On March 20, the CMS laid the groundwork for the next phase of EHR adoption, announcing its “Proposed Rule” for Stage 3 of the EHR incentives program. After various delays and set-backs, the new criteria focus in particular on the overall improvement of patient outcomes, and the interexchange of patient data. Stage 3 also designates many practical changes, such as the realignment of the reporting period with the calendar year.
As expected, however, the proposal was not met without criticism. While the plan seems straightforward as proposed by the CMS, it has not won favor with the majority of those most direct affected. In a survey orchestrated by QuantiaMD, 71 percent of physicians said with confidence that they would be able to successfully attest; but only 38 percent say the government did a fair job with the Stage 3 proposed rule.
This begs the question: why have the CMS and ONC not taken a more active role in engaging clinicians? They offer the opportunity to comment upon the proposed rule, but seem to bypass their considerations when drafting the actual proposal. What’s more is that the feedback period lasts only a little more than two months, and seems to be reserved for the smaller and less crucial details of the adoption plan. This dissent, if it remains unaddressed, will only cause problems further down the line.
The CMS has designated eight initial Meaningful Use objectives that must be met in order to attest during Stage 3, though a number of additions will likely be made as part of the final ruling. These points build upon the foundational elements of Stage1 and 2, but are also meant to provide a sense of direction of the overall plan moving forward. The comment period for Stage 3 ends May 29, 2015.
Included below is a brief guide to the CMS’ stage 3 proposal:
- Protect patient health information
Expanding upon earlier privacy rules, particularly the need to conduct a security risk analysis and address data security as part of Stage 2, this objective requires the creation of increased technical, administrative, and physical safeguards on patient information.Organizations are required to conduct a security risk analysis upon implementation and after each system upgrade, while any and all system deficiencies must be reported by the end of each calendar year. Providers must also conduct a security risk analysis at least once per year.
- Electronic prescribing
Authorized users must be able to generate and transmit prescriptions electronically, while eligible hospitals and CAHs are required to do likewise for permissible discharge prescriptions. Stage 3 also increases the number of discharge medications eligible for e-prescribing.As part of Stage 3, users are required to query 80 percent of all permissible prescriptions for a drug formulary, and transmit them electronically using a certified EHR. For eligible hospitals and CAHs, this number is set at 25 percent. Due to the success of this objective during the Stage 1 and Stage 2 reporting periods, the CMS showed confidence in raising the threshold for Stage 3. The new proposal has also removed the requirement on refills, mandating e-prescribing only for new and changed prescriptions.
- Clinical decision support
The CDS objective is divided into two sub-requirements: the first pertains to the implementation of five CDS interventions related to four or more clinical quality measures; the second requires technology to alert for drug-drug and drug-allergy interactions. Certain EHR systems, such as our MetaCare Enterprise EHR™, provide integrated drug monographs and databases to further the aims of this objective, in regards to drug administration alerts. The clinical quality measures provide evidence-based clinical decision support, and include the following:
- Problem list
- Medication list
- Medication allergy list
- Laboratory tests and values/results
- Vital signs.
This objective allows for some flexibility, as it provides EPs, eligible hospitals and CAHs with the freedom to determine which CDS tools would best suit their patients and their organization.
- Computerized physician order entries
The new CPOE objective is divided into three sub-requirements: the first requires 80 percent of medication orders in a hospital setting or a CAH’s inpatient/emergency department to be recorded in a certified CPOE system; the second requires more than 60 percent of all lab orders to be be created using a CPOE; and the third requires that more than 60 percent of diagnostic images be ordered using a CPOE.Stage 3 broadens the authorization requirements for this objective, expanding slightly upon the requirements of stages 1 and 2. Whereas in the earlier stages only eligible providers were permitted to place orders electronically, Stage 3 opens the objective to any licensed healthcare professional or credentialed medical assistant. The CMS has also granted EPs the ability to authorize staff as they see fit to input orders electronically.
- Patient access
One of the largest undertakings of Stage 3 is the patient access initiative. This objective seeks to increase communication between physician and patients using web-based technology. Put simply, certified EHRs must allow for patients to view, download or transmit their health information online or on a separate application within 24 hours of its availability.The provider is only required to provide this access, however; the patients need not to utilize these methods for the provider to successfully attest. Patient access, as stated by the CMS, “should not require the provider to make extraordinary efforts to assist patients in use or access of information, but the provider must inform patients of these options and provide sufficient guidance so that all patients could leverage this access.”The objective is divided into three sub-requirements: first, more than 80 percent of all patients should be provided access to view, download or transmit health information within 24 hours of its availability; second, providers must provide more than 35 percent of their patients with specific educational materials, such as medical references, using clinically relevant information from the EHR.
Stage 3 will increase percentage of patients given access to this information, and decrease the period of waiting between the patient’s visit and online access. The CMS, however, is also searching for alternatives due to the increased use of Application Program Interfaces (APIs) in medicine.
- Coordination of care through patient engagement
This objective is divided into three sub-requirements, the first of which pertains to a patient’s active engagement with an EHR system. More than 25 percent of all patients seen by an EP or discharged from an eligible hospital, CAH inpatient or emergency setting must be given access to and actively engage with the EHR system in place. EPs, hospitals and CAHs may choose to attest during an EHR reporting period either through the online patient portal or through an ONC-certified API.The second and third requirements are much vaguer, requiring EPs to send secure messages using their EHR to at least 35 percent of patients, and incorporate patient-generated data or data from a non-clinical setting for more than 15 percent of all unique patients. According to the CMS’ definition, “data from a non-clinical setting” includes care environments that do not utilize a certified EHR, with the exception of EPs, eligible hospitals and CAHs. This includes therapists, psychologists, home health providers, etc., as well as data generated by the patient. The CMS understands the broad nature of its definition in regards to this objective, and welcomes feedback on how to incorporate this data into clinical practice.
- Exchange of health information
EPs, eligible hospitals and CAHs must send a summary of care when moving or referring to another practice or hospital, and must receive the same document upon the first encounter with a new patient. This outside information must then be incorporated into their EHR.This objective is divided into three sub-requirements: first, more than 50 percent of referrals and transitions of treatment must use an EHR to provide an assigned summary of care record; second, more than 40 percent of referrals, transitions and new patient encounters must be incorporated into the provider’s EHR; third, clinical information reconciliation must be implemented for more than 80 percent of new patient encounters for the patient’s medications, allergies, and current problem list.The ONC has also issued a common clinical data set to bolster data exchange, which the CMS has included its Stage 3 proposal.
- Public health and clinical data registry reporting
This objective focuses on the growing field of Population Health Management (PHM), necessitating that users actively submit data to public health agencies or clinical data registries using their EHR. The focus in Stage 3 will shift from the “ongoing submission” stipulation of Stage 2 in favor of a principle of “active engagement.” This, the CMS believes, will more accurately reflect the desired state of communication between immediate care providers and public health officials.EPs, eligible hospitals or CAHs must also share public health information in three of the following six measures: immunization registry reporting, syndromic surveillance reporting, case reporting, public health registry reporting, clinical data registry reporting and electronic reportable lab result reporting. The objective also provides flexibility in regards to reporting periods and deadlines to simplify the transition into Stage 3 public health reporting.
Over the last five or so years, an extraordinary amount of money – more than $35 billion – has been spent to promote the use of EHR technology. However, these taxpayer dollars, allotted for the improvement of American healthcare, have not brought forth the kind of results that one can typically buy with such an extravagant sum. As the country moves into the later phases of the HITECH ruling, both users and legislatures alike remain unconvinced of the program’s efficaciousness; and this $35 billion dollar figure is only destined to grow. The spirit of progress that ushered in HITECH has been stifled by complacency, but of all of the concerns surrounding EHR adoption, interoperability remains a principle concern for many in the sector.
This case has been taken up by Rep. Michael Burgess, M.D. of Texas’ 26th district, who has proposed a new method to measure EHR compliance and increase standards of interoperability. The unrest should not come as a surprise to most: in the recent past, physicians have lamented repeatedly over EHR system inefficiencies and miscommunication. The proposed legislation, however, entitled “Ensuring Interoperability of Qualified Electronic Health Records,” will attempt to refocus EHR implementation.
“Billions of taxpayer dollars have been spent to incentivize the integration of EHR systems, yet the federal government has failed to ensure that providers and patients can efficiently operate within them,” Burgess told Information Security Media Group, an independent conductor of information security research. “The ultimate goal [of my proposal] is to provide private sector-centered mechanisms that will accelerate innovation and make meaningful improvements to the overall quality of care.”
The legislation, if enacted, will establish a committee tasked with establishing EHR quality measures, and coordinating with the Department of Health and Human Services. This committee will be known as the “Charter Organization,” and its members are to be appointed by Congress.
The main job of the Charter Organization would be to recommend methods for measuring whether HITECH-certified EHR systems meet critical interoperability standards. As such, its members will be comprised of “one representative from each of the standards development organizations accredited by the American National Standards Institute.” The members would be chosen to represent healthcare providers, qualified EHR developers, as well as health insurance, group health organizations “and other appropriate stakeholders,” according to a draft of the legislation.
The proposal would also alter the established interoperability criteria. All certified EHRs would, as part of the new legislation, be required to comply with all of following mandates in order to qualify as “interoperable”:
- Allow authorized users “open access” to a patient’s complete medical data from any qualified electronic health records without restriction;
- Provide authorized users with access to complete patient record from one location, without the need for multiple interfaces;
- Permit users to interface with other qualified EHRs.
Though a vision of interoperability in this country is distant, it’s not far removed. This sort of legislation could prove vital in ensuring the quality, intelligence, and effectiveness of EHR systems. However, its appeasement of certain “appropriate stakeholders” could also be just another front for Washington special interests. The issue warrants immediate action; but individual providers and developers would be smart to be wary of Congressional bureaucracy.
Since our company’s inception, MetaCare solutions have thrived using interoperability as their model. This foundation contributes to our continued successes in EHR implementation and maintenance, allowing our systems to eliminate duplicate interfaces, system incongruence, and other IT gaps in a closed-loop health environment. However, this bill could be a necessary jumping-off point to reignite EHR adoption for other EHR developers. In any event, Meta is prepared to meet any new criteria should they be approved by congress, and will continue to promote universal acceptance of EHR interoperability through the use of its systems.
In his State of the Union Address, President Barack Obama highlighted cybersecurity as one of the most pressing issues currently facing American industry. He pleaded with congress to pass legislation that would tighten security measures, offering his Cybersecurity Legislative Proposal as a solution.
“I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyberattacks,” Obama said. “If we don’t act, we’ll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe.”
Though the president offered little clarification in his recent address as to the specifics of his proposal, we know that his plan consists of three primary focuses: Enabling Cybersecurity Information Sharing, Modernizing Law Enforcement Authorities to Combat Cyber Crime, and National Data Breach Reporting. 
In the past, healthcare facilities and companies across the country have been found guilty of possessing porous security systems; but these proposed changes to American cybersecurity have the potential to change the healthcare industry in several ways. The most relevant of these outcomes would be an increase in patient security, which would lead to a decrease in identity theft. However, these reforms should also stress the importance of certain security measures, such as non-repudiation checks, user-specific access, and encrypted passkeys, that can reduce security risk in care environments.
Hospitals such as Southern Ohio Medical Center, for example, deploy EHR technology to protect themselves utilizing these and similar methods; but many facilities, clinics, and corporations remain vulnerable. Many have called for reform to the HIPAA Security Rule as a solution to the issue of cybersecurity currently facing our healthcare system. However, no concrete reform in the area of health information security has yet been brought to light.
It’s no surprise, then, that the president hinted towards the future of personalized medicine to conclude his address. “I want the country that eliminated polio and mapped the human genome to lead a new era of medicine – one that delivers the right treatment at the right time,” Obama stated. “I’m launching a new Precision Medicine Initiative to bring us closer to curing diseases, and to give all of us access to the personalized information we need to keep ourselves and our families healthier. We can do this.”
The central focus of the president’s cybersecurity initiative is enabling increased cybersecurity information sharing, specifically by increasing sharing between private entities and governmental agencies, specifically the Department of Homeland Security. Private organizations, ranging from private defense contractors to hospitals and healthcare clinics, are expected to share knowledge of any perceived threat; and those businesses are in turn provided liability protection. The initiative also enables law enforcement with enhanced provisions for prosecution and expanding federal law enforcement authority.
But before we may proceed, we must first address the issue of cybersecurity presently facing the nation, as past mistakes have compromised the lives of millions. In order to assure the security of patients, however, healthcare security measures must be able to deal with the reality of cyberattacks. This threat has become an increasingly inescapable aspect of our society; but it is a threat that can, and must, be overcome.
 “SECURING CYBERSPACE – President Obama Announces New Cybersecurity Legislative Proposal and Other Cybersecurity Efforts.” The White House. The White House, Jan 13, 2015. Web.
 Abelson, Reed, and Matthew Goldstein. “Millions of Anthem Customers Targeted in Cyberattack.” The New York Times. The New York Times, 04 Feb. 2015. Web. 24 Feb. 2015.
At first glance, the concept of an EHR appears simple: the software helps organize and share data; manage patient populations and order fulfillment; but possibly the most important function as a tool for physicians and other prescribers to improve patient outcomes, is its Clinical Decision Support (CDS) system guides caregivers in making decisions when treating patients. In fact, CDS systems are one of the most effective means of minimizing serious errors in clinical environments. Clinicians enter data into the EHR, and the CDS engine performs a complex series of checks to ensure the accuracy or appropriateness of the diagnosis. The system then either recommends a course of therapy or alerts the user of any diagnostic errors or oversights. Though the means to accomplish this task differ based on system, they all aim to improve and expand Clinical Decision Support. The result is a facility-wide reduction of preventable errors and increase of positive patient outcomes. Nearly all clinicians can agree upon the foundational importance of CDS – take away the other bells and whistles, and what remains is a solid Clinical Decision Support system – as all other features and functions ultimately serve to facilitate this, critical component of any EHR.
Though CDS is widely accepted as one of the most essential aspects of EHR technology, it is also one of the most-often overlooked. The CMS has established set criteria for these systems, such that they may qualify providers for Meaningful Use, and defines Clinical Decision Support as the following:
HIT functionality that builds upon the foundation of an EHR to provide persons involved in care processes with general and person-specific information, intelligently filtered and organized, at appropriate times, to enhance health and health care.
[CDS systems must] Enable a limited set of identified users to select (i.e., activate) one or more electronic clinical decision support interventions (in addition to drug-drug and drug-allergy contraindication checking) based on each one and at least one combination of the following data:
(A) Problem list (a list of current and active diagnoses as well as past diagnoses relevant to the current care of the patient);
(B) Medication list (all past and present meds);
(C) Medication allergy list;
(D) Demographics (defined as preferred language, gender, race, ethnicity, and DOB);
(E) Laboratory tests and values/results ;
(F) Vital signs.
While these requirements provide a solid foundation, the list is not comprehensive. These criteria merely scratch the surface of what it actually means to provide comprehensive decision support to clinicians.
So what’s missing, and what can be improved upon? The answer merits a more complicated response than a simple list revision. Meta’s belief, one that is reflected in our system’s functionality, is that HIT systems should utilize intelligent technology to create a database that grows in efficiency and potency with each new data entry.
But our attention to the small details allows us to ensure safety during the care process. Our system, because of this, provides decision support in areas that many EHR developers tend to neglect:
- Food/Environmental Allergies (Non-medication allergies) – pollen, chocolate, nuts, etc.
- Family History
- Vaccination History
- Travel History (especially in light of events regarding Ebola)
- Missed Step warning (alerts clinicians to clinical action requiring attention)
- Medication Dosage Calculation
- Automatic integration of electronic clinical documentation
- IntelliMed™ Rules-based Engine (allows for the creation of rules, triggered based on data input or available on the patient record)
This list is by no means a complete account of our CDS system’s full range of capabilities; but it does provide an idea of our attention to the minute details. Especially with IntelliMed™, our dynamic and intelligent decision support rules engine, MetaCare users can prevent unnecessary patient complications with the flexibility to address facility and organization-specific protocol. The desired result of our attention to detail is to create a knowledge-based healthcare environment capable of supporting clinicians during diagnosis and decision-making.
The fact that CDS systems comprise such a vital part of EHR processing is troublesome when considering how little attention is paid to them by EHR developers. The Meaningful Use criteria for this objective should be taken with a grain of salt, as they only provide the base for responsible CDS processing. By choosing a system, such as MetaCare Enterprise, that pays closer attention to the more unique and often ignored aspects of patient information, facilities can expect a CDS system that works to stop error before it occurs.
To make myself clear, I do not wish to disparage the Meaningful Use program. Its benefits have been undeniable; after all, EHR adoption has more than quintupled since the enactment of ARRA and the HITECH Act. However, the results are less than spectacular when non-rural care centers are removed from the picture. To many the answer is all too apparent, yet the question has been continually ignored.
Without the more privileged facilities, what remains is a fragmented network of hospitals and clinics struggling to adapt to the changes being forced upon them. Delayed deadlines were not a sufficient solution the problems they faced; and the Regional Extension Centers (RECs) established as part of HITECH often opt to either not to work with rural facilities or charge exorbitant and unrealistic fees. The Stage 1 and Stage 2 objectives treated everyone as equals, in spite of the consequences; it’s the American way, right? Well in this particular case, in modern medicine and healthcare, we’re not all equals. Some needed more help than other, and Meaningful Use made this all too clear.
Rural and critical access facilities constitute a vital part of the United States healthcare system. For many Americans, they are the sole means of obtaining medical attention, and the difference between life and death in emergency situations. But instead of being nurtured and helped along in what is certainly a difficult transitory process, they have been slowly squeezed out. The shortcomings of the Meaningful Use program are visible in the sheer amount of deadline extensions that have been made up to date. If as the ONC reports, “Over nine in ten (93%) hospitals possessed a certified EHR technology in 2013,”1 then why push back deadlines any further? Clearly, the program was a success, and should be nearing its end.
The reason is due to the ONC’s definition of the word “hospital,” a seemingly transparent term that has been restricted to the realm of “non-federal acute care hospitals.”1 Dig a little further and what does this actually mean? It means that 93% of non-CAHs have adopted EHR software; the wording is just subversive enough to mask the reality of the situation. CAHs are almost forgotten amidst the shuffle.
The Meaningful Use initiative has proven to be incapable of addressing the specific needs of rural clinicians. The staff, experience, and IT infrastructure found in many of these facilities just cannot sustain the kind of federal mandates expected of them; and what’s more, not only are these same providers held to unrealistic standards, but also penalized should they fail. There’s no help, no encouragement, and no end in sight.
Based on the inference that rural care facilities in general face problems similar to those confronted by Rural Health Clinics (RHCs), CAHs can be expected to perform better on those objectives relating to the improvement of overall quality, safety, efficiency and the reduction of health disparities, and fall short in reporting quality measures and the implementation of clinical decision support (CDS) rules. They also typically struggle to satisfy requirements that involve engaging patients and families, improving coordination of care, and protecting the privacy and security of personal health information.
The only viable means to address the problems facing this demographic, therefore, is to redirect federal efforts in a way that addresses the specific needs of rural facilities. With reform looking less and less likely to be incorporated as part of Stage 2, the only hope for these facilities falls on the upcoming Stage 3 guidelines. Hopefully the governing bodies have had time to address the program’s shortcomings and will be able to adjust the new requirements accordingly: particularly that objectives be differentiated and designated based on a facility’s status as either a CAH or a non-CAH. The blanket approach was not the solution, and Stage 3 may be the chance for reprieve.
So what can be done to address the issue? First, there should be an increased emphasis on the adoption of clinical decision support systems; this is an absolutely fundamental component of modern health technology, one that has had tremendous success in preventing error. To address the issues faced in reporting quality, there needs to be a push for electronic clinical documentation to collect, record, and share patient information. This, along with the use of secure messaging applications, will further improve the coordination of care. Encouraging the use of web-based systems will serve to further the program’s aims to engage patients and their family. Lastly, standards must be established to regulate the secure protection of sensitive patient data. These should constitute the majority of core requirements for CAHs, such that if met they would qualify facilities for financial reimbursement. The practice of penalizing non-compliant facilities must also be abolished.
However, there is also much to be done on the side of rural clinicians and facility administrators. They need to stay informed on the changing requirements and how to meet them, especially with the shadow of Stage 3 looming larger every day. This is an important step to ensure facilities contract an EHR vendor that is both reliable and qualified. However, it is important to remember that an EHR vendor should not only be certified, but also experienced and familiar with software implementation and Meaningful Use reimbursement in rural settings. Some larger vendors simply cannot provide the same level of personalized support, for the same logic that Meaningful Use objectives have been so successful among larger providers, and so much less among smaller ones.
The real solution to the problem ultimately lies in the collaboration between two factions that are often at odds at each other: the government that imposes reform on one side; and the rural facilities that resists on the other. In the end, however, the people who suffer the consequences are the patients at these facilities. We can all anxiously await the change the program so desperately needs, but without a conscious effort on the behalf of both parties, we may end up having to settle once again.
 Charles, Dustin, MPH, Meghan Gabriel, PhD, and Michael F. Furukawa, PhD. “Adoption of Electronic Health Record Systems among U.S. Non-federal Acute Care Hospitals: 2008-2013.” www.HealthIT.gov. Office of the National Coordinator for Health Information Technology (ONC). ONC Data Brief, No. 16, May 2014.
 Joynt, K. E., Y. Harris, E. J. Orav, and A. K. Jha. “Quality of Care and Patient Outcomes in Critical Access Rural Hospitals.” JAMA: The Journal of the American Medical Association. (July 2011).
 Gale, John A., David Hartley, and Zach Croll. “Meaningful Use of Electronic Health Records by Rural Health Clinics.” Muskie School of Public Service, University of Southern Maine, Feb. 2014.