Spotlight on Hospital Information Systems June 15, 2010
Featured Article
Regulatory change drives improvements in records management

By Nancy Duarte-Lonnroth

Managing information properly, efficiently and securely within today's increasingly Web-based environment is critical to managing risk, mitigating potential future losses and having proof of compliance.

In response to the Obama administration's demand for better accountability and a safer, more reliable health system, health organizations face a pressing need to review and augment their records management systems to comply with new reporting requirements.

Although many healthcare providers have already invested heavily in the past decade to replace traditional paper-based work flow with more efficient digital records management, challenges imposed by new regulatory demands are daunting.

Much attention has been paid to digitizing structured records during the early phase of work flow and records management improvement, so as to better manage and protect patient record databases while enabling more efficient sharing of information across the vast health network of care givers, pharmacies and insurers.

Now, healthcare providers face the immense challenge of ensuring that the vast amounts of unstructured information they generate daily - from email and internal memos to images, video, records and beyond - meet evolving compliance requirements.

Rapidly changing regulations are raising the bar dramatically. Mission critical and sensitive information must be easily accessible, adequately protected and properly archived. In addition, health organizations need to produce all evidence of any collaboration process that leads to a decision affecting patient health. Ultimately, managing information properly, efficiently and securely within today's increasingly Web-based environment is critical to managing risk, mitigating potential future losses and having proof of compliance.

Serious challenges from within and beyond for health organizations

The challenges in play have significant implications beyond simply meeting reporting requirements, with organizations needing to integrate compliance with security needs as well as with overall operations and planning work flow.

For example, the Health Information Technology for Economic and Clinical Health Act (HITECH) provisions of the Economic Stimulus Act significantly expand HIPAA regulations to include mandatory data breach notifications, heightened enforcement, expanded patient rights, and increased penalties of up to $50,000 for each violation and up to $1.5 million per calendar year.

Traditionally, this type of data security issue would solely be the responsibility of the technology department. But organizations can no longer afford this way of thinking, because modern electronic work flow involves multiple internal departments and external partners.

To meet the new HITECH requirement, IT managers need a thorough understanding of an organization's complex work flow, the caregivers and external partners at various stages of each process, and their working habits. The solution will need to be a combination of comprehensive policies, information access, training and technical safeguards, all designed to meet both organizational and compliance needs, while also capitalizing on Internet capabilities.

That means potentially significant resources are required - and this is just addressing one requirement within HITECH.

Smaller organizations are especially vulnerable, as funding for staffing, training and new technologies is limited. As well, decision makers in diverse areas such as IT, finance, legal, audit and HR may have limited resources to proactively address these anticipated changes.

For larger organizations, the challenge typically lies not so much in being adequately informed, funded and proactive on change, but in gaining consensus on how to execute that change.

The challenges may seem daunting but not necessarily insurmountable, as long as organizations are prepared to change the way they operate, systematically examine their processes and prioritize their changes.

Work flow trends - adopting a fully integrated lifecycle approach

Business intelligence management implies finance, risk, and legal and compliance objectives, all functioning seamlessly to maximize efficiencies at every level. What are smart organizations doing today and what can the rest learn from them to ensure their own prospects for success?

Proactive organizations understand the need for a "fully integrated lifecycle" approach - a comprehensive, integrated system that unites key elements of their services and operations across the entire enterprise-management picture, while maintaining a consistent, long-range view of implementation, management and development.

For example, to integrate compliance and security needs with operations and planning functions, organizations are implementing new ways to protect and segment user access to all sensitive data. They are also setting up measurable control objectives that ensure an efficient balance between reward and risk.

By applying these principles to security and change-management policies, organizations can eliminate unauthorized use of, or change, to their systems, data and records. At the same time, organizations are pursuing better patient care via a free flow of vital information among different points of care, so that appropriate treatment can be delivered efficiently according to the very latest patient case notes.

A centralized approach to records management and control can also be an efficient way to counter the decentralized nature of activities across healthcare organizations. Organizations that are adopting a single, centralized view of all records, and implementing monitoring and technical controls that are automated whenever possible, are gaining efficiency and accuracy in their reporting. There is also a trend to organization-wide frameworks, best practices and policies for correct and consistent IT procedures, so as to maximize business results while minimizing financial risks and losses.

Work flow management focuses beyond internal processes. Organizations need their partners to observe the same security standards and vigilance. Work flow advances are being realized in these areas: medical claims; audits and appeals; financial and administrative audits; and adverse event management.

The goal is to enable partners to share efficient centralized resources to facilitate seamless collaboration among organizations, partners and suppliers. Best practices also ensure efficiency and compliance when investigations, audits or remediation are needed.

Outside partners can also contribute to the regulatory intelligence of an organization. For example, smart organizations are remaining up to speed with changing regulations by maintaining a clear link to resources and tools that keep them abreast of current or emerging laws, regulations or standards.

Advances in work flow and records management are having a positive impact across the board in terms of accuracy, efficiency, best practices, collaboration, monitoring, auditing, reporting and compliance.

Working smarter offers a huge pay-off for health organizations

What is the pay-off for organizations at the end of the day? Overall, the right IT solutions and governance procedures certainly increase efficiency in terms of operations, decision making, change management and compliance at every level. Beyond that, modern records management serves to mitigate financial risks from lost, stolen or misused data.

So where should a health organization start to make the leap to a current, compliant, Internet-based system?

A good first step toward progress on records management, smarter health care and improved compliance is promoting meaningful dialogue across the organization.

It is also about applying a lifecycle approach and having key performance indicators in place via monitoring and measuring of information, to avoid serious liability issues. That process should include: monitoring legal issues that have security implications (for example HIPAA); monitoring security issues and alerts from external organizations; monitoring and measuring quality of patient care or errors; and maintaining security regarding user access, passwords and privacy.

Making data both readily and securely available promises to reduce medical errors, facilitate innovation for patients and providers, lower costs and reduce liability. And this all translates into better, more profitable healthcare delivery.

Smart organizations will dedicate the time and resources needed to develop the appropriate expertise on data and records management and, by doing so, will dramatically enhance their prospects for success in the future.

About the author

Nancy Duarte-Lonnroth is director of quality and regulatory affairs, healthcare at Celestica. For more information on Celestica solutions, click here.

Copyright 2010
Nelson Publishing, 2500 Tamiami Trail North, Nokomis, FL 34275