- EHR audit logs track access and changes to electronic health records and can help detect fraud and abuse, but many CMS contractors have not fully utilized audit logs for program integrity efforts.
- The OIG recommends that CMS provide guidance to contractors on reviewing EHR documentation and signatures, and to direct contractors to review providers' audit logs as part of medical reviews.
- Providers should proactively manage their audit logs by developing policies on usage, storage, and configuration management to ensure availability for reviews, and by regularly analyzing logs to detect vulnerabilities before contractors.
The Electronic Health Record (EHR) is a longitudinal electronic record of patient health
information generated by one or more encounters in any care delivery setting. Included in this
information are patient demographics, progress notes, problems, medications, vital signs, past
medical history, immunizations, laboratory data, and radiology reports. The EHR automates and
streamlines the clinician's workflow. The EHR has the ability to generate a complete record of a
clinical patient encounter, as well as supporting other care-related activities directly or indirectly
via interface including evidence-based decision support, quality management, and outcomes
reporting.
2020 topconcerns The 2020 Top 10 Patient Safety Concerns for Med DevicesEMMAIntl
Earlier this month the ECRI Institute published its executive brief on this year’s Top 10 Patient Safety Concerns. The ECRI (formerly the Emergency Care Research Institute) is an independent nonprofit organization that focuses on conducting independent medical device evaluations to advance patient safety and cost-effective health care...
The Future of RCM in Healthcare OrganizationsCitiusTech
This document / whitepaper talks about how healthcare technology companies can leverage emerging technologies to derive insights to improve their Revenue Cycle Management process.
A Proposed Framework for Regulating AI Based Applications in SaMDEMMAIntl
One of the backbones of the current Industry 4.0 is Artificial Intelligence (AI). It is the process of simulating human intelligence in machines such as learning and problem-solving. Machine Learning (ML) forms a subset of AI and it provides the ability for computers to constantly learn from huge data sets and improve themselves to perform human functions. Presently, AI and ML are widely used in several domains such as financial, e-commerce, real estate, and most significantly in health care and medical devices...
Quickly made presentation in two hours
Security Risk Management in Healthcare on Cloud using NIST guidelines
More details: (blog: http://sandyclassic.wordpress.com ,
linkedin: ie.linkedin.com/in/sandepsharma/)
ICD-10 Transition: What Health Lawyers Need to KnowPYA, P.C.
PYA Principal Denise Hall, along with Senior Corporate Counsel Julie Chicoine of Ohio State University Wexner Medical Center, presented “ICD-10 Transition: What Health Lawyers Need to Know” at the AHLA 2015 Institute on Medicare and Medicaid Payment Issues.
An overview of the “Proposed Regulatory Framework for Modifications to Artificial Intelligence/Machine Learning (AI/ML)-Based Software as a Medical Device (SaMD)”
https://www.fda.gov/media/122535/download
Presented on May 19th, 2019 in Chicago at the BSN 2019 workshop on "Using mHealth Technology to Enable the Clinical Trial of the Future".
Disclaimer: Views/thoughts expressed in these slides are mine and do not necessarily reflect those of my employer.
The Electronic Health Record (EHR) is a longitudinal electronic record of patient health
information generated by one or more encounters in any care delivery setting. Included in this
information are patient demographics, progress notes, problems, medications, vital signs, past
medical history, immunizations, laboratory data, and radiology reports. The EHR automates and
streamlines the clinician's workflow. The EHR has the ability to generate a complete record of a
clinical patient encounter, as well as supporting other care-related activities directly or indirectly
via interface including evidence-based decision support, quality management, and outcomes
reporting.
2020 topconcerns The 2020 Top 10 Patient Safety Concerns for Med DevicesEMMAIntl
Earlier this month the ECRI Institute published its executive brief on this year’s Top 10 Patient Safety Concerns. The ECRI (formerly the Emergency Care Research Institute) is an independent nonprofit organization that focuses on conducting independent medical device evaluations to advance patient safety and cost-effective health care...
The Future of RCM in Healthcare OrganizationsCitiusTech
This document / whitepaper talks about how healthcare technology companies can leverage emerging technologies to derive insights to improve their Revenue Cycle Management process.
A Proposed Framework for Regulating AI Based Applications in SaMDEMMAIntl
One of the backbones of the current Industry 4.0 is Artificial Intelligence (AI). It is the process of simulating human intelligence in machines such as learning and problem-solving. Machine Learning (ML) forms a subset of AI and it provides the ability for computers to constantly learn from huge data sets and improve themselves to perform human functions. Presently, AI and ML are widely used in several domains such as financial, e-commerce, real estate, and most significantly in health care and medical devices...
Quickly made presentation in two hours
Security Risk Management in Healthcare on Cloud using NIST guidelines
More details: (blog: http://sandyclassic.wordpress.com ,
linkedin: ie.linkedin.com/in/sandepsharma/)
ICD-10 Transition: What Health Lawyers Need to KnowPYA, P.C.
PYA Principal Denise Hall, along with Senior Corporate Counsel Julie Chicoine of Ohio State University Wexner Medical Center, presented “ICD-10 Transition: What Health Lawyers Need to Know” at the AHLA 2015 Institute on Medicare and Medicaid Payment Issues.
An overview of the “Proposed Regulatory Framework for Modifications to Artificial Intelligence/Machine Learning (AI/ML)-Based Software as a Medical Device (SaMD)”
https://www.fda.gov/media/122535/download
Presented on May 19th, 2019 in Chicago at the BSN 2019 workshop on "Using mHealth Technology to Enable the Clinical Trial of the Future".
Disclaimer: Views/thoughts expressed in these slides are mine and do not necessarily reflect those of my employer.
Pharmacovigilance Training in Oracle Argus Safety Database with ProjectBioMed Informatics
Pharmacovigilance Training in Oracle Argus Safety Database with Project
BioMed Informatics Medwin Hospitals
BioMed Informatics Medwin Hospitals is a leading Clinical Research Organization offering full range of Clinical Research, Clinical Data Management, Oracle Clinical OC/RDC, Pharmacovigilance, Oracle Argus Safety, SAS Clinical, IPR & Regulatory Affairs trainings since the year of 2000 that are helpful for Life Sciences/Pharmacy students to enter into IT Companies and Pharma, Biotech, CRO industries.
Oracle Argus Safety is an advanced and comprehensive adverse events (AE) management system that helps life sciences companies enable regulatory compliance, drive product stewardship, and integrate safety and risk management into one comprehensive platform. Argus Safety is industry-proven and accepted, having been used for more than a decade at leading Pharmaceutical, Biotech, CRO, and IT Companies. Trainees get hands on practical training experience to create career paths.
Mode of Training: Instructor Led Class room/Online Training
Online Training Features:
Web based classroom
One faculty/student
Placement support
Regular/Fast track/Weekend batches
Flexible timings
Training Mode: Skype/Teamviewer
Hands-On Training on the Database
Direct access to Oracle Argus Safety Database
Our candidates employed in Novartis, Quintiles, TCS, Parexel International (India) Pvt Ltd, MakroCare, Global Hospitals, Apollo Hospitals, NIMS, Glenmark Pharmaceuticals Ltd, Jubilant, Reliance Life Sciences, Shantha Biotechnics Ltd, Mahindra Satyam, SMO Clinical Research (I) Pvt Ltd, Pioneer Corporate Services Inc-USA, ICMR, AstraZeneca-UK, Texas Woman’s University-USA and many more…
Certification
Certificate will be provided for this course on successful completion of Assignments & Projects. Certificate would be awarded at the end of the program by BioMed Informatics Medwin Hospitals.
Interested candidates are kindly requested to fill the enquiry form in the website www.biomedlifesciences.com for further information.
Please note that we also provide separate hostel facility assistance for ladies as well as gents.
Contact:
G.V.L.P. Subba Rao
BioMed Informatics
Medwin Hospitals B Block First Floor,
Nampally, Hyderabad-500 001, India
Phone: 040 - 40209750
Website: www.biomedlifesciences.com
Cyber Risk in Healthcare Industry- Are you Protected? Mark Merrill
WE BUILD CORE HANDS-ON ON INFORMATION SECURITY SKILLS FOR ALL LEVELS AND DEPARTMENTS- It has already been two years since hackers shifted their main focus from BFSI sector to healthcare industry aggressively targeting hospitals all over the world, while U.S. is experiencing the most severe threat. How we can help you with HIPPA security and privacy concerns. DO YOU NEED TO INVEST IN INFORMATION SECURITY TRAINING, CONSULTING AND ADVISORY?
Healthcare Analytics Market - Asia Outlook (2014-18)ResearchFox
Healthcare establishments around the world are confronted with pressure to decrease expenses and improve synchronization between internal process and patient outcomes. However, evidence is swelling that the healthcare industry is even more challenged by ingrained inadequacies and sub-optimal clinical results. Structuring and developing analytic proficiency can help these organizations harness "analytical tools" to generate actionable insights, make their future vision a reality, progress events and decrease time to value. This report presents an interpretative easy-to-understand facts of how the current healthcare analytics market is segmented based on end- user verticals, delivery platforms, applications, technology components and geography. It cuts through several facets of the healthcare analytics market such as market size, market share for each segment, and the drivers and inhibitors of this marketplace.
CLOUDUEMR Cloud is a cloud based system which empowers medical facilities to keep patient data in one secure centralized place. Our software is designed to keep sharable modules between providers and patient care. Our solution is an effective tool to create and manage patient data across all secure channels of medical organizations through effective sharable mechanism.
DIFFERENTOur software allows to share patient medical data between medical facilities through secure sharable mechanism. This will allow to prevent medical errors and perform maximum efficiency on diagnostic. Through our patient portal users simply log in and access the system through a web browser on any Windows or Apple computer.
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...ijsptm
Patient information recorded in electronic medical records is the most significant set of information of the healthcare system. It assists healthcare providers to introduce high quality care for patients. The aim of this study identifies the security threats associated with electronic medical records and gives
recommendations to keep them more secured. The study applied the qualitative research method through a case study. The study conducted seven interviews with medical staff and information technology technicians. The study results classified the issues that face electronic medical records into four main categories which were availability, accessibility, privacy, and safety of health information.
The first step to building an effective compliance program is understanding the risks. Attorneys from the Akerman LLP Healthcare Practice Group will help you identify some of the most significant compliance issues facing healthcare executives today. This discussion will feature:
* Staying Off of the Radar: Outlining national trends in federal fraud and abuse activity and gaining insight from the 2014 Office of Inspector General (OIG) work plan.
* The Dos and Don'ts of Deal Making: Recognizing critical legal and tax dimensions in healthcare business transactions.
* Making the Case for Compliance: Understanding why physicians need a compliance plan, the seven elements of effective compliance programs, and compliance developments with HIPAA, electronic health records, and the Americans with Disabilities Act.
A forest specialist's guide to finding the perfect Christmas tree. Washington State University Press author Kevin Zobrist presents information on popular varieties and tips on how to select and care for real Christmas trees. He also lists reasons to go fresh or artificial.
Pharmacovigilance Training in Oracle Argus Safety Database with ProjectBioMed Informatics
Pharmacovigilance Training in Oracle Argus Safety Database with Project
BioMed Informatics Medwin Hospitals
BioMed Informatics Medwin Hospitals is a leading Clinical Research Organization offering full range of Clinical Research, Clinical Data Management, Oracle Clinical OC/RDC, Pharmacovigilance, Oracle Argus Safety, SAS Clinical, IPR & Regulatory Affairs trainings since the year of 2000 that are helpful for Life Sciences/Pharmacy students to enter into IT Companies and Pharma, Biotech, CRO industries.
Oracle Argus Safety is an advanced and comprehensive adverse events (AE) management system that helps life sciences companies enable regulatory compliance, drive product stewardship, and integrate safety and risk management into one comprehensive platform. Argus Safety is industry-proven and accepted, having been used for more than a decade at leading Pharmaceutical, Biotech, CRO, and IT Companies. Trainees get hands on practical training experience to create career paths.
Mode of Training: Instructor Led Class room/Online Training
Online Training Features:
Web based classroom
One faculty/student
Placement support
Regular/Fast track/Weekend batches
Flexible timings
Training Mode: Skype/Teamviewer
Hands-On Training on the Database
Direct access to Oracle Argus Safety Database
Our candidates employed in Novartis, Quintiles, TCS, Parexel International (India) Pvt Ltd, MakroCare, Global Hospitals, Apollo Hospitals, NIMS, Glenmark Pharmaceuticals Ltd, Jubilant, Reliance Life Sciences, Shantha Biotechnics Ltd, Mahindra Satyam, SMO Clinical Research (I) Pvt Ltd, Pioneer Corporate Services Inc-USA, ICMR, AstraZeneca-UK, Texas Woman’s University-USA and many more…
Certification
Certificate will be provided for this course on successful completion of Assignments & Projects. Certificate would be awarded at the end of the program by BioMed Informatics Medwin Hospitals.
Interested candidates are kindly requested to fill the enquiry form in the website www.biomedlifesciences.com for further information.
Please note that we also provide separate hostel facility assistance for ladies as well as gents.
Contact:
G.V.L.P. Subba Rao
BioMed Informatics
Medwin Hospitals B Block First Floor,
Nampally, Hyderabad-500 001, India
Phone: 040 - 40209750
Website: www.biomedlifesciences.com
Cyber Risk in Healthcare Industry- Are you Protected? Mark Merrill
WE BUILD CORE HANDS-ON ON INFORMATION SECURITY SKILLS FOR ALL LEVELS AND DEPARTMENTS- It has already been two years since hackers shifted their main focus from BFSI sector to healthcare industry aggressively targeting hospitals all over the world, while U.S. is experiencing the most severe threat. How we can help you with HIPPA security and privacy concerns. DO YOU NEED TO INVEST IN INFORMATION SECURITY TRAINING, CONSULTING AND ADVISORY?
Healthcare Analytics Market - Asia Outlook (2014-18)ResearchFox
Healthcare establishments around the world are confronted with pressure to decrease expenses and improve synchronization between internal process and patient outcomes. However, evidence is swelling that the healthcare industry is even more challenged by ingrained inadequacies and sub-optimal clinical results. Structuring and developing analytic proficiency can help these organizations harness "analytical tools" to generate actionable insights, make their future vision a reality, progress events and decrease time to value. This report presents an interpretative easy-to-understand facts of how the current healthcare analytics market is segmented based on end- user verticals, delivery platforms, applications, technology components and geography. It cuts through several facets of the healthcare analytics market such as market size, market share for each segment, and the drivers and inhibitors of this marketplace.
CLOUDUEMR Cloud is a cloud based system which empowers medical facilities to keep patient data in one secure centralized place. Our software is designed to keep sharable modules between providers and patient care. Our solution is an effective tool to create and manage patient data across all secure channels of medical organizations through effective sharable mechanism.
DIFFERENTOur software allows to share patient medical data between medical facilities through secure sharable mechanism. This will allow to prevent medical errors and perform maximum efficiency on diagnostic. Through our patient portal users simply log in and access the system through a web browser on any Windows or Apple computer.
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...ijsptm
Patient information recorded in electronic medical records is the most significant set of information of the healthcare system. It assists healthcare providers to introduce high quality care for patients. The aim of this study identifies the security threats associated with electronic medical records and gives
recommendations to keep them more secured. The study applied the qualitative research method through a case study. The study conducted seven interviews with medical staff and information technology technicians. The study results classified the issues that face electronic medical records into four main categories which were availability, accessibility, privacy, and safety of health information.
The first step to building an effective compliance program is understanding the risks. Attorneys from the Akerman LLP Healthcare Practice Group will help you identify some of the most significant compliance issues facing healthcare executives today. This discussion will feature:
* Staying Off of the Radar: Outlining national trends in federal fraud and abuse activity and gaining insight from the 2014 Office of Inspector General (OIG) work plan.
* The Dos and Don'ts of Deal Making: Recognizing critical legal and tax dimensions in healthcare business transactions.
* Making the Case for Compliance: Understanding why physicians need a compliance plan, the seven elements of effective compliance programs, and compliance developments with HIPAA, electronic health records, and the Americans with Disabilities Act.
A forest specialist's guide to finding the perfect Christmas tree. Washington State University Press author Kevin Zobrist presents information on popular varieties and tips on how to select and care for real Christmas trees. He also lists reasons to go fresh or artificial.
STUDY PROTOCOL Open AccessSafety Assurance Factors for Ele.docxhanneloremccaffery
STUDY PROTOCOL Open Access
Safety Assurance Factors for Electronic Health
Record Resilience (SAFER): study protocol
Hardeep Singh1*, Joan S Ash2 and Dean F Sittig3
Abstract
Background: Implementation and use of electronic health records (EHRs) could lead to potential improvements in
quality of care. However, the use of EHRs also introduces unique and often unexpected patient safety risks.
Proactive assessment of risks and vulnerabilities can help address potential EHR-related safety hazards before harm
occurs; however, current risk assessment methods are underdeveloped. The overall objective of this project is to
develop and validate proactive assessment tools to ensure that EHR-enabled clinical work systems are safe and
effective.
Methods/Design: This work is conceptually grounded in an 8-dimension model of safe and effective health
information technology use. Our first aim is to develop self-assessment guides that can be used by health care
institutions to evaluate certain high-risk components of their EHR-enabled clinical work systems. We will solicit input
from subject matter experts and relevant stakeholders to develop guides focused on 9 specific risk areas and will
subsequently pilot test the guides with individuals representative of likely users. The second aim will be to examine
the utility of the self-assessment guides by beta testing the guides at selected facilities and conducting on-site
evaluations. Our multidisciplinary team will use a variety of methods to assess the content validity and perceived
usefulness of the guides, including interviews, naturalistic observations, and document analysis. The anticipated
output of this work will be a series of self-administered EHR safety assessment guides with clear, actionable,
checklist-type items.
Discussion: Proactive assessment of patient safety risks increases the resiliency of health care organizations to
unanticipated hazards of EHR use. The resulting products and lessons learned from the development of the
assessment guides are expected to be helpful to organizations that are beginning the EHR selection and
implementation process as well as those that have already implemented EHRs. Findings from our project, currently
underway, will inform future efforts to validate and implement tools that can be used by health care organizations
to improve the safety of EHR-enabled clinical work systems.
Keywords: Electronic health records, Health information technology, Patient safety, Risk assessment, Resilience
Background
Several countries have made recent multi-billion dollar
investments in electronic health record (EHR) infra-
structure to transform their health care delivery systems.
However, implementation of EHR-related initiatives has
encountered greater than expected challenges [1-4].
Although successful transformations have occurred in a
few pioneering healthcare organizations across the globe,
[5,6] the vast majority of organizations are still in the
process of implementing.
PYA Highlights Next Steps of Meaningful UsePYA, P.C.
At the 2013 AICPA Healthcare Industry Conference, PYA Principal David McMillan and Senior Manager Chris Wilson recently explored the “new normal” of meaningful use as compliance and strategic standards in new care/reimbursement-model development.
6/29/2016 library.ahima.org/PB/DataStandards#appxA
http://library.ahima.org/PB/DataStandards#appxA 1/20
Data Standards, Data Quality, and Interoperability (2013
update)
Remove from myBoK
Editor's note: This update replaces the 2007 practice brief "Data Standards, Data Quality, and Interoperability."
Data quality and consistency are critical to ensuring patient safety, communicating delivery of health services, coordinating
care, and healthcare reporting. Assessing the quality and consistency of data requires data standards. This practice brief
provides health information management (HIM) professionals with a clear understanding of data standards as a tool to
enable interoperability and promote data quality.
The online version of this practice brief [...] is accompanied by an appendix that provides HIM professionals with a list of
standards to reference in data dictionary development, electronic health records, the exchange of health information, and
general data management processes to ensure information integrity and reliability. Evaluation of data validity, reliability,
completeness, and timeliness are accomplished through a combination of human and machine processes in healthcare, and
the list of data standard sources is a helpful reference guide when more detailed information is required.
Data Standards and Regulatory Framework
Data standards are "documented agreements on representations, formats, and definitions of common data. Data standards
provide a method to codify invalid, meaningful, comprehensive, and actionable ways, information captured in the course of
doing business." Rules to describe how the data is recorded to ensure consistency across multiple sources is another way to
think of data standards. Without data standards and data quality, the future of interoperability is bleak. Data fields and the
content of those fields need to be standardized.
Standards development organizations (SDOs) address a variety of aspects of health information and informatics. For
example, the American Society for Testing and Materials (ASTM) and Health Level Seven (HL7) target clinical data
standards. Insurance and remittance standards are a focus of the Accredited Standards Committee (ASC) X12. Standards to
transmit diagnostic images are developed through Digital Imaging and Communications in Medicine (DICOM). The
National Council for Prescription Drug Programs (NCPDP) represents pharmacy messages.
The Institute of Electrical and Electronics Engineers (IEEE), HL7, ASTM, and others develop data models and
frameworks. See the table on page 65 for a breakdown of regulatory agencies responsible for working with the American
National Standards Institute (ANSI) to drive data standards to achieve interoperability.
The AHIMA Leadership Model states that HIM professionals should serve as the leaders in healthcare organizations and in
their professional community for ensuring that data content standards are identified, understood, implemented, a.
6/29/2016 library.ahima.org/PB/DataStandards#appxA
http://library.ahima.org/PB/DataStandards#appxA 1/20
Data Standards, Data Quality, and Interoperability (2013
update)
Remove from myBoK
Editor's note: This update replaces the 2007 practice brief "Data Standards, Data Quality, and Interoperability."
Data quality and consistency are critical to ensuring patient safety, communicating delivery of health services, coordinating
care, and healthcare reporting. Assessing the quality and consistency of data requires data standards. This practice brief
provides health information management (HIM) professionals with a clear understanding of data standards as a tool to
enable interoperability and promote data quality.
The online version of this practice brief [...] is accompanied by an appendix that provides HIM professionals with a list of
standards to reference in data dictionary development, electronic health records, the exchange of health information, and
general data management processes to ensure information integrity and reliability. Evaluation of data validity, reliability,
completeness, and timeliness are accomplished through a combination of human and machine processes in healthcare, and
the list of data standard sources is a helpful reference guide when more detailed information is required.
Data Standards and Regulatory Framework
Data standards are "documented agreements on representations, formats, and definitions of common data. Data standards
provide a method to codify invalid, meaningful, comprehensive, and actionable ways, information captured in the course of
doing business." Rules to describe how the data is recorded to ensure consistency across multiple sources is another way to
think of data standards. Without data standards and data quality, the future of interoperability is bleak. Data fields and the
content of those fields need to be standardized.
Standards development organizations (SDOs) address a variety of aspects of health information and informatics. For
example, the American Society for Testing and Materials (ASTM) and Health Level Seven (HL7) target clinical data
standards. Insurance and remittance standards are a focus of the Accredited Standards Committee (ASC) X12. Standards to
transmit diagnostic images are developed through Digital Imaging and Communications in Medicine (DICOM). The
National Council for Prescription Drug Programs (NCPDP) represents pharmacy messages.
The Institute of Electrical and Electronics Engineers (IEEE), HL7, ASTM, and others develop data models and
frameworks. See the table on page 65 for a breakdown of regulatory agencies responsible for working with the American
National Standards Institute (ANSI) to drive data standards to achieve interoperability.
The AHIMA Leadership Model states that HIM professionals should serve as the leaders in healthcare organizations and in
their professional community for ensuring that data content standards are identified, understood, implemented, a ...
Pg2 Beginning in 1991, the IOM (which stands for the Institute o.docxrandymartin91030
Pg2 Beginning in 1991, the IOM (which stands for the Institute of Medicine of the National Academies) sponsored studies and created reports that led the way toward the concepts we have in place today for electronic health records. Originally, the IOM called them computer-based patient records.1 During their evolution, the EHR have had many other names, including electronic medical records, computerized medical records, longitudinal patient records, and electronic charts. All of these names referred to essentially the same thing, which in 2003, the IOM renamed as the electronic health records, or EHR.
Note: EHR
The acronym EHR is commonly used as shorthand for Electronic Health Records, and will be used in the remainder of this book.
Institute of Medicine (IOM)
The IOM report2 put forth a set of eight core functions that an EHR should be capable of performing:
Health information and data
This function provides a defined data set that includes such items as medical and nursing diagnoses, a medication list, allergies, demographics, clinical narratives, and laboratory test results. Further, it provides improved access to information needed by care providers when they need it.
Result management
Computerized results can be accessed more easily (than paper reports) by the provider at the time and place they are needed.
· Reduced lag time allows for quicker recognition and treatment of medical problems.
· The automated display of previous test results makes it possible to reduce redundant and additional testing.
· Having electronic results can allow for better interpretation and for easier detection of abnormalities, thereby ensuring appropriate follow-up.
· Access to electronic consults and patient consents can establish critical links and improve care coordination among multiple providers, as well as between provider and patient
Order management
Computerized provider order entry (CPOE) systems can improve workflow processes by eliminating lost orders and ambiguities caused by illegible handwriting, generating related orders automatically, monitoring for duplicate orders, and reducing the time required to fill orders.
· CPOE systems for medications reduce the number of errors in medication dose and frequency, drug allergies, and drug–drug interactions.
· The use of CPOE, in conjunction with an EHR, also improves clinician productivity.
Decision Support
Computerized decision support systems include prevention, prescribing of drugs, diagnosis and management, and detection of adverse events and disease outbreaks.
· Computer reminders and prompts improve preventive practices in areas such as vaccinations, breast cancer screening, colorectal screening, and cardiovascular risk reduction.
Electronic communication and connectivity
Electronic communication among care partners can enhance patient safety and quality of care, especially for patients who have multiple providers in multiple settings that must coordinate care plans.
· Electronic co.
Electronic Health Records Implementation RoundtableDATAMARK
DATAMARK and Creative Health Care (CHC) recently brought together CIOs, physicians and other stakeholders from U.S.-based hospital organizations to share experiences with implementation of Electronic Health Records systems to meet Meaningful Use requirements of healthcare reform.
Industry experts from health care and informatics ponder the future of electronic health records during the implementation of "meaningful use" and beyond.
Read more: http://www.chcf.org/publications/2012/02/whats-ahead-ehrs#ixzz1mTJUcSev
Republished with permission from the California HealthCare Foundation
1. Compliance
TODAY November 2014
a publication of the health care compliance association www.hcca-info.org
Quality improvement, patient
safety, and the zeal to comply:
What a CPA and a radiologist bring to Compliance leadership
29
OIG, EHR,
and audit logs:
Thinking ahead
Cornelia M. Dorfschmid and
Bernard McClellan
33
Billing data:
Tools to maximize
data mining
efforts
Melissa McCarthy
41
Beyond the
hospital walls:
Compliance with
provider-based clinics
Wendy Wright
37
Getting
and keeping
your board
engaged
Paul P. Jesep
an interview with Don Sinko and Mark Sands
See page 18
Donald A. Sinko
Chief Integrity Officer, Cleveland Clinic
Dr. Mark J. Sands
Vice Chairman for Clinical Operations & Quality,
Cleveland Clinic Imaging Institute; and Chairman,
Corporate Compliance Committee
This article, published in Compliance Today, appears here with permission from the Health Care Compliance Association. Call HCCA at 888-580-8373 with reprint requests.
2. Compliance Today November 2014
FEATURE
by Cornelia M. Dorfschmid, PhD and Bernard McClellan, JD
OIG, EHR, and audit logs:
Thinking ahead
»»Turn EHR audit logs on to manage logs proactively and analyze logs routinely.
»»Use audit logs as part of billing monitoring and anti-fraud detection.
»»Require written policies and procedures on usage, storage, and configuration management of audit logs to ensure availability and integrity.
»»Be prepared to respond to ADR requests for audit logs by contractors who are doing medical reviews.
»»Use EHR audit logs to detect vulnerabilities before others do.
McClellan
888-580-8373 www.hcca-info.org 29
Electronic health records systems (EHRs)
replace traditional paper medical
records with computerized record-keeping
to document and store patient health
information (e.g., patient demographics,
progress notes, orders, medications, medical
history, and clinical test results) from any
healthcare encounter. Software vendors
create EHR technology that includes a vari-ety
of applications and tools for collecting,
managing, and sharing patient information
electronically and for clinical decision-making.
One of the features of EHR systems
includes functionalities that support audit
control functions and requirements. Audit
functions, such as audit logs that are files gener-ated
by usage of the system, track access and
changes within a record chronologically by
capturing data elements (e.g., date, time, and
user stamps) for each update to an EHR. An
audit log (a file generated automatically, if the
audit function is enabled in the software) can
be used to analyze historical patterns that
can identify data inconsistencies.
EHR-certified systems that include these
audit log capabilities are eligible for Meaningful
Use criteria and incentive monies.
Systems with these audit functions
can also support investigative efforts
related to fraud and abuse, but may
also support claims auditing efforts.
As the Office of the Inspector General
(OIG) pointed out repeatedly, EHR
systems are vulnerable to fraud
and abuse due to inappropriate
copy-and-pasting (i.e., cloning) and
over-documentation (i.e., inserting false
or irrelevant documentation to create
the appearance of support for higher
levels of billing).1 In a recent OIG report
of January 2014, OIG found that CMS
contractors adopted few program
integrity practices specific to EHRs to
curb fraud and abuse that occurs when
EHR vulnerabilities are exploited.2
A particular OIG concern is how CMS
contractors address fraud vulnerabilities
directly related to Medicare health claims.
OIG notes that audit logs can be used to ana-lyze
historical patterns that can identify data
inconsistencies. To provide the most benefit
in fraud protection, audit logs should always
be operational, be stored as long as clinical
records, and never be altered. OIG goes fur-ther
in noting that few integrity contractors
analyze audit logs as part of medical review
Cornelia M. Dorfschmid (cdorfschmid@strategicm.com) is Executive
Vice President and Bernard McClellan was a Summer Intern at Strategic
Management Services in Alexandria, VA.
Dorfschmid
3. FEATURE
activities. This should give the healthcare
industry pause. If CMS’s audit contractors can
be expected to request audit logs associated
with electronic medical records in a medical
review or audit, then
healthcare organiza-tions
need not only
prepare for respond-ing
to these record
As OIG pointed out,
“experts in health
information technology
requests. They also
need to make it their
business to know
what is going on in
their own audit logs
and the potential risk
they harbor — before
CMS contractors will.
They harbor both documentation risk and
audit risk. They also provide an opportunity
to correct and detect risk internally and proac-tively.
caution that
EHR technology
can make it easier
to commit fraud.”
In other words, audit logs of EHR must
be managed!
OIG on CMS contractors’
integrity practices related to EHR
OIG’s January 2014 study describes how CMS
and its contractors implemented program
integrity practices in light of widespread EHR
adoption. The study produced two key find-ings:
(1) CMS and its contractors adopted few
program integrity practices specific to EHRs,
and (2) CMS provided limited guidance to its
contractors on fraud vulnerabilities in EHRs.
To address these findings, OIG provided two
recommendations to CMS.
First, OIG recommended that CMS pro-vide
guidance to its contractors on detecting
30 www.hcca-info.org 888-580-8373 Compliance Today November 2014
fraud associated with EHRs. CMS has directed
contractors to give special consideration to
medical records within an EHR and to con-firm
authorship of medical records. However,
contractors reported additional guidance is
required for review of EHR-based claims.
Specifically, CMS should provide more details
on reviewing EHR documentation and elec-tronic
signatures in EHRs.
Second, OIG recommends that CMS direct
its contractors to review providers’ audit
logs. As OIG pointed
out, “experts in health
information technol-ogy
caution that EHR
technology can make it
easier to commit fraud.”
For instance, the copy-paste
feature allows users
to replicate information
in one source and trans-fer
the information to
another source. Overuse
or inappropriate use of
copy-paste could produce inaccurate informa-tion
and facilitate fraudulent claims. In addition,
some EHRs provide templates that auto-popu-late
fields by a single click, resulting in extensive
documentation. As OIG notes, the use of audit
logs may reveal such data inconsistencies and
“provide the most benefit in fraud detection.”
Accordingly, “audit logs should always be oper-ational
and be stored as long as clinical records.”
OIG found that few contractors have
adjusted their practices for reviewing EHRs.
Only three of 18 Medicare contractors reported
the use of audit log data during their reviews
or investigative processes. In addition, some
contractors reported that they were unable to
identify copied language or over-documenta-tion
in a medical record (see Table 1, page 31).
OIG expressed concern over EHR documenta-tion,
because such practices are made easier in
an electronic environment.
In response, CMS concurred with the
recommendation to provide its contractors
guidance on detecting fraud associated with
EHRs. Specifically, CMS expressed an inten-tion
to “develop appropriate guidelines to
ensure appropriate use of the copy-paste fea-ture
in EHRs.” CMS partially concurred with
4. Compliance Today November 2014
FEATURE
888-580-8373 www.hcca-info.org 31
the recommendation to direct its contractors
to use providers’ audit logs. However, CMS
did note that audit logs “should be part of a
comprehensive approach to reviewing the
authenticity of EHRs.”
The industry should expect CMS contrac-tors
to adjust their program integrity practices
specific to EHRs. Provider EHR documenta-tion
will be subjected to a higher standard of
review. Accordingly, providers should start
thinking ahead.
Making the most of your audit logs now
The OIG’s report should be a warning shot.
Providers should take proactive steps now to be
ready for any audit log record requests by gov-ernment
entities. Providers should also advance
their billing monitoring strategies by using the
audit logs to detect vulnerabilities. These are
steps we recommend to manage audit logs.
1. Develop written procedures to ensure the
generation, analysis, and storage for audit logs
of EHRs and their availability and integrity.
Collaborate on this with IT, Reimbursement,
Compliance, and the EHR vendor. Do you log
what you want and need?
2. Implement configuration management
policies for the EHR that require:
• the use of an audit log function that
specifies audit log operation and content
for tracking EHR updates.
• the method (i.e., copy-paste, direct entry,
import) for any update to an EHR is
documented and tracked.
• the user ID of the original author
is tracked when an EHR update is
entered “on behalf” of another author
(i.e., distinguish between entries made
by an assistant and a provider).
• EHR technology is able to record and
indicate the method used to confirm
patient identity (i.e., photo identification,
prior relationship).
• original EHR documents are retained
after they are signed off and modifications
are tracked as amendments.3
3. Ensure that EHR audit logs remain as
written (unaltered) and then are stored
properly. Backup and archive procedures
are important to ensure availability
and authenticity when they are needed.
They should be kept at least 6 years to
be consistent with HIPAA requirements
for electronic PHI, if not longer. Many
providers keep them longer, if not
indefinitely.
4. Use software analysis tools to regularly
analyze audit logs. Involve those who
know analytics in your organization to help
review them and extract potential patterns.
5. Include results of audit logs analysis in
periodic systems activity review meetings.
Number of CMS contractors that reported
conducting additional review procedures
Number of CMS contractors that reported
being unable to identify copied language
and over-documentation in EHRs
Contractor Conduct Additional Review Use Audit Log Data Copied Language Over-documentation
MAC 2 out of 8 1 out of 8 4 out of 8 6 out of 8
ZPIC 0 out of 4 1 out of 4 3 out of 6 6 out of 6
RAC 2 out of 6 1 out of 6 2 out of 4 3 out of 4
Table 1: Contractors on use of audit logs, copy-pasting, and over-documentation Source: OIG Report OEI-01-11-00570, p. 6,7
5. and Auditing Issues
1. Developing an Effective
Compliance Team
2. Keeping the Health Care
Sampling Gains Going
3. Retrospective Versus
Contemporaneous Reviews
4. The Atorney-Client Privilege
in the Context of Health Care
Compliance Investigations
FEATURE
Monitoring and Auditing
5. Financial Relationships With Physicians:
Auditing and Monitoring Anti-Kickback
Statute and Stark Law Compliance
6. Creating Databases of Financial
Relationships
7. Developing a Voluntary
Disclosure and Refund
8. Medicaid Program
Provider Self-Audits
The HIPAA security officer may want to
inquire about these audit logs.
6. Develop specific data analysis of patterns
in audit logs to detect copy-paste and over-documentation
32 www.hcca-info.org 888-580-8373 Compliance Today November 2014
risk. Develop metrics or
profiles that can be checked routinely to
assess if a user or physician falls out of
profile. For example, you may examine:
• the ratio between average usage time
per session and average record length
of entries into a patient record (bit size
increase or text length) to assess a
physician profile. If very low, this may
raise some questions.
• the ratio of time online to size of a
clinical record generated.
• if copy-paste activity can be captured
in the audit logs as an event, and study
frequent users and claims where the
function has been used.
• the frequency of copy-pasting in a
sample of high-level evaluation and
management (E/M) or high-dollar
claims and any activities/events captured
in the audit logs of those records.
7. Interview clinical users as to the ease of use
or misuse of copy-paste and documentation
features. They may tell you about their
likes/dislikes and along with those, risks
inherent in the current configuration
and usage.
8. Turn on the audit logs and plan for backup,
storage, and retrieval.
9. Consider audit logs sensitive information
that is not handled or controlled by
end-users, but is the responsibility of
Information Security and Compliance.
10. Experiment. It is data that can tell a story.
1. Office of the Inspector General: Not all recommended
fraud safeguards have been implemented in hospital EHR
technology (OEI-01-11-00570). December 2013. Available at
http://1.usa.gov/1vrnkWx
2. OIG: CMS and its contractors have adopted few program integrity
practices to address vulnerabilities in EHRS (OEI-01-11-00571).
January 2014. Available at http://1.usa.gov/1fVwo24
3. See OEI-01-11-00570, Table 1 RTI recommendations, p. 4
&
Order Form
Qty
HCCA Member Price . . . . . . . . . . . . . . . . . . . . . . . $49.95
Non-member Price $59.95
Join HCCA! Non-members, add $200
and pay the member price for your order $200.00
(Regular dues $295/year)
Second
edition
Mail check to: HCCA, 6500 Barrie Road, Suite 250
Minneapolis, MN 55435
Or fax to: 952-988-0146
Total: $
My organization is tax exempt
Monitoring
Auditing Practices
for EffEctivE compliancE
Part I. Basic Compliance Monitoring
and Auditing Issues
1. Developing an Effective
Compliance Team
2. Keeping the Health Care
Sampling Gains Going
3. Retrospective Versus
Contemporaneous Reviews
4. The Attorney-Client Privilege
in the Context of Health Care
Compliance Investigations
Part II. Voluntary Compliance
Monitoring and Auditing
5. Financial Relationships With Physicians:
Auditing and Monitoring Anti-Kickback
Statute and Stark Law Compliance
6. Creating Databases of Financial
Relationships
7. Developing a Voluntary
Disclosure and Refund
8. Medicaid Program
Provider Self-Audits
Part III. Mandatory Compliance
Monitoring and Auditing
9. Corporate Integrity
Agreement Negotiations
10. Preparing for an Independent Review
Organization Engagement
See what’s inside:
Order Form
Monitoring and Auditing
9. Corporate Integrity
Agreement Negotiations
10. Preparing for an Independent Review
Organization Engagement
888-580-8373 www.hcca-info.org/MonitoringAuditingPractices