Tag: Behavioral health EHR

News from the Front: SATVA, BH-EHR, FTC

Posted on | by SOS Blog | 4 Comments on News from the Front: SATVA, BH-EHR, FTC

Last week, Seth and I attended the semi-annual member meeting of the Software and Technology Vendor Association (SATVA), the behavioral health software and technology trade association to which SOS belongs. At one time, SOS, like many other companies moved along based more on the spoken needs of our customers rather than on long-term projections about what would be required of our industry. Several years ago, we joined SATVA in order to more successfully keep up with information about the mental health software community. I am really glad we did.

In the time since we joined SATVA, the rate of change in the health care marketplace has rapidly accelerated. It is a major challenge for a small company like ours to keep up with all of the information that emerges daily. SATVA is a significant help in that regard. Last year at the late fall meeting, we learned a great deal about certification of behavioral health electronic health record (BH-EHR) programs. This year we discussed the impending release of the draft requirements for that certification and whether it will really be useful for behavioral health organizations.

SATVA has created a section of its web site that is dedicated to keeping a close watch on the certification process. It is a great place for you to get a relatively brief but detailed view of the information related to certification.

We are very proud to be members of SATVA. We are constantly impressed by the individual and collective knowledge of the members of this group and by their willingness to work together in collegial fashion for the well being of the behavioral health community.

______________________________________________

Speaking of certification, the Certification Commission for Health Information Technology (CCHIT), on Friday announced the spring retirement of Dr. Mark Leavitt, the founding chair of the commission. Established initially with federal funding, under Dr. Leavitt’s leadership CCHIT has become a successful not-for-profit organization whose sole purpose is to certify electronic health records (EHR). At the moment, CCHIT is the only certifying body recognized by the US Department of Health and Human Services (HHS).

_______________________________________________

And more news about certification…..on Monday, November 16, 2009, CCHIT released the draft requirements for certification of behavioral health software products. This draft is available for public comment until December 11, 2009. If you have curiosity about or input you would like to offer about the certification of behavioral health electronic health record products, now is the time to voice them.

________________________________________________

The Federal Trade Commission (FTC) has again extended the enforcement deadline for the Red Flag rules. At the request of Congress, this has been pushed off until June 1, 2010. The National Council (NCCBH) reported in its Public Policy Update on November 5, that Congress is considering a new bill that would exempt small health care practices from the rules. The FTC had earlier ruled that the rules apply because of the billing practices of many health organizations. Congress is considering exempting practices with 20 or fewer employees. Stay tuned. There is undoubtedly more to come…

__________________________________________________

Please share your comments about any of these or related issues by clicking on the title of this article and typing your comment in the box below. We very much appreciate your reading our blog and would love to hear what you have to say!

Alphabet Soup: HITSP, CCHIT, ONCHIT, SNOMED CT

Posted on | by SOS Blog | 4 Comments on Alphabet Soup: HITSP, CCHIT, ONCHIT, SNOMED CT

I try to keep informed about Electronic Medical records (EMRs), certification of those products, and funding for them provided through the economic stimulus bill (ARRA). After all, as a developer and vendor of a behavioral health EMR, I really should know some of this stuff. This week, I was struck by the number of acronyms that have come into common parlance in the past six months. I find the amount of information being generated about healthcare information technology (HIT) overwhelming. I am sure it feels even worse to someone who has not been trying to keep up with this information. After all, who can possibly know what all of these shorthands stand for and mean? 

So what would any good technology hound do? Well, of course, I googled ‘Health Information Technology acronyms‘ to see who out there has started to organize this information for the public. To my pleasant surprise, several documents attempt to do just that.

To start with, our federal department of Health and Human Services has a whole web site dedicated to HIT. On the left side of the page, there is a list of tabs. Under Resources there is a page called Acronyms. And that is just what it is. A list of the letters used as the shorthand referents for 112 terms ranging alphabetically from AHIC (American Health Information Community) to WW (Wounded Warrior). You can then cut and paste a name into the Search box on the top right of the page to find documents on the site that reference this “term”. When I do this for American Health Information Community, I get a list of 601 documents linked to this site that refer to AHIC in some fashion. If I do this same search on Google, I get about 129,000,000 hits. Be careful what you search for!

The Rural Health Resource Center, a not-for-profit located in Duluth, Minnesota has a document containing a list of 53 acronyms including brief definitions or descriptions of the terms or organizations listed as well as links to the sites of some of the organizations described.

Likewise, the Department of Health Services of the state of Wisconsin has published a list of acronyms and what they stand for. This list relates to eHealth rather than just health information technology, so it is bound to have some different entries.

A web site created by Pivotal Solution Group called HITECH Answers has their own list of acronyms and definitions. Pivotal Solution Group is a coaching and consultancy organization…a private group as opposed to the government sources listed above.

And finally, the Software and Technology Vendor Association (SATVA), a trade association of behavioral health software vendors to which we belong, has developed a section on their web site to monitor information regarding behavioral health EMR certification. Behavioral Health Certification Watch will be updated as new information is received. 

While some of you have probably clicked on the links above, I think it highly unlikely that you will spend much time reviewing this information. After all, who has the time to go looking into the masses of information that are being created about HIT, certification of products and paying for those products. Most behavioral health organizations are likely to just continue doing what they do until someone finally tells them they must move to an electronic medical record (EMR) by a certain date or they will not get paid for the services they provide. Oh wait, that is what has happened…at least, for Medicare and Medicaid payments.

Is that enough to start movement toward an EMR in your organization? Is your practice beginning to consider the possibilities? What do you believe it will take to move mental health providers into EMRs?

Meaningful Use & Behavioral Health Providers

Posted on | by SOS Blog | 2 Comments on Meaningful Use & Behavioral Health Providers

I have been avoiding writing about the second draft of the Meaningful Use of Electronic Medical Records (EMRs) definition released by the federal Health IT Policy Committee on July 16. I had been hoping I would hear something that would make me believe the definition would in some significant way benefit our customers. I am disappointed to report that it still appears that the ARRA stimulus funds for adoption of EMRs will be largely unavailable to behavioral health providers, except psychiatrists, unless some change is made through regulation.

Just to clarify my statements above: ARRA provided $19 billion in funding for EMRs. $2 billion will be provided to the states to distribute for grants. Community Behavioral Health Organizations (CBHOs) are included in the eligible organizations for these funds. Unfortunately, it appears that this funding is going to be used by the states where they see fit. I have heard from a representative of at least one children’s psychiatric hospital who was told that funding would be used by the state to build Health IT (HIT) infrastructure and data exchange capability. They were informed that providers could get their funds from the incentives. I will be very curious to see how much (if any) of that $2 billion winds up in the hands of providers of any sort.

The larger part of the funding, $17 billion for Medicare and Medicaid incentives, is designed to encourage providers to purchase EMRs and use them to improve the care of their patients. Of the providers eligible to receive these reimbursements, the only behavioral health providers who are eligible are psychiatrists and certain nurse practitioners. They would purchase a system and then receive reimbursements for some or all of what they have spent depending on a variety of complex formulas. If you are a psychiatrist and you do not see Medicaid or Medicare patients, you are not eligible for funding. If you do treat these populations, you will only be able to get funding from one source, Medicare or Medicaid. The amount of reimbursement you can receive depends upon what proportion of your patients are Medicaid or Medicare recipients, along with other complex criteria.

Senator Jay Rockefeller of West Virginia introduced the Health Information Technology Public Utility Act of 2009 in late April. This bill was intended to assure that certain “safety net” providers like rural clinics and mental health providers could also access funds. That bill has not moved. Unless something happens in regulation, it is not likely that psychologists, social workers, mental health counselors, addiction treatment programs, psychiatric hospitals, or community behavioral health service providers are going to benefit from the stimulus funds to help purchase EMRs.

That said, the Health IT Policy Committee did seem to take into account the input they received from the public about the initial attempt at defining “meaningful use of EMRs”. They have drafted a plan that widens definitions, expands time frames, and provides more opportunities for providers to demonstrate that they are using EMRs meaningfully. Their PowerPoint presentation does a good job of summarizing their points. Details can be found in their updated grid and matrix.

1. The primary goal of the definition is to improve the outcomes of healthcare interventions through data capture and sharing and use of advanced clinical processes. They want providers to focus on health outcomes, not on software. HIT is to be a primary aid to healthcare reform, not use of software for the sake of earning incentive money.

2. It is the intention of the committee that there be a phasing in of meaningful use criteria. The public was concerned that if providers could not meet the 2011 criteria in 2011, they would always be behind the train. The committee now recommends that a provider who does not adopt an EMR until 2012 (or 2015) will start at the 2011 criteria and progress from there.

3. Changing work flows to assure the proper use of IT tools is an essential part of the solution. Trying to use CPOE (computerized physician order entry) can actually cause problems if there are not work flow modifications to make sure the process flows smoothly. An unintended consequence of CPOE in at least one study was diminishing of appropriate care because it was inconvenient to enter the order for the care.

4. Since data-based decision support is the real payoff of using an EMR, the committee wants to see this happen sooner, even it if means implementing only one rule in the decision making process.

5. Since engaging patients in their care is crucial to reduction in costs, providing access to an electronic version of their health record needs to be higher priority and come earlier in the process than previously envisioned.

6. Certification of software should be done by more than one body; CCHIT should not be the sole arbiter of which products should be certified.

While the Health IT Policy Committee has now presented their second draft of the “meaningful use” policy, it has until the end of 2009 to finalize the rules. It appears, however, that the direction is set. If you want to get some of the incentive money to help you buy an EMR, you will need to demonstrate that you can use that EMR and can report a variety of metrics to show how your practice is handling a number of issues. So far, none of those metrics are vaguely related to mental health.

Do you expect your organization/practice to be seeking incentive funding to purchase an EMR? How are you proceeding to assure that outcome? Do you think it is important for behavioral health to be included in the adoption of EMRs?

Just click on the title of this article and enter your comments in the box a the bottom of the page. Thanks for sharing your thoughts.

Personal vs. Professional: Social Networking Sites

Posted on | by SOS Blog | 8 Comments on Personal vs. Professional: Social Networking Sites

I checked my email on Sunday night to find two new requests for “friend” status on my Facebook page…one was from a customer, the other was from my mother-in-law. The juxtaposition of requests brought directly home the conflict and confusion that some folks are having about use of the social media sites. Is your use personal or professional? Is it acceptable to mix the two? Would you and your contacts be better served if you have two separate online identities, a personal one and a professional one?

I am a firm believer in synchronicity. I think of Carl Jung and his notion of synchronicity (an acausal connection of events in time) often as I experience the unexpected confluence of events. This weekend was no exception.

  1. On Friday, I had time (for the first time in weeks) to tune in to HubSpot TV, a podcast done by staff members of the Internet Marketing firm whose products and services I use. They mentioned this issue of social media utilization and the possible need to keep one’s “identities” separate. One of their blogs addressed the issue on Friday and the author lays out some considerations.
  2. On Friday evening, my partner, Seth Krieger, suggested that I write a blog on social media and professional vs. personal concerns.
  3. On Sunday I got the Friend requests I mentioned above.
  4. This morning I looked at two print newspapers I receive: The New England Psychologist ran an article featuring input from Thierry Guedj, Ph.D., “Psychologists navigate use of online social networking sites“; and The National Psychologist included John Grohol, Psy.D.’s article “How ‘tweet’ it is: Social networking using Twitter”. Both of these psychologists explore some of the concerns unique to providers in the behavioral health community.

This confluence of events was impossible for me to ignore. I have found myself thinking about these issues often over the past several months. Since I began use of social networking as a way to spread our business presence more broadly on the Internet, the differences between personal and professional presence have been playing around the periphery of my mind.

While I have not seen clients for the last 16 years, I was trained as a psychologist and saw patients in a private practice and in a CD program setting from 1978 to 1993. I am well aware that boundary issues are confronted regularly by psychotherapists charged with providing a safe space in which consumers of their services can deal with issues ranging from relatively minor personal problems to serious chronic mental health issues. Protecting that ‘space’ is part of building trust and of maintaining the privacy of the client.

The sanctity of that space is challenged regularly, sometimes by the spill-over of the therapist’s life into the therapy. Personal illness and family deaths are regular intruders, but many others exist. I hosted a live, call-in television show on psychology topics from 1981 to 1983. Some of my clients were proud of the public education work I was doing; others felt that they lost a part of me that they owned and were not happy to share me with the public. As a feminist psychologist treating lots of women, it was not unusual to cross paths with a client in the ‘real’ world. Prior agreements about how or whether to greet in public aside, face-to-face interaction outside the therapy space was often a cause for discomfort for me and for the client.

Those challenges to privacy are part of the physical community in which we live. Now we add the complication of a virtual world in which massive quantities of information, both personal and professional, are available to anyone who bothers to Google us. Factor into that the fact that we have no idea which information the client has. Each form of social media provides different challenges.

1. blog: A weblog, or blog, can be an excellent way for you to provide useful information to your own clients and to many others who see your blog articles. But if you go out there into the blogosphere and take a look at the material available, you will find that the writing styles are much less formal than other published documents, especially journal articles. Because of that informality, there can be a tendency to slip into personal revelation.

Potential benefits: Great way to become more known in your community, to educate and share valuable information with your clients, and to provide a community service through public education.
Potential risks: Informal style of blogs can lead you to share more personal information than you would usually do in journals or in direct contact with your clients.

2. Facebook: When I started to use Facebook, I intended that use to be purely personal. My nephew’s wife invited me to join first. I resisted. When an age-mate with whom I share a book club and a social sphere invited me, I joined. Facebook has been great fun! I have connected with classmates, friends and family members. As with many people in my age group, my postings are rather tame. They do reveal personal relationships and history. I was a little conflicted when business associates asked for ‘friend’ status, but decided that I do not live a wild and crazy life and there is little about me on Facebook that I am not comfortable sharing with customers and other business associates.

Potential benefits:Facebook is a great way to keep up with new family photos and to stay in more frequent contact with friends and family members who are far away.
Potential risks: If you do live a wild and crazy life and do not want your clients to know that, do not give ‘friend’ status to those clients.

3. LinkedIn: LinkedIn is the only one of the social networking sites I use that is designed for professional purposes. It is professional networking, par excellence. If you want to connect with other colleagues, this is the place to do it. If you are looking for a job, this is certainly the place I would start. There are headhunters who frequent the site looking for the most qualified individuals for their position postings. You can join groups that meet your interests and connect there with other folks who have like concerns. 

Potential benefits: LinkedIn is a great place to network with other professionals. It is designed for peer-to-peer connections.
Potential risks: If your clients/patients are other professionals, you might run into them here and need to make some decisions about who your network should include or exclude.

4. Twitter: Twitter is something else. I am still not sure about Twitter. I use it in a purely professional way. In fact, the name under which I tweet is @SOS_Software. The people I follow are other professionals who have similar interests. Those other folks are great sources of information. The tweets I find most useful are about articles, blogs and news that is relevant to my professional world. Most of the people who follow me are also interested in healthcare and software. Sometimes, I get a follow from someone who seems totally unrelated to anything in which I am interested. I blocked the clearly pornographic Follow that appeared last week.
     The way I use Twitter is totally contrary to the way most young people use it. To folks who are used to text messaging for everything, Twitter is a way to disperse text messages much more broadly. You can let everyone in your network know your status all at one time. To me, this is useless. To many others it is an essential part of staying connected.

Potential benefits: This is an excellent way to disperse a communication to a large group of people at one time. You could use Twitter to communicate educational information to all of your clients at once.
Potential risks: Twitter is like Facebook. Everybody who follows you sees everything. If you intersperse personal messages with your professional ones, everybody who follows you still sees all of it.

What do you think about these social networking sites? Do you use them? Does your organization use them to keep in touch with consumers? What do you see as the potential benefits or glaring weaknesses of being connected 24/7?

One last word of advice: If you decide to jump into the sphere of social networking, decide whether you are going to do so as a professional or for your personal needs. Once you decide, choose your networking sites accordingly. If you want to do both, you might be best served by having two different social networking identities.

Data Security, Backup, and the HITECH Law

Posted on | by SOS Blog | 1 Comment on Data Security, Backup, and the HITECH Law

A question on one of the psychology listservs I follow got me thinking, yet again, about data security…and backup. The writer asked about the proper procedures to follow when patient psychotherapy treatment records are permanently lost. The question pertained to how the counselor in question should respond to the loss of all of their patient data from a mental health clinical record software program. Since we provide one such program, my attention was immediately attracted.

The other listserv members addressed three issues: recovery of the data from the hard drive, backup of the data, and re-creation of the records from scratch. Because of our experience with customers losing data due to computer failure, I focused yet again on data backup and database recovery. Added to my thoughts this time are the HIPAA requirements for securing protected health information (PHI) and the increased penalties in the HITECH portion of the stimulus bill (ARRA) for breach of privacy and security of PHI.

It is likely that you all remember that HIPAA requires healthcare providers (including psychiatrists, psychologists, social workers, mental health counselors, and community behavioral health organizations) to have in place procedures for securing the PHI of their patients. Most mental health workers with whom I am familiar focus on the privacy aspect of this protection; they see it as their responsibility to assure that the consumer’s information remains private. HIPAA also mandates that providers and their organizations have in place plans to protect the security of their physical data.

The National Institute of Standards and Technology (NIST) has produced Special Publication 800-66-Revision 1, “An Introductory Resource Guide for Implementing the HIPAA Security Rule.” A quick search of this document finds that the words “loss of data” are mentioned on pages 38, 77 and 98. The first mention is in a table describing the necessary contents of the Contingency Plan for data security, including a Data Backup Plan. The sections of this document that focus on the Contingency Plan and the Disaster Recovery Plan are the ones most concerned with electronic data storage.

If your organization, including your private practice of psychology or psychiatry, does not have a Contingency Plan and a Disaster Recovery Plan, however brief, you are living dangerously. And, of course, you must implement your plan to secure your PHI, not just have a plan.

How does this pertain to you? Let’s start with your data backup plan. What is it? Who in your organization is responsible to implement it? What are the consequences if it is not implemented?

One of our customers,   W. E. (Bill) Benet, Ph.D., Psy.D., Clinical Psychologist, Gainesville, FL  WEBenet.com | Assessment Psychology.com describes his experience and current backup strategy.

“I mentioned Eco Data Recovery in my previous note because I had to use their service a number of years ago after the hard drive on my main office PC mechanically failed and became inaccessible while backing up to a tape drive, corrupting the data on the tape. Fortunately, Eco was able to recover all of the data from the hard drive, by disassembling it in a ‘clean room’ and scanning the data off the individual platters. Luckily, the data on the hard drive hadn’t been corrupted, but it very easily could have been, and I would have lost years of billing records and reports.”

“But what about data that has become insidiously corrupted without being immediately obvious?”

“Today, I employ a simulated RAID backup strategy involving nightly network backups to two external USB drives, as well as from one PC to the other, AND continuous 24/7 incremental offsite backups, using Carbonite. Hopefully, if corrupted files are discovered days or weeks later, those incremental backups will save the day, at least for a while.”

Here at SOS Software, we all too often run into an organization where the principals thought they had an excellent data security plan, only to find out that their plan had not been effective or had not been implemented by the person(s) who were responsible to do so.

One of the obstacles we run into is the common belief that “it can’t happen to us.” We all know this is magical thinking; of course, it can and does.

Another often-believed myth is “I don’t really need to worry about data on my PC; data can always be recovered from a hard drive if there is a problem.” While this belief is sometimes true, it often is not. If the files lost when a computer crashes are in a complex, proprietary relational database, they sometimes are totally irretrievable. They are not text files where parts can be grabbed and some sense made of the data.

Our product uses Sybase ASA as its engine because that database creates a transaction log that can allow us to completely recreate every keystroke the user made…if the log file is intact. In fact, we use Sybase because of this capability to completely recreate the database if it is necessary to do so. As long as we have a usable starting point, we can restore the entire database from the log file…if we have an intact log file.

Two problems can intervene. 1. With our products as with many others, if the backup is done while the database is running, certain of the files are not backed up because they cannot be accessed completely. Some backup software products will tell you they can back up even when the program is running. That is not true with SOS products. 2. Hard drives often fail gradually becoming literally “flaky” over time. If key sectors of the log file are lost, it is impossible to recreate the database from the log, even if there has been no overwriting of the database.

Also, sadly, even folks who believe they responsibly make backups, never test those backups to assure they can be restored properly, and they often use the same backup medium overwriting old backups. If the hard drive has been gradually failing, destroying parts of the files as it goes, then backups of those bad files become bad too…all of this over time with no noticeable degradation of performance of the database.

Then the catastrophe occurs…a power surge or some other event causes a crash of the hard drive and the database will not restart when the computer is rebooted!

As indicated by comments on my post of November 19, 2008, The Indispensable Data Backup, among my readers are many folks who are sophisticated computer users who are responsible enough to use multiple methods of backing up their patient data. Using a rotating system of backing up with permanent, non-incremental backups created periodically and stored off-site, is crucial. The strategy we recommend is in document 125 on our main web site.

If you have never tried restoring from one of your backups, you have not completed the process. Unverified backups are useless backups. Useless backups equal insecure PHI. How big a risk taker are you?

Please add your comments by clicking on the title of this article and typing in the box at the bottom of the page.