On Task with Security Risk Analysis

17317DR_MU_core9_shadowCore Measure 9

It seems like every time you turn around, there’s another large security breach. The results can be devastating for not only the business that was hacked, but their customers as well. The risk isn’t limited to retailers – it exists anywhere customer information is used, accessed, or stored. With that in mind, core measure 9 was created and included in meaningful use.  As evidence of the gravitas of this goal, there are no exclusions to this measure.

We all know how important it is to protect electronic health information, and the utmost care must be exercised to protect patients’ medical records.

Defined and Deciphered
Core measure 9 seems like a simple concept, but can be deceptively complex. The goal is to protect patients’ electronic health information that was created or is maintained by certified EHR through the implementation of appropriate technical capabilities.

Per CMS, the provider must:

“…conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a) (1), including addressing the encryption/security of data stored in CEHRT in accordance with requirements under 45 CFR 164.312 (a)(2)(iv) and 45 CFR 164.306(d)(3), and implement security updates as necessary and correct identified security deficiencies as part of the provider’s risk management process for EPs.”

Huh? Exactly!

It seems daunting to decipher what the requirements are, much less figure out how to actually accomplish the task.  Essentially, you’re required to perform a security risk analysis to ensure that your patients’ medical records are secure, and to minimize the risk of a security breach.

The Challenge
Part of the challenge to this measure is the broad nature of the measure itself. Fulfilling the measure doesn’t rely on a simple security feature that can be enabled or disabled. Rather, practices must conduct—at least annually—a comprehensive security risk analysis in accordance with the requirements under HIPAA, and correct all identified security deficiencies.  There is a full list of security criteria that must be met and/or corrected, however, a simple checklist will not satisfy the requirements. Each of the criteria must be sufficiently documented, so that in the event of an audit, you will pass. Also, there are no exclusions allowed for this measure, and since it’s not a percentage based measure, there is no CMS reporting window to track your progress.

Success Can Be Yours
Core measure 9 is essentially the same as core measure 15 from Stage 1. If you’ve already succeeded at this measure in Stage 1, you’re well on your way to success in Stage 2. Unfortunately, because of the broad nature of the measure, it’s also one of the more difficult challenges to master. This is not a measure that can be conquered simply with your EHR system. Still, this is a measure that is attainable. Given the complexities, and myriad of factors to consider, we will take on the required tasks in Part 2 of “On Task with Security Risk Analysis.” Stay tuned.

In the meantime, if you have questions or need help with meaningful use, contact us at meaningfuluse@eyefinity.com.

Did you enjoy reading this blog article? Receive an update for each new post by clicking on the “Follow” button in the upper right corner.

Cloud Technology in a Flash

blog_stopwatchThe second installment in our series of posts about cloud technology. Now let’s look at speed and bandwidth.

by Eyefinity Senior Product Manager Andrew Lee

Better Use of Time
A cloud-based system can save you time, by removing hardware issues from your practice and providing readily accessible records, but what’s required?

The Need for Speed
Internet speed can be a significant factor. Before taking the leap to the cloud, ask providers about bandwidth requirements for their solutions. This is important when evaluating the cost of a practice management solution. If you’re required to subscribe to a very high-speed internet service, that’s a red flag. This could add hundreds of dollars every month, and suddenly what seemed like a low monthly cost for the practice management system, is drastically inflated.

We recommend a minimum of 3 Mbps (Megabits per second) download and 1.5 Mbps upload speeds. For optimal performance, you’ll want 3 – 6 Mbps, depending on the number of doctors and staff in your office.   Check your current speeds at www.speedtest.net.

Ask the Right Questions
Some practice management solutions require speeds up to 20 mbps, and have response times up to 30 seconds, so be sure to ask what’s required, and how fast the system will respond. A web-based system should respond within a couple of seconds, and an optimized system should average less than one second.

Up next, unlocking the secret to security in the cloud.

We want to hear from YOU.
With your input, the next level of practice management solutions will be everything you want and need it to be. Learn more.

Did you enjoy reading this blog article? Receive an update for each new post by clicking on the “Follow” button in the upper right corner.

Get out of the Fog About Cloud Technology

hotairballoonThis is the first in a series of posts about cloud technology

by Eyefinity Senior Product Manager Andrew Lee

There is a tremendous amount of buzz in the industry about “the cloud” and cloud-based systems. The major benefits we hear are that the cloud can help practices reduce costs and enable access to patient data from anywhere. But what does this really mean?

It’s a foggy topic, and we’re here to help clear the air. In this blog series, your peers and industry experts will explain cloud concepts in a simple way that you can understand and apply to your practice. Armed with the right information, you can make decisions with confidence.

Top 6 Questions to Ask Before Moving to the Cloud

Here are a few questions that have probably come to mind and you should consider when thinking about moving to the cloud:

  1. Is it secure?
  2. Is it fast enough for my staff?
  3. What’s the difference? Hosted? SaaS? Web app? Native app?
  4. What’s the return on my investment? And, what’s the cost savings?
  5. How do cloud solutions change my workflow in the practice?
  6. How can I be liberated to run my business efficiently and effectively?

So, what exactly IS “the cloud”?

Simply paraphrased and taken from the U.S. Department of Commerce:

Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of resources (e.g., networks, servers, storage, applications, and services) that you can quickly and easily update and push to your device, whether it’s a desktop computer, laptop, tablet, or smart phone.

Then you may ask, “Hmmm, which cloud model is best for me and my practice?”

It’s all about YOU. Unlike software that you need to install from a disc or software you download to your server, the basic premise of the cloud is that YOU can access it anytime, anywhere, and from any device.

The beauty is no one needs to come to your office and install the software. You can access it from a web browser. It’s like accessing water from your faucet, on-demand, anytime.

But is it secure and fast? Stay tuned for the next blog in this series.

Did you know that you can help to shape the future of practice management in the cloud? With your input, the next level of practice management solutions will be everything you want and need it to be.

Learn more.

Did you enjoy reading this blog article? Receive an update for each new post by clicking on the “Follow” button in the upper right corner.

Engage your Patients

scheduler

Your most important marketing tool just got better. See how eWebExtra™, your Eyefinity® website solution, integrates seamlessly with OfficeMate® v10+ to make you more available to your customers.

Patients want the ability to view appointment times and schedule appointments directly from your website. And the best part is that you can now accept these appointments with just a click. OfficeMate automatically captures and pre-populates all of your patient’s data without any additional work for you.

Simplify your workflow and eliminate:

• Manual entry

• Appointment scheduling conflicts

• Additional appointment scheduling negotiations

• Missed appointment opportunities

Once your patient schedules an appointment through your website, all you have to do is approve the time and the appointment information will automatically be added to OfficeMate. You still have the power to approve or deny all appointments scheduled online.

To take advantage of this new feature, you will need to upgrade your eWebExtra OfficeMate driver. Log on to http://www.eyefinity.com, click on the eWeb tab. Click on the “manage OfficeMate Integration” button. Once there, you will be able to update your “Schedule Sync” and “Patient Info Inbox” with the new installers.

We are committed to being your business partner and keeping your online presence cutting edge. We have many more great updates coming soon. Make sure to keep an eye out for future updates!

Update Now

Catch a Break – Hardship Exceptions to Meaningful Use

Meaningful_Use_sticknoteAre you a Medicare provider who has yet to participate in meaningful use? If so, an important deadline is approaching quickly. July 1 is the deadline to begin meaningful use Stage 1 to attest before Medicare payment adjustments take place in 2015. That’s right, you must have installed a 2014 Edition certified EHR, begin your three-month reporting period on July 1, and attest on October 1 to avoid the 1% penalty.

If you’re in your second year of Stage 1 or beginning Stage 2 in 2014, you have two opportunities to begin your reporting period: July 1 and October 1.

Are you afraid you’re not going to make it?

Not to worry. The CMS recognizes that there are valid reasons that render an undue hardship or eliminate feasibility for a practice to participate. Those valid reasons will prevent payment adjustments for a year. Exceptions are segmented into six categories:

  • Infrastructure – EPs practicing in an area where internet access is not available or feasible to attain
  • New EPs – EPs who began their practice without sufficient time to begin meaningful use and attest before 2015
  • Unforeseen Circumstances – In the event of a natural disaster or other unforeseeable event
  • Patient Interaction - EPs who do not have face-to-face or telemedicine interaction with patients, or who do not need to follow-up with their patients
  • Multiple Locations – Applies when it causes the EP to lose control over the availability of certified EHR for more than 50% of patient encounters
  • Vendor Issues – EPs whose EHR vendor has been unable to attain 2014 ONC certification for their EHR*

Still not sure if you qualify for the hardship exception? Use the CMS online tool to determine if you qualify. Don’t sit back just yet. You must file for an exception by July 1, 2014, to avoid penalties in 2015. Exceptions are valid for one year and then must be renewed.

If your hardship exception is approved you’ll skip your current year of meaningful use and advance to the next year when you resume. For example, if you were scheduled to demonstrate your second year of Stage 1 in 2014, you would skip to your first year of Stage 2 in 2015.

While some providers may file a hardship exception to postpone their meaningful use adoption and see if a recent CMS proposal will allow them attest, there is no guarantee your exception will be approved. Our 2014 Edition certified products are ready and available now to help you meet your meaningful use requirements.

For more information and specific details about the hardship exception, view the CMS document outlining meaningful use timelines and exceptions. And of course, if you have any questions about meaningful use, contact us at meaningfuluse@eyefinity.com.

 

* While 717 EHR vendors offered certified products for the 2011 Edition of meaningful use, only 151 offer certified products for the 2014 Edition. Eyefinity’s EHR solutions are currently certified to meet the ONC 2014 Edition criteria and support both Stage 1 and 2 meaningful use. [Source: Certified Health IT Product List, accessed June 24, 2014, comparing 2011 to 2014 complete ambulatory EHRs]

The Core of the Matter

Core Measure 7 BadgePatient Electronic Access

How has your meaningful use experience been so far? Hopefully you’ve been breezing through it, but even so, you probably still have questions and would benefit from some interpretation along the way.

Recently, we tackled Core Measure 17 (CM17), voted the most challenging measure for eye care providers (ECPs)*, so let’s address Core Measure 7 (CM7), which relates closely to CM17.

Requirements of CM7
Core measure 7 consists of two measures, both of which must be achieved and are direct functions of the patient portal. The first requires that online access be provided to over 50% of all unique patients seen during the demonstration period. The second requires that over 5% of all unique patients during that same demonstration period view, download, or transmit their health information to another provider or any other 3rd party.

What it means to you
If you’re using a complete EHR solution, meeting the first requirement of CM7 shouldn’t be difficult. However, some providers may find it a little tougher to meet the second requirement. Like CM17, the challenge lies with the fact that it’s out of your hands – you are depending on the actions of others to fulfill this requirement. The challenge grows if you have patients who are less technologically inclined, or if you’re in a rural area where internet connectivity may be less common.

Conquering the Challenge
CM7 is achievable, even though it’s based on the actions of others. The easier it is for your patients, and the more benefit they receive, the more likely they are to appreciate and embrace the opportunity to access their health information. Here are some examples that might help you:

  • Make sure you have the correct email address for your patient. You can take care of this when the patient checks in for their appointment.
  • Remind your patients that they can view their health records and test results, as well as communicate directly with you electronically.
  • Print a reminder on the back of your appointment cards, with instructions on how to log in and create an account.
  • Set up a desktop or laptop computer in your waiting room, and designate one of your staff to assist patients with establishing their account and accessing their records.

Remember, by starting early – even before your demonstration period – you’ll have momentum on your side and be well on the way to fulfilling this core measure. Check your progress regularly to assure that you’re on track for success. Be sure you’re using not only a complete EHR solution, but one that provides a meaningful use calculator to help you gauge your progress. This core measure, more than any other, empowers patients to stay informed and be involved in their own healthcare. Next stop, success!

Check back here frequently for help with more of the MU2 core measures. And if you have any questions, contact us at MeaningfulUse@eyefinity.com or visit us online at eyefinity.com/mu2.

 

*Voted by us

Success Made Simple – Attestation for Meaningful Use

Meaningful_Use_sticknoteMeaningful use is here for the duration. Whether or not you choose to participate, it’s important to keep the goal of meaningful use in mind–to deliver better patient care. How? By encouraging patients to be involved in their own care, moving to uniform documentation, and transparent patient history. Documentation will be readily available and relevant throughout the patient’s life. In the long run, this will provide patients with more consistent and cohesive care. So let’s consider the basics leading to a successful attestation in meaningful use.

The foundation of success begins before you start your demonstration period. Knowledge is power, and knowledge will be the strongest tool to lead you to a successful attestation. Be sure you understand the long-term purpose of the program, and subsequently, your role as an eligible provider demonstrating meaningful use. With that understanding, the requirements to achieve a successful attestation will make more sense.

Use a complete EHR system to eliminate gaps in functionality. Doctors using modular systems need to pair their product with other certified systems to meet all of the requirements for meaningful use, contact your vendor if you have questions. Keep in mind that practice management systems will need to be paired with an ONC certified EHR to successfully attest. When choosing a certified solution, you’ll want to examine vendors and their solution offerings carefully. Find a vendor who takes a proactive approach to your needs and is committed to your success. Did you know that the number of solutions that are currently ONC 2014 certified for meaningful use Stage 2 is only about 10% of those certified for Stage 1? It’s important to find the vendor that stays ahead of the curve, so you won’t be left scrambling.

From there, review the criteria for successful attestation. You’ll need to understand the core and menu objectives, as well as the clinical quality measures required of you. Build momentum even before beginning your demonstration period. If you have a grasp of the goals you are working toward, you can begin early, and when you do begin your demonstration, you’ll already be on the road to attestation with no trouble. Tracking your progress at regular intervals along the way will make a tremendous difference to be sure you’re on schedule. You’ll want to be sure you’re using a solution that includes a meaningful use dashboard or calculator to make this task both useful and easy.

It’s never too early to prepare for the task before you, and it is preparation that will carry you to a successful attestation. If you have any questions about meaningful use, contact us at MeaningfulUse@eyefinity.com.

Follow

Get every new post delivered to your Inbox.

Join 76 other followers