Category: SOS Blog

News from the Front: SATVA, BH-EHR, FTC

Posted on | by SOS Blog | 4 Comments on News from the Front: SATVA, BH-EHR, FTC

Last week, Seth and I attended the semi-annual member meeting of the Software and Technology Vendor Association (SATVA), the behavioral health software and technology trade association to which SOS belongs. At one time, SOS, like many other companies moved along based more on the spoken needs of our customers rather than on long-term projections about what would be required of our industry. Several years ago, we joined SATVA in order to more successfully keep up with information about the mental health software community. I am really glad we did.

In the time since we joined SATVA, the rate of change in the health care marketplace has rapidly accelerated. It is a major challenge for a small company like ours to keep up with all of the information that emerges daily. SATVA is a significant help in that regard. Last year at the late fall meeting, we learned a great deal about certification of behavioral health electronic health record (BH-EHR) programs. This year we discussed the impending release of the draft requirements for that certification and whether it will really be useful for behavioral health organizations.

SATVA has created a section of its web site that is dedicated to keeping a close watch on the certification process. It is a great place for you to get a relatively brief but detailed view of the information related to certification.

We are very proud to be members of SATVA. We are constantly impressed by the individual and collective knowledge of the members of this group and by their willingness to work together in collegial fashion for the well being of the behavioral health community.

______________________________________________

Speaking of certification, the Certification Commission for Health Information Technology (CCHIT), on Friday announced the spring retirement of Dr. Mark Leavitt, the founding chair of the commission. Established initially with federal funding, under Dr. Leavitt’s leadership CCHIT has become a successful not-for-profit organization whose sole purpose is to certify electronic health records (EHR). At the moment, CCHIT is the only certifying body recognized by the US Department of Health and Human Services (HHS).

_______________________________________________

And more news about certification…..on Monday, November 16, 2009, CCHIT released the draft requirements for certification of behavioral health software products. This draft is available for public comment until December 11, 2009. If you have curiosity about or input you would like to offer about the certification of behavioral health electronic health record products, now is the time to voice them.

________________________________________________

The Federal Trade Commission (FTC) has again extended the enforcement deadline for the Red Flag rules. At the request of Congress, this has been pushed off until June 1, 2010. The National Council (NCCBH) reported in its Public Policy Update on November 5, that Congress is considering a new bill that would exempt small health care practices from the rules. The FTC had earlier ruled that the rules apply because of the billing practices of many health organizations. Congress is considering exempting practices with 20 or fewer employees. Stay tuned. There is undoubtedly more to come…

__________________________________________________

Please share your comments about any of these or related issues by clicking on the title of this article and typing your comment in the box below. We very much appreciate your reading our blog and would love to hear what you have to say!

Workflow and EMR: How do you do it?

Posted on | by SOS Blog | 5 Comments on Workflow and EMR: How do you do it?

During the past two weeks, I have spent several hours creating process diagrams or flow charts for a customer. After using our billing software and a custom attendance/reporting module we created for them in 2003 but maintaining paper clinical records, they are now implementing a custom Forms module and preparing to implement our behavioral health electronic medical record (EMR) product.

Clearly, understanding their current work flow is essential to assure that the steps we follow to implement the electronic record will cause minimal disruption of their productivity and maintain their confidence in their billing and cash flow. The goal of the CEO and CFO is to seamlessly provide and document services so payment audits do not result in lowered funding; the goal of the clinical staff is to help addicted people recover from their addictions and become productive citizens; and the goal of the billing staff is to assure that services are accurately reported and billed so the agency is paid for services provided.

The end point we plan to reach is that billing will not occur until documentation of the treatment is in place, but getting to this point will be a gradual process. Helping clinical and business office staff understand the job responsibilities, work flow and the anxieties of their colleagues will allow them to work more effectively as part of a team. The team, of course, shares the goals of providing the best clinical services as efficiently as possible and assuring that payment is obtained for those services so they all can continue doing their respective jobs.

While this flow charting was a time-consuming process, it was most instructive. One thing we have learned in almost 25 years in business is that our customers rarely use our products in the way we designed them. . . .and each organization does things differently. This customer was no exception. For us to make assumptions about how the counselors and business specialists in this or any of our customer organizations do their work would be foolish, at best.

A couple of months ago, our business development manager indicated that she gets frequent questions from prospective users wondering how they will integrate an EMR into their current work flow. Should they enter the progress note into the program while the consumer is in their office? If they wait until the client leaves, won’t it take too much time? Trish suggested that we write a blog article on how clinicians utilize our EMR in the course of their work. We decided to ask a couple of our customers to describe their work process so we could get a more accurate idea of how they work.

The answers to our inquiry were very interesting, and different from one another. As could be expected, the work flow of a psychiatrist/psychopharmacologist and that of a psychologist/psychotherapist were quite different. We are grateful to Scott P. Hoopes, M.D. of Meridian, ID and Scott Gale, Ed.D. of Franklin, TN for their input.

We were interested to find that neither Dr. Hoopes nor Dr. Gale enter a progress note while the patient is in the room; that happens after the patient has left. We also learned that neither provider relies upon a staff assistant to enter clinical information; they are both comfortable with a keyboard and prefer typing their own note to the more involved process of dictating, reviewing and correcting transcription, copying the note to the patient file and signing it. Dr. Hoopes does manage prescriptions while the patient is present, including reviewing, creating and sending the prescription to the pharmacy.

We learned that Dr. Gale, in spite of his use of our electronic clinical record since 1992, still scribbles notes and thoughts on paper while the patient is in his office. He scans these notes into electronic storage and shreds the paper. (As a solo provider without support staff, he does everything in his practice.) While he could attach these scanned documents to the patient’s file in the EMR, it is my impression that he considers this brief process note to be his work product. . .the psychotherapy note that HIPAA allows a psychotherapist to keep and store separately and not to release to an insurer. His note in the EMR is the formal record of the service provided. While some recommend against maintaining a separate set of psychotherapy notes, we have found that many of our customers do so. For some, this is the main reason not to move to an EMR. . .they are not sure how they would continue to maintain these psychotherapy notes while also using an electronic record.

Dr. Hoopes’ work flow was developed after time working in a community mental health setting where he was expected to see five patients in an hour. In 1995, not very long after starting his private practice and struggling for a while with paper records, he started using our software for billing, electronic claims filing and clinical records. Eventually, he also added scheduling.

His current work flow allows him to see his schedule at all times. Prior to the arrival of his patient, he brings their record onto the screen and makes a quick review. He duplicates the last progress note into one with today’s date for editing after the patient leaves. In the fifteen minutes he spends with each patient for a medication check, he is able to be engaged with them to determine their progress or lack thereof. Based on the information obtained, he decides to continue or alter their current medication, making any needed adjustments and sending the prescriptions to the pharmacy. He walks the patient out to the receptionist, who electronically schedules their next appointment. He returns to his desk, edits the progress note with today’s status, signs the note, and calls up the record of the next scheduled patient, repeating the process between 20 and 32 times a day.

My guess is that other users of our EMR product and of other products in the marketplace follow both very similar and very different work processes in their organizations. After all, while most of our customers provide behavioral health services, each is different, with varying clinical and business cultures. In every case, to most effectively implement a behavioral health EMR, it is essential to have a clear picture of your pre-EMR work flow and your goal for use of an EMR. Both of these will make it easier to choose and to implement the EMR of your choice.

Please share your experiences with the work flow in your business. Is work flow analysis something you have ever done? If so, what was your motivation? We would also love for you to share your work process experiences with implementing an EMR, if you have done so. What changes were necessary in your work flow to fully utilize the EMR? How successful have you been in that process?

If you would like to enter a comment, just click on the title of this article and enter your comment in the box at the bottom of the page. Please let us know your thoughts.

High Tech/Low Tech: Energy Use Balancing Act

Posted on | by SOS Blog | Leave a Comment on High Tech/Low Tech: Energy Use Balancing Act

[Disclaimer: A few weeks ago I wrote about some of my concerns about climate change and indicated that I would write about this subject semi-regularly. As professionals in the field of behavior change, we have at our fingertips many resources that can affect the behavior of individuals and groups in many realms of life…responsible environmental behavior is one of those realms. Since mental health providers will deal with the fallout of continued change to our environment, using our skills to prepare for or prevent negative consequences is within our professional domain.]

This morning, as I was doing one of the lowest-tech tasks I do, I realized how it fits in to this ongoing discussion.

You see, two months ago, I started raising worms. I can hear the muttered “you did what?”s and see the disgusted expressions on some of your faces. I have seen and heard these often in my face-to-face conversations about vermiculture. Last month, we saw friends at a tandem bicycle rally with whom we had not visited for the last five years. Within three minutes she and I had gotten to our separately-arrived-at but shared new endeavor. Not surprisingly, we both got there by approximately the same route.

If I were retired, I would be an avid gardener. Since I co-run a small business full time, share our residence with my 89-year-old mother, and ride a tandem bicycle for recreation on the weekends, time is at a premium. Traditional gardening will have to wait.

About 18 months ago, I purchased a single recirculating hydroponic garden from a nearby company that specializes in vertical agriculture. One of my neighbors started a hydroponic strawberry farm as his retirement business several years ago and he told me about Vertigro. The unit I purchased (the VG-1) sits on my patio, has a 10.5 gallon nutrient-water tank and is run by a small electric pump controlled by an electric timer. At last, I had the possibility of growing vegetables without killing everything for lack of care!

I was so enthralled by the crop of lettuce and spinach and how easy it was to grow that, six months later in late December, I went for the big time…I purchased a four-tower unit that holds 16 pots in which up to four plants can be grown. I am now beginning to harvest from my third round of planting. Because of how the units are set up, I can easily plant crops that have different starting and best harvest times. Right now, I am still harvesting the last of the late summer basil, tomatoes, peppers and eggplants and starting to pick sugar snap peas and green beans while we wait for the broccoli. In a small in-ground garden, I have carrots, onions, cabbages and Brussels sprouts.

I have tried to grow vegetables since we first moved to our current location in Central Florida. I have had varying degrees of success. Now that we are eating vegetarian, and since I am becoming more aware about how far produce is shipped on average within the U.S. (1500 miles), I decided that it is important that we diminish some of the fossil fuel we use by producing at least some of our own food.

My in-ground garden is fertilized mostly by composted food and plant waste, but my towers are still using manufactured nutrients. Organic is my destination…thus the worms.

Apparently, using organic fertilizer requires assuring that the correct ingredients are present. Without the right starting ingredients, the fertilizer is lacking necessary amino acids for the plants and for the people who eat the plants. Worms do an excellent job of composting food scraps and paper, lots of things that usually go to a landfill or incinerator. Annnnnd, when their feed is supplemented with certain minerals, they produce extremely high nutrient “castings”…the polite and technical word for worm poop.

I raise my worms in a unit called The Worm Factory. It is a vertical stack of cleverly designed bins into which I put food scraps, coffee grounds, egg shells, shredded paper, and the secret ingredient supplement minerals. The pound of worms I bought to start my farm has been busily munching through the first of the bins for the last three months. Today I harvested my first batch of worm poop…I mean worm castings…from the bottom bin. I now have almost two gallons of highly nutritious worm waste that will soon be added to my plantings. I am hopeful that this process will allow me to move away from using mined and manufactured fertilizer to grow my veggies.

Why, you wonder, would I consider going to such trouble to grow my own vegetables when I have my choice of supermarkets, and even a local farmers market. What could possibly make it worth the additional effort, and probably additional cost, just to get a few veggies on the table?

My answer is that getting veggies on the table is only part of the goal. The goal is to find reasonable ways to balance out how much carbon dioxide my household and business dump into the environment. I do not expect that I will be able to diminish our input to zero any time soon, if ever. As a software company, we use lots of electricity to run the computers that allow us to do our work. Our local utility utilizes coal-powered and atomic-powered electricity generation facilities. Not a spec of solar power is generated by this company in the Sunshine State…yet. While we are waiting for that to change, I am working to minimize the number of food miles (the distance food travels from farm to table) expended by my family.

Yes, this is a small change…both in my lifestyle and in contribution to diminishing the production of carbon dioxide by human activities. I will need to do a lot more to make a significant contribution. The electric company energy audit is later this week. I drive a Prius and I vote for leaders who share my goals. I hope other responsible activities will follow, but this is what I can do now given my circumstances.  I can only try in small steps to do less harm to the earth by how I tread upon it. Balancing what I take and what I replace is the current goal.

What are you doing in your daily life to diminish your personal effect upon the environment? What is your organization doing to “go green” and serve as a role model? Please share the ideas you have considered or adopted to walk more gently upon the earth. We would love to know your ideas and experiences.

No Maintenance Required

Posted on | by SOS Blog | Leave a Comment on No Maintenance Required

I spent the last week spinning my wheels. That is not entirely true, but it did feel that way. You see, we decided that we should switch our email server from the Microsoft Exchange server Seth was having to take time to maintain to Google’s business mail system. It appears that we will be able to have everything we need on a corporate account in the cloud without the need to maintain and upgrade our server periodically. Anything that will save maintenance time is useful for a small company like ours.

Unfortunately, it was a frustrating week. Because none of us had used Gmail before or had much experience with the Google system, we had to muddle through. All of us keep a large number of old emails so we can document and have reference to a variety of communications. That meant we had to upload our emails to Google and then synchronize them with Outlook if we intended to continue to use Outlook for email (as most of us did). This took a few days to do because of false starts and because of the length of time needed to upload and to synchronize. And then we needed to learn the new system!

The primary problem for me was that this interfered with my day-to-day work. It is difficult to get my usual tasks done and to include anything extra, but adding something this big into the mix was a major disruption. I am like many other people I know…I believe that you don’t fix it if it ain’t broke! My email worked just fine. Occasionally, I  delete old emails from the READ and SENT boxes. I try to keep on top of the INBOX, but that is much harder for me to manage. I have lots of rules in Outlook to transfer some incoming mail directly to other mailboxes so I can do quick scans of large amounts of content, but I am not really very good at it. So my email had not been well maintained to start with…and now I need to learn a new system…and also try to do the maintenance I have so far managed to avoid.

Not my favorite things!

In fact, I think about maintenance of any kind and know these are my least favorite things in life. Today I had the oil in my car changed. I know this is essential to keeping the car running well. I know that periodic maintenance is what will keep my warranty intact. But I hate to take the time to do it.

The same is true with the small, repetitive maintenance tasks of life. I hate housework. I love a clean orderly house…but please do not ask me to clean it. I will do the garden maintenance, but I will do it in my own time. As a result, my garden always has lots of weeds…of course, I have lots of gardens, so there is too much to keep up and also to co-run a business. But that does seem often to be the case with these kind of tasks…there is never really enough time to do them and to do the rest of life.

Add to this the fact that no one actively appreciates the person who does the maintenance, and the difficulty of keeping it done increases. These are all things that are just supposed to get done silently and invisibly in the background without the rest of us being affected by the process. Women have traditionally been the doers of these tasks at home; many of us resent that fact and the lack of appreciation that goes along with it. In fact, now that so many of us must work outside the home just to make ends meet, lots of these jobs that our mothers did just don’t get done.

As I struggled through the week, I found myself thinking about our customers. Every time we have an update of our software, we encourage our users who have current Support/Update contracts (maintenance agreements!) to download the update and install it. Not only have our developers worked hard to fix issues that users have discovered, but they have also added new features that make our software a very powerful tool for behavioral health billing and clinical record keeping.

Inevitably, many of our users do not install the updates. Doing so disrupts their work flow…they need to make time to download and install. If they have a network system, the time involved is not insignificant. The fact that doing the update will also do maintenance on their database is irrelevant. The new features and fixed problems do not matter. If things were going smoothly…please don’t fix it!

It is not at all uncommon for someone to call with a problem in their database who has not updated their software for a couple of years or more. And now they may even have corruption in the database. And sometimes no backup! They do not believe us when we tell them that installing updates, even though an interruption of their work, performs maintenance on the database that can prevent problems down the line. Just like with a car…or a house…or a garden.

So what is the solution to this avoidance of maintenance tasks? How do we manage to find the time to perform the actions in life that will keep things running smoothly? Some of our customer organizations have a managing partner or a Chief Operating Officer whose job is to make sure that the operational side of the business is a well-oiled machine. If you read our user group discussions, you will regularly see input from some of those managers. But how can the rest of us build regular maintenance of those things we use every day into our lives so we do not feel so interrupted by those processes?

Please, your suggestions and input would be greatly appreciated by this person who struggles with ongoing maintenance of anything in life! What do you to do keep it all going?

Get Out of HIPAA Jail Free

Posted on | by SOS Blog | 6 Comments on Get Out of HIPAA Jail Free

Consider a couple of nightmares that might easily come true:

1. Your laptop, with a variety of documents and files containing confidential, protected health information on its hard drive, is stolen from your car, hotel, or disappears while you are traveling.

2. Your office is burglarized and all the desktop computers, as well as a server containing your patient database, are stolen.

I ran across the following set of statistics, or very similar ones, repeatedly, most often on web sites of security companies:

  • Every 53 seconds another laptop is stolen in the USA.
  • At least 600,000 laptops are stolen each year in the USA. 
  • Hardly any (3%) stolen laptops are ever recovered. 
  • Laptop computer theft trails only identity theft as the most common crime. 
  • Almost half of all data leaks and breaches are the result of lost or stolen portable computers, according to a study by The Identity Theft Resource Center .
  • Laptops are the number-one item stolen in San Francisco – San Francisco Police Department.
  • The Identity Theft Resouce Center’s recent list of 397 significant data breaches so far for the year of 2009 includes 51 healthcare breaches that compromised almost 9 million records.

Most of the sources of these data are trying to sell a security solution of one sort or another, but the vulnerability of laptops, especially in transit, is obvious. I don’t have any statistics for burglaries of computer systems from offices, but I’ll wager that most of you either know of a victim of such a crime, or have been a victim yourself.

Long before HIPAA, health professionals – especially mental health professionals – had a professional responsibility to safeguard the privacy of their patients/clients and the confidentiality of the personal and clinical information in their custody. HIPAA came along and increased our awareness of the special risks of electronic records and communications, defining Protected Health Information (PHI) at a federal level and providing some rules and guidelines for securing PHI stored or transmitted in electronic form. Now the Health Information Technology for Economic and Clinical Health Act (HITECH) has arrived and adds some pretty sharp teeth to HIPAA’s privacy and security rules.

If you need a push to get you to take privacy and security compliance seriously, consider the following from Section 13402 – Notification In The Case Of Breach. (This section is from HITECH/HIPAA: Notification in the case of breach at lawtechtv.com (a site I would strongly recommend that you visit). The bold italics are mine:

If PHI is secured as per the guidance then providers have a “safe harbor” and the notification requirements are not triggered in case of a breach. Despite the safe harbor, other federal and state PHI laws remain in full force and effect. Any PHI not secured as per the guidance is considered to be unsecured PHI whose breach will trigger the notification requirements. 13402(a): Covered Entities (CE’s) must notify individuals. 
13402(b): Business Associate’s must notify CE’s. 
13402(d): Notification must be no later than 60 days after discovery. 
13402(e): Specific notification methods are required depending on the number of individuals whose PHI was breached. 
13402(f): the notification must contain specific content.
13402(h): unsecured PHI* means PHI that is not secured through: 1) encryption; and/or 2) destruction—as provided by HHS guidance. Methods must render PHI “unusable, unreadable, or indecipherable” to unauthorized individuals (see HIPAA Security Rule  & NIST standards).

If PHI is secured as per the guidance then providers have a “safe harbor” and the notification requirements are not triggered in case of a breach. Despite the safe harbor, other federal and state PHI laws remain in full force and effect. Any PHI not secured as per the guidance is considered to be unsecured PHI whose breach will trigger the notification requirements.

If over 500 individuals’ PHI has been compromised then the media must be notified and the Secretary of HHS as well.

Breach: “the unauthorized acquisition, access, use or disclosure of PHI which compromises the security or privacy of such information, except where an authorized person to whom such information is disclosed would not be able to retain such information.”

Do you really want to have to choose between:

  1. Significant civil penalties (between $100 and $50,000 per violation, up to $1.5 million maximum per incident) and …
  2. Publishing in the local media a notice of your failure to protect your patients’ private information?

Of course not! Why not take advantage of the explicitly defined safe harbor? If the hard drive of that missing laptop has been encrypted, using appropriate technology, then there is no notification requirement at all! The same technology can be applied to every hard drive in your organization, especially the servers on which the bulk of the PHI resides. There are numerous commercial disk encryption approaches available, as well as free, open-source solutions such as TrueCrypt, that would provide you with the protection you want and owe to your patients, all penalties aside.

My previous post regarding encryption resulted in no reader response whatsoever. Does this information about your notification responsibilities make it more likely that you will move forward with data encryption? If not, why not?