Maintaining Data Security: Interview with Lee Barrett – Part 2

Predictive AnalyticsBy Sarianne Gruber
Twitter: @subtleimpact

What are the key merits of Practice Management system accreditation? How does it enable ICD-10 readiness in revenue and billing environment?

There are several aspects which are the key areas and merits that we are looking at as far as value proposition to the industry. As a not-for-profit organization, such as EHNAC, is the fact that we provide a third party review of a practice management system platform, and looking at it in relation to the four areas (that I talked about) including Privacy, Security, Confidentiality and Cybersecurity. Also a review of the platform itself, the best practices that they are using and the staffing they have to support their products and services. Another aspect, which we are looking at for the providers, is trying to mitigate the risk of a breach or an incident with their practice management system platform that they are using. The focus, as we’re going through this, is with the practice management system vendors, and to do a comprehensive review to try to determine if there are particular areas that they may have gaps. We want to work with them on bridging and mitigating those gaps so they have not only a better environment, but from the provider prospective, the providers can feel confident. In that the system they are using, has at least gone through a third party review, and is mitigating their potential risk because patients and others are using their software. Patients could be using the portal platform that many of the PMS vendors have, and there are a variety of ways in which this could be done. We are really trying to mitigate that risk out there for the providers. On the ICD-10 side, we are focusing on the whole aspect of, at least for the providers, providing some level of confidence that their PMS vendor has a plan. And they (the vendors) are executing against that plan for testing and integration; and will be there as far as having a product for October of this year. It is really a level of confidence that we (EHNAC) are trying to provide to the providers.

On observation, physician are nervous about changing sets of codes from the old to new codes. What has been your experience?

The ICD-10 is at least 7 times level of the granularity of ICD -9.  I am working with a couple of physician practices to help them, I am telling them that what they need to be doing now is to be doing the mapping of various of procedures that the physicians go through today and be mapping them to the ICD-10 codes so that they’re not going to get dinged in relation to their reimbursement or what they are currently doing today. So where I am helping them to spend the time, is to go through that because that’s got a very significant impact on the providers from reimbursement side.

We have organizations like the Medical Group Management Association, AMA, a number of the provider industry organizations who worked with us on the development of the practice management system accreditation program. They taking this very seriously, and actively promoted it to all their providers. They have been sending out and communicating with all their providers the message to be asking their PMS vendors, “Are you accredited and if not, you need to apply”. We want to have this level of confidence ourselves in you, as our PMS vendor, supplying our services to us.

At the WEDI conference you addressed the CMS mandate for Qualified Data Registries to report Clinical Quality Measures. Can you share how a third party accreditation will help providers, payers and vendors?

I think what we are focusing here is trying to provide a level of confidence and trust  between all these various stakeholders.  A third party entity has to  review how the whole aspect of protected health information is secured, how it is exchanged, the use of authentication and encryption, how the data is controlled by passwords, and role-based access. And all of those (items) that we think are extremely important.   Registries are gaining a tremendous amount of visibility, and probably acceptance in the industry, and we are seeing a proliferation of them. There are probably close to 100 registries now in the United States.  The need then is to have some sort of third party review of how organizations are handling these registries, making sure they have the policies, the procedures and controls in place, and that they are actually implementing them. The third party review, which EHNAC is trying to do to, is to provide that level of confidence. And we want to work with CMS, as well as the industry, which is why we put together an advisory committee. We have three beta organizations already who are working with us on the development of a data registry and accreditation program. We expect that by the end of year, we’d have developed the program, and it will have gone through our whole governance and public comment review process. We are looking to work with the registries and the industry and CMS to hopefully implement this and get abroad based acceptance on having a third party review. We are already getting a lot of good visibility and a lot of the registry organizations are excited about having some the third party review.

The Electronic Healthcare Network Accreditation Commission (EHNAC) mission is to promote accreditation in the healthcare industry to achieve quality and trust in healthcare information exchange through the adoption and implementation of standards. EHNAC grew out of the 1993 Workgroup for Electronic Data Interchange (WEDI), which was sponsored by the Network Architecture and Accreditation Technical Advisory Group.