Tag: Mental Health EMR

Meaningful Use & Behavioral Health Providers

Posted on | by SOS Blog | 2 Comments on Meaningful Use & Behavioral Health Providers

I have been avoiding writing about the second draft of the Meaningful Use of Electronic Medical Records (EMRs) definition released by the federal Health IT Policy Committee on July 16. I had been hoping I would hear something that would make me believe the definition would in some significant way benefit our customers. I am disappointed to report that it still appears that the ARRA stimulus funds for adoption of EMRs will be largely unavailable to behavioral health providers, except psychiatrists, unless some change is made through regulation.

Just to clarify my statements above: ARRA provided $19 billion in funding for EMRs. $2 billion will be provided to the states to distribute for grants. Community Behavioral Health Organizations (CBHOs) are included in the eligible organizations for these funds. Unfortunately, it appears that this funding is going to be used by the states where they see fit. I have heard from a representative of at least one children’s psychiatric hospital who was told that funding would be used by the state to build Health IT (HIT) infrastructure and data exchange capability. They were informed that providers could get their funds from the incentives. I will be very curious to see how much (if any) of that $2 billion winds up in the hands of providers of any sort.

The larger part of the funding, $17 billion for Medicare and Medicaid incentives, is designed to encourage providers to purchase EMRs and use them to improve the care of their patients. Of the providers eligible to receive these reimbursements, the only behavioral health providers who are eligible are psychiatrists and certain nurse practitioners. They would purchase a system and then receive reimbursements for some or all of what they have spent depending on a variety of complex formulas. If you are a psychiatrist and you do not see Medicaid or Medicare patients, you are not eligible for funding. If you do treat these populations, you will only be able to get funding from one source, Medicare or Medicaid. The amount of reimbursement you can receive depends upon what proportion of your patients are Medicaid or Medicare recipients, along with other complex criteria.

Senator Jay Rockefeller of West Virginia introduced the Health Information Technology Public Utility Act of 2009 in late April. This bill was intended to assure that certain “safety net” providers like rural clinics and mental health providers could also access funds. That bill has not moved. Unless something happens in regulation, it is not likely that psychologists, social workers, mental health counselors, addiction treatment programs, psychiatric hospitals, or community behavioral health service providers are going to benefit from the stimulus funds to help purchase EMRs.

That said, the Health IT Policy Committee did seem to take into account the input they received from the public about the initial attempt at defining “meaningful use of EMRs”. They have drafted a plan that widens definitions, expands time frames, and provides more opportunities for providers to demonstrate that they are using EMRs meaningfully. Their PowerPoint presentation does a good job of summarizing their points. Details can be found in their updated grid and matrix.

1. The primary goal of the definition is to improve the outcomes of healthcare interventions through data capture and sharing and use of advanced clinical processes. They want providers to focus on health outcomes, not on software. HIT is to be a primary aid to healthcare reform, not use of software for the sake of earning incentive money.

2. It is the intention of the committee that there be a phasing in of meaningful use criteria. The public was concerned that if providers could not meet the 2011 criteria in 2011, they would always be behind the train. The committee now recommends that a provider who does not adopt an EMR until 2012 (or 2015) will start at the 2011 criteria and progress from there.

3. Changing work flows to assure the proper use of IT tools is an essential part of the solution. Trying to use CPOE (computerized physician order entry) can actually cause problems if there are not work flow modifications to make sure the process flows smoothly. An unintended consequence of CPOE in at least one study was diminishing of appropriate care because it was inconvenient to enter the order for the care.

4. Since data-based decision support is the real payoff of using an EMR, the committee wants to see this happen sooner, even it if means implementing only one rule in the decision making process.

5. Since engaging patients in their care is crucial to reduction in costs, providing access to an electronic version of their health record needs to be higher priority and come earlier in the process than previously envisioned.

6. Certification of software should be done by more than one body; CCHIT should not be the sole arbiter of which products should be certified.

While the Health IT Policy Committee has now presented their second draft of the “meaningful use” policy, it has until the end of 2009 to finalize the rules. It appears, however, that the direction is set. If you want to get some of the incentive money to help you buy an EMR, you will need to demonstrate that you can use that EMR and can report a variety of metrics to show how your practice is handling a number of issues. So far, none of those metrics are vaguely related to mental health.

Do you expect your organization/practice to be seeking incentive funding to purchase an EMR? How are you proceeding to assure that outcome? Do you think it is important for behavioral health to be included in the adoption of EMRs?

Just click on the title of this article and enter your comments in the box a the bottom of the page. Thanks for sharing your thoughts.

Data Security, Backup, and the HITECH Law

Posted on | by SOS Blog | 1 Comment on Data Security, Backup, and the HITECH Law

A question on one of the psychology listservs I follow got me thinking, yet again, about data security…and backup. The writer asked about the proper procedures to follow when patient psychotherapy treatment records are permanently lost. The question pertained to how the counselor in question should respond to the loss of all of their patient data from a mental health clinical record software program. Since we provide one such program, my attention was immediately attracted.

The other listserv members addressed three issues: recovery of the data from the hard drive, backup of the data, and re-creation of the records from scratch. Because of our experience with customers losing data due to computer failure, I focused yet again on data backup and database recovery. Added to my thoughts this time are the HIPAA requirements for securing protected health information (PHI) and the increased penalties in the HITECH portion of the stimulus bill (ARRA) for breach of privacy and security of PHI.

It is likely that you all remember that HIPAA requires healthcare providers (including psychiatrists, psychologists, social workers, mental health counselors, and community behavioral health organizations) to have in place procedures for securing the PHI of their patients. Most mental health workers with whom I am familiar focus on the privacy aspect of this protection; they see it as their responsibility to assure that the consumer’s information remains private. HIPAA also mandates that providers and their organizations have in place plans to protect the security of their physical data.

The National Institute of Standards and Technology (NIST) has produced Special Publication 800-66-Revision 1, “An Introductory Resource Guide for Implementing the HIPAA Security Rule.” A quick search of this document finds that the words “loss of data” are mentioned on pages 38, 77 and 98. The first mention is in a table describing the necessary contents of the Contingency Plan for data security, including a Data Backup Plan. The sections of this document that focus on the Contingency Plan and the Disaster Recovery Plan are the ones most concerned with electronic data storage.

If your organization, including your private practice of psychology or psychiatry, does not have a Contingency Plan and a Disaster Recovery Plan, however brief, you are living dangerously. And, of course, you must implement your plan to secure your PHI, not just have a plan.

How does this pertain to you? Let’s start with your data backup plan. What is it? Who in your organization is responsible to implement it? What are the consequences if it is not implemented?

One of our customers,   W. E. (Bill) Benet, Ph.D., Psy.D., Clinical Psychologist, Gainesville, FL  WEBenet.com | Assessment Psychology.com describes his experience and current backup strategy.

“I mentioned Eco Data Recovery in my previous note because I had to use their service a number of years ago after the hard drive on my main office PC mechanically failed and became inaccessible while backing up to a tape drive, corrupting the data on the tape. Fortunately, Eco was able to recover all of the data from the hard drive, by disassembling it in a ‘clean room’ and scanning the data off the individual platters. Luckily, the data on the hard drive hadn’t been corrupted, but it very easily could have been, and I would have lost years of billing records and reports.”

“But what about data that has become insidiously corrupted without being immediately obvious?”

“Today, I employ a simulated RAID backup strategy involving nightly network backups to two external USB drives, as well as from one PC to the other, AND continuous 24/7 incremental offsite backups, using Carbonite. Hopefully, if corrupted files are discovered days or weeks later, those incremental backups will save the day, at least for a while.”

Here at SOS Software, we all too often run into an organization where the principals thought they had an excellent data security plan, only to find out that their plan had not been effective or had not been implemented by the person(s) who were responsible to do so.

One of the obstacles we run into is the common belief that “it can’t happen to us.” We all know this is magical thinking; of course, it can and does.

Another often-believed myth is “I don’t really need to worry about data on my PC; data can always be recovered from a hard drive if there is a problem.” While this belief is sometimes true, it often is not. If the files lost when a computer crashes are in a complex, proprietary relational database, they sometimes are totally irretrievable. They are not text files where parts can be grabbed and some sense made of the data.

Our product uses Sybase ASA as its engine because that database creates a transaction log that can allow us to completely recreate every keystroke the user made…if the log file is intact. In fact, we use Sybase because of this capability to completely recreate the database if it is necessary to do so. As long as we have a usable starting point, we can restore the entire database from the log file…if we have an intact log file.

Two problems can intervene. 1. With our products as with many others, if the backup is done while the database is running, certain of the files are not backed up because they cannot be accessed completely. Some backup software products will tell you they can back up even when the program is running. That is not true with SOS products. 2. Hard drives often fail gradually becoming literally “flaky” over time. If key sectors of the log file are lost, it is impossible to recreate the database from the log, even if there has been no overwriting of the database.

Also, sadly, even folks who believe they responsibly make backups, never test those backups to assure they can be restored properly, and they often use the same backup medium overwriting old backups. If the hard drive has been gradually failing, destroying parts of the files as it goes, then backups of those bad files become bad too…all of this over time with no noticeable degradation of performance of the database.

Then the catastrophe occurs…a power surge or some other event causes a crash of the hard drive and the database will not restart when the computer is rebooted!

As indicated by comments on my post of November 19, 2008, The Indispensable Data Backup, among my readers are many folks who are sophisticated computer users who are responsible enough to use multiple methods of backing up their patient data. Using a rotating system of backing up with permanent, non-incremental backups created periodically and stored off-site, is crucial. The strategy we recommend is in document 125 on our main web site.

If you have never tried restoring from one of your backups, you have not completed the process. Unverified backups are useless backups. Useless backups equal insecure PHI. How big a risk taker are you?

Please add your comments by clicking on the title of this article and typing in the box at the bottom of the page.

Wal-Mart and Mental Health EMR: Unlikely

Posted on | by SOS Blog | Leave a Comment on Wal-Mart and Mental Health EMR: Unlikely

For the past week the health IT news world (NYTimes; Chicago Sun Times; MSN; ) and blogosphere (FierceHealthIT; Healthcare Informatics) have been abuzz with Wal-Mart’s announcement that they will begin selling electronic health record (EHR) software to doctor’s offices starting this Spring. They will do so in partnership with eClinicalWorks and Dell through their Sam’s Club stores.  

Our initial reaction was panic. After all, if the world’s largest retailer decides to get into our market space, how can we possibly survive? And what does this mean for our customers?

Then we started reading the fine print. The cost for the first physician in the practice will be $25,000 plus $10,000 for each additional physician. The first year’s price includes hardware, installation, some training, technical support, and a variety of other odds and ends. And that is for software as a service. That means you do not own a license for the software; rather you connect into the company’s system and maintain your records there.  (This is the model that some people believe is the only viable one for a broad national system, but many dispute that.) After the first year, the cost per doctor is $500 per month.

John D. Halamka, M.D., CIO of the CareGroup Health System and Harvard Medical School among many other posts, is convinced that this pricing is fair and that Wal-Mart’s expertise in supply chain management and their own experience with IT systems inhouse will make their coordination of this project a success. In fact, he says that its a “good deal“. 

While this sort of price point might be cost effective and competitive for general and speciality medical physician practices, it is certainly not so for those in behavioral health practices. Most community based behavioral health organizations are also not likely to find this pricing structure something they can build into their budget.

If this is the Sam’s Club bargain software, where does that leave mental health providers? While there are currently a few companies with very reasonably priced electronic medical records (EMRs) aimed at the behavioral health community, time will tell whether meeting the requirements for CCHIT certification and paying to acquire that certification will allow the products of this small cadre of companies to remain affordable.

What’s your take on the Wal-Mart announcement? Where do you see this search for the EMR going for you? 

To add your comment, click on the title of the article and enter your thoughts in the box at the bottom of the page.