Archive

Archive for the ‘Technology’ Category

What is CCHIT certification that everybody is talking about?

October 2nd, 2009

The Certification Commission for Health Information Technology (CCHIT) is a nonprofit organization with the public mission of accelerating the adoption of health IT.

Founded in 2004, the organization is certifying electronic health records (EHR) systems since 2006.

CCHIT has numerous certification programs, some developed under contract with HHS/ONC and others developed in response to requests from stakeholders throughout the industry.

The EHR certification criteria were developed through a voluntary, consensus-based process engaging diverse stakeholders, and the Certification Commission was officially recognized by the Federal government as a certifying body.

As of mid 2009 about 200 EHR products have been certified, representing over 75% of the marketplace.

The Certification Commission for Health Information Technology is a nonprofit organization with the public mission of accelerating the adoption of health IT.

Founded in 2004, the organization is certifying electronic health records (EHR) systems since 2006.

CCHIT has numerous certification programs, some developed under contract with HHS/ONC and others developed in response to requests from stakeholders throughout the industry.

The EHR certification criteria were developed through a voluntary, consensus-based process engaging diverse stakeholders, and the Certification Commission was officially recognized by the Federal government as a certifying body.

As of mid 2009 about 200 EHR products have been certified, representing over 75% of the marketplace.

CCHIT inspects every product in three areas:

Functionality-the ability to create and manage electronic records for all of a physician practice’s patients, as well as automate the flow of work in the office.

Interoperability-the ability to receive and send electronic data between an EHR and outside sources of information such as labs, pharmacies, and other EHRs in physician offices and hospitals.

Security-the ability to keep patient information safe and private.

Functionality

Simply stated, for 08 CCHIT requires ambulatory EHR products to provide every function that a physician needs today to manage every patient’s care efficiently, safely, and with high quality, electronically — instead of on paper.

There are approximately 350 functionality criteria. The broad areas covered are:

Organizing patient data – demographics, clinical documentation and notes, medical history

Compiling lists – problems, medication, allergies, adverse reactions

Receiving and displaying information – test results, consents, authorizations, clinical documents from outside the practice

Creating orders – ordering medication or diagnostic tests; managing order sets, orders, referrals; generating and recording patient-specific instructions

Supporting decisions – presenting alerts and reminders for disease management, preventive services, wellness; checking for drug interactions and guiding appropriate responses; supporting standard care plans, guidelines and protocols; updating decision support guidelines

Authorized sharing – managing practitioner/patient relations, enforcing confidentiality, enabling concurrent use among multiple practitioners and healthcare personnel

Managing workflow – assigning and routing clinical tasks, managing the taking of medication and immunizations, communicating with a pharmacy

Administrative and billing support – using rules to assist with financial and administrative coding; verifying eligibility and determining insurance coverage

While there are several dozen new Functionality criteria proposed for addition for 09 (beginning July 1, 2009), many are simply clarifications and refinements of existing criteria. There is no justification for delaying investment in EHRs for want of functionality in certified products.

Interoperability

In the Interoperability domain, for 08 certification CCHIT requires ambulatory EHR products to use approved standards to send and receive all forms or clinical data that are practical to exchange today, as well as demonstrate ability to support emerging areas of data exchange.

There are approximately two dozen Interoperability criteria. The broad areas required are:

Laboratory results – comply 100% with federally-approved standards to receive and store lab results, differentiate between a preliminary and final result, process corrected results, and include information on test accuracy. A basic capability to view x-ray images is also required.

Electronic prescribing – comply 100% with federally-approved standards to send a new prescription, approve a refill, check that a medication is on the approved formulary, check patient eligibility, and obtain medication history from the pharmacy.

Exchange summary documents – demonstrate first-stage compliance with federally-approved standards to receive and display a patient summary from an outside system, and send a patient summary to an external system.

Although the standards for exchanging summary documents have been federally-approved, the Health Information Exchanges (HIE) that will actually route these messages between providers are only available in a few areas of the country. Thus, this is considered an emerging area, and CCHIT’s requirements are designed to ensure that EHRs keep up to date as these capabilities are developed. For 09, second-stage compliance will be required, demonstrating that the EHR can use “XDS” transactions, plus support either of two standard approaches for coordinating patient identification between the EHR and another system.

It would be extremely unwise to delay health IT investment in hopes of waiting for Interoperability to perfected first. The lab results, electronic prescriptions, and summary documents that can be exchanged now represent the most important clinical transactions, and they can help increase quality and safety while reducing waste and errors. Without EHRs in place, the impetus to develop Interoperability would be drastically reduced, and the only result could be a permanent standoff in the development of both.

Security

Simply stated, for 08 CCHIT requires ambulatory EHR products to provide state-of-the-art technical capabilities needed to keep patient information safe and secure.

There are approximately 50 Security criteria. To be certified, an EHR must meet 100% of them. The broad areas covered are:

Authentication of users (proving identity)

Controlling access based on the user role or the context of a care situation.

Auditing every access and use of records

Encryption of any data sent out of the system.

Protection against viruses and other malware

Backup of data to prevent loss in case of computer failure or disaster

Security is another area, like Functionality, that is considered mature. Updates for 09 are minimal and there is no justification for delaying health IT investment to wait for additional criteria.

Summary

All of CCHIT’s work is done with full transparency and broad public input. We are pleased to respond to all requests from policymakers for information.

With trusted health IT certification already fully operational, healthcare policymakers need not be concerned with the details of how to qualify health IT products and can focus instead on designing policies and incentives to encourage adoption, bringing the benefits of a 21st century healthcare system to all Americans.

Source: http://www.cchit.org

Technology

The security and privacy of health data

September 28th, 2009
The security and privacy aspect of EHR is defined as part of PHI (Protected Health Information), and is based on HIPPA.
The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996.
PHI is defined as any information concerning health status, provision of health care, or payment for health care that can be linked to an individual.
The EHR security and privacy has to cover anything from accuracy and disposal of information and hardware hosting such data to encryption for storage and exchange of data over the wire.
ON Sep. 16th the Federal panel approved EHR security, privacy standards.
The committee clarified requirements that EHR systems must meet so both vendors and healthcare providers could use a number of access controls in their electronic health record systems and practices by 2011.
The standards under discussion cover access control, authentication, authorization and transmission of health data.
According to the panel in 2013 EHRs would have to meet additional standards to further tighten security, including Health Level 7 Role-based Access Control (BRAC), Security Assertion Mark-up Language (SAML) and WS-Trust, the name of an OASIS standard to construct secure messages.
In addition HIPPA allow patients the right to review the content of their medical records and gives individuals the right to request correction of any inaccurate PHI.
For example, an individual can ask to be called at his or her work number, instead of home or cell phone number.
PHI is an important part of EHR that concerns Patients and Physicians the most.
I will cover this topic in detail as the standards progress.

The security and privacy aspect of EHR is covered in context of PHI (Protected Health Information) and is based on HIPPA.

The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996.

PHI is defined as any information concerning health status, provision of health care, or payment for health care that can be linked to an individual.

The EHR security and privacy has to cover anything from accuracy and disposal of information and hardware hosting such data to encryption for storage and exchange of data over the wire.

ON Sep. 16th the Federal panel approved EHR security, privacy standards.

The committee clarified requirements that EHR systems must meet so both vendors and healthcare providers could use a number of access controls in their electronic health record systems and practices by 2011.

The standards under discussion cover access control, authentication, authorization and transmission of health data.

According to the panel in 2013 EHRs would have to meet additional standards to further tighten security, including Health Level 7 Role-based Access Control (BRAC), Security Assertion Mark-up Language (SAML) and WS-Trust, the name of an OASIS standard to construct secure messages.

In addition HIPPA allow patients the right to review the content of their medical records and gives individuals the right to request correction of any inaccurate PHI.

For example, an individual can ask to be called at his or her work number, instead of home or cell phone number.

PHI is an important part of EHR that concerns Patients and Physicians the most.

I will cover this topic in detail as the standards progress.

Technology

More standardization on E-Prescription

August 31st, 2009

NCPDP just updated SCRIPT 10.6 Standard, the latest XML based technical standard recommended by federal regulators as part of EHR incentive program.

 
More info on SCRIPT 10.6 can be found here:
 
 
 
Surescripts already announced plans to adopt the new standard.
 
They operates the country’s largest electronic prescribing network. According to Surescripts the network is used by over 140,000 physicians, pharmacists and payers to electronically process prescriptions and share prescription information. Participants on the Surescripts network include all of the nation’s major chain pharmacies (e.g. CVS/pharmacy, Rite Aid, Walgreens, Wal-Mart), many of the nation’s leading payers and PBMs (e.g. Aetna, CVS Caremark, Express Scripts, Medco, Wellpoint) and over 10,000 independent pharmacies nationwide.
 
 

General, Technology, Vendors ,

Health Level 7 Role Based Access Control (RBAC)

August 18th, 2009

Health Level 7 or HL7 is an international community of healthcare subject matter experts and information scientists collaborating to create standards for the exchange, management and integration of electronic healthcare information.

HL7 covers details about Roel Based access Control to Health data and clinical information on a “need-to-know” basis is as a key requirement
It also emphasizes on need to provide methods where access can be checked and authorised before access is granted
Another important element of RBAC is up-to-date and accurate directories of staff.

Among others HL7 covers details about Role Based Access Control to Health data and clinical information on a “need-to-know” basis as a key requirement.

It also emphasizes on need to provide methods where access can be checked and authorized before access is granted. Furthermore RBAC requires an up-to-date and accurate directories of staff.

Technology

Stimulus Package Includes Changes to HIPAA Rules

March 24th, 2009

 According to new legislation, physicians now will be required to track any disclosure of a patient’s medical information. Previous regulations allowed physicians to disclose patient information for the purpose of treatment, payment or health care operations, but they were not required to track when that information was disclosed. 

 
However, this should be easy to manage for physicians who use an electronic health record as hopefully EHR vendors will provide such a functionality out-of-the-box to track every time patient information is disclosed.
 
In addition, the legislation requires practices to post information about security breaches if a breach affects 10 or more patients and must notify all of their patients, a local media outlet, and the HHS secretary if the breach affects 500 or more patients.
 

General, Technology ,