Practices have tasks that need to be done regularly to ensure smooth operations. Health information technology adds a new set of recurring chores. These tasks generally are broken down as those needed for maintenance, those that help protect and secure patient data, and those that help the practice get the best return on investment, both from financial and quality standpoints.
Responsibility for these tasks varies, depending on the size, scope and structure of the practice. Here are some common tasks.
Assessing user concerns
What it entails: Performing regular check-ins with staff to determine the good, bad and ugly of each system. Some practices have lunch-and-learn sessions during which employees brainstorm and share user experiences. Others have a more informal process, with open lines of communication between users and those who can optimize, customize and tweak systems. Experts say this assessment should happen frequently right after implementation, and should continue on an ongoing basis.
Why it matters: Andres Jimenez, MD, CEO of ImplementHIT, an online provider of electronic medical record system training, said that with fewer players in the EMR market today, the systems aren’t as intuitive for each specialty as they could be. Regular check-ins with staff will help practices configure the systems to meet their needs.
These regular check-ins also can help practices identify training gaps and adjust to changing environments. For example, Dr. Jimenez said, many practices set up protocols to deal with the outbreak of influenza A(H1N1). Or practices might realize that certain tests or medications are ordered frequently, so the system could create shortcuts to those orders.
What a physician has to do: If the physician is a “super user,” he or she likely will be on the team in charge of acting on feedback. Physicians who don’t use the system as much need to practice using it, thinking about ways the experience can be improved.
Taking care of system infrastructure
What it entails: Monitoring network connectivity to ensure that the practice stays online; monitoring for software or operating system upgrades; and monitoring database storage space.
Why it matters: According to Jeff Cunningham, chief technology officer for the Nashville, Tenn.-based vendor Informatics Corp. of America, these tasks ensure that your system remains in good working order. Good network connectivity, for example, will ensure that all computers in the practice are talking to one another. Software or operating system updates, which often are prompted by glitches reported by users of earlier versions, improve the user experience. Finally, databases that have run out of electronic storage space will prevent practices from storing and backing up files.
Losing this ability to properly store and back up files could hamper a practice’s ability to operate smoothly and in a way compliant with regulations of the Health Insurance Portability and Accountability Act.
What a physician has to do: Physicians must ensure that whoever performs these tasks understands the system and the network and how they function, experts say. For many small practices without a large information technology budget, it might be worthwhile to outsource these tasks, or to go with a hosted system, meaning that the server hardware is located elsewhere. In that case, these tasks would be performed by the host.
Monitoring system access and managing passwords
What it entails: Creating unique log-in credentials for each user; ensuring that passwords are hard to guess and changed frequently; and deleting access for employees who leave the practice.
Why it matters: HIPAA laws require that each user of a health information technology system have a unique log-in and identifier. One reason is to restrict access to patient files. Unique credentials also make it possible to do audits of file access.
What a physician has to do: Michael Leonard, project manager for the IT team at Iron Mountain, an information management services company based in Boston, said physician partners need to set policies that define what an appropriate password is and set a schedule for when they are changed, normally every 90 days.
Experts say that although it shouldn’t be up to physicians to serve as administrators who set and manage credentials, doctors need to know how to log in as an administrator to perform these tasks if the assigned administrator leaves the practice unexpectedly.
Performing security and HIPAA audits
What it entails: Regularly reviewing who has access to what systems and what patient health records might be exposed.
Why it matters: These audits will help practices mitigate the risk of data exposure. As roles change, as they often do in small practices, the data an employee needs to do his or her job also is likely to change. HIPAA security rules require that practices have administrative safeguards in place to protect all patient information.
What a physician has to do: Physicians need to set policy about how often audits should take place. System or practice administrators can perform these tasks, but physicians always should be told what those audits have found, experts say. Regular meetings or reports will help keep doctors informed.
Backing up files
What it entails: Instituting a regular backup schedule that occurs no less than several times a week; storing data either virtually or on portable devices.
Why it matters: HIPAA and security rules require practices to secure patient information. Backing up those files is among several best practices that physicians should adopt to ensure that a disaster, whether technical or natural, doesn’t cause permanent loss of patient files.
What a physician has to do: If data are stored on portable devices, such as tapes or memory cards, a service should be contracted that will pick them up and store them off-site.
Lior Blik, president and CEO of Network Infrastructure Technologies, a New York-based IT solutions firm, said that when data are backed up virtually, most programs send alerts indicating that the backup was successful and detailing what was backed up. While someone else, such as a practice administrator, could actually send data to storage, the physician needs to be the one who receives the backup message.
“I would definitely make sure I get involved in that if I were a physician,” Blik said. “That is a key you definitely don’t want to lose, because this is your business.”
Practices that use hosted systems most likely would have this done for them by the host, but the practice should learn how data are stored. Blik also suggests that physician partners run a data recovery test every few weeks to ensure that storage and recovery processes are working.
Analyzing financial and clinical performance
What it entails: Taking a measurement of how the system is affecting finances and clinical performance by comparing pre-implementation numbers with post-implementation measures. An analysis can run queries by demographics, diagnostic codes, labs, medications and vitals, or a combination of these, and on financial information.
Why it matters: Reviews will help a practice identify its return on investment for its system. The analysis will help the practice identify areas that need further improvement, and areas that an EMR already helped to improve. Reviews also will help a practice prove its case for bonuses or incentives under any insurance plan’s program encouraging information technology use, including meaningful use under Medicare and Medicaid.
What a physician has to do: If the physician is not doing the actual queries, he or she needs to be aware of the results. “If you’re not able to measure at all, you can’t improve,” said Chad Kerr, a health information technology consultant with Ingenix Consulting based in Eden Prairie, Minn.
Monitoring the changing health IT landscape
What it entails: Keeping an eye on emerging technologies to determine the ones your staff might try to incorporate into their work lives.
Why it matters: Kerr said that if practices don’t know what up-and-coming technologies employees might be trying to use, employees might try technologies that won’t be supported by the existing infrastructure. Wireless devices and personal computers are perfect examples, he said, as new tools are being introduced every six months.
What a physician has to do: Physicians need to stay on top of technology trends by reading technology news or blogs, and by talking to employees about new devices they may want to incorporate into the practice. Physicians also should talk with vendors or information technology staff to determine what devices or technology could be supported in a secure, HIPAA-compliant way.