Over the last five or so years, an extraordinary amount of money – more than $35 billion – has been spent to promote the use of EHR technology. However, these taxpayer dollars, allotted for the improvement of American healthcare, have not brought forth the kind of results that one can typically buy with such an extravagant sum. As the country moves into the later phases of the HITECH ruling, both users and legislatures alike remain unconvinced of the program’s efficaciousness; and this $35 billion dollar figure is only destined to grow. The spirit of progress that ushered in HITECH has been stifled by complacency, but of all of the concerns surrounding EHR adoption, interoperability remains a principle concern for many in the sector.
This case has been taken up by Rep. Michael Burgess, M.D. of Texas’ 26th district, who has proposed a new method to measure EHR compliance and increase standards of interoperability. The unrest should not come as a surprise to most: in the recent past, physicians have lamented repeatedly over EHR system inefficiencies and miscommunication. The proposed legislation, however, entitled “Ensuring Interoperability of Qualified Electronic Health Records,” will attempt to refocus EHR implementation.
“Billions of taxpayer dollars have been spent to incentivize the integration of EHR systems, yet the federal government has failed to ensure that providers and patients can efficiently operate within them,” Burgess told Information Security Media Group, an independent conductor of information security research. “The ultimate goal [of my proposal] is to provide private sector-centered mechanisms that will accelerate innovation and make meaningful improvements to the overall quality of care.”
The legislation, if enacted, will establish a committee tasked with establishing EHR quality measures, and coordinating with the Department of Health and Human Services. This committee will be known as the “Charter Organization,” and its members are to be appointed by Congress.
The main job of the Charter Organization would be to recommend methods for measuring whether HITECH-certified EHR systems meet critical interoperability standards. As such, its members will be comprised of “one representative from each of the standards development organizations accredited by the American National Standards Institute.” The members would be chosen to represent healthcare providers, qualified EHR developers, as well as health insurance, group health organizations “and other appropriate stakeholders,” according to a draft of the legislation.
The proposal would also alter the established interoperability criteria. All certified EHRs would, as part of the new legislation, be required to comply with all of following mandates in order to qualify as “interoperable”:
- Allow authorized users “open access” to a patient’s complete medical data from any qualified electronic health records without restriction;
- Provide authorized users with access to complete patient record from one location, without the need for multiple interfaces;
- Permit users to interface with other qualified EHRs.
Though a vision of interoperability in this country is distant, it’s not far removed. This sort of legislation could prove vital in ensuring the quality, intelligence, and effectiveness of EHR systems. However, its appeasement of certain “appropriate stakeholders” could also be just another front for Washington special interests. The issue warrants immediate action; but individual providers and developers would be smart to be wary of Congressional bureaucracy.
Since our company’s inception, MetaCare solutions have thrived using interoperability as their model. This foundation contributes to our continued successes in EHR implementation and maintenance, allowing our systems to eliminate duplicate interfaces, system incongruence, and other IT gaps in a closed-loop health environment. However, this bill could be a necessary jumping-off point to reignite EHR adoption for other EHR developers. In any event, Meta is prepared to meet any new criteria should they be approved by congress, and will continue to promote universal acceptance of EHR interoperability through the use of its systems.
In his State of the Union Address, President Barack Obama highlighted cybersecurity as one of the most pressing issues currently facing American industry. He pleaded with congress to pass legislation that would tighten security measures, offering his Cybersecurity Legislative Proposal as a solution.
“I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyberattacks,” Obama said. “If we don’t act, we’ll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe.”
Though the president offered little clarification in his recent address as to the specifics of his proposal, we know that his plan consists of three primary focuses: Enabling Cybersecurity Information Sharing, Modernizing Law Enforcement Authorities to Combat Cyber Crime, and National Data Breach Reporting. 
In the past, healthcare facilities and companies across the country have been found guilty of possessing porous security systems; but these proposed changes to American cybersecurity have the potential to change the healthcare industry in several ways. The most relevant of these outcomes would be an increase in patient security, which would lead to a decrease in identity theft. However, these reforms should also stress the importance of certain security measures, such as non-repudiation checks, user-specific access, and encrypted passkeys, that can reduce security risk in care environments.
Hospitals such as Southern Ohio Medical Center, for example, deploy EHR technology to protect themselves utilizing these and similar methods; but many facilities, clinics, and corporations remain vulnerable. Many have called for reform to the HIPAA Security Rule as a solution to the issue of cybersecurity currently facing our healthcare system. However, no concrete reform in the area of health information security has yet been brought to light.
It’s no surprise, then, that the president hinted towards the future of personalized medicine to conclude his address. “I want the country that eliminated polio and mapped the human genome to lead a new era of medicine – one that delivers the right treatment at the right time,” Obama stated. “I’m launching a new Precision Medicine Initiative to bring us closer to curing diseases, and to give all of us access to the personalized information we need to keep ourselves and our families healthier. We can do this.”
The central focus of the president’s cybersecurity initiative is enabling increased cybersecurity information sharing, specifically by increasing sharing between private entities and governmental agencies, specifically the Department of Homeland Security. Private organizations, ranging from private defense contractors to hospitals and healthcare clinics, are expected to share knowledge of any perceived threat; and those businesses are in turn provided liability protection. The initiative also enables law enforcement with enhanced provisions for prosecution and expanding federal law enforcement authority.
But before we may proceed, we must first address the issue of cybersecurity presently facing the nation, as past mistakes have compromised the lives of millions. In order to assure the security of patients, however, healthcare security measures must be able to deal with the reality of cyberattacks. This threat has become an increasingly inescapable aspect of our society; but it is a threat that can, and must, be overcome.
 “SECURING CYBERSPACE – President Obama Announces New Cybersecurity Legislative Proposal and Other Cybersecurity Efforts.” The White House. The White House, Jan 13, 2015. Web.
 Abelson, Reed, and Matthew Goldstein. “Millions of Anthem Customers Targeted in Cyberattack.” The New York Times. The New York Times, 04 Feb. 2015. Web. 24 Feb. 2015.
At first glance, the concept of an EHR appears simple: the software helps organize and share data; manage patient populations and order fulfillment; but possibly the most important function as a tool for physicians and other prescribers to improve patient outcomes, is its Clinical Decision Support (CDS) system guides caregivers in making decisions when treating patients. In fact, CDS systems are one of the most effective means of minimizing serious errors in clinical environments. Clinicians enter data into the EHR, and the CDS engine performs a complex series of checks to ensure the accuracy or appropriateness of the diagnosis. The system then either recommends a course of therapy or alerts the user of any diagnostic errors or oversights. Though the means to accomplish this task differ based on system, they all aim to improve and expand Clinical Decision Support. The result is a facility-wide reduction of preventable errors and increase of positive patient outcomes. Nearly all clinicians can agree upon the foundational importance of CDS – take away the other bells and whistles, and what remains is a solid Clinical Decision Support system – as all other features and functions ultimately serve to facilitate this, critical component of any EHR.
Though CDS is widely accepted as one of the most essential aspects of EHR technology, it is also one of the most-often overlooked. The CMS has established set criteria for these systems, such that they may qualify providers for Meaningful Use, and defines Clinical Decision Support as the following:
HIT functionality that builds upon the foundation of an EHR to provide persons involved in care processes with general and person-specific information, intelligently filtered and organized, at appropriate times, to enhance health and health care.
[CDS systems must] Enable a limited set of identified users to select (i.e., activate) one or more electronic clinical decision support interventions (in addition to drug-drug and drug-allergy contraindication checking) based on each one and at least one combination of the following data:
(A) Problem list (a list of current and active diagnoses as well as past diagnoses relevant to the current care of the patient);
(B) Medication list (all past and present meds);
(C) Medication allergy list;
(D) Demographics (defined as preferred language, gender, race, ethnicity, and DOB);
(E) Laboratory tests and values/results ;
(F) Vital signs.
While these requirements provide a solid foundation, the list is not comprehensive. These criteria merely scratch the surface of what it actually means to provide comprehensive decision support to clinicians.
So what’s missing, and what can be improved upon? The answer merits a more complicated response than a simple list revision. Meta’s belief, one that is reflected in our system’s functionality, is that HIT systems should utilize intelligent technology to create a database that grows in efficiency and potency with each new data entry.
But our attention to the small details allows us to ensure safety during the care process. Our system, because of this, provides decision support in areas that many EHR developers tend to neglect:
- Food/Environmental Allergies (Non-medication allergies) – pollen, chocolate, nuts, etc.
- Family History
- Vaccination History
- Travel History (especially in light of events regarding Ebola)
- Missed Step warning (alerts clinicians to clinical action requiring attention)
- Medication Dosage Calculation
- Automatic integration of electronic clinical documentation
- IntelliMed™ Rules-based Engine (allows for the creation of rules, triggered based on data input or available on the patient record)
This list is by no means a complete account of our CDS system’s full range of capabilities; but it does provide an idea of our attention to the minute details. Especially with IntelliMed™, our dynamic and intelligent decision support rules engine, MetaCare users can prevent unnecessary patient complications with the flexibility to address facility and organization-specific protocol. The desired result of our attention to detail is to create a knowledge-based healthcare environment capable of supporting clinicians during diagnosis and decision-making.
The fact that CDS systems comprise such a vital part of EHR processing is troublesome when considering how little attention is paid to them by EHR developers. The Meaningful Use criteria for this objective should be taken with a grain of salt, as they only provide the base for responsible CDS processing. By choosing a system, such as MetaCare Enterprise, that pays closer attention to the more unique and often ignored aspects of patient information, facilities can expect a CDS system that works to stop error before it occurs.
To make myself clear, I do not wish to disparage the Meaningful Use program. Its benefits have been undeniable; after all, EHR adoption has more than quintupled since the enactment of ARRA and the HITECH Act. However, the results are less than spectacular when non-rural care centers are removed from the picture. To many the answer is all too apparent, yet the question has been continually ignored.
Without the more privileged facilities, what remains is a fragmented network of hospitals and clinics struggling to adapt to the changes being forced upon them. Delayed deadlines were not a sufficient solution the problems they faced; and the Regional Extension Centers (RECs) established as part of HITECH often opt to either not to work with rural facilities or charge exorbitant and unrealistic fees. The Stage 1 and Stage 2 objectives treated everyone as equals, in spite of the consequences; it’s the American way, right? Well in this particular case, in modern medicine and healthcare, we’re not all equals. Some needed more help than other, and Meaningful Use made this all too clear.
Rural and critical access facilities constitute a vital part of the United States healthcare system. For many Americans, they are the sole means of obtaining medical attention, and the difference between life and death in emergency situations. But instead of being nurtured and helped along in what is certainly a difficult transitory process, they have been slowly squeezed out. The shortcomings of the Meaningful Use program are visible in the sheer amount of deadline extensions that have been made up to date. If as the ONC reports, “Over nine in ten (93%) hospitals possessed a certified EHR technology in 2013,”1 then why push back deadlines any further? Clearly, the program was a success, and should be nearing its end.
The reason is due to the ONC’s definition of the word “hospital,” a seemingly transparent term that has been restricted to the realm of “non-federal acute care hospitals.”1 Dig a little further and what does this actually mean? It means that 93% of non-CAHs have adopted EHR software; the wording is just subversive enough to mask the reality of the situation. CAHs are almost forgotten amidst the shuffle.
The Meaningful Use initiative has proven to be incapable of addressing the specific needs of rural clinicians. The staff, experience, and IT infrastructure found in many of these facilities just cannot sustain the kind of federal mandates expected of them; and what’s more, not only are these same providers held to unrealistic standards, but also penalized should they fail. There’s no help, no encouragement, and no end in sight.
Based on the inference that rural care facilities in general face problems similar to those confronted by Rural Health Clinics (RHCs), CAHs can be expected to perform better on those objectives relating to the improvement of overall quality, safety, efficiency and the reduction of health disparities, and fall short in reporting quality measures and the implementation of clinical decision support (CDS) rules. They also typically struggle to satisfy requirements that involve engaging patients and families, improving coordination of care, and protecting the privacy and security of personal health information.
The only viable means to address the problems facing this demographic, therefore, is to redirect federal efforts in a way that addresses the specific needs of rural facilities. With reform looking less and less likely to be incorporated as part of Stage 2, the only hope for these facilities falls on the upcoming Stage 3 guidelines. Hopefully the governing bodies have had time to address the program’s shortcomings and will be able to adjust the new requirements accordingly: particularly that objectives be differentiated and designated based on a facility’s status as either a CAH or a non-CAH. The blanket approach was not the solution, and Stage 3 may be the chance for reprieve.
So what can be done to address the issue? First, there should be an increased emphasis on the adoption of clinical decision support systems; this is an absolutely fundamental component of modern health technology, one that has had tremendous success in preventing error. To address the issues faced in reporting quality, there needs to be a push for electronic clinical documentation to collect, record, and share patient information. This, along with the use of secure messaging applications, will further improve the coordination of care. Encouraging the use of web-based systems will serve to further the program’s aims to engage patients and their family. Lastly, standards must be established to regulate the secure protection of sensitive patient data. These should constitute the majority of core requirements for CAHs, such that if met they would qualify facilities for financial reimbursement. The practice of penalizing non-compliant facilities must also be abolished.
However, there is also much to be done on the side of rural clinicians and facility administrators. They need to stay informed on the changing requirements and how to meet them, especially with the shadow of Stage 3 looming larger every day. This is an important step to ensure facilities contract an EHR vendor that is both reliable and qualified. However, it is important to remember that an EHR vendor should not only be certified, but also experienced and familiar with software implementation and Meaningful Use reimbursement in rural settings. Some larger vendors simply cannot provide the same level of personalized support, for the same logic that Meaningful Use objectives have been so successful among larger providers, and so much less among smaller ones.
The real solution to the problem ultimately lies in the collaboration between two factions that are often at odds at each other: the government that imposes reform on one side; and the rural facilities that resists on the other. In the end, however, the people who suffer the consequences are the patients at these facilities. We can all anxiously await the change the program so desperately needs, but without a conscious effort on the behalf of both parties, we may end up having to settle once again.
 Charles, Dustin, MPH, Meghan Gabriel, PhD, and Michael F. Furukawa, PhD. “Adoption of Electronic Health Record Systems among U.S. Non-federal Acute Care Hospitals: 2008-2013.” www.HealthIT.gov. Office of the National Coordinator for Health Information Technology (ONC). ONC Data Brief, No. 16, May 2014.
 Joynt, K. E., Y. Harris, E. J. Orav, and A. K. Jha. “Quality of Care and Patient Outcomes in Critical Access Rural Hospitals.” JAMA: The Journal of the American Medical Association. (July 2011).
 Gale, John A., David Hartley, and Zach Croll. “Meaningful Use of Electronic Health Records by Rural Health Clinics.” Muskie School of Public Service, University of Southern Maine, Feb. 2014.
Patient care is like a house of cards, a delicately constructed hierarchy. Without the proper foundation, the whole house collapses, just as one misstep – one clinical oversight during diagnosis – can often constitute the difference between obtaining a successful patient outcome and the mistreatment of a patient, or worse. Like a house of cards, the strength of our EHR depends on the sum of its parts; yet at the heart of any clinical system, there often lies a troublingly overlooked aspect of care that leaves both clinicians and patients vulnerable to error. The ability to positively identify both patients and users is an important first step in administering care. But without proper reinforcement, this simple but fundamental concept can sabotage the entire care process, like a single unstable card at the base of the house.
Patient identification has long been a point of contention for healthcare providers, but with the increased emphasis on Role-Based Access Controls (RBAC) in recent years, the clinician identification has become equally important. In the aims of maintaining a more secure care environment, clinical systems such as MetaCare Enterprise EHR™ have placed more rigorous authentication measures on users. These technologies are designed to increase attention and awareness during diagnosis, holding clinicians more accountable for their actions. Similar methods have been deployed for the identification of patient and clinician alike.
The most prominently used measures include biometric validation of users, barcoded identification and medication administration systems, Radio-Frequency Identification (RFID) technology for inventory and user validation, and encrypted passkey technology. Meta is capable of successfully integrating these and many other identification technologies, but those listed above rank as today’s most widely-used methods for the positive recognition of patients, clinicians, devices, and medications.
One of Meta’s longest-standing partners was instrumental in paving the way for identification technology usage among MetaCare users. In 2008, when the client had had already successfully completed the implementation of our EHR, we were contacted by hospital administrators and asked to identify a creative solution for the identification of users and patients beyond the typical user ID, password, and non-repudiation software security. After carefully examining the criteria given to them, our team determined that the most advantageous solution to the request was through the pairing of the eMAR system already in place, and dongle technology. Though the use of barcoded identification technology was not previously unheard of in health facilities, the introduction of the dongle provided an extra layer of protection to the hospital’s already formidable security system. The encrypted passkey technology contained within the dongle requires the physical insertion of the key into the system computer, acting as a barrier to restricted users attempting to access the system. This was then paired with proximity readers to trip locks on automated drug dispensing machines and medication cabinets to provide the site with a complete and efficient solution to their identity crisis.
The combination of these technologies continues to act as a model for Meta and our clients. The use of barcode scanners at the point of care enables users to positively identify patients, while the Dongle allows for increased security by mandating verification of the user with the use of an external passkey. Today, we have found the most success in patient and user identification through the pairing of these two methods; but that does not mean we limit ourselves to one approach. We work with administrators and clinicians to determine which identification technology would most suit their facility. By doing so, we continue to explore new innovative solutions to the identification needs of our clients
The widespread use of these types of technologies will only improve the overall security and safety during the administration of care. Facilities that implement this technology can expect to see a drastic reduction of errors and an increase in positive patient outcomes, most notably by helping prevent serious medication errors and adverse drug events. However, they are also capable of minimizing dosing, documentation, timing and transcription errors, preventing cases of fraud and identity theft, and eliminating duplicate medical records, overlay records, and patient mix-ups. Overall, these positive identification technologies can have quantifiable benefits for providers, regardless of protocol or departmental standards, allowing for a safer and more responsible care environment.