals’ storage systems. EHRs summarize and organize patient information, including digitized images of scanned paper documents and electronic data from patients, payers, and pharmacies. They can contain vast amounts of form-based information that must be copied into backup and disaster recovery versions. 

Managing storage complexity

As can be imagined, the adoption of EHRs also has profound implications for hospitals’ storage systems. EHRs summarize and organize patient information, including digitized images of scanned paper documents and electronic data from patients, payers, and pharmacies. They can contain vast amounts of form-based information that must be copied into backup and disaster recovery versions.

For many hospitals, storage demands are already growing more than 70% each year, and current data storage systems aren’t scalable to meet the demands of exponentially increasing amounts of retained data.
The rapidly growing storage in hospitals translates to more IT staff resources required to manage it, and the demand is especially burdensome due to the use of disparate storage systems that are based on different technology platforms and have to be managed individually.
Without an enterprise-wide storage strategy, providers are continuing to purchase and deploy additional storage islands—each of which requires even more individual management. Implementation of a solution that automates and centralizes the management of stored data using a single interface would maximize the utilization of these various storage systems to accommodate growing amounts of data, thereby reducing costs for purchasing additional storage hardware and relieving demands on IT.
Dr. David Blumenthal, the Obama Administration’s National Coordinator for Health Information Technology, said recently that electronic technology will soon be considered “as fundamental to medicine as the stethoscope.” Federal incentives for the meaningful use of such technology, he added, will propel the nation.
As hospitals and their IT departments increasingly apply automation to improve patient care quality, attract and retain talent, and reduce costs, traditional IT infrastructures are being pushed to the limit. Factor in the budget cuts brought about by the economic recession, and it’s clear that many hospitals find themselves having to do more with less.
Symantec can help healthcare providers attain their EHR goals by delivering best practices and industry-leading products and services for security, storage management, and compliance. To learn how the Symantec Healthcare Provider Solution addresses these critical IT issues, go to the Symantec Healthcare website.
Related Link

Customer Success Story


2017-07-27T00:01:12+00:00 October 27th, 2009|Uncategorized|

About the Author:

Clint is cool as a cucumber, but has been aged in habanero brine.