The Challenges of Meaningful Use in Small, Independent Practices

Recently, I had the pleasure of speaking to a group of primary care physicians about meaningful use (MU) and the EHR incentive programs. The questions they asked made it obvious that there remains a good deal of misunderstanding about what is required to comply with meaningful use objectives. It was also clear from their comments that most of the educational materials available do not provide sufficient detail regarding the real-world impact of meaningful use measures.

For example, there are three objectives that address providing patients with access to their clinical information.

“Provide patients with an electronic copy of their health information (including diagnostics test results, problem list, medication lists, medication allergies) upon request.”

“Provide clinical summaries for patients for each office visit.”

“Provide patients with timely electronic access to their health information (including lab results, problem list, medication lists, and allergies) within four business days of the information being available to the EP.”

Many of the attendees were baffled by what appeared to be three versions of the same requirement. In addition, there was concern about the practical issues involved in providing information to patients. They wanted to know the best way to accept requests from patients and how many ways they were obligated to fulfill requests (USB, CD, DVD Portal, PDF, etc.).  They also wanted to know who would bear responsibility for HIPAA violations if patients lost or otherwise compromised data given to them. Clearly, these and other MU objectives create additional administrative challenges for small practices that they must deal with on top of managing an EHR implementation.

The data collection requirements of meaningful use are another potentially troublesome area for small practices. Meeting the threshold percentages for vital signs, demographics, medications, and the problem list requires that there be a mechanism in place to assure that these data elements are entered and validated. Successfully meeting meaningful use requirements may require alterations in workflow such as assigning specific data elements to a specific job position. In addition, meeting thresholds may well require a monitoring process with periodic audits to ensure that the information has been entered. Dashboard functionality, available in the latest versions of some products, may make auditing easier. However, auditing still represents an additional administrative activity for the vast majority of small practices.

Reporting requirements may also be a burden to small practices. Four objectives require that paper charts be used to meet the thresholds if there are not sufficient patients in the EHR. This alone may slow the enrollment of small primary care practices in the EHR incentive programs. Practices may be reluctant to consider signing up until they are certain that they can be rid of paper charts prior to the initial attestation attempt. Reporting requirements also may make EHR selection more difficult. EHRs have never been known for their stellar reporting capabilities. Now, meaningful use makes an easy-to-use, capable reporting engine an absolute necessity. Yet, how many providers have the skills to evaluate EHR reporting features?

The biggest MU challenge for small, independent practices  may be the HIPAA security requirements. An ad-hoc survey of my audience revealed very few of those practices currently using an EHR had ever completed a risk analysis as required by the security rule. In fact, most were surprised to hear it was required! It seems everyone has made peace with HIPAA’s privacy/confidentially requirements. However, the security rule seems to have been largely overlooked.  The lack of awareness of  the HIPAA security rule among these providers is troubling and should be addressed immediately.

My take on all of this is that much more needs to be done to educate providers in small, independent practices about the details of the incentive programs.   It appears that everyone has heard enough about HITECH to be wary of it.  However, few seem to understand it well enough to comprehend its potential impact on their practices.

Perhaps my sample size is too small.   Has anyone else noticed this problem?


1 Comment

  1. Dr. Carter – My experience fully conforms to your re HIPAA security rule compliance. This is a whole new world for a practice. Plus, there is the obligation to make sure that their Business Associates confirm their adherence. Finally, no one has really absorbed the reality that they must perform a HIPAA Security Audit. That audit includes both their HIT as well as their non-automated activities.

Leave a Reply

Your email address will not be published. Required fields are marked *