Preparing for Meaningful Use: Dont Overlook Your Information Infrastructure
Since the passage of the American Recovery and Reinvestment Act of 2009 (ARRA) in February, much debate and a flurry of activity has centered on the economic encouragement offered to healthcare providers for the adoption and use of EMRs. The ultimate goal: better delivery of safe, more informed patient care. The encouragement comes in the form of enticing monetary “carrots” and unattractive prospects of “sticks” over time for demonstrating meaningful use of a certified EMR. Specific provisions within the Health Information Technology for Economic and Clinical Health Act (HITECH Act) allocate more than $20 billion in funding to modernize health IT by FY2011—both hospitals and non-hospital-based clinicians alike know it’s an opportunity that shouldn’t be missed.
But with the economic downturn, many U.S. healthcare organiza–tions are proceeding cautiously, assessing how to take cost out of their current IT infrastructure to fund an EMR investment in the push to meet the goal of demonstrating meaningful use. David Blumenthal, MD, national coordinator for health IT, in the April issue of the New England Journal of Medicine, wrote that “The infrastructure to support [health IT] adoption should be in place well before 2011 if physicians and hospitals are to be prepared to benefit from the most generous Medicare and Medicaid bonuses.” Information infrastructure, while not the attention-grabber, is essential for stakeholders needing to ensure investments are solid and sustainable to ensure immediate, continuous access to key patient data throughout the healthcare enterprise.
Regardless of whether an organization is beginning to implement an EMR or transforming electronic care processes for accelerated service delivery and lower operating costs, an important component to demonstrating meaningful use—whatever that final definition may be—is an IT infrastructure that can support the multitude of clinical applications and an EMR deployment to leverage future ARRA HITECH incentives.
Technology is a necessary requirement to meeting the tenants of the HITECH Act to obtain stimulus incentives and meaningful use status. But where there can be a lack of understanding is regarding the depth of the technology, architecture or ecosystem, and the cost and amount of attention it requires to be successful, says Eric Yablonka, vice president and CIO at University of Chicago Medical Center (UCMC).
“Qualifying for incentives is not just having [IT technology], but using it to get meaningful outcomes,” he stresses. “Regardless of the stimulus money, those who have invested in this technology infrastructure have an obligation to highly manage it in a very productive way for patient safety and to support clinicians, physicians and nurses as part of their work. [Information] infrastructure is actually a critical element of that, and that comes before issues such as adoption and meaningful use.”
The challenge for healthcare organizations such as UCMC has been in finding the right mix of technologies that complement each other, fill and fulfill the ecosystem and are capable of supporting the variety of clinical applications with no interruption of service that can negatively impact patient care. “And while we do all that, we must make sure our investments are wise and sustainable,” Yablonka adds.
Figuring out how to support and maintain the range of IT infrastructure investments have already been made and identifying the gaps requires the balancing skill of a tightrope walker. Once the gaps are identified, it is then time to evaluate what incremental investments must be made to qualify and obtain stimulus money.
Yablonka says UCMC is currently doing a gap analysis to understand what investments they need to make across the board for stimulus money as well as the new HIPAA security and privacy requirements for protected health information (PHI). “My sense is that it is not only going to be technical investments, but also investments in how we organize and operate our organizations; how we are able to manage to meet these regulations and expectations,” he says.
“In a time when healthcare organizations have scaled back capital funds, and competition for those dollars is not just for IT but from imaging, cardiology, new facilities and all areas that need continual capital investment—whether technology-driven or otherwise—it is going to be a challenge to continue to make investments,” says Yablonka. “Many of us will have many parts of the infrastructure already filled in, but there will be gaps. We have to be able to look down through that to understand where those gaps are and how to fill them and get the timing right. And if you do believe that healthcare organizations are tight financially, staging some of that investment will be critical—but without that gap analysis, you might not be ready.”
HITECH validates what a lot of people are already trying to accomplish with technology in healthcare, says Jon Morris, vice president and CMIO of Atlanta-based Wellstar Health System. However, HITECH should not be the sole reason a health system embarks on a clinical technology initiative.” For organizations that already have a strategic roadmap in place, Morris says he believes HITECH lends the visibility necessary to support adoption and ownership.
“Whatever incentives it offers the hospital, HITECH gives the visibility to clinical IT initiatives so that for facilities like ours, where it’s already been in progress, and you are trying to gain support from the non-IT community to go forward and succeed,” says Morris. “HITECH provides evidence and the need of the public perception that will help drive adoption.”
The palpable benefit of a well-designed and implemented information infrastructure is clear: the assurance of the high degree of availability of the clinical applications that have the potential to be the source for a variety of data required for demonstrating meaningful use and help to deliver safe and informed care to patients.
Now that these applications are integrally involved in clinical care and critical clinical information is confined to an online location, it must be available 24/7. “This is a paradigm shift,” Morris says. “In many settings, computers, scanners and printers become critical clinical devices. Even something as ‘simple’ as a malfunctioning printer can potentially adversely impact patient care.”
“If a PACS server goes down, and providers are unable to access critical medical imaging data, we may find ourselves making critical decisions without having all information necessary to optimize outcomes,” he adds. “The fact that we now leverage IT in this fashion on the patient’s behalf implies that [the IT] team is no longer involved in a Monday through Friday operation—it is a 24/7 operation and lives now depend upon the applications’ availability.”
With the goals in mind to improve access to information and enable fast decision-making, Wellstar focused on improving the organization’s data center to archive medical records, images and financial information, says Chief Enterprise Architect Stephen Edge. “Our storage and information management strategy was already in place [when HITECH came out],” he says. “What we are now looking at is whether there are opportunities within the act to help us move forward in a faster process to enable our five-year strategy.”
While most healthcare organizations tightened their IT budgets for 2010, WellStar’s capital budget instead has “greatly increased,” Edge says. He attributes this to the foresight of WellStar’s CEO Gregory L. Simone, MD, who recognized 15 months prior that changes were needed. Launching an initiative, Opportunities 2010, the entire organization sought to drive $34 million in operating costs out of the health system. “We have met these goals by focusing on eliminating waste and unnecessary processes which allowed us to put more capital toward investing in projects, including IT,” Edge says.
Healthcare organizations are tackling the infrastructure challenge head-on as it is a necessary component of the capability to demonstrate meaningful use, looking to find new ways to gain IT
efficiencies. At UCMC, Yablonka says they are on the verge of a “technology refresh.”
“We are adding to our storage capacity every year,” says Yablonka, driven by the exponential growth rate of medical imaging data, namely from a recently added 256-slice CT scanner. How to keep up? “You can keep bolting on storage or, on a periodic basis, you can assess whether you have the right mix of technologies or whether it is time to make a technology shift,” he says. “What is the breaking point? Is there a more cost-effective way to manage our data storage with newer technology or do we continue on in the same way we have been going?”
One technology shift could be the use of virtualization to get more computing capability with a lower level of investment. “It is a good way to add hundreds of servers to your data centers or aggregate that investment into a couple of larger servers and using software, virtualize them and achieve the same result at a lower investment.”
Data and image storage are critical to effective data management and a virtualization play might allow an organization to do more with either the same or less amount of money. “We all hope to do more for less or do more for the same,” says Yablonka.
HITECH continues to generate a lot of activity and interest. As Yablonka says, the key is making good investments and holding true until the government recognizes the value and efforts—and well-prepared organizations have gained stimulus money to prove it.
Building a Patient-centric Information Risk Management Strategy |
While the fortification of an information infrastructure most often focuses on the business, workflow and data security benefits for the healthcare organization, the patient is at the center of the protection, security, and privacy of patient data. Developing an information risk management strategy for protected health information (PHI) and personally identifiable information (PII) is an essential component of the ARRA HITECH HIPAA Security and Privacy changes that will impose monetary penalties on facilities in which breaches occur. To manage potential risks as confidential patient and clinical data passes through an organization’s information lifecycle, facilities should follow a four-step process: 1. Discover and classify sensitive data: PHI and PII is prevalent throughout the healthcare environment, on clinical workstations, applications, networks, USB flash drives, and EHRs, thus healthcare providers should classify and discover all instances of confidential data to put in place policies and enforcement controls to protect that data from security risks. 2. Define policies to determine how PHI and PII should be protected—such as who can access the data, where he or she can access the data from, and what can be done with it. 3. Select and enforce controls by establishing a control framework to enforce policy. A comprehensive control strategy will include a combination of data and access controls. 4. Monitor, report and audit compliance with internal security policy and industry regulations including HIPAA, Joint Commission, and state requirements for the archiving and retention of patient records. |