How To Use Your Hosted EHR When the Internet Goes Down

In 2002, if you would've asked a physician if they wanted to host their electronic health record in a server farm somewhere out on the internet, 9 out of 10 times you'd be told to take a hike. Who trusts the Internet's ability to allow you access to a server you can't see to provide you with every piece of clinical information you need to treat a patient anyway? Since 2002, the comfort level with allowing sensitive information to live on computers hundreds or thousands of miles away has significantly increased. Online banking and investing, online taxes (TurboTax), online lead generation (Salesforce), hosted email, etc. has opened up a whole new world of possibilities when it comes to trusting that information will be out there on the internet when you decide you need it.

The same goes for electronic health records. The key difference is that if you can't access your bank account, taxes, or email, you might be willing to wait a few minutes or maybe even a few hours....but with a patient, you need information at your fingertips in order to make sound clinical decisions, and you need it now. So when considering the prospect of using a hosted electronic health record, it's important to learn the sure-fire ways to decrease or maybe even 
eliminate the potential for inaccessibility.

Redundant Internet Connections
This is crucial. If you use a Comcast cable connection to get out onto the internet, order a backup DSL line just in case. You can buy a router that automatically detects an outage and reverts to the backup internet connection. You'll want to hire the right local IT group to set this up and support it but it's fairly inexpensive (<$100/mo.) and can solve your connectivity problems before they even begin.

Wireless Internet
You could even take it a step further and buy a wireless internet card from Verizon, Sprint, AT&T, etc. You used to have to buy a seperate account for each one of these cards and pay monthly but nowadays you can find wireless routers like the Kyocera KR2 that can take that cellular signal and broadcast it within your office for all to use. It isn't the fastest connection, but it'll do the trick. The carriers may say they don't support this approach, but luckily they don't need to.

The nice thing about these wireless signals is that even if the power went out in your office, you could have this router on a cheap battery backup and keep seeing patients (if you have enough natural light to see them) using a tablet PC or laptop. Very cool.

Print to PDF
Some companies are even coming out with mechanisms designed to deliver PDF reports to a PC at your practice just in case. These PDFs can be set up to deliver a schedule of all the patients you plan to see in the next two weeks, and continue to update those PDFs as time goes on, so you always have at least a few days worth of information locally. All you need is a PC that everyone in the office can access just in case of internet failure. Solutions like Galen Healthcare's VitalCenter does exactly that. It's a great add-on solution to any remotely hosted EHR and should near eliminate concerns over internet downtime. Below is their presentation on how it works:

HHS Announces HITECH Act Breach Notification Guidance

This email landed in the MBA HealthGroup inbox today.  It's the beginning of many security and privacy upgrades that the HIT industry must comply with as a part of the HITECH Act.  The most important part of this proposal is that any patient information would be rendered unusable in the hands of any unauthorized user.  If you are interested in commenting on the proposed changes, you can do so here:

On Friday, April 17, 2009, The U.S. Department of Health and Human Services (HHS) issued guidance specifying the technologies and methodologies that render protected health information unusable, unreadable, or indecipherable to unauthorized individuals, as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act passed as part of American Recovery and Reinvestment Act of 2009 (ARRA).  This guidance was developed through a joint effort by the HHS Office for Civil Rights (OCR), Office of the National Coordinator for Health Information Technology (ONC), and Centers for Medicare and Medicaid Services (CMS).

This guidance relates to two forthcoming breach notification regulations – one to be issued by HHS for covered entities and their business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Sec. 13402 of HITECH) and one to be issued by the Federal Trade Commission (FTC) for vendors of personal health records and other non-HIPAA covered entities (Sec. 13407 of HITECH).  HITECH requires these regulations to be published within 180 days of enactment.  If the entities subject to the regulations apply the technologies and methodologies specified in the guidance to secure information, they will not be required to provide the notifications required by the regulations in the event the information is breached.   

In addition to this guidance, HHS has also concurrently issued a request for information (RFI) soliciting public comment on the breach notification provisions of the HITECH Act to inform future rulemaking and updates to the guidance.  The guidance and RFI is available at  Once published in the Federal Register, the guidance and RFI will also be available for public comment at

Physicians Deemed 'Creditors' under the 'Red Flag' Identity Theft Rules

Taking steps to combat identity theft, the Federal Trade Commission (FTC) issued a final rule in November of 2007 which mandates all financial institutions and “creditors” to develop and implement identity theft prevention programs, as part of the Fair and Accurate Credit Transactions (FACT) Act of 2003. Originally set to be in place by November 1, 2008, the FTC announced the new compliance deadline to be May 1, 2009.

The problem of course is that physicians are rarely creditors.

Under the FTC’s extremely broad definition of a “creditor”, physicians are included and must adhere to this compliance date; taking immediate steps which will be financially burdensome for most hospitals and private practices. According to MedPage Today, in a survey of 100 hospitals, 91 said they would have to spend over $10,000 to comply with the Red Flags Rule. Any failure to comply with this new rule would warrant $2,500 per violation.

Physicians are “creditors”? If you disagree with that then you are not alone. The American Medical Association (AMA) along with over 100 undersigned medical organizations has written a letter to the chairman of the FTC, respectfully disagreeing with the FTC staff’s conclusion that physicians are “creditors” and must be in compliance with act by May 1st, 2009. The letter also argues that the FTC failed to comply with the Administrative Procedure Act (APA), which requires the FTC to provide the public with notice and the opportunity to comment. Also, this new compliance duplicates much of the preexisting Health Insurance Portability and Accountability Act (HIPAA) compliance that all medical organizations are currently required to follow by law.

A large majority of physicians and managers are not aware of the law itself, let alone the implications it may have on their organization.  

Read: The letter sent by the AMA to the FTC

We've posted a draft of an Identity Compliance program on the MBA HealthGroup website.

Allscripts Remote Application for iPhone Review: Incredible!

Over the weekend I saw a press release about Allscripts Remote (TM), an iPhone application by Allscripts that allows you to connect to your Enterprise EHR (and Professional EHR) databases from anywhere.  I searched the Apple Store and was surprised to see I could download it for Free.  From what I understand, there will be a charge for this product and I'm assuming Allscripts will have to install licenses on clients servers for them to gain access, but they were nice enough to provide sample data so I could play around with the application.

Design: 10/10
The application is beautiful.  They took advantage of all of the features the iPhone has to offer it's programmers.  It's simple, which of course is critical when building an app for the iPhone.

Functionality: 8/10
I'm not surprised that Allscripts left out some major features of their Enterprise EHR, seemingly because the real estate provided by the iPhone (or any other mobile device) doesn't really allow for documenting/viewing a full note.  Nonetheless, the ability to see a patient summary and even fax a note to an ER on a patient of yours is something I didn't expect.  That's just a solid feature. The ability to verify lab results doesn't hurt either.

Usability: 9/10
It's simple to use.  I honestly feel like even the most technically challenged physician could jump on the iPhone and just start using this app (with maybe a short tutorial).  The most difficulty they would probably have is getting the hang of the iPhone keyboard.

I'm excited to see this thing in action, and I'm excited to show physicians what it can do.  My only question is: When will there be Voice Recognition on this thing?

Here's my video review of the Allscripts Remote App:

And here's one of Allscripts CIO Stanley Crane at HIMSS showing how it can be used:

HIMSS 2009 Tweetumentary

Starting tomorrow, HIMSS 2009 will be well underway.  It's really the health information technology center of the universe, everybody is there in Chicago, exciting announcements, incredible keynotes, great educational sessions, and HIT toys galore...and I'll be here in Vermont. Thankfully I have some friends willing to take a few minutes out of their days to communicate the excitement through pictures, Twitter, and maybe even some video if I'm lucky. If I see anything exciting come across Twitter in regards to HIMSS, I'll post it here.  In the meantime, after looking at a live webcam of Chicago, I feel a little better about blogging remotely. Follow me on Twitter (@ebechtel or @mbahealthgroup) 

Starting a Medical Practice: Top 5 Mistakes Physicians Make

To be in private practice or to be hospital employed? For some physicians, it's a no-brainer, there's no way they're going to work for a hospital. They want the independence that business owners get to design their own patient schedules, employ the staff they want, and go on vacation when they choose. Starting a medical practice can be the most rewarding venture, but it can also be painful if not done correctly. I asked some of our consultants what mistakes are the most common when a physician takes the plunge into private practice, and this is what they've seen:

5. Not setting a realistic time line to launch your new practice. Whether a physician is finishing up their residency, or deciding to leave a hospital or group practice, they rarely ever give themselves enough time to start a practice the right way. Many times it's a "I need to get up and running ASAP, maybe next month if I can". Unfortunately it isn't that easy. When starting a practice you have to take into account time to get credentialed for your new practice, time to find a staff, time to implement systems, time to find real estate. Be flexible with deadlines and unexpected delays.

4. Not knowing the financials. There aren't many physicians that have a boatload of cash to spend after their residency, so most end up getting business loans from a bank. We don't necessarily recommend writing a business plan for every practice, but we always make sure the financial plan and proforma is adequately constructed. Make sure you have conservative 3 year projections and a line of credit that will cover you for the first 3 months even if you don't generate any revenue. Remember, insurance carriers don't always pay you instantly, sometimes it takes months. It also never hurts to have best and worse case scenarios in your proforma just so you know what you'll need to do if you don't get as many patients from the start as you expected. To calculate revenue, determine your expected payor mix and use the carrier websites to see if they post what they pay for specific office visits and procedures. Leave no stone unturned, estimate the cost of EVERYTHING down to the magazines in the waiting room.

3. Hiring the wrong people! Recruiting and hiring is a skill. Get help to ensure you bring in highly motivated staff that are as invested as you are. If you're going to be in a fast paced practice, hire staff that can keep up with you. Hiring the wrong people can be extremely expensive considering how much you will invest in them to learn your IT systems, equipment, and workflow processes.

2. Choosing the wrong EHR/PM for your practice. If you aren't familiar with health information technology, good luck acclimating to the ever-changing and complicated environment. There are over 300 EHR/PM vendors out there and 95% of them are NOT right for you. You can also expect a good number of those vendors to be acquired, go out of business, or not be able to support you in a way that works for you. Right now the safe bet is to start on, which is the only EHR certification board out there, and look at which vendors are certified. While there are some incredible EHRs out there that haven't been certified, the HITECH stimulus package is promising incentives for only "certified" products. Always choose the EHR first, and then make your Practice Management system decision.

1. Not asking for help from someone who knows business. Let's face it, medical school is just not geared around teaching physicians how to start a medical practice. The majority of physicians also don't have the time to sit down and read books on how to start a practice in the hopes that it will actually guide them to success. This is a process with a million variables that requires expertise. At the very least, talk to family and friends that know business. In an ideal situation, you'd bring in an expert to help you with starting your own practice (read: 9 steps to Successfully Starting a Medical Practice). In the long run, the investment on the upfront expertise will not only save you time, money, and possible heartache, but it will generate more money than you could have without consulting with an expert.