Case StudiesSee where and how we've made an impact.
Solve Healthcare had the privilege of working with one of California’s premier cardiology practices. We were given a “blank slate” to assist them to revamp their entire technology and compliance operation from the ground up. This presented a tremendous opportunity and it’s fair share of challenges, too.
Support Staff: 30
- Reduction in Paper 85%
- Improvement in IT Performance 80%
- Medical Devices Connected to EHR 90%
- Meaningful Use Qualification 100%
How did we choose an EHR system?
Solve Healthcare’s EHR/PM Team assisted the client to determine which electronic health record system was most suitable for the practice based on the following considerations:
- Specialty: The Providers should have the ability to create cardiology-specific templates.
- Workflow: The operational and paper-driven functions should be qualified in the EHR and PM.
- Mobility: The system should allow Providers to view charts and e-prescribe using a smartphone/tablet.
- Interoperability: The system should have the interfacing capability to connect to the local hospital system.
Which EHR systems did we evaluate?
We hosted demonstration sessions with the following vendors to review the system, features and technical specifications:
After a thorough evaluation of the options, the client selected Allscripts. The Allscripts Pro suite of products provided the customization tools and mobility functions that were top considerations for the practice. The Providers elected to utilize Dragon Medical Practice Edition, the Patient Portal and remote access to enhance the EHR and PM experience.
What was the state of the existing IT environment?
The feedback we received from the client indicated that the overall performance, reliability and consistency of the configuration was poor. During our IT audit, we made the following observations:
- Servers: Signs of hard disk drive failure, insufficient memory and a dated, 32-bit operating system.
- Workstations: Inconsistent configurations, multiple operating systems and malware problems.
- Network: Entry-level business DSL connection, far too slow for the current and future bandwidth needs.
- Security: No existing group policy in place and most end-users shared accounts and did not use passwords.
- eMail: Existing e-mail platform was not HIPAA-compliant; there was no message encryption and archiving.
- Backup: The practice was not backing up data and ePHI.
Enhanced IT Infrastructure
Our team jumped into action, crafting a plan to transition the practice to reliable, scalable, high-performing information technology solutions with virtually no downtime:
- We installed new DELL servers to separate duties and improve the end-user experience.
- Our HIT Experts established platform continuity by upgrading, replacing and aligning all workstations.
- Leveraging our partnership with Time Warner, we implemented a cost-effective, robust Internet connection.
- Solve Healthcare’s technology and compliance team collaborated to develop a customized security policy.
- We trained end-users on basic system functions, network access and acceptable usage.
- The client took advantage of our three-layer backup solution to protect their data and investment.
What challenges did the practice experience with the EHR and PM system?
As is the case with many early adopters of electronic health records, our client struggled to maximize use of the Allscripts Pro suite. The vendor training was limited, leaving many of the features undiscovered and frequent fixes/upgrades to the software pushed them further behind.
How did Solve Healthcare identify problem areas?
Based on feedback, we tasked members of our EHR/PM Team to sit down with each Provider and assess the following:
- Voice Utilization: Was the Provider using the voice recognition software to navigate through the application?
- Encounters: How efficiently did the Provider chart data? Were templates used to minimize time?
- Assessment and Plan: Were patients provided with exit materials and directed to the Patient Portal?
Next, we examined the check-in, check-out and business office functions:
- Registration: How are patients checking-in and what information is captured?
- Payments/Collections: Are payer and patient receivables processed efficiently?
- Workflow Integration: How well did support staff prepare and follow-up in the EHR and PM systems?
Solve Healthcare made a number of recommendations that boosted overall system efficiency by 25%, introduced checks and balances, allowed the Providers more time in-between patients and provided the management with metrics and access to features to audit the practice performance on a continual basis.
Medical Device Inventory
The practice had a number of medical devices that they sought to integrate with the Allscripts EHR system, including, but not limited to:
- St. Jude Pacemaker Reading Device
- Boston Scientific Pacemaker Reading Device
- Spectrum Dynamics Nuclear Machine
- Mortara EKG Machine
Technical Considerations and Interfacing
There are several different hardware interfaces through which the data originates and each device generates different resulting media- paper, proprietary electronic filetypes and PDFs. All data needs to be exported into the Allscripts EHR Input Manager, a document import tool and management system that allows end-users to attach documents to a patient file.
Solve Healthcare Solution
Using a combination of customized software and trained workflows, we derived a solution that collected data from all devices and transmitted the electronic files as JPEGs to the Allscripts EHR Input Manager. Each filename included identifying information, a page number, date and time so that end-users could distinguish between the data sources and patient events. As a result of this implementation, virtually all medical devices at the practice are communicating with the EHR at a cost savings of thousands of dollars.
State of Compliance
Our client had the basic HIPAA faculties in place- policies and procedures and in-service. However, with evolving HIPAA guidelines and the introduction of HITECH, there were several updates, additions and training measures that needed to be administered to begin building a “culture of compliance”.
Our in-house attorneys, compliance professionals and Meaningful Use experts examined the following aspects of the organization:
- HIPAA Policies and Procedures
- HIPAA Privacy
- HIPAA Security
- HIPAA Breach Notification
- Notice of Privacy Practices (“NPP”)
- HIPAA Awareness Training and Education
- Meaningful Use/HIPAA Risk Analysis
- HIPAA Business Associate Agreement (“BAA”)
Solve Healthcare worked with the management to revise the existing materials and introduce an online training platform that distributes access to end-users, places them in categories based on their role and assists them to complete all HIPAA and OSHA requirements. Management uses a dashboard to monitor completion, onboard Business Associates via e-signature and prepare for or qualify MU measures.
Solve Healthcare develops customized interfaces between medical practices, hospitals, HIEs, ACOs and IPAs. A general surgery clinic tasked us to develop an interface that connects to the local hospital Epic electronic health records system. This phased project was designed to deliver referrals, patient demographic information and eventually, a continuity of care document (CCD) and analytics.
For this project, Solve Healthcare’s Interface Development Team had an opportunity to collaborate with Epic system experts, Allscripts Support, mirth programmers and other supporting resources. The successful implementation of this interface is the first of it’s kind in the region.
The management team at our client site, our technical leadership and hospital executives worked together to develop the business objectives around this project. The goal of the technology interface is to achieve:
- Customer Satisfaction
- Surgery Patient Care Throughput
- Clinical Efficiency
- Quality Management
- Cost Effectiveness
Both organizations agreed to focus on specific “modules” centered around operations, outcomes, data gathering and Meaningful Use:
- Outpatient process efficiency
- Intra-operative care for patient safety and better health outcomes
- Surgery supply chain management for cost reduction and safety
- SCIP compliance and alignment within the bundle
- Surgical site infection reduction
- Length of stay reduction
- Patient readmission, complications and death reduction
- Increase in patient satisfaction scores
- Rate reduction in ventilator-associated pneumonia, catheter related blood stream infections
- Enhanced care in Geriatrics G-60 general
Information technology was the driver of the program and Solve Healthcare was assigned to lead the effort to develop an interface that meets all desired business objectives.
The technical considerations for this project were complex and included many unknowns. Our Interface Development Team worked closely with the hospital information technology personnel to plan and deploy the interface. Each phase of the project required careful analysis and simulation in order to verify the configuration, functionality and security of the interface.
- Firewall: Utilized by each organization, respectively to a establish a secure, site-to-site VPN.
- Allscripts Database Server: Used to receive data from the hospital.
- Epic Database Servers: Used to transmit data inputted by their Providers and staff.
- Epic EHR: Prepares and sends referral and demographic information to the Rhapsody Integration Engine.
- Orion Health Rhapsody Integration Engine: Formats and transmits an A04 message to surgery clinic.
- mirthConnect: Receives and parses A04 messages sent from the hospital.
- Allscripts Interface Engine (AIE): Translates A04 messaging data into the Practice Management software.
- VPN: The connection between the site is configured using a 3DES encryption and MD5 authentication.
- Messaging: All ePHI contained in the A04 messages are fully encrypted during transmission.
- Logging: Each organization monitors the interface and there is an audit trail for each event.
The technical requirements for this project were determined over many months and fine tuned in order to accommodate the capabilities of systems on both ends.
Prior to the introduction of the interface, the hospital and surgery clinic communicated referrals and patient demographics as follows:
- Step 1: The hospital printed out a patient summary.
- Step 2: This patient summary was accompanied by a referral memorandum and faxed to the surgery clinic.
- Step 3: The surgery clinic received the fax and manually inputted into the Practice Management system.
Often times during this process, referrals did not transmit or were not inputted into the system.
Revised, Technology-Driven Workflow
The introduction of the interface eliminated the manual inputting, human error and failed transmissions. This resulted in a time savings, cost benefit and accurate information across systems. The interface works like this:
- Step 1: The referral is prepared in the EHR and securely transmitted by a clinician at the hospital.
- Step 2: Within minutes, the message is received at the surgery clinic and the staff is alerted via e-mail.
- Step 3: The staff imports the patient and stores both Epic and Allscripts patient IDs.
- If the patient already exists, the end-user is notified and is able to update the global record.
- Step 4: The patient is scheduled for an appointment in the Allscripts Practice Management system.
Change Management & Training
A Change Management procedure was required to place the completed interface into a production environment. After months of testing and subsequent approval, both organizations selected a “go live” date. Our HIT Experts prepared step-by-step training videos for our client that they rely on as a reference tool and to educate future employees.
Health Information Exchange
Solve Healthcare has worked with HIEs across the country to assist them with some of today’s most complex challenges. One of their top priorities is to use technology to capture and maintain patient consent decisions, identify which sensitive portions of patient information are restricted from access, and communicate these restrictions electronically with others.
This case study provides a glimpse into the design and delivery of our eConsent model and how it can be used by an HIE to educate and secure consents from patients.
After meeting with the leadership at several HIEs and reviewing the eConsent Toolkit provided by the Department of Health and Human Services, our App Development team derived a software framework that encompasses the following configuration:
- Platform: The solution should be web-based so that patients would not require specific software to consent.
- Interface: We elected to use the mirth database, one of the most flexible, widely used enterprise solutions.
- Administration: HIE participants will access a portal to generate unique codes for each patient consent form.
- Accessibility: Patients can access the eConsent system on a desktop, laptop, smartphone or tablet.
- Consent: A global consent form that utilizes e-signature and photo capturing (optional) to validate consent.
- Reporting: All patient data is securely transmitted to the mirth database and accessible in read-only format.
When determining the hardware, software and bandwidth requirements, it was most critical to examine the scalability and interoperability considerations of this project. The long-term objective for HIEs is to enable communication between all participants, so the backbone of the eConsent solution utilizes:
- Amazon Web Services
- Elastic computing
- Unlimited bandwidth
- High availability
- Content delivery network
- mirthConnect Database Software
- Solve Healthcare eConsent Software
How are the servers secured?
The equipment hosted at the AWS Security Center complies with the highest standards of security and HIPAA guidelines. Some of the features of the data center include:
- 24/7 Trained Security Guards
- Multifactor Access Control (MAC) Systems
- State-of-the-art Electronic Surveillance
In addition to physical safeguards, AWS also provides for these technical safeguards:
- Built-in firewalls
- Private subnets
- Encrypted data storage
- Dedicated connections
- Security logs for auditing
How is transmission secured?
Data exchange between the Solve Healthcare eConsent platform and AWS is secured using a fully encrypted, point-to-point SSL connection that is monitored 24/7. Our sophisticated tools allow us to set specific “rules” for how data is sent and received, disabling any unauthorized activity.
How can we be sure that AWS is HIPAA-compliant?
To affirm the aforementioned parameters and protocol, AWS has executed a Business Associate Agreement with Solve Healthcare in accordance with their commitment to process, maintain and store protected health information.
Educating the patient population is the most difficult challenge for any HIE. The traditional approach has been to engage patients as they arrive at the participating locations. However, this method relies on the patient, does not blanket large segments of the patients and may never reach patients that don’t visit the doctor often or are otherwise aloof. Moreover, patient confidence in the security and privacy of ePHI is challenged by security breaches in the media, unauthorized use of healthcare records for fraud and a host of other plaguing factors.
Solve Healthcare sought to formulate a new approach by introducing a unique collaboration between the HIE, local agency and private enterprise.
Partnering with Private Industry
For businesses, patients can also be identified as consumers or employees. We illustrated the logistical challenges of the HIEs to large employers in a given region to encourage them to educate their employees about consenting with the HIE. There are many benefits incurred by the business:
- Opting in patients to keep them connected to their health
- Potential reduction in healthcare costs to policyholders/employer
- Consenting in a controlled environment to better protect health records
- Local press
Local and State Agencies
To verify patient information against a local database and capture even more patient traffic, we crafted a plan to work with local and state agencies to educate citizens on the HIE presence and provide them with an opportunity to consent on-the-spot at a trusted location.
Members of our management routinely assist startups, VCs and private equity groups in the validation of devices or applications for the healthcare marketplace. In this instance, our efforts were focused on bringing a technology into compliance with regulations so that it could be presented as a fully-compliant product and assisting our client to develop an effective go to market strategy for healthcare based on their newfound compliance with HIPAA and HITECH.
Profile: Silicon Valley Startup
Technology: Cloud Storage
Silicon Valley is ground zero for technology innovation. There is an emerging trend in the Valley of established and startup companies entering the healthcare space to introduce compelling products or services to a growing marketplace.
Solve Healthcare’s Business Consultants performed a “deep dive” examination of different aspects of the client business model in order to identify areas of improvement and develop strategy around market impact.
- Customer is keen on increasing adoption amongst physician end-users.
- Validate for HIPAA compliance and develop marketing strategy focused on patient privacy and security.
- Encourage patients (or consumers) to safeguard/update their personal health record using cloud storage.
- Produce use case to demonstrate interaction between patients and physicians using smartphone platform.
Exposure in Healthcare
We also examined the client’s footprint in healthcare to determine how to expand on existing relationships and build a strong portfolio of advocates. After performing an initial assessment, we collaborated with our client to target the following profiles:
- Hospitals, ACOs and IPAs: Craft a turnkey enterprise cloud storage initiative to “blanket” health systems.
- Medical Practices: Provide a cost-effective data warehousing solution for physicians and patients.
- Patients: Since many end-users already utilize the platform to store files, pictures, etc., we would educate these consumers on the importance of protecting their personal health information.
Our client was primarily interested in targeting medical practices and hospitals to encourage a “top to bottom” movement towards educating patients and colleagues about the solution.
Ease of Use and Accessibility
One of the most important factors in driving adoption is to ensure that a solution is easy to acquire and user-friendly. In a world where mobile devices reign, the client application had to function seamlessly on a smartphone and integrate with computer desktop functionality.
We determined the application was accessible as follows:
- On a desktop or laptop machine using a web browser
- On a smartphone using the Android or iOS operating system
- Through an API to communicate with third-party applications
- Real-time file syncing to keep data up-to-date
Application and Usage in Healthcare
We determined that there were several uses for cloud storage in healthcare that were largely untapped:
- Storage of scanned patient records; eliminates paper and the risk of records being lost or stolen.
- Serve as a “personal HIE” for patients to aggregate their health records in one, secure place.
- Used by HIEs as a consenting and storage tool.
Solve Healthcare’s technical team supplied feedback to the client to help prioritize ongoing development tasks:
- The API must have the capability to interface with multiple EHR vendor systems
- The application should utilize smartphone camera features to snap pictures of documents and conditions
- The application should have a specific folder for the collection and chronology of health records
One of the most exciting aspects of this project was the opportunity to introduce one of only a few HIPAA-compliant cloud storage solutions. Solve Healthcare’s collaboration between technical and compliance professionals provided our client with a unique advantage. We reviewed the compliance architecture to establish that the following safeguards were in place:
- Infrastructure: Servers are safeguarded from unauthorized access.
- Communication: Secure, encrypted transmission and receipt of data stored in the cloud.
- Access: Multilayer authentication to verify patient (end-user) identity.
- Auditing: Administrators should be able to monitor activity and report on usage.
- Policies and Procedures: Customer should provide for a HIPAA Business Associate Agreement.
- Usage: Validation that the application is suitable for adoption under HITECH guidelines.
Based on our findings, we were prepared to present the client with compliance-driven marketing techniques that would enhance the appeal of the product and quell concerns about cloud storage in healthcare. Since the compliancy was the most distinct attribute of the application, we recommended a strategy that delivered the following message to clients:
- All account types, including free accounts, encompass all HIPAA compliance features.
- End-users can seamlessly transition to the cloud storage platform without introducing complex hardware.
- Physicians can meet specific Meaningful Use objectives by using cloud storage to communicate with patients.
- The solution nicely integrates into the workflow of a healthcare organization, resulting in time and cost savings.
Our client wanted to produce a use case based on an actual (anonymous) patient experience that followed the use of the cloud application throughout the process- from initial patient engagement, check-in to check-out and follow-up. Solve Healthcare provided for access to a patient and medical practice that authorized the documentation of such an encounter and delivered a comprehensive illustration of the adoption, functions and security of the software.