Tag: Mental Health EMR

Spring Fever Has Always Been Real for Me

Posted on | by SOS Blog | 2 Comments on Spring Fever Has Always Been Real for Me

Spring has finally arrived in central Florida. It has become warm enough not to need to wear cool weather clothing but cool enough to keep windows and doors open for most of the day. This is the time of year when I want to be outdoors even though the air is full of pollens. I experience a strong need to get my hands in the soil and new plants into the ground or into my hydroponic gardening units…or out riding a bicycle.

The biggest difficulty Spring provides for me is that it is hard for me to stay task-focused. This has been the case since I was a child. I just don’t much feel like being indoors, so working on indoor responsibilities comes much harder. As an adult, work is no exception. It is hard for me to focus on tasks that need to be accomplished. I would much rather be playing….or at least doing different work.

As a result of this year’s Spring fever, it was not difficult to decide that the celebration of Synergistic Office Solutions‘ 25th anniversary should happen at home rather than in a restaurant. It may cost me a bit more work, but it is not my usual work. I get to have a party instead of focusing on the changes I need to make to our web site or some other such task.

Yes, our software company has now been around for 25 years. Seth started doing consulting to other psychologists in 1985. Our billing software for mental health and medical practitioners followed in the next year. Florida psychologists were our first customers, but we started selling nationally in 1988 or 1989. Our electronic clinical record product was released in 1990. We made the transition from full-time practice of psychology to full-time software business in 1992-1993. Sometimes I am sure we jumped from the frying pan into the fire!

The primary benefit of the change from providing services to mental health clients to providing products and services to mental health providers has been that we have met so many wonderful folks who embody in their work their mission to care for others. Behavioral health providers and service organizations are the BEST! We are grateful for the opportunity we have had over the past 25 years to work with so many talented and caring people. Thanks to each and every one of you!

As you can see, my Spring Fever is so bad this year that I could not even write a blog article that would have the usual links to information you could use. It contains nothing about behavioral health electronic medical records or HIPAA or HITECH. Oh well, maybe next week will allow a return to those serious issues.

How do you respond to the appearance of Spring? Are you one of those wonderfully responsible people who can just put your head down and keep on taking care of business? Will you share with me how you do that? Or maybe you are just like me and want to have a party!

Please enter your comment in the box at the bottom of this article. If you don’t see one, double click on the title of the article, then scroll down to the box to make your comment.

News from the Front: SATVA, BH-EHR, FTC

Posted on | by SOS Blog | 4 Comments on News from the Front: SATVA, BH-EHR, FTC

Last week, Seth and I attended the semi-annual member meeting of the Software and Technology Vendor Association (SATVA), the behavioral health software and technology trade association to which SOS belongs. At one time, SOS, like many other companies moved along based more on the spoken needs of our customers rather than on long-term projections about what would be required of our industry. Several years ago, we joined SATVA in order to more successfully keep up with information about the mental health software community. I am really glad we did.

In the time since we joined SATVA, the rate of change in the health care marketplace has rapidly accelerated. It is a major challenge for a small company like ours to keep up with all of the information that emerges daily. SATVA is a significant help in that regard. Last year at the late fall meeting, we learned a great deal about certification of behavioral health electronic health record (BH-EHR) programs. This year we discussed the impending release of the draft requirements for that certification and whether it will really be useful for behavioral health organizations.

SATVA has created a section of its web site that is dedicated to keeping a close watch on the certification process. It is a great place for you to get a relatively brief but detailed view of the information related to certification.

We are very proud to be members of SATVA. We are constantly impressed by the individual and collective knowledge of the members of this group and by their willingness to work together in collegial fashion for the well being of the behavioral health community.

______________________________________________

Speaking of certification, the Certification Commission for Health Information Technology (CCHIT), on Friday announced the spring retirement of Dr. Mark Leavitt, the founding chair of the commission. Established initially with federal funding, under Dr. Leavitt’s leadership CCHIT has become a successful not-for-profit organization whose sole purpose is to certify electronic health records (EHR). At the moment, CCHIT is the only certifying body recognized by the US Department of Health and Human Services (HHS).

_______________________________________________

And more news about certification…..on Monday, November 16, 2009, CCHIT released the draft requirements for certification of behavioral health software products. This draft is available for public comment until December 11, 2009. If you have curiosity about or input you would like to offer about the certification of behavioral health electronic health record products, now is the time to voice them.

________________________________________________

The Federal Trade Commission (FTC) has again extended the enforcement deadline for the Red Flag rules. At the request of Congress, this has been pushed off until June 1, 2010. The National Council (NCCBH) reported in its Public Policy Update on November 5, that Congress is considering a new bill that would exempt small health care practices from the rules. The FTC had earlier ruled that the rules apply because of the billing practices of many health organizations. Congress is considering exempting practices with 20 or fewer employees. Stay tuned. There is undoubtedly more to come…

__________________________________________________

Please share your comments about any of these or related issues by clicking on the title of this article and typing your comment in the box below. We very much appreciate your reading our blog and would love to hear what you have to say!

Workflow and EMR: How do you do it?

Posted on | by SOS Blog | 5 Comments on Workflow and EMR: How do you do it?

During the past two weeks, I have spent several hours creating process diagrams or flow charts for a customer. After using our billing software and a custom attendance/reporting module we created for them in 2003 but maintaining paper clinical records, they are now implementing a custom Forms module and preparing to implement our behavioral health electronic medical record (EMR) product.

Clearly, understanding their current work flow is essential to assure that the steps we follow to implement the electronic record will cause minimal disruption of their productivity and maintain their confidence in their billing and cash flow. The goal of the CEO and CFO is to seamlessly provide and document services so payment audits do not result in lowered funding; the goal of the clinical staff is to help addicted people recover from their addictions and become productive citizens; and the goal of the billing staff is to assure that services are accurately reported and billed so the agency is paid for services provided.

The end point we plan to reach is that billing will not occur until documentation of the treatment is in place, but getting to this point will be a gradual process. Helping clinical and business office staff understand the job responsibilities, work flow and the anxieties of their colleagues will allow them to work more effectively as part of a team. The team, of course, shares the goals of providing the best clinical services as efficiently as possible and assuring that payment is obtained for those services so they all can continue doing their respective jobs.

While this flow charting was a time-consuming process, it was most instructive. One thing we have learned in almost 25 years in business is that our customers rarely use our products in the way we designed them. . . .and each organization does things differently. This customer was no exception. For us to make assumptions about how the counselors and business specialists in this or any of our customer organizations do their work would be foolish, at best.

A couple of months ago, our business development manager indicated that she gets frequent questions from prospective users wondering how they will integrate an EMR into their current work flow. Should they enter the progress note into the program while the consumer is in their office? If they wait until the client leaves, won’t it take too much time? Trish suggested that we write a blog article on how clinicians utilize our EMR in the course of their work. We decided to ask a couple of our customers to describe their work process so we could get a more accurate idea of how they work.

The answers to our inquiry were very interesting, and different from one another. As could be expected, the work flow of a psychiatrist/psychopharmacologist and that of a psychologist/psychotherapist were quite different. We are grateful to Scott P. Hoopes, M.D. of Meridian, ID and Scott Gale, Ed.D. of Franklin, TN for their input.

We were interested to find that neither Dr. Hoopes nor Dr. Gale enter a progress note while the patient is in the room; that happens after the patient has left. We also learned that neither provider relies upon a staff assistant to enter clinical information; they are both comfortable with a keyboard and prefer typing their own note to the more involved process of dictating, reviewing and correcting transcription, copying the note to the patient file and signing it. Dr. Hoopes does manage prescriptions while the patient is present, including reviewing, creating and sending the prescription to the pharmacy.

We learned that Dr. Gale, in spite of his use of our electronic clinical record since 1992, still scribbles notes and thoughts on paper while the patient is in his office. He scans these notes into electronic storage and shreds the paper. (As a solo provider without support staff, he does everything in his practice.) While he could attach these scanned documents to the patient’s file in the EMR, it is my impression that he considers this brief process note to be his work product. . .the psychotherapy note that HIPAA allows a psychotherapist to keep and store separately and not to release to an insurer. His note in the EMR is the formal record of the service provided. While some recommend against maintaining a separate set of psychotherapy notes, we have found that many of our customers do so. For some, this is the main reason not to move to an EMR. . .they are not sure how they would continue to maintain these psychotherapy notes while also using an electronic record.

Dr. Hoopes’ work flow was developed after time working in a community mental health setting where he was expected to see five patients in an hour. In 1995, not very long after starting his private practice and struggling for a while with paper records, he started using our software for billing, electronic claims filing and clinical records. Eventually, he also added scheduling.

His current work flow allows him to see his schedule at all times. Prior to the arrival of his patient, he brings their record onto the screen and makes a quick review. He duplicates the last progress note into one with today’s date for editing after the patient leaves. In the fifteen minutes he spends with each patient for a medication check, he is able to be engaged with them to determine their progress or lack thereof. Based on the information obtained, he decides to continue or alter their current medication, making any needed adjustments and sending the prescriptions to the pharmacy. He walks the patient out to the receptionist, who electronically schedules their next appointment. He returns to his desk, edits the progress note with today’s status, signs the note, and calls up the record of the next scheduled patient, repeating the process between 20 and 32 times a day.

My guess is that other users of our EMR product and of other products in the marketplace follow both very similar and very different work processes in their organizations. After all, while most of our customers provide behavioral health services, each is different, with varying clinical and business cultures. In every case, to most effectively implement a behavioral health EMR, it is essential to have a clear picture of your pre-EMR work flow and your goal for use of an EMR. Both of these will make it easier to choose and to implement the EMR of your choice.

Please share your experiences with the work flow in your business. Is work flow analysis something you have ever done? If so, what was your motivation? We would also love for you to share your work process experiences with implementing an EMR, if you have done so. What changes were necessary in your work flow to fully utilize the EMR? How successful have you been in that process?

If you would like to enter a comment, just click on the title of this article and enter your comment in the box at the bottom of the page. Please let us know your thoughts.

The Devil and Database Encryption

Posted on | by SOS Blog | Leave a Comment on The Devil and Database Encryption

Most every week I have a call from my credit card company’s security department to see if the recent activity on our account is actually ours. We used to get these calls maybe a couple of times a year, but now it is literally weekly.

A while back our credit card processor for SOS transactions notified us of new, stricter, security measures that we must follow or face the possibility of very substantial penalties. As a result, our customer credit card transactions now live in an encrypted database on a standalone computer that is not connected to our network or the Internet, and authorizes charges through a quaint dial-up modem connection directly to the processor’s system.

Arguably, financial data is a more tempting target for bad guys than most healthcare information, but there is little question that any data stored and moved around via electronic means is vulnerable. HIPAA requires that covered entities, and soon, business associates, take steps to determine the potential risk to the data that is in their systems, and to address the risk through a variety of security measures. These measures run the gamut from locked doors, user access passwords and workstation timeouts, through military-grade data encryption.

I have been thinking a good bit about the last of these: encryption. From CMS’s summary in HIPAA Security Series, Security Standards – Technical Safeguards (page 6-7):

4. ENCRYTION AND DECRYPTION (A) – § 164.312(a)(2)(iv)
Where this implementation specification is a reasonable and appropriate safeguard for a covered entity, the covered entity must:
“Implement a mechanism to encrypt and decrypt electronic protected health information.” (EPHI)

Encryption is a method of converting an original message of regular text into encoded text. The text is encrypted by means of an algorithm (i.e., type of procedure or formula). If information is encrypted, there would be a low probability that anyone other than the receiving party who has the key to the code or access to another confidential process would be able to decrypt (i.e., translate) the text and convert it into plain, comprehensible text.

There are many different encryption methods and technologies to protect  data from being accessed and viewed by unauthorized users.

  • Sample questions for covered entities to consider:
    Which EPHI should be encrypted and decrypted to prevent access by persons or software programs that have not been granted access rights?
  • What encryption and decryption mechanisms are reasonable and  appropriate to implement to prevent access to EPHI by persons or software programs that have not been granted access rights?

Generally, the safeguards you are expected to implement scale proportionately to the risk and the size of your organization. Thinking about the data stored in your billing and EMR systems, you would have to judge the risk to your data as very high if you have the database installed on a notebook computer that is routinely carried around by a staff member. Likewise, data moved across a network over a wi-fi connection would have to be considered as high risk. Even a solo practitioner or two person practice in either of these scenarios would probably be seen as negligent if the data were not protected by available encryption technology.

In the case of the notebook computer, I would think that whole-disk encryption should be in force, as there are likely to be letters, emails, and other sensitive data on the system that would not be protected if just your practice management/EMR database were encrypted.  Microsoft includes its BitLocker encryption system in Windows Server 2008 and the high-end versions of Windows Vista and Windows 7, but there also are many third party disk encryption products that one could use.

Wi-Fi protection means that you should use the best possible wi-fi encryption technology, at this moment, WPA2, coupled with a truly random password. Doing so would prevent virtually anyone “eavesdropping” on your wireless traffic from extracting meaningful information.

The correct path is not so obvious when it comes to encryption of primary databases, especially in the offices of small providers without dedicated IT personnel. Encryption is seeded by a string of characters, similar to a password or passphrase, called an encryption key. It is analogous to the key to your home or office, except that you can’t just break a window or call a locksmith if you lose the key. Good encryption is, for all practical purposes, impossible to crack. So, although the conscientious provider or practice owner’s first impulse probably would be to strongly encrypt, the risk analysis should include the risk of losing the encryption key, and therefore access to all the data stored in the database! The end result would be the same as a catastrophic hard drive failure with no backup — complete data loss and a very serious HIPAA violation.

Database encryption is only workable, therefore, in the presence of a formal, well-considered, bullet-proof procedure for encryption key management. Google that last phrase (“encryption key management”) and you will see that there are government documents several hundred pages in length that describe the procedures that must be followed to assure that  keys are both secure, and also readily available to those who need them.

To encrypt or not to encrypt? Devil or deep blue sea? What do you think? There are simple, keyless encryption schemes that are not terribly secure. Do you use something like that? Do you have a proven procedure for key management that you would be willing to share? You could lock your server in a bank rated vault, but then what if you forget the combination? We are back where we started! Anyone have any answers? Please click the title of this entry and leave us your comments.

Alphabet Soup: HITSP, CCHIT, ONCHIT, SNOMED CT

Posted on | by SOS Blog | 4 Comments on Alphabet Soup: HITSP, CCHIT, ONCHIT, SNOMED CT

I try to keep informed about Electronic Medical records (EMRs), certification of those products, and funding for them provided through the economic stimulus bill (ARRA). After all, as a developer and vendor of a behavioral health EMR, I really should know some of this stuff. This week, I was struck by the number of acronyms that have come into common parlance in the past six months. I find the amount of information being generated about healthcare information technology (HIT) overwhelming. I am sure it feels even worse to someone who has not been trying to keep up with this information. After all, who can possibly know what all of these shorthands stand for and mean? 

So what would any good technology hound do? Well, of course, I googled ‘Health Information Technology acronyms‘ to see who out there has started to organize this information for the public. To my pleasant surprise, several documents attempt to do just that.

To start with, our federal department of Health and Human Services has a whole web site dedicated to HIT. On the left side of the page, there is a list of tabs. Under Resources there is a page called Acronyms. And that is just what it is. A list of the letters used as the shorthand referents for 112 terms ranging alphabetically from AHIC (American Health Information Community) to WW (Wounded Warrior). You can then cut and paste a name into the Search box on the top right of the page to find documents on the site that reference this “term”. When I do this for American Health Information Community, I get a list of 601 documents linked to this site that refer to AHIC in some fashion. If I do this same search on Google, I get about 129,000,000 hits. Be careful what you search for!

The Rural Health Resource Center, a not-for-profit located in Duluth, Minnesota has a document containing a list of 53 acronyms including brief definitions or descriptions of the terms or organizations listed as well as links to the sites of some of the organizations described.

Likewise, the Department of Health Services of the state of Wisconsin has published a list of acronyms and what they stand for. This list relates to eHealth rather than just health information technology, so it is bound to have some different entries.

A web site created by Pivotal Solution Group called HITECH Answers has their own list of acronyms and definitions. Pivotal Solution Group is a coaching and consultancy organization…a private group as opposed to the government sources listed above.

And finally, the Software and Technology Vendor Association (SATVA), a trade association of behavioral health software vendors to which we belong, has developed a section on their web site to monitor information regarding behavioral health EMR certification. Behavioral Health Certification Watch will be updated as new information is received. 

While some of you have probably clicked on the links above, I think it highly unlikely that you will spend much time reviewing this information. After all, who has the time to go looking into the masses of information that are being created about HIT, certification of products and paying for those products. Most behavioral health organizations are likely to just continue doing what they do until someone finally tells them they must move to an electronic medical record (EMR) by a certain date or they will not get paid for the services they provide. Oh wait, that is what has happened…at least, for Medicare and Medicaid payments.

Is that enough to start movement toward an EMR in your organization? Is your practice beginning to consider the possibilities? What do you believe it will take to move mental health providers into EMRs?