By Jay McCall, Business Solutions magazine.
Discover the most pressing needs that your company can address in this booming industry.
Once considered a laggard, the healthcare industry is now one of the biggest hotbeds for technology adoption and innovation. Much of this adoption is being driven by mandates such as HIPAA (Health Insurance Portability and Accountability Act) and the more recent HITECH (Health Information Technology for Economic and Clinical Health) Act. The latter act provides healthcare practices with incentives issued by the federal government for achieving early adoption compliance, which are replaced by penalties for late adoption. This report will look at some of the top IT trends happening in healthcare and offer some tips for getting into healthcare IT, and pitfalls to watch out for.
In December 2011, Business Solutions’ sister publication, Health IT Outcomes (www.HTOinfo. com), conducted a survey of 200 contacts representing IDNs (Integrated Delivery Networks), hospitals, group practices, and other healthcare providers to gain first-hand insight into their planned health IT projects and focus areas for 2012. The respondents were divided pretty evenly into the following three groups: IT leadership, clinical leaders, and executive leadership. Following are the top four responses from the survey.
EHR (Electronic Health Record) Adoption & Meaningful Use — This category took a strong lead at 55.5% of respondents listing it as a top priority. On February 17, 2009 the HITECH Act was signed into law and the clock started ticking for healthcare providers to make the transition to EHRs. “On the surface it seemed that the goal could be easily achieved, except that the software was being created by more than 500 commercial vendors that ran the gamut from a guy in a basement to gigantic multinational companies,” says Jim Tate, president of EMRAdvocate, a healthcare IT consultant to EHR vendors, developers, hospitals, and other stakeholders. “The quality of the software was all over the map, with some being very good and some being absolutely unusable.” This rough beginning to the EHR adoption mandate led to the addition of the “meaningful use” clause being added, which stated there had to be acceptable functionality in the software, and healthcare providers had to use it in a meaningful manner.
Even though EHR adoption is the leading IT initiative happening in healthcare, VARs should be aware that there has been considerable resistance to this technology among small medical providers. According to a white paper written by IT industry association CompTIA, titled “Health IT Deployment: The Essential Role Of Small IT Solution Providers,” only 41% of small medical providers will be compliant with digital health records by 2014. According to Farzad Mastashari, National Coordinator, “Small medical providers often lack staff with IT training and don’t have the background or the time to do it themselves.” In the CompTIA white paper, the following additional reasons were found to be top concerns among small medical providers:
While there are abundant opportunities to help healthcare providers of all sizes, VARs need to be aware that the HITECH Act extended the reach of the HIPAA Security Rule, which previously put all the onus for compliance on the healthcare provider, to now include “business associates” (read, VARs). According to CompTIA’s research, this means that a small IT solution provider can now be exposed to criminal penalties and civil fines that can range up to $1.5 million — a crushing amount for a small VAR.
This doesn’t mean small VARs should avoid this market; rather, it’s just a strong warning that you need to be properly trained before becoming an EHR solutions reseller. Organizations like CompTIA can be a good first step in that endeavor, and they can even help offset some of the costs of getting trained, through provisions created by the Obama administration such as a healthcare IT (HIT) education tax credit or direct lending to offset education costs. Check out www.comptia.org for more information.
HIPAA 5010 Compliance — This is an upgrade to the original HIPAA and became official January 1, 2012. It was specifically created in a manner that would lay the groundwork for healthcare entities to accommodate and address forthcoming ICD-10 (international classification of diseases, tenth revision) coding changes (see below for more information about this). Considering the fact that this act has already passed and the deadline for compliance is March 31, 2012, there may not be a whole lot you can do if you’re not already helping healthcare customers in this area.
ICD-10 Compliance — This update to the previous ICD-9 code sets brings with it a substantial increase in the number of codes that need to be incorporated into several of your healthcare customers’ IT systems (e.g. financial, claims processing, and customer reporting). For example, ICD-10 incorporates nearly 70,000 codes compared with 14,000 codes previously. Plus, ICD- 10 codes use more characters, plus a combination of upper- and lower-case alphanumeric values. All your customers’ systems need to be up to date by October 1, 2013. In addition to leaning on software vendors for help, there are other tools available that can greatly assist you in your transition efforts. Chief among these are mapping tools, such as the General Equivalency Mapping (GEM) tool, which can help VARs convert data from ICD-9 codes to suggested ICD-10 codes. This can help streamline the transition process, but should not be viewed as a substitute for learning how to use the new ICD-10 codes.
PHI (Protected Health Information) Security — PHI, as defined by HIPAA, is individually identifiable health information, which is created or received by a healthcare provider, health plan, or healthcare clearinghouse. Such information relates data (past, present, or future) describing the mental health or condition of an individual to another individual. According to Jason Clark, chief security officer at network security vendor Websense, “The primary motivation of cybercriminals and hackers has changed. The next stage in network attacks, which we’re already starting to see, entails hackers gaining access to sensitive data on mobile devices and even conversations, capturing that information, then using that sensitive information to try to get a ransom from the victim.” Clark also noted that doctors are some of the biggest violators of IT security policies, and VARs need to understand how important it is to use the latest security solutions to properly protect their healthcare customers. For a free copy of the “Global Study On Mobility Risks,” visit BSMinfo.com/go/0212MobileRisks.