As a result of the conversations that followed my announcement on the social network, I felt it was important to really bring some clarity to the whole topic. I set about and for four hours over the next couple of days wrote my “primer”, complete with a chart (you know, because charts are an easy way to explain complex information!) and sent it to a friend of mine for her to look over before I posted it. Her response was “This isn’t a primer. It is a dissertation.” Point taken.

While the writing really was far from a dissertation, her point was that it was also far from a primer, as well. It was too long and chased way too many rabbit trails, resulting in 7 pages of disorienting facts, arguments, and viewpoints. A primer is supposed to be an elementary introduction, not a graduate lecture. My takeaway was that while the entirety of telehealth can be expansive, the core of it really is very simple, and here it is:

Telehealth is any health-related information or care that is administered over long distance. In today’s health care system, this would normally entail the use of some form of communication technology such as the telephone, email, or chat.

So there it is, the big explanation of what telehealth is. Don’t get me wrong, those of us that work in health care understand well that our system of health care can complicate anything, and telehealth is no different. Terms, definitions, nuances, approaches, and uses of telehealth can turn a simple blog post into a dissertation (I know from experience), but I will save those discussions for their own post. Hopefully I can break them down and explore them on here with readers in separate posts that will make more sense of them.

But for now, simplicity will rule the day.

This is the perfect time to remind physicians and practice admins that while you should be working on your road map to EHR integration, moving your plans up, skipping important milestones, or bypassing slow training schedules in order to get to the finish line faster is a tempting, but bad idea. First of all, as most of our clients have heard before (we preach it all the time), EHR’s have no finish line. They are never done. And expecting one to be fully integrated and requiring no more attention is a big (and expensive) mistake to make! EHR’s should be seen as a tool that will require ongoing maintenance.

EHR’s on the whole are very disruptive to the traditional flow of a practice. Every bit of deliberate planning and time-consuming training for your staff is going to pay off in the end. Trust me on this. Circumventing your implementation/training/go live plan for the sake of getting your EHR up and running faster will result in mistakes, some of them potentially costly. All of the exaggerated attention that is being given to the fast approaching deadlines (artificial deadlines, at that, lest we forget this is the government we are talking about here) serve only to make practice owners feel as though the entire world is passing them by. Trust me, this is not the case.

In the end, every practice and physician should be giving serious consideration to their EHR plans. Keep in mind throughout the entire process that a successful selection and implementation plan begins and ends with careful planning that will suffer if you decide to shorten it in order to get to that mystical finish line (and paycheck) sooner. Be the tortoise, not the hare!

These types of attacks deserve special attention from private practices as our experience shows us that private practices are much more relaxed about the security of their systems.

Attempted hacker attacks in healthcare on the rise
January 27, 2010 | Mike Miliard, Managing Editor

ATLANTA – The information security service SecureWorks, which protects 82 healthcare companies in the United States, reported Tuesday that attempted hacker attacks aimed at its clients doubled in the fourth quarter of 2009.

While the first nine months of the year averaged 6,500 attack attempts per day, the last three months saw that number leap to 13,400, SecureWorks reports. Most striking about those figures is that other companies protected by the firm saw no similar increase.

“Healthcare happens to be a good target for hackers because it has a lot of different types of information,” Beau Woods, solutions architect for SecureWorks, tells Healthcare IT News. “If you go into a billing system, one of the things you could potentially get out of there is credit card information, name and address, and social security information to create fake identities – but also health insurance information: Medicare, Medicaid, etc.”

SecureWorks says the most worrisome attempted breaches involved the most recent version of the Butterfly/Mariposa Bot malware, which, if it infects a computer, can be used to harvest data from the victim’s browser (passwords, etc.) and launch denial-of-service attacks. It can also be spread to other computers via peer-to-peer networking and USB devices.

The news comes at a critical moment for healthcare systems security, as hospitals, care centers, and their business associates try to meet the security rules mandated by the HITECH Act – something for which “most organizations are at best partly prepared,” as Rob Seliger, CEO of Sentillion, an identity and access management technology company, told Healthcare IT News this past November.

Indeed, a survey this fall by HIMSS Analytics revealed that, while 87 percent of health providers were aware of the need to meet new security requirements put forth in the federal Health Insurance Portability and Accountability Act (HIPAA), just one third of their business associates were.

Meanwhile, the survey found, 50 percent of large hospitals experienced at least one data breach in 2009, and 68 percent felt that the HITECH Act’s expanded breach notification requirements would result in the discovery and reporting of more such incidents.

While outside malware attacks are the most worrisome and attention grabbing, Seliger says that “the real risk is within the four walls, not bad people trying to break in.” He notes that most breaches are perpetrated by “caregivers working within the enterprise” who, whether motivated by malice, curiosity, or unfamiliarity with security protocols, gain unauthorized access to records.

Such vulnerability could be worrisome to providers considering the switch to electronic medical records. But Woods hopes they won’t be deterred from the effort. “The effort to move over to EMRs is about trying to save lives,” he says. “I hope people don’t abandon their attempts to go to electronic medical records because of these threats. You just want to protect that information once it’s there. [Hospitals] should just do more up front and make sure they’re securing their systems.”

You can find the original story link here: http://www.healthcareitnews.com/news/attempted-hacker-attacks-healthcare-rise

At this point I knew exactly what type of owner we were dealing with, which just confirmed my suspicions from earlier when we had talked to them about our services. This was the type of physician-owner who was managing his business into the ground and his employees to death. As a result of our previous meeting with the practice, we knew that the company had annual revenues in excess of $5 million dollars, which makes the $75 spend even more preposterous.

The end of the story goes like this; the employee called us back after her and her manager spoke with the doctor about the problem, and he told them not to do anything with us and that he would take a look at it when he had some time. I was not surprised. Because I felt bad for what this staff had to deal with on a daily basis, we ended up fixing the problem at no charge for them. The manager got on the phone and apologized for bothering us, saying only that they had to get permission to even buy paper clips for the office. It was a pathetic situation. What makes it more sad is that we ended up getting a check and a thank-you card from the office manager a couple of weeks later, the staff had all pitched some money to pay us for the help.

This is how way too many physician-owners cripple their practices. In an effort to be both MD and MBA, they create practices that are horribly inefficient, fiscally wasteful, and a downright miserable place for employees to spend a career. The irony of the situation is that they think they have created a practice that is just the opposite. Physicians that believe that they can effectively manage a busy practice while managing a full slate of patients is simply delusional. Sure, many of these physicians ease their conscience by appointing an “office manager”, but as is often times the case it is simply a token gesture. As in this situation, the office manager could not even authorize a $75 purchase to fix a two month old problem that was creating a great deal of stress with this employee.

Anyone that knows me knows how much I believe in building and running smarter medical practices. Practices that are able to meet the needs of the patients, the needs of employees and the needs of the business. I am all for it. But too often one of the great enemies of a smart medical practice is the physician-owner who does not understand where his abilities end and when to look outside of himself for help. The best practice owners understand that then entire enterprise is best served when they practice medicine, and not business.

Most of the practices that we advise and that are using some form of EHR are struggling to make their adoption successful. The struggles range from the minor troubles such as workflow disruptions and input irritations that drive staff nuts, to the “what have we done to ourselves” sentiment. There is a common theme among these practices, and that is that every one of them made major missteps key areas of the project before the first piece of software was ever installed. They were not adequately prepared, and as one physician recently shared with me, his practice has been “harmed” by their EHR efforts.

To be fair to all sides, there is plenty of blame to go around in these struggles; practices often times don’t understand the enormity of inertia required to make the transition successful. As a result they do very little to in the planning phase. Throw in aggressive EHR vendors into the mix, whose sole purpose is to convince you as to why they are the best choice, and you have a recipe for disaster. Decision makers in the practice often rely too much on these sales people for objective guidance, and often times end up making their decision based on their feelings for the sales people, rather than what is best for their practice.

The problem with this approach is that it often results in a practice that doesn’t understand the long-term effort that is going to be required to make the implementation successful, and therefore is not prepared to move forward. In any EHR implementation, planning is the single most important phase. Good planning can make sub-par EHR software work well (and there are plenty of sub-par applications out there) and no planning can make the best EHR software a miserable failure.

You can never over-plan your EHR adoption, but under-planning is always a constant threat.

I sometimes get criticized for being too discouraging of EHR adoption, and that certainly is not my intent. Anyone that knows me knows that I understand very well the tremendous benefits of a practice EHR system, and how those benefits can transform a practice in a positive way. What I do discourage is a poor adoption strategy. Poor adoption strategies can do a lot of harm to a practice and will cause substantial setbacks. Physicians and their staff work too hard to provide the best care for their patients to be misled about the challenges that their EHR is going present.

The standard advice that I give when talking to physicians and practice leaders is to slow down. Don’t allow yourself to get caught up in the frenzy of EHR’s without first giving it serious consideration and careful thinking. If you feel like you are being passed up by all the other practices out there and are tempted to put the pedal to the metal, resist the temptation. There is still plenty of time to begin the process, to develop a solid plan for evaluating, selecting, implementing and supporting the implementation for your practice.

The integration of an EHR into your practice is an important step that can pay some hefty dividends when it is done right. Take your time, be careful and deliberate in your planning and seriously getting outside, objective help in the process. By following this simple advice you can avoid doing harm to your practice.

If you missed it early last month, the Wall Street Journal reported a major win for entrepreneurs against the IRS that received only minor coverage. However, the news is pretty big considering it was the IRS that lost the case. The article states:

“The Tax Court decision would allow investors in certain kinds of businesses to deduct losses against salary and investment income. Right now, investors often can only deduct losses in a business against future profits from that business, which in some cases prevents taxpayers from getting to use the deductions at all.”  Wall Street Journal

Essentially, physicians that are operating as a principal in a private practice and is involved in other businesses may be able to use the losses from one business to offset income tax liabilities from the other business. Of course, I am not a tax advisor (not do I play one on TV) so be sure to talk to your advisor to see if you might be qualified for the tax breaks. My experience in working with physicians tells me that many of them may be able to catch a sizeable tax break with this new law.

In keeping with our mission to be physicians’ most trusted business service, we will strive to ensure that our healthcare clients understand all the requirements for physician reimbursement under that act.

The act includes $44,000 in total incentives per physician for “meaningful use” of an Electronic Health Record (EHR) starting in 2011. (Note: Physicians reimbursed by Medicaid can receive up to $65,000 starting in 2011 based on state-defined guidelines.). As you may have read, many of the specifics of the act will be written and released during the year. Softworks will keep you updated with any decisions that will affect physicians and their practices.

In order to qualify for incentive payments:

Use a “certified” EHR.  The act does not specify what “certification” will mean or who provide certification. (Note, there is general consensus that the certifying organization will be the independent Certification Commission for Healthcare Information Technology (CCHIT). What the act does specify is that to be qualified as a certified EHR, the certified technology must include patient demographic and clinical health information and have the capacity to provide clinical decision and physician order entry.

Demonstrate “meaningful use” of an EHR. Health and Human Services (HHS) will be defining what “meaningful use” means in the year ahead.  Some of the following conditions for “meaningful use” have already been identified. The EHR must:

• Use e-Prescribing: This means that the EHR must allow physicians to prescribe over the Internet. athenaClinicals already offers e-Prescribing.

• Electronically exchange information: Qualified EHR offerings will be required to exchange clinical information with labs, hospitals, providers, and payers across the country (including Medicare and Medicaid).

• Submit clinical quality measures: EHR’s will need to maintain a rules database to provide a set of payer-specific quality measures – including existing Pay for Performance (P4P) measures such as Physician Quality Reporting Initiative (PQRI)

The HITECH Act is clearly an ideal opportunity for physicians who use EHRs effectively to be rewarded and to stimulate adoption for those who aren’t currently using EHRs. As always, we are here to help you navigate through the complex healthcare environment, maximize your revenue, and focus on quality care.