Health Information Compliance Alert

Published on Thu Oct 04, 2012 PDF

Ensure your EHR system is glitch free.

If you've spent time and money implementing an electronic health record system, you may have saved your practice from extinction. But your new system will be a penalty magnet if you're not keeping it compliant.

EHR winners circle: More than 100,000 health care providers have adopted electronic health records that meet federal standards of meaningful use, exceeding the goal set for 2012 by CMS Acting Administrator Marilyn Tavenner and National Coordinator for Health Information Technology Farzad Mostashari, M.D., Sc.M. according to a June 19 HHS press release.

"The EHR Incentive Programs have really helped jump-start the use of electronic health records by health care providers all across the country," said Dr. Mostashari in the release. "Thanks in great part to the work conducted by the ONC-sponsored Regional Extension Centers (RECs) and Beacon Communities Programs, more and more providers across the country " especially those in rural communities " are now ready to use EHRs."

Get Busy or Watch Revenue Stream Dry Up

If you're not part of the EHR wave, you're seriously impairing your practice's chances of survival. "The biggest danger for physicians that do not adopt technology is becoming obsolete. Any provider that intends to practice 3-5 years from now and continue to earn an income needs to adopt technology or perish," points out Ester Horowitz, CMC, CITRMS, certified management counselor and owner/practice marketing advisor with M2Power Inc. in Merrick, N.Y. "Providers are going to be required to follow HITECH regulations. HITECH regulations are HIPAA regulations applied to electronic data that takes it a few steps further, including people they do business with."

"By 2015, Medicaid and Medicare reimbursement will be reduced for those providers who have not transitioned to EMR systems, in compliance with the Meaningful Use Rule," says Kenneth N. Rashbaum, Esq. of Rashbaum Associates, New York, NY. "Private insurers will, in all probability, follow suit, or will pay much more slowly to providers who have not appropriately transitioned," he adds.

Keep Your System Well-Oiled With Compliance Tune Ups

A new EHR system isn't going to serve you well unless you're ensuring it's glitch-free. "Providers should assure that they have performed a recent HIPAA Security Risk Analysis of their systems and have trained their workforces on secure use of those systems, keeping in mind patient safety aspects and compliance with the HIPAA Privacy and Security Rules, HITECH and any applicable state privacy laws," says Rashbaum.

Patient access and security have to be the top-most concerns, Jim Sheldon-Dean, Director of Compliance Services with Lewis Creek Systems, in Charlotte, Vt. says. "Implementing a complete HIPAA security rule compliance plan is a great way to help prevent breaches and compliance issues, and it's essentially required by meaningful use requirement 15, which calls for a HIPAA Security Risk Analysis and mitigation planning," he says. "And implementing electronic patient access to health information is right behind security." 

Allowing patients to view and use their protected health records will continue to challenge practices. "Patients will need a way to easily get access to their health information and that will require its own set of security precautions and controls," Sheldon-Dean points out. This is necessary to ensure that patients can access only their own information, and find the particular information they're interested in, he says.

What's next: The likelihood of imposing any further sanctions or incentives to get providers to switch to electronic records seems remote, says Sheldon-Dean. "The momentum behind the change to electronic medical records is such that the standard of care will become to use such systems, and those providers not doing so will no longer be able to properly provide services and will not be able to compete or meaningfully share information with other providers. Over the next few years it will simply become impossible for the typical provider to not use electronic records," he forecasts.