Archive

Archive for October, 2009

NextGen revenue increased by 22%

October 30th, 2009

Quality Systems, the company behind NextGen product, just announced a 13% jump in profit and 22% increase in revenue.

 
The announcement said sales have recovered as health care providers have become more comfortable with the details of the American Recovery and Reinvestment Act of 2009, the federal government’s stimulus plan passed by Congress earlier this year.
 
As Steven Plochocki (CEO) put it:  "there seems to be a heightened comfort level in purchasing decisions relating to electronic health records systems.
 

General, Market, Vendors

Clinical Document Architecture (CDA) explained

October 28th, 2009

Clinical Document Architecture (CDA) is an XML-based standard used for clinical document exchange within Health Level Seven framework. 

 
CDA has three levels of document definition, distinguished by the degree of granularity of the markup. Level One providing the least structure and Levels Two and Three providing increasing granularity.
 
Level One consists of Header, Body and HL7 Datatypes
 
Level Two includes Domain specializations 
 
Level Three includes full document semantics aimed to meet the machine processing requirement
 
 
HL7 Datatypes are defined for:
 
- Character strings and display data
- Codes and identifiers 
- Quantities
 
And Coded CDA components or elements are based on (SNOMED) and have the two-letter ending "cd". 
 

Here is an sample CDA level three:

 

General, Technology ,

What does HL7 enablement means?

October 23rd, 2009
HL7 is about moving data, in form of messages, between software systems within clinical environment. In other words it is a messaging standard that enables clinical/medical applications to exchange data. 
 
Information sent using the HL7 is packaged as a collection of one or more messages, each of which transmits one record or item of health-related information. Examples include patient information, patient visit data. laboratory record and billing information.
 
HL7 standard specifies both exchange mechanism as well as message format and data structure.
 
The HL7 transport mechanism relies on an Event-Driven protocol, typically based on MLP or MLLP (Minimal Lower Layer Protocol) over a TCP/IP socket connection. (See Apache Camel project for an open source implementation of MLLP protocol)
 
MLLP act as a wrapper around HL7 messages to introduce a notion of atomicity over TCP/IP (which is a "stream-oriented" connection).
 
The HL7 requires every application that accepts a message to send an Acknowledgment message back to the sending application. The sending application is expected to keep on sending a message until it has received an Acknowledgment message (referred to as ACK).
An acknowledgment message consists of two parts:
1) An MSH segment, which contains information about the sending and receiving applications and a MessageID
2) An MSA segment, which indicates whether the message was accepted or rejected
The acknowledgment message should not be sent until the data in the HL7 message has been read and consumed.
 
 
The protocol relies on "open system architecture", meaning that anybody can interface with the system using appropriate protocols, independent of the vendor
 
 
Each HL7 message is made up one or more segments, which are the building blocks of HL7 messages. And each segment consists of one or more Fields.
Segments group related information together, for example the PID segment contains information patient information such as ID numbers, name, address and date of birth.
 
In the following HL7 example message, you can see that each HL7 segment is located on it’s own line.
 
Example: (MSH, PID, OBR, OBX)
 
MSH|^~\&|GHH LAB|ELAB-3|GHH OE|BLDG4|200202150930||ORU^R01|CNTRL-3456|P|2.4
PID|||555-44-4444||EVERYWOMAN^EVE^E^^^^L|JONES|19620320|F|||153 FERNWOOD DR.^^STATESVILLE^OH^35292||(206)3345232|(206)752-121||||AC555444444||67-A4335^OH^20030520
OBR|1|845439^GHH OE|1045813^GHH LAB|15545^GLUCOSE|||200202150730|||||||||555-55-5555^PRIMARY^PATRICIA P^^^^MD^^|||||||||F||||||444-44-4444^HIPPOCRATES^HOWARD H^^^^MD
OBX|1|SN|1554-5^GLUCOSE^POST 12H CFST:MCNC:PT:SER/PLAS:QN||^182|mg/dl|70_105|H|||F
 
 
The latest release of HL7 (V3) mandates both Human and machine-readable data structure. As such the documents are structured in a format referred to CDA, or "Clinical Document Architecture", based on XML.  (See my other articles on CDA topic)
 
CDA documents are not birth-to-death aggregate records, but a means for packaging information for transmission. They can include text, images, sounds and other multimedia content.
 
CDA documents are typically a MIME encoded payload within an HL7 message.
 

General, Technology , , ,

$210 per compromised medical record

October 20th, 2009

 I was surprised to see the average cost of a data breach exceeded $210 per compromised record, creating an opportunity for computer crime rings to traffic in stolen medical records, according to a study sponsored by LogLogic.

 
The study shows patients may be surrendering their privacy as the $2.5 trillion medical industry pushes to accelerate the pace of digitizing health information records, prompted by federal stimulus funding.
 
 
According to the report the new HIPAA rules will help improving 
the protection of medial records. (see my post on new HIPAA rules)
 

 

General, Market ,

Cerner partners with CDW on EMR

October 19th, 2009

Cerner  just announced a partnership with CDW Healthcare to beginning Nov. 1 offer "one-stop" purchase of it’s ambulatory e-health record systems, along with hardware, technical assistance, and deployment services to small and mid-sized doctor offices.  This is the first time Kansas City, Mo.-based Cerner has agreed to offer its complete suite of ambulatory solutions through a national channel partner, according to InformationWeek.

 
This seems to be a strategy move in view of the rising demand and I expect other EMR vendors to pursue similar distribution models to accelerate market penetration.
 

General, Vendors

HIPAA and 21CFR11 overlaps

October 12th, 2009

Both HIPAA and 21 CFR Part 11 are concern with safeguarding Data. While 21CFR11 applies to Life Sciences Organizations (LSO), HIPAA applies to Healthcare Providers (HCP) and other "covered entities", such as insurance companies.

 
21 CFR Part 11 sets out the procedural and system requirements for controlling and auditing electronic records and signatures. It requires employing procedures and controls designed to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records.
 
Similarly HIPAA security rules are described as followed:
 
Physical Safeguards
Facility access controls
Work station use
Work station security
Device & Media controls
 
Technical Safeguards
Access control
Audit control
Integrity controls
Person or entity authentication
Transmission security
 
Administrative Safeguards
Security and access management
Secure incident handling
and implement policies and procedures to prevent, detect, contain and
correct security violations.
 
 
There are obvious requirement overlaps around
 
- Operational policies and SOPs 
- System and Record Access Control
- Audit trail
- Record keeping and retention
 
It just makes sense to start consolidating these requirements into one set. 
This has to happen sooner or later as we start sharing standardized medical records between healthcare providers and Pharmaceutical companies for Clinical Trials or Adverse Events reporting.
 
 

General, Technology , ,

Hybrid system for consent form and other signed records

October 9th, 2009
Officially Part11 does not require that electronic records be signed using electronic signatures.
So electronic records may be signed with handwritten signatures that are applied to electronic records or handwritten signatures that are applied to a piece of paper that is link to the record.
The FDA is planned to publish guidance on how to achieve this link in the future, but for now it is suggested that you include in the paper as much information as possible to accurately identify the unique electronic record. As minimum that should include file name, byte size, creation date and a hash or checksum value such as
CRC (Cyclic Redundancy CheckOfficially Part11 does not require that electronic records be signed using electronic signatures.
So electronic records may be signed with handwritten signatures that are applied to electronic records or handwritten signatures that are applied to a piece of paper that is link to the record.
The FDA is planned to publish guidance on how to achieve this link in the future, but for now it is suggested that you include in the paper as much information as possible to accurately identify the unique electronic record. As minimum that should include file name, byte size, creation date and a hash or checksum value such as
CRC (Cyclic Redundancy Check).
Part11 does not require that electronic records be signed using electronic signatures.
So electronic records may be signed with handwritten signatures that are applied to electronic records or handwritten signatures that are applied to a piece of paper that is link to the record (referred to as hybrid).
The FDA is planned to publish guidance on how to achieve this link in the future, but for now it is suggested that you include in the paper as much information as possible to accurately identify the unique electronic record. As minimum that should include file name, byte size, creation date and a hash or checksum value such as CRC (Cyclic Redundancy Check).

Technology ,

Wells Fargo Initiates Coverage on Allscripts-Misys

October 5th, 2009

According to Wells analyst AllScripts (MDRX) has a growth potential of 30% yr/yr over the next 5 years. That would translate to a stock valuation of $25-26 per share.

Read more >>

Vendors

What is CCHIT certification that everybody is talking about?

October 2nd, 2009

The Certification Commission for Health Information Technology (CCHIT) is a nonprofit organization with the public mission of accelerating the adoption of health IT.

Founded in 2004, the organization is certifying electronic health records (EHR) systems since 2006.

CCHIT has numerous certification programs, some developed under contract with HHS/ONC and others developed in response to requests from stakeholders throughout the industry.

The EHR certification criteria were developed through a voluntary, consensus-based process engaging diverse stakeholders, and the Certification Commission was officially recognized by the Federal government as a certifying body.

As of mid 2009 about 200 EHR products have been certified, representing over 75% of the marketplace.

The Certification Commission for Health Information Technology is a nonprofit organization with the public mission of accelerating the adoption of health IT.

Founded in 2004, the organization is certifying electronic health records (EHR) systems since 2006.

CCHIT has numerous certification programs, some developed under contract with HHS/ONC and others developed in response to requests from stakeholders throughout the industry.

The EHR certification criteria were developed through a voluntary, consensus-based process engaging diverse stakeholders, and the Certification Commission was officially recognized by the Federal government as a certifying body.

As of mid 2009 about 200 EHR products have been certified, representing over 75% of the marketplace.

CCHIT inspects every product in three areas:

Functionality-the ability to create and manage electronic records for all of a physician practice’s patients, as well as automate the flow of work in the office.

Interoperability-the ability to receive and send electronic data between an EHR and outside sources of information such as labs, pharmacies, and other EHRs in physician offices and hospitals.

Security-the ability to keep patient information safe and private.

Functionality

Simply stated, for 08 CCHIT requires ambulatory EHR products to provide every function that a physician needs today to manage every patient’s care efficiently, safely, and with high quality, electronically — instead of on paper.

There are approximately 350 functionality criteria. The broad areas covered are:

Organizing patient data – demographics, clinical documentation and notes, medical history

Compiling lists – problems, medication, allergies, adverse reactions

Receiving and displaying information – test results, consents, authorizations, clinical documents from outside the practice

Creating orders – ordering medication or diagnostic tests; managing order sets, orders, referrals; generating and recording patient-specific instructions

Supporting decisions – presenting alerts and reminders for disease management, preventive services, wellness; checking for drug interactions and guiding appropriate responses; supporting standard care plans, guidelines and protocols; updating decision support guidelines

Authorized sharing – managing practitioner/patient relations, enforcing confidentiality, enabling concurrent use among multiple practitioners and healthcare personnel

Managing workflow – assigning and routing clinical tasks, managing the taking of medication and immunizations, communicating with a pharmacy

Administrative and billing support – using rules to assist with financial and administrative coding; verifying eligibility and determining insurance coverage

While there are several dozen new Functionality criteria proposed for addition for 09 (beginning July 1, 2009), many are simply clarifications and refinements of existing criteria. There is no justification for delaying investment in EHRs for want of functionality in certified products.

Interoperability

In the Interoperability domain, for 08 certification CCHIT requires ambulatory EHR products to use approved standards to send and receive all forms or clinical data that are practical to exchange today, as well as demonstrate ability to support emerging areas of data exchange.

There are approximately two dozen Interoperability criteria. The broad areas required are:

Laboratory results – comply 100% with federally-approved standards to receive and store lab results, differentiate between a preliminary and final result, process corrected results, and include information on test accuracy. A basic capability to view x-ray images is also required.

Electronic prescribing – comply 100% with federally-approved standards to send a new prescription, approve a refill, check that a medication is on the approved formulary, check patient eligibility, and obtain medication history from the pharmacy.

Exchange summary documents – demonstrate first-stage compliance with federally-approved standards to receive and display a patient summary from an outside system, and send a patient summary to an external system.

Although the standards for exchanging summary documents have been federally-approved, the Health Information Exchanges (HIE) that will actually route these messages between providers are only available in a few areas of the country. Thus, this is considered an emerging area, and CCHIT’s requirements are designed to ensure that EHRs keep up to date as these capabilities are developed. For 09, second-stage compliance will be required, demonstrating that the EHR can use “XDS” transactions, plus support either of two standard approaches for coordinating patient identification between the EHR and another system.

It would be extremely unwise to delay health IT investment in hopes of waiting for Interoperability to perfected first. The lab results, electronic prescriptions, and summary documents that can be exchanged now represent the most important clinical transactions, and they can help increase quality and safety while reducing waste and errors. Without EHRs in place, the impetus to develop Interoperability would be drastically reduced, and the only result could be a permanent standoff in the development of both.

Security

Simply stated, for 08 CCHIT requires ambulatory EHR products to provide state-of-the-art technical capabilities needed to keep patient information safe and secure.

There are approximately 50 Security criteria. To be certified, an EHR must meet 100% of them. The broad areas covered are:

Authentication of users (proving identity)

Controlling access based on the user role or the context of a care situation.

Auditing every access and use of records

Encryption of any data sent out of the system.

Protection against viruses and other malware

Backup of data to prevent loss in case of computer failure or disaster

Security is another area, like Functionality, that is considered mature. Updates for 09 are minimal and there is no justification for delaying health IT investment to wait for additional criteria.

Summary

All of CCHIT’s work is done with full transparency and broad public input. We are pleased to respond to all requests from policymakers for information.

With trusted health IT certification already fully operational, healthcare policymakers need not be concerned with the details of how to qualify health IT products and can focus instead on designing policies and incentives to encourage adoption, bringing the benefits of a 21st century healthcare system to all Americans.

Source: http://www.cchit.org

Technology