Compliance: strategies for healthcare
A significant portion of healthcare information governance entails monitoring and controlling the way in which patient information is accessed and shared. UMass Memorial Medical Center, which serves central and western Massachusetts, is applying its resources to governance efficiently by managing its data in a hybrid way, leveraging both central and federated data capture. Data is shared according to carefully defined specifications that meet both regulatory and hospital policy requirements.
UMass Memorial Healthcare includes the UMass Medical Center and four community hospitals. It’s the clinical partner of the University of Massachusetts Medical School and has more than 1,700 physicians and 13,000 other employees on staff. The organization uses electronic health record (EHR) software from Allscripts for management of ambulatory care records, EHR software from Siemens for acute care, and other software products for additional information systems. UMass Memorial wanted to provide an integrated view of its patient information, and increase its ability to interoperate with external EHRs.
Single version of the truth
“Physicians in the communities we serve have several levels of requirements for information,” says Richard Cramer, associate CIO for operations at UMass Memorial. “First, if they order procedures carried out at the hospital, they want the results delivered back to their practice as a fax or interfaced directly into their practice EHR. Second, they often need to view the information resulting from tests or procedures ordered by other providers. Finally, and this is the most challenging, they would like to see information unrelated to their own interactions with the patient.” For example, if a patient visited the emergency room, the primary care physician wants to receive information related to that clinical encounter so he or she can coordinate appropriate followup care.
To provide a centralized repository that contains “a single version of the truth,” with respect to medical records, UMass Memorial opted for a master data management (MDM) strategy. In support of that strategy, UMass Memorial selected Initiate Patient, Initiate Provider and Initiate Exchange from Initiate, an IBM company. The software products link multiple patient and provider records from different systems and enable other applications to create composite views of an individual based on information from all systems.
Data from those virtual views can then be delivered to practice EHRs using Initiate Exchange as a hosted software as a service (SaaS), or through the health system’s clinical portal solution from dbMotion. That approach eliminates problems that stem from providing direct access by one healthcare provider to data maintained by another. It also allows for a consistent set of business rules that control the data that providers can access and import into their EHRs.
An incremental approach
“We believe that an incremental approach is more effective than one that attempts to include all data in its model,” says Cramer. “In many cases, our methods for sharing information are mirroring what we had already established for governance of paper records.” For example, the hospital routinely faxed test results to a doctor in the past, and now the same authority allows the hospital to transmit results electronically. Similarly, a doctor who could come to the hospital and see records can now access those same records via a portal, with no change in policy.
Rather than developing an all-encompassing model for information sharing, UMass Memorial selected processes and information that were most essential to patient care, and provided enabling technology to improve them. “I have seen many data sharing efforts fail because they were too ambitious and tried to do everything at once,” explains Cramer. “Roadblocks such as data ownership and control arise, and the project quickly spirals out of control.” UMass Memorial took the approach of working from the base of its original governance policies and improving the implementation of them through use of new technology.
UMass Memorial went live with Initiate in January 2010, uniquely identifying patients across the health system’s hospitals. In June, a software platform from dbMotion will enable UMass Memorial to present a unified view of clinical data from sources both within and beyond the hospital. The dbMotion Solution is a clinical information aggregation tool that presents a virtual patient record derived from multiple sources. It can be delivered through the dbMotion Solution Web interface or through the provider’s EHR. The information from other providers will be included in the Initiate repository (master person index) based on the providers’ decision to participate in the information exchange. Initiate manages the client demographic data, while dbMotion manages clinical data.
The system developed by UMass Memorial and its software partners has caught the attention of other potential users. “About a dozen healthcare systems are considering implementing a similar system,” notes Cramer. “We think it provides a very useful and flexible model for the future.”
One of the advantages of MDM is the ability to reconcile inconsistent data. “We want to take data, make it accurate and meaningful, and share it with downstream business processes,” says Michelle Blackmer, senior director of healthcare marketing for Initiate. Rules can be established for correcting information, such as using the most recent address, or an item can be flagged for manual attention. Thresholds can be established for automatic correction, such as a one-digit error in a Social Security number.
“Stewardship of information is a very important component of governance,” Blackmer says. “Data quality downstream is only as good as the information that enters the system.” Such governance is an important part of fraud prevention. For example, if the information is received by one provider that a patient is deceased, then all of the providers would know, and attempts to use the patient’s Medicare identification could be thwarted.
Monitoring the network
All patient data is sensitive, but especially in the case of addiction rehabilitation, privacy is critical. The Hanley Center, a non-profit addiction recovery organization, serves adolescents and adults, providing a spectrum of services that range from detoxification to psychological and psychiatric care and spiritual counseling. Its public Web site includes a link to its Facebook page, which provides information on local fundraising activities, and to Twitter.
The IT department at the Hanley Center supports the goal of maintaining patient confidentiality by monitoring the movement of all documents, e-mail and the Web activity of its employees. “In order to comply with HIPAA [Health Insurance Portability and Accountability Act] and our own policies, we need to know who is viewing or sending documents, who is communicating internally and with outside entities, and be aware of any other network activities that are occurring,” says Michael Counes, IT director at the Hanley Center.
In previous years, Counes had to review each application separately to check for infractions by employees. “I had to lock down each computer individually,” he says. “I could do the job, but it took hours.” Early in March, the Hanley Center installed Spector 360 from SpectorSoft, and the same day, Counes was able to view activity across all systems. “Everything was immediately visible through Spector 360,” he adds.