As the Healthcare Administrator for this critical access hospital making sure the health information of both patients and employees is our top priority. As employees are hired they will be informed about the policies and procedures of HIPAA.
When staffs are hired they will go through their orientation training. The will be taught by our Health Information Manager who is well versed in HIPAA policies and procedures a well as an excellent instructor. This mandatory training will allow time for the instructor to explain the policy and procures that apply to the staff and how they affect the hospital as a whole. Each staff member will need to sign-in along with participating in a discussion. Once the discussion is over there will be a test to make sure they staff understands key points of training. If a staff is unable to attend they will be required to get permission from their supervisor and schedule for make-up training. Once the staff has taken the initial training they will then be required to take a HIPAA refresher course each year. If the staff fails to take this training each year there will be repercussion implemented.
Protected Health Information (PHI) which includes individuals Name, date of birth and visit ID number are three of patient’s information that is allowed to be discussed among employees. There are not to be discussed freely but only when necessary for patient billing, patient medical questions and for follow-up appointments. People who may discuss this information are employees that are working directly with the patient including doctors, nurses, secretarial staff and billing coordinators. Sharing of the patient information should only take place in secure locations away from people others who are not providing direct care to the patient. Patient information either on a computer or paper format should not be left open or unlocked so they can be easily breached. The computer will either password protected or Swipe cards to allow for easy access to patient information whichever the staff decided is more convenient. Staff will be able to log-on to a computer as the other staff leaves allowing them to see the information for their patients at shift change. The staff will be assigned a computer for each shift and information will remain on that computer for shift change for easy changeover.
PHI is very important in this facility and we will hold our standards to prove that. If staff are negligent in holding this information to the highest regard there will be disciplinary measures. If the breach is deemed minor staff will receive a written warning and will be re-educated to make sure they are aware of the mistake they made. If there are more the 1 breach by an individual’s written warning delivered along with possible termination. If the breach is determined to be serious the breach may result in termination immediately at the discretion of the employer.
Internal audits will occur on a monthly base and will be headed by the Health Information Committee. This committee will include the Health Information Manager, Director of Nursing, and Information Technology Manager. This audit will make sure that charts are being stored and used correctly to protect PHI, make sure that passwords and swipe cards are being used efficiently and effectively and all medical records both electronic and paper are secure. This audit will determine if the staff requires more training if the IT department needs to upgrade security measures and update policies and inform staff of changes.
The Internal audits will allow the risk assessment team to meet monthly and evaluate the audit and discuss possible upgrades or changes that should be made to prevent PHI security breaches. Consultants may be brought in when the facility may need major upgrades in security.
Investing in a new EHR system can be an expense but in the long run, it will allow the critical access hospital to better manage PHI and make sure it remains secure. The Key stakeholders that the new EHR system will be presented to our Director of Nursing, Chief Medical Officer, Health Information Manager, IT Director, Pharmacy Director and the Chief Executive Officer. The Key stakeholder will decide if the new EHR system is right for the critical access hospital. EHRs and the ability to exchange health information electronically can help you provide higher quality and safer care for patients while creating tangible enhancements for your organization. EHRs help providers better manage care for patients and provide better health care by: Providing accurate, up-to-date, and complete information about patients at the point of care, Enabling quick access to patient records for more efficient care, Securely sharing electronic information with patients and other clinicians, Helping providers more effectively diagnose patients, reduce medical errors, and provide safer care, Improving patient and provider interaction and communication, as well as healthcare convenience, Enabling safer, more reliable prescribing, Helping promote legible, complete documentation and accurate, streamlined coding and billing, Enhancing privacy and security of patient data, Helping providers improve productivity and work-life balance, Enabling providers to improve efficiency and meet their business goals and Reducing costs through decreased paperwork, improved safety, reduced duplication of testing, and improved health. (https://www.healthit.gov/faq/what-are-advantages-electronic-health-records). Two CMS requirements that the new EHR system will have to have to be eligible for Medicare and Medicaid reimbursement are; Use of certified EHR in a meaningful manner and Use of certified EHR technology for electronic exchange of health information to improve quality of health care. (https://www.cms.gov/Regulations-andGuidance/Legislation/EHRIncentivePrograms/downloads/MU_Stage1_ReqOverview.pdf).
When upgrading to a new EHR system the hospital must make sure that the desktops, laptops and other devices are up-to-date with all software that is required. In some cases, hardware may need to be replaced to better work with the new system. The equipment will need the proper amount of storage, appropriate processors and the firewalls that prevent intrusions into the network.
The cost of EHR systems ranges from $3 million to about $7 million. The cost may not include upgrades that the hospital’s devices or servers may need. When choosing between Cerner, Meditech and Epics I would recommend Cerner Tier 2 EHR System. Tier 2 has more benefits than Tier 1 that will greatly benefit the hospital. It includes clinical documentation and Billing office application and supports integrating the system. Epic was comparable to Cerner, however, the cost was much higher. Meditech was lacking in the billing office application section and does not seem as comparable. All three systems are comparable with security and implementation.
There are three important components that should be implemented with Cerner. They are computerized physician order entry (CPOE) system is basically an automated order-entry system that captures the instructions of physicians with regard to the care of their patients, Computer-based decision support systems (CDSS) are medical information processing systems that are designed to aid clinicians in making complex and/or less-than-complex clinical-based decisions (Tan ; Payton 2010 pg123). Another component is the Physician dictation system which allows the physician to speak into a computer to record information. This allows for easier and more accurate coding and billing. The Security features of Cerner are advanced malware protection, from the endpoints to the firewalls, along with countermeasures for top attack vectors including email and web filtering gateways. Our integrated solutions include identification, advanced authentication, auditing and log correlation (https://www.cerner.com/solutions/network-security).
The training on the Cerner HER system will be an estimated 7 hours per employee. The 7 hours will be split between two 3.5 hour training days. Employees will be required to attend all levels.
There will be 10 sessions offered for each level for the 150 dayshift employees. There will be 15 people in each class. There will be 5 nightshift session for each level with 10 people in each class.
The total cost of the training for each employee for 6 hours at $21 an hour will total $126.00. The cost for all 200 employees will be approximately $25,200. If the training was required for 10 hours at $21 per hour the total cost would be about $42,000. The total for this training will be between $25,200- $42,000.
All staff including Physicians will be required to take the Cerner training course. The training schedule attached should be followed as such unless there is prior approval from the director. The schedule as shown below allows for 75 physicians employed at the critical access hospital to attend training.
A train-the-trainer program will be implemented for educating staff about the Cerner EHR system. Each department director and one staff that is fully trained, not only in the Cerner EHR system but also understand how to teach it. These staff will attend 3 of out the 10 sessions offered to fully understand and help implement the program. Once the new staff trained the trainer will be easily accessible to the new staff for any questions or concerns.
The transition plan for transitioning employees will be the pilot approach requires the installation of the new system in sites that are representative of the complete system (e.g., in a small geographical area). This means that certain locations or departments are to serve as “alpha” pilot test sites first, followed by other “beta” pilot sites or departments until all sites operate under the new system (Tan ; Payton, 2010 pg. 250).
Employees will be evaluated for competency during training by both an instructor and practice test on the Cerner EHR system. Critique or comments about the training program will be greatly appreciated so that it can be improved.
The best time to implement the Cerner HER system is Wednesday at 9:00 am. It is usually slower at this time and staff has had time to change shifts and get started with their day. There are three leaders that should be on-site and easily contacted at this time and that is the Health Information Management Director, Director of Support Services, and the Director of Nursing. The Health Information Management Director will be able to support employees with confidentiality and integrity issues that arise. The Director of Support Services will keep track of the change over throughout the pilot approach and manage any technical issues. The Director of Nursing will be able to support the nurses and clinical staff that may need support on the floor.
Rewarding the staff during the training for asking a question and being involved by giving them pens, notepads or other small gifts. When the classes are full the staff will be rewarded with pizza for lunch. Staff will be rewarded for taking the class more than once with food along for that day but also a gift card to the cafeteria. After the transition has been in progress for more than 2 weeks exceptional staff will receive a gift card to local restaurants.