Several attendees at HIMSS 2013 said this may be a good year to hold off on implementation of new IT systems and focus on getting the most out of previous IT projects, as government officials are taking their foot off the regulatory gas pedal and urging providers to get their implementations on solid footing.
In her address at HIMSS 2013, Acting Administrator of the Centers for Medicare and Medicaid Services Marilyn Tavenner told the crowd that there will be no new health IT-related regulations coming this year. She said the goal is to make sure providers have met the stage 1 meaningful use rules and are ready to step up to stage 2 by the end of the year. By delaying further rulemaking, federal agencies will be able to focus on supporting providers in achieving those goals.
This broad regulatory message fits with the organizational plans of Ed Ricks, vice president of information services and CIO of Beaufort Memorial Hospital in South Carolina. He said he is holding off on any major new IT projects for the time being in order to make sure his organization can get the most value out of previous initiatives.
While that's not as cool as some other new things, it is really important. Get full value out of what you've got; that's my thing. We need to be more efficient at getting value out of things.
vice president of information services and CIO, Beaufort Memorial Hospital
"While that's not as cool as some other new things, it is really important," Ricks said. "Get full value out of what you've got; that's my thing. We need to be more efficient at getting value out of things."
He said some past initiatives delivered a relatively poor return on investment because the IT department had to move on to new projects soon after implementing a system. They didn't have a chance to examine how efficiently systems were being used.
Ricks has some significant IT challenges to address in the year ahead. He said that Beaufort decided to implement a MEDHOST Inc. EHR system in its emergency department (ED) last year, rather than keep the ED on the Meditech system used by the rest of the hospital. The decision was made because hospital officials felt MEDHOST had more of the functionality the ED needed, but Ricks said this dual system creates some obvious integration challenges.
Besides ironing out these integration holdups, Ricks said he will spend 2013 looking to get all of the hospital's doctors using the computerized physician order entry (CPOE) system. Currently the majority of the hospital's staff use CPOE, but there are a few remaining stragglers that are still using paper, and Ricks said supporting these two processes creates inefficiencies. His other main focus will be to make sure all hospital infrastructure is as secure as it can be.
For Chris Belmont, system vice president and CIO of Ochsner Health System in New Orleans, developing ways to uniformly identify patients throughout the provider's IT systems is a top priority this year.
In the years following Hurricane Katrina, many patients changed addresses and health care providers. During the same time, the Ochsner system expanded and acquired new physician practices. These two factors introduced complexity into identifying patients and matching them to previous health records. Furthermore, the health system is increasingly looking at information exchange, something it is not currently involved in at a deep level. When dealing with records from other providers for patients you have no pre-existing relationship; correct patient identification is key, Belmont said.
Part of the solution is to make sure all providers in the system are using the same EHR. Ochsner is currently nearing the end of a two-year initiative to implement Epic Systems Inc.'s EHRs at all practices and hospitals. Not only will this get all providers in the network on the same page, it will be less expensive to support one system than the 38 different IT vendors previously used through the system, Belmont said.
Like Ricks, Belmont also plans to spend time this year examining the security of existing systems. He said his biggest fear as a CIO is that a privacy-related incident will happen. Recent risk assessments in the health system have found protected health information in place Belmont didn't even know it existed, which can make designing security protocols challenging. Additionally, managing access and security can be a tricky balancing act.
"We're kind of caught in this strange conundrum. Access to information is critical. We're trying to make everything totally accessible but totally secure," he said.
Rick Haverty, director of IT infrastructure at the University of Rochester Medical Center in New York, said managing growing volumes of data will be important in 2013. His facility recently partnered with CommVault to help deal with data management and application backup. He acknowledged that doing all this on URMC's own servers can be expensive compared to cloud-hosted services, but he feels more comfortable with the security and performance he gets from locally hosted applications.
Another reason to back up data and applications on your servers is that cloud vendors may be reluctant to sign business associate agreements (BAAs) with terms that favor the provider, Haverty said. He has dealt with potential partners that insisted on working with BAAs they created and would not alter. Other cloud services use Amazon for server space, which may not meet the high security standards health care providers need. Haverty said providers need to know what kind of company they're getting involved with and what kind of terms they are signing up for before signing any BAAs.
"We'll take a look at the business plan; make sure we know how it works," he said. "At the end of the day, [if] we lose data, it's our reputation that's going to take a hit."
Reviewing BAAs and making sure all doctors are using CPOE systems may not be as exciting as implementing new analytics systems or upgrading HIE capabilities, but that is where many providers are at this point. Smart hospitals and health systems will take advantage of the regulatory lull to make sure all their pre-existing IT projects are functioning at optimal levels. Stage 2 meaningful use is still on track to go into effect in 2014. This stage will mandate more robust care coordination and information exchange. Now is the time to prepare.