Health Information Compliance Alert

TECHNOLOGY:

GET THE GROUND-LEVEL VIEW OF VISTA-OFFICE EHR SYSTEM

Two compliance officers share their initial thoughts on CMS' new solution

Unless you've been living under a rock, you've heard the news - the Centers for Medicare & Medicaid Services (CMS) is taking matters into its own hands by offering a low-cost electronic health records (EHRs) system for private physician offices.

VistA-Office EHR will offer providers key functions, including order entry, documentation, results reporting and improved ability for non-technology experts to download, install and configure the system with little to no support - all at an affordable price.

While many health care specialists agree that this is a move in the right direction, an equal number are not so sure. "It's sort of like when you get a new puppy," says Frank Ruelas, compliance officer for Gila River Health Care Corporation in Sacaton, AZ. "You're so happy to have the puppy that you don't think about how much work it requires," he adds.

Here are some of the questions you'll need to answer before you or any of your affiliates decide to adopt the new system:
 
Who Will Be In Charge Of The System?

"Smaller providers usually have one person doing what a large facility may dedicate a whole department to," Ruelas points out. That means one or two people may have to carry out the entire implementation of VistA-Office EHR - a job best handled by multiple staffers.

The people tasked with technology projects in smaller offices do not generally have the same resources or access to training as those working in complex offices. Best bet: Before you give a project of this scale to an office staff member, make sure that person is certified to work with networks and other high-complexity technologies, Ruelas advises.

Smart idea: Do not rest the responsibility for implementing and maintaining VistA-Office EHR on one employee's shoulders. "If that person leaves or becomes unavailable due to an illness and there is no one else to step into her shoes, then you've hit a major speed bump," Ruelas says.

Who Will Provide Your Technology Support?

This is an important question with any new system, but it is especially crucial with VistA-Office EHR because support for the system is limited. Therefore, your staffers may have to figure out many elements on their own. "You don't want people practicing on your system - they could accidentally corrupt your data and leave you worse off than before," Ruelas counsels.

Important: If your staff members are not aware of the many features VistA-Office EHR offers - and what the default settings are - they could fail to close off your patients' PHI to data thieves.

How Will We Communicate With Other Providers?

VistA-Office EHR is an open source product, meaning it was developed and distributed free-of-charge with the understanding that others would improve upon it, explains David Patino, clinic manager and compliance expert for Physical Therapy Services Of Morristown, NJ.

Because users can tinker with the product, it's feasible that your customized VistA-Office EHR system could be entirely different from your affiliate's system. Therefore, you'll have to coordinate with other providers about how you'll store and share information - or run the risk of using a system other providers cannot communicate with.

Note: "This product is not being put out as a standard, but that may change over the next five to 10 years," Patino stresses. If it becomes the standard for the health care industry, you can expect to lose the ability to customize it as freely as other open source products.

How Will You Recover From Disasters?

Many private physicians are housed in buildings owned by a separate party, which shifts most of the disaster recovery responsibilities out of the office. However, with VistA-Office EHR, as with any digital file system, physicians have to be able to recover their systems without any data loss and without sacrificing their patients' care.

Good idea: "You need to run a parallel system that you can fall back on after a disaster," Ruelas advises. "Many people think of this as double work and double headache, but the alternative is much scarier," he says.

The Bottom Line

VistA-Office EHR contains the same vulnerabilities as other electronic records systems, Patino says. "The second you take patients' PHI off paper and turn it into digital files to put on a network, you risk it being accessed inappropriately," he notes.

Best practice: Stick to the basics. "If your network is secure, anything you have on the network is secure - regardless of the system you're running," Patino claims. Tight policies and procedures will help you use VistA-Office EHR without ruining your compliance efforts.