Innovation, healthcare technology, and information management continue to be critical issues in most organizations.  As physicians continue to be tapped to fill key executive posts, the role of Chief Medical Information Officer has emerged, and become increasingly important and visible.  In my experience though, the CMIO position is one of the least defined, most inconsistently configured leadership roles, making it difficult for members of the executive cabinet to articulate the core competencies and capabilities required for success in the job.  By extenstion, this has made the recruitment and development of such individuals extermely challenging.  In addition my sense is that CMIO retention and success rates are lower than the rates for other leadership roles.  If you are a CMIO or HR executive, or are familiar with the CMIO role, your thoughts and comments about the position, key responsibilities, reporting, core competencies, ideal background and experience, etc, would be greatly appreicated.

Rural hospitals are certainly challenged when attempting to navigate through all of the I.S. software available.  Currently, we are developing a system in a Rural Health Clinic (RHC) that will provide billing, accounts' receivable and payable management, scheduling and a meaningful EMR/EHR system.  I believe that we have found a system that will work well for that environment; however, it becomes more challenging as we look at interfacing the RHC with the Critical Access Hospital software.  I think the greatest challenge is having a full service I.S. department that can assist with these processes.  We are currently utilizing an I.S. committee across all departmental boundaries to assist with the end user needs, discovery, design, validation and implementation, but this is dependent upon contracting an I.S. professional at a high cost.  

Our physicians would like to be able to access lab and radiology data via their smartphones.  Unfortunately, our Cerner platform does not enable this. Even from a desktop PC, a Citrix server must be used to gain access to the system, which is time-consuming, cumbersome, and requires a separate login.  Has anyone had experience with facilitating access to their CIS from a smartphone?  If so, how was that accomplished, how do you ensure security, and how has it been received by your clinical community?

With continued advancements in Information Technology, Congress recognized the importance of technical, physical, and administrative safeguards to protect individually identifiable health information. Health plans, health care providers, and health care clearinghouses must assure their customers  the confidentiality of electronic and other health care data they collect, maintain, use, or transmit is protected. The confidentiality of health information is threatened not only by the risk of improper access to stored information, but also by the risk of interception during transmission of the information. The Health Insurance Portability and Accountability Act (HIPAA), Title II includes the “Administrative Simplification” provisions the Department of Health and Human Services (HHS) recognizes as national standards for electronic health care transactions and the privacy of patient data.

           

The intention of this Security Standards rule is to implement national standards for safeguards to guard the confidentiality, integrity, and availability of electronic protected health information and other individually identifiable health information. The Security Standards were needed because there were no standard measures existing in the health care industry that addressed all aspects of individually identifiable health information. Assuring the security of electronic protected health information while it is in use, in storage, or during the exchange of that information between entities was an exceptional challenge. HIPAA mandated security standards to protect an individual’s health information, while permitting the appropriate access and use of that information by health care providers, clearinghouses, and health plans.

 

By limiting the ways that health plans, pharmacies, hospitals and other covered entities can use patients’ personal medical information, the privacy regulations assure privacy protections for patients. The regulations protect individually identifiable health information, whether it is on paper, in computers or communicated orally.

 

The Privacy Rule permits a covered entity to obtain routine uses and disclosures of protected health information for treatment, payment, and health care operations without Patient consent. A covered entity usually obtains voluntarily patient consent. By contrast, “an authorization” is required by the Privacy Rule for uses and disclosures of protected health information not otherwise allowed by the Rule. McSpadden (2004), identifies the following routine uses and disclosure of protected health information:

Treatment

 

• Appointment reminders.
• Describing or recommending treatment alternatives.
• Providing results from exams or tests.
• Providing information about health-related benefits.
• Calling a patients’ name in the waiting room.

Payment

 

• Determining eligibility or coverage for insurance benefits.
• Reviewing services provided for medical necessity.
• Providing information for insurance payment.

Health Care Operations

 

• Quality assessment and improvement.
• Education, credentialing, and certification.
• Medical review and auditing.

Linda McSpadden, M.T. (HHS), HIPAA Privacy Officer at Mission Medical Center in Mesa, AZ, was interviewed regarding measures her organization was doing to assure compliance with the Privacy Rule enacted under the HIPAA Title II Administrative Simplification. Following are the measures being taken:

 

• Assure transactions are being conducted in compliance with HIPAA, which include the use of electronic transactions and code sets; security; unique identifiers; and privacy.
• All staff is educated regarding HIPAA Title II requirements and disciplined if found they are not following protocol.
• Patients’ are provided a ‘Notice of Privacy Practices’ for Mission Medical Center and given an acknowledgement of receipt of privacy notice to sign.
• Information is not released to unauthorized personnel, unless the patient has signed a release form.
• Copiers print upside down, so information is not visible to those walking by.
• Any faxes that are sent out have a cover letter that indicate it is private health information and to notify Mission Medical Center if it went to the wrong number. We also verify the number before we send the information.
• Charts are placed upside down or front cover facing the wall rather than having protected health information about the patient visible to anyone who walks by.
• In areas where multiple patient-staff communications routinely occur such as the phlebotomy section or in radiology, we use curtains or similar barriers to safeguard patient information.
• Limiting access to certain areas, ensuring that the area is supervised, and escorting non-employees in the area helps protect health information about the patient visible to anyone who walks by.
• Personal health information is not discussed in detail over the phone.
• Computer screens are situated so those walking by do not have direct view of the screen and passwords are required for access. The screens automatically go black after a certain amount of inactivity and a password must be entered to gain access again

Congress realized the advances in technology could compromise the privacy of health information. Consequently, Congress incorporated the HIPAA Title II Administrative Simplification that mandated the adoption of Federal privacy protections for individually identifiable health information. Developed by the Department of Health and Human Services (HHS), these new standards provide patients with access to their medical records and more control over how their personal health information is used and disclosed. They represent uniform privacy protections for consumers across the country.

 

 

 

Our HCO is in the midst of a major clinical information system implementation and is attempting to transition a series of antiquated paper and electronic systems over to a new electronic record.  Not surprisingly, this process has had its share of challenges over the past few years.  Based on those, I'm curious to know what everyone thinks are the key characteristics of a successful implementation of a clinical information system?  I have my own thoughts, but I'm interested to hear from the group as to what you think are the major deal-makers/deal-breakers when it comes to success.  If you've had a chance to implement a CIS, what made the implementation work or not work?  What would you do differently the next time around?  How did you get staff to buy into the concept as not just 'a bunch of computers' but something that could transform how care is provided? 

 

Interested in your comments!