EMR Implementation: Compliance Challenges



Similar documents
Who is looking at your electronic health record?

AUDITING TECHNIQUES TO ASSESS FRAUD RISKS IN ELECTRONIC HEALTH RECORDS

ICD-10 Strategy How to Operationalize in a Hospital Environment. HFMA Region 11 Healthcare Symposium January 21, 2014

From EHR Implementation to Attestation: Auditing and Monitoring Meaningful Use

EMR Risk Mitigation and Optimization

Sutter Health: Linking Information Technology and Chronic Care Delivery. Cheryl Phillips, M.D.

Auditing Electronic Medical Record Systems. Mary Jo Flynn, RN, CIA, CCSA Interim Vice President, Audit Services

Meaningful Use: Stage 1 and 2 Hospitals (EH) and Providers (EP) Lindsey Mongold, MHA HIT Practice Advisor Oklahoma Foundation for Medical Quality

Medweb Telemedicine 667 Folsom Street, San Francisco, CA Phone: Fax:

How To Use An Ehr

Clinical Research Management Training Program Electronic Medical Records: Access, Use and Compliance for Research March 11, 2013

EHR Incentive Program Updates. Jason Felts, MS HIT Practice Advisor

Demonstrating Meaningful Use of EHRs: The top 10 compliance challenges for Stage 1 and what s new with 2

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

Hospital Certified Electronic Health Record (EHR) Technology Questionnaire

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

Health Information Exchange At Sutter Health Using. Steven Lane, MD, MPH EHR Ambulatory Physician Director

MEETING MEANINGFUL USE IN MICROMD -STAGE TWO- Presented by: Anna Mrvelj EMR Training Specialist

Innovative Solutions. Why we re excited. Resource Systems. Cerner and Resource Systems. Cerner to Acquire Resource Systems

Electronic Medical Records vs. Electronic Health Records: Yes, There Is a Difference. A HIMSS Analytics TM White Paper. By Dave Garets and Mike Davis

The now tips, the how tools, and the must timing for your MU path in 2014.

Meaningful Use Stage 2 (MU2): The Patient Portal and its Value for Increased Patient Engagement

Implementation of an Integrated Electronic Health Record at Gottlieb Memorial Hospital

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing

Health Information Technology and Management

Session Name Objectives Suggested Attendees

Bill Moran and Betta Sherman

To: From: Date: Subject: Proposed Rule on Meaningful Use Requirements Stage 2 Measures, Payment Penalties, Hardship Exceptions and Appeals

PREPARING FOR EMR PROGRAM SUCCESS IN /10/2015. December 15, Travis Skinner, CPA Senior Managing Consultant

6/8/2012. Cloning and Other Compliance Risks in Electronic Medical Records

Regulatory Compliance Policy No. COMP-RCC 4.17 Title:

Strategy for Health Information Exchange. Rebecca Weber, CIO Meridian Health

EHR s-new Opportunities for the Confident Coder

T h e M A RY L A ND HEALTH CARE COMMISSION

HIPAA Security. 1 Security 101 for Covered Entities. Security Topics

Ohio Health Information Partnership/CliniSync HIE

EHR Incentive Program Stage 3 Objectives & Measures Crosswalk of Stage 3 Proposed Objectives, Measures & Corresponding Stage 2 Measures

Population Health 2.0: Bending the Cost Curve by Moving Beyond the Pyramid

Best Practices for Implementing an EHR System

Medicaid EHR Incentive Program. Focus on Stage 2. Kim Davis-Allen, Outreach Coordinator

Presenter Disclosures

Navigating Compliance Landmines in Electronic Health Record (EHR) Documentation

CommonWell Health Alliance Interoperability for the Common Good. Scott Stuewe - Director, Cerner Network NCHICA Annual Conference

Meaningful Use 2015 and beyond. Presented by: Anna Mrvelj EMR Training Specialist

Sharp HealthCare ACO. Pioneer Introduction to the FSSB November 8, 2012

Meaningful Use Stage 2 Certification: A Guide for EHR Product Managers

Frequently Asked Questions About MyBrowardHealth

IT s s role in Accountable Care Organization s. Doug Williams October 2010

EHR Meaningful Use Stages 1 and 2. What They Mean To You. Pat Wolfram

Hospital EMR Adoption Model

The State of U.S. Hospitals Relative to Achieving Meaningful Use Measurements. By Michael W. Davis Executive Vice President HIMSS Analytics

UCLA Physician Informaticists. Information Services & Solutions

Direct Secure Messaging: Improving the Secure and Interoperable Exchange of Health Information

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Orange County Health Care Agency (HCA) Behavioral Health Services (BHS) Electronic Health Record (EHR) System. HCA Director Mark Refowitz.

Implementing Effective Data Exchange with The CommonWell Health Alliance

MICROMD EMR VERSION OBJECTIVE MEASURE CALCULATIONS

JMH User Access Request Form

GE Healthcare. Centricity Health Information Exchange Services. CHUG BO1: Meaningful Use and the Health Information Exchange

SURVEY QUESTIONNAIRE 2013 AHA ANNUAL SURVEY INFORMATION TECHNOLOGY SUPPLEMENT

HIPAA for HIT and EHRs. Latest on Meaningful Use and EHR Certification: For Privacy and Security Professionals

Your responses will be saved every time you click the NEXT button.

Meaningful Use Updates Stage 2 and 3. Julia Moore, Business Analyst SMC Partners, LLC July 8, 2015

County of San Mateo Health System

Special Topics in Vendor- Specific Systems. Outline. Results Review. Unit 4 EHR Functionality. EHR functionality. Results Review

Enterprise Analytics Strategic Planning

REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI

Meaningful Use Stage 2

Authorized. User Agreement

Adopting an EHR & Meaningful Use

Scope of Work for Consultation Service Agreement

Meaningful Use Cheat Sheet CORE MEASURES: ALL REQUIRED # Measure Exclusions How to Meet in WEBeDoctor

Health Insurance Portability and Accountability Act (HIPAA) Compliance Audit Final Report

Meditech Scanning & Archiving

Dr. Peters has declared no conflicts of interest related to the content of his presentation.

Transcription:

EMR Implementation: Compliance Challenges HCCA Upper West Coast Regional Conference December 6, 2013 San Francisco Panel Members Greta Fees Ginny Kim Kevin Longo Sutter Health John Muir Health Adventist Health Moderator: Lynda Hilliard 1

Entity Overview and EMR Implementation Status Adventist Health Hospitals 2

Workforce Home Health & Hospice Agencies 3

Physician Services Retirement Centers 1 CherryWood Village Portland, OR Joint-venture between Adventist Medical Center -Portland and Generations, LLC 2 Feather Canyon Paradise, CA Joint-venture between Feather River Hospital and XL Management Company, LLC 3 Paradise Village National City, CA Joint-venture between Adventist Health and Generations, LLC 4 Wheatland Village Walla Walla, WA Joint-venture between Walla Walla General Hospital and Generations, LLC 4

Adventist Health IT Systems Overview Cerner Millennium 2003-18 acute care facilities Cerner Millennium Modules 2006 Ongoing Cerner Beyond Now (Extended Care) -2010 Cerner Ambulatory EHR Aug 2012 -Ongoing Epic Ambulatory EHR Early 2000 s Revenue Cycle Initiative (RCI) Sep 2013 Ongoing Cerner Registration & Patient Billing John Muir Health John Muir Health: Walnut Creek/Concord John Muir Medical Center, Walnut Creek, a 572-licensed bed medical center that serves as Contra Costa County's only designated trauma center; and John Muir Medical Center, Concord, a 313-licensedbed medical center in Concord. John Muir Physician Network The John Muir Physician Network is a not-for-profit medical foundation. The 900 physicians associated with the John Muir Physician Network belong to either the John Muir Medical Group or the Muir Medical Group Independent Practice Association (IPA). 5

John Muir Health JMH is in the process of implementing EPIC. Through more robust technology, such as Epic s electronic health record (EHR), JMH will improve operational efficiency and deliver on our unwavering commitment to do what s best for the patients we serve. John Muir Health Electronic Medical Record/EPIC Implementation Timeline User Group First set of physicians offices (non- Walnut Creek Outpatient Center), urgent care center at 2700 Grant Street, and select IPA offices Go-Live Date November 5, 2013 Walnut Creek Outpatient Center, the non-urgent care clinics at 2700 Grant Street and revenue cycle teams January 14, 2013 Concord and Walnut Creek hospitals, Behavioral Health, Home Health, several hospital outpatient clinics and revenue cycle teams March 30, 2013 6

Sutter Health System Overview Hospitals Physician Practices Foundations Ancillary Services Sutter Health Organizational effort included many multidisciplinary teams and subject matter experts SAM (Sutter Architectural Model) sessions held monthly over a period of time prior to go-live Phased in approach beginning with first go-live in April 2009 and completion projected for early 2015 EPIC was the platform chosen for Sutter s EMR 7

Compliance Challenges What type of privacy compliance challenges did your institution encounter, and what steps did you take to mitigate those risks? John Muir Health HIPAA/Privacy Access to EMR Ensure role based access (minimum necessary standards) Understand the various points of entry into the EMR system (i.e., patient portal, health information exchange, hospital and ambulatory platforms) Ensure vendors are given appropriate access with expiration dates Understand which departments or areas have full access to patient financial information 8

HIPAA/Privacy John Muir Health Minor patients between 12-17 years old Ensure processes to address HIPAA and state requirements pertaining to minor rights Consider system limitations (i.e., patient portal views) that could result in inadvertently disclosing PHI to parents or legal guardians Sutter Health HIPAA/Privacy Challenges Training in the EMR How to access the EMR How to navigate within the EMR How to document How to bill How to ensure patient privacy (i.e. logoff, sharing passwords etc.) Role Based Access Must be based on right person, right job, right access Must ensure minimum necessary standards are followed at all times Must have governance structure to objectively evaluate and determine access needs 9

Adventist Health Access to records are controlled by Role Based access system All information is assigned an Owner/Trustee Information Access is controlled based on the user s defined role Exceptions to role based access are authorized by the Owner/Trustee Information Challenges: There is no good automated review process of the roles Audits must be conducted manually Overly restrictive controls interfere with efficient operations Trust but verify Ongoing WBT HIPAA Privacy & Security Education Compliance Challenges What types of compliance issues presented themselves in dealing with accurate and timely documentation in the new EMR, especially related to claims generation? What did your organization do to mitigate those risks? 10

Sutter Health Documentation (regulatory/billing issues) Coding/Charging/Billing What hard stops need to be in place for providers to ensure adequate documentation requirements are met (i.e. inpatient vs. observation orders) What will your CDM look like? What source documents will be used for abstracting and coding (i.e. problem list, OSHPD reporting, profees, ancillary services, cancer registries, trauma registries etc.) and how will access to those areas be determined Sutter Health Documentation (regulatory/billing issues) Coding/Charging/Billing Pharmacy how will your pharmacy system integrate with your EMR What add on platforms/applications/software should you consider in addition to your EMR (Op-time, Lynx, Willow, Smart tools, Medi-analytics) Work-Queues how will they be structured, who will be responsible, what will the workflow be and what kind of education, training and subject matter expertise will be required Data Governance over data, what do we need, how will it be used, who has access 11

Sutter Health Documentation (regulatory/billing issues) Policies What policies should be considered related to regulatory and billing considerations prior to go live Copy and Paste Use of templates Cloning Physician Problem list and coding What constitutes the legal health record (i.e. queries, scanned documents, outside provider notes) When can a record be amended and by whom Documentation Adventist Health Documentation/Coding Specialists help ensure the care is appropriate and complete for the patients conditions & Dx HIM personnel & Coders ensure the EHR is complete and that any patient related paper records are scanned into the EHR. Documentation of access and disclosure to provide patients an accounting of disclosures. Carry-over, Cutting & Pasting features can lead to inaccurate or inappropriate documentation and possible fines & penalties 12

John Muir Health (JMH) Documentation Cut & paste functions selecting data from an original or previous source to reproduce in another location Populating via default data is entered into registration process or a note via an electronic feature that does not require positive action or selection by an author Government audits understand system functionalities to produce supporting documentation for audits (i.e., Medicare ACO audits) Audit and Monitoring What are the compliance considerations of audit and monitoring in the EMR? 13

Adventist Health User access activity logs User access reports track limited data sets (Cerner/P2) User last name & patient last name match VIP EMR access reports New technologies & algorithms will expand ability to identify snooping activities by unauthorized individuals Systems in place to ensure that EHR and Charge Masters are synchronized to ensure unit quantities agree Meaningful use audits to ensure systems met the Meaningful Use government subsidy requirements. Compliance audits to access and evaluate information John Muir Health Auditing and Monitoring Limited reporting capabilities for the Privacy Office to track functions performed on the medical record (i.e., view, edit and print) Understand audit capabilities of the system and what mechanisms or fields can be tracked Understand historical systems that are interfacing with the new EMR system and know when it is appropriate to obtain additional reports for investigation Proper training for those who are responsible for auditing/monitoring 14

Sutter Health Controls Must have a comprehensive auditing and monitoring plan in place prior to go live Auditing and monitoring must be role based Must have corrective action plans pre determined (as much as possible) up to including disciplinary action, and termination if appropriate. Third Party Access Executing MOUs (memorandums of understanding) and BAAs (business associate agreement) with complete indemnification Sutter Link and Sutter Grant Access Other Considerations - Access Patient Portal How do patients obtain access Minimize the risk of patients see other patient PHI Consultants and Vendor Access Consultants Coding Billing Revenue Cycle Vendors Government auditors Employee Access Clinical Inpatient Outpatient Non-clinical Physician Portal How are physicians provisioned to access their patient record EHR Computerized Physician Order Entry (CPOE) How do you limit access to their own patients Transmitting lab & radiology results to physician EMR 15

Summary Compliance Involved in Planning Oversight of Process Continual Education Ongoing Audit and Monitoring Contact Information Questions Greta Fees Ginny Kim Kevin Longo Lynda Hilliard feesg@sutterhealth.org ginny.kim@johnmuirhealth.org kevin.longo@ah.org lyndahilliard@hotmail.com 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information