By John Carruthers, staff writer, January 03, 2011
As the threat of penalties looms for physicians who fail to make the switch to electronic health records (EHR), a large number of physicians are contemplating the switch from paper to digital records in order to take advantage of government incentives before the window closes. (For details on these incentives, see sidebar.) For these physicians, there are a number of questions that need to be asked. What type of server model to use? Which processes to put in place? How to plan for downtime?
According to Daniel M. Siegel, MD, who moderates the annual EHR vendor demonstration at the American Academy of Dermatology’s Annual Meeting, good EHR infrastructure focuses on two main areas: Careful planning to eliminate downtime and security risks as much as possible and a thorough plan that can be implemented to bring the practice back to normal function as quickly as possible.
Choosing a server model
While one of the main advantages of EHR is the elimination of ponderous file boxes and large rooms for charts, the issue of storage doesn’t go away under EHR, but rather demands different storage solutions. The two main models of data storage under EHR are called client-server and application service provider (ASP) models. The client server model is the more traditional one, with a central server located in-office and networked computers feeding into a mirrored hard drive — a main hard drive paired with an identical hard drive that backs up practice information continually — over a secure data network. The ASP model requires contracting with an outside company to provide data storage and backup through a remote connection. Both methods have significant advantages and drawbacks to consider. [pagebreak]
The client-server model’s centralized architecture makes it both easy and quick to back up files and close the network to malware and other security threats. Access to system-wide upgrades and backup storage is simple, and physicians can add as many layers of backup as they deem necessary. But the accessibility and security of a client-server system can prove a sizable expense at the outset, according to James Hook, M.P.H., consultant for the Fox Group, a management consulting firm specializing in health care.
“In terms of physical infrastructure, if you’re going to go the client-server route, you’re obviously going to need a server. And depending on which software and how many providers there are, that can be anywhere from a 10 to 20 thousand dollar expense, just for that component,” Hook said. “You’ll get good response time from the software, but there are data hubs and uninterruptable power supplies that you’d want to have on hand for the client-server approach that you wouldn’t need for the other model.”
Many physicians will keep what is known as a redundant array of inexpensive disks (RAID), cheap, replaceable, inexpensive disks which act as backup for the mirrored hard drives that serve as the main data repository for practice management information and patient records. The RAID not only allows for dependable and inexpensive backup, but will also notify the network administrator of a failure in any of the disks, allowing for a constant level of guaranteed data backup. Along with a virtualization device — a program that restores practice data in the instance of an outage through application of the mirrored backup storage — the RAID can function as a quick and dependable way to get the practice back online. [pagebreak]
“The disaster sort of thing — where the world outside is fine but your practice is not — is if the server goes down. If that happens in our office — if the server itself dies — we have the local virtualization device that can restore functioning,” Dr. Siegel said, referring to stored desktop data on the practice’s central server. “It’ll run a little slower, but we can be back up and running in 45 minutes. That’s assuming that there are no other disasters happening at the time.” (If rather than the server itself, one of the drives in the RAID goes down, Dr. Siegel said, a message prompts him to swap in a new one, a much simpler matter.)
Along with a RAID and backup hard drives, many physicians will have a remote data backup, where the practice’s data is mirrored to an offsite storage location — often the physician’s home office or a secure location on the Internet paid to provide dependable remote data mirroring. Some physicians will also make a physical backup of the practice’s patient information each day — in the past with a tape backup, but increasingly with a portable hard drive. This additional layer of offsite backup security is critical in the event of a major catastrophe, such as a fire, at the practice location. Documentation of all levels of backup should be done as part of a practice’s crisis management plan. Backing up information in this manner carries with it a number of risks, including loss and attendant ID theft. Security of this backup method must be planned for and documented under the practice’s crisis management plan. [pagebreak]
“If you’re running client-server, especially when you start putting all your chart information in the EHR, you want to have at least two and probably three kinds of backups. In a server these days you mostly get a backup hard drive that’s right in the server. So if the hard drive goes bad, it’s always being mirrored and being backed up, and you hope that you don’t lose two at the same time,” Hook said. “In addition to that, you need something offsite. People have been getting away with only one level of backup for their practice management systems, and there haven’t been many failures where you hear about people losing all of their information, but it’s a whole other ballgame when you’re talking about your chart and medical records information. It would be unthinkable to lose all of that critical information.”
The ASP model relies on data backup services delivered over the Internet. The model, also known as software as a service, has become more popular recently as the cost of broadband access for many regions has gone down and the price of networking and medical software has risen for many small practices. The outsourcing of data security and storage to a professional firm has also been a popular concept with many practitioners hoping to eliminate the time commitment and concern over their practice’s data storage from their daily routine. Though the protection and storage of the data now falls to an outside entity, it’s still the physician’s responsibility to see that all proper precautions are taken with patient data. [pagebreak]
“With ASP, you’re relying on the software vendor for proper backups. You’re definitely going to want to check out how they’re performing backups — do they host in one location and then backup to another, are they relying on the cloud? — so they’re not totally relying on physical servers in their own space that could be damaged,” Hook said. “If you’re running the ASP model, you want either documentation or contract provisions that the vendor agrees to as far as its backup procedures. And some kind of documentation that they occasionally test those procedures themselves, just as you would if you had it in your office. Basically, you’re relying on someone to tell you that they did it. Anybody who’s in the business is probably going to do this the right way, but you want to have it in the contract.” A sample ASP EHR licensing agreement is available on the Academy’s website at www.aad.org/hitkit.
Data security architecture
One of the most significant considerations when planning EHR implementation is the access to the network that each member of the practice will have. The importance of patient data security under HIPAA, as well as practice productivity and security, depends largely upon limiting access and controlling the behaviors of those in the practice with access to the network or the Internet. The key, according to Dr. Siegel, is eliminating unnecessary, potentially harmful software.
“As physicians, we need Web access to look up information for patients, and the staff may need it to get approval from the insurance companies. So we have our wireless access secured, and we don’t allow instant messaging programs, the use of Facebook, because we don’t want people communicating and having back doors to bring in malicious software,” Dr. Siegel said. “You can actually be even stricter if you think it’s necessary by having the USB ports locked down like the V.A. hospital near here. You need permission to have the drive unlocked so someone can’t just put their own drive in and do things you wouldn’t want done. You try to make all users in the office limited to things they need to access. You don’t want too many people with administrator privileges in the practice — even a partner in the practice can be careless, so you’ve got to limit that kind of access.”
As for personal communication while in the practice, Dr. Siegel and his colleagues have settled on the novel idea of bringing their personal, un-networked computers into the office to handle correspondence. They’re able to use the practice’s Wi-Fi access while remaining off the practice’s network. If they need to access a practice record for some reason, they make use of secure remote virtual private network (VPN) software.
“What we do among the partners of the group is bring our own laptops in to handle any personal correspondence we might have to do. I find that I’m spending anywhere from a half hour to a few hours [handling volunteer responsibilities] during the average day,” said Dr. Siegel, who serves on the AAD Board of Directors and as a representative to the AMA RUC. “What I wind up doing is using my own laptop — I’m using the router to connect to the rest of the world, but I’m not connected to anything in the office. If I want to get something from a computer in the office next to me, I have to go in securely through our remote private VPN access.”
In contrast to Dr. Siegel’s office, many practices instead offer a broad range of network, EHR, and Internet access to a physician’s office while limiting access to exam rooms or the front office. Dr. Siegel’s setup acts as an additional level of precaution against malicious software that can be found on the Internet. [pagebreak]
Broadband and software
For physicians waiting on lab results, physicians with multiple networked offices, or those relying heavily on the ASP model, reliable, consistent broadband access is the lifeblood of the practice, according to Dr. Siegel. The speed of communication between networked software in separate locations — whether it’s communication between the physician and a lab, the physician and a referring provider, or between two of the practice’s offices — can either save a practitioner untold time, or drag the entire process to a halt. Going electronic, Dr. Siegel said, makes a physician extremely cognizant of the importance of limited downtime.
“A lot of the companies advertising Internet access will tout their uptime. For a medical practice, 99.9 percent uptime is pretty good. More downtime is more problems, for our practice and our patients. In terms of reliability, I’d say that our local cable provider is much less problematic than Microsoft software, so it’s all relative,” he said. “Windows may run for a long time without crashing, but you might find one day, after a particularly noxious update, that you’re crashing all the time. This may continue for a week or so until enough people complain and they fix the problem that they hadn’t tested for beforehand. It’s still an imperfect world.”
Planning for downtime
In planning for outages, both Hook and Dr. Siegel are careful to distinguish two types of EHR system outages — scheduled outages, which may result from building maintenance or software upgrades, and unscheduled outages, which could come from almost anywhere. The advantage of scheduled outages, Hook said, is that physicians can, to an extent, plan around them.
“The good news is that there are very few planned outages that would affect people during their work days. Whether you’ve got a client-server or an ASP approach, you can probably schedule maintenance that will take the system offline during a time when there’s no patients,” he said. “Unless you’re a 24-hour urgent care center, you can probably get around it to a great degree.”
Dr. Siegel agreed, saying that scheduled outages allow his practice to extract all relevant patient information long before the outage actually occurs.
“We will print out procedures and path reports, the day’s schedule, and relevant prior notes so we have the hard copy if needed,” he said. “It’s a certain way of having the data that you need, albeit one that kills trees.”
For practices currently making the shift from paper records to EHR, Hook recommends holding on to the current forms and processes, as they can prove a reliable fallback in the event of an unexpected outage.
“For some people, it’s helpful having the set of forms that they traditionally use or that they used before the registration —all the things that patients might fill out — on hand and prepared to use if and when the system goes down. Over time, people may forget where the forms are, so it’s important to undertake periodic review of downtime procedures as part of your disaster plan.”
Apart from keeping functionality during an outage, Dr. Siegel said that it’s important to have protections built in to the sensitive data network of a practice. Just as yanking the power cord out of a computer is not recommended, it’s not wise to leave your practice network without a battery backup that will allow a window of time for an orderly shutdown of computers and servers.
“If the power dies, what happens is we essentially have some time on the hardwired system because the servers and PCs all have battery backup, along with the routers. We can have an orderly shutdown if that happens during the work day,” Dr. Siegel said. “If it’s truly a power outage, I actually have battery-operated head lamps that we can wear to get around while we’re doing what we need to do to shut down. It’s nice to be able to close down normally, and the server will, after a certain amount of time on the battery backup, shut down normally and save your data as that’s happening, even if you don’t get to it right away.”
A practice’s data backup practices come into especially sharp relief in the event of a disaster or break-in, Dr. Siegel said. Proper backup, in this case, is the key to restoring a practice to functionality as soon as possible.
“If we come in one morning and someone’s broken in, everything’s missing, then we’re down for at least 24 hours. We have to make a phone call to our support people, who will contact the people that have our data backed up remotely. They have to restore it to a new box so we can get back up and running,” Dr. Siegel said. “In that case, we’re looking at a best-case of 24 hours before we’re back running, and more likely a 48-hour period with shipping and configuring. That can be a real nightmare if that happens. We do some things to decrease that possibility — we don’t keep drugs in the office, there are no narcotics, no recreational drugs, and really nothing that tempting for people to steal. I don’t think computers make great theft targets these days. Trying to steal big boxes without a lot of market value doesn’t offer a lot of return.”
In the end, Dr. Siegel said, while the percentage of dermatologists who would consider themselves EHR experts is a small one, it’s important for practitioners to familiarize themeslves with at least the basic dimensions of their EHR technology.
“I think that there’s a group of us with more than a passing interest in technology, but for many, the idea of an EHR isn’t too far removed from that of a car. Some people want to take it apart on the weekends, soup it up,” Dr. Siegel said. “For everyone else, people just want to get in, turn the key, and try to remember when to get an oil change. I think society resources will help you start, and a lot of it still comes from word of mouth in your community.”
EHR incentives available for meaningful use
On July 13, 2010, the Centers for Medicare and Medicaid Services (CMS) released the final rule detailing how eligible physicians and hospitals can qualify for EHR adoption incentives. The incentive program begins in 2011 and offers significant financial incentives to physicians who satisfy a series of 15 core measures to prove they are meaningful users of an EHR, including implementing e-prescribing, recording demographic information from patients, and providing electronic copies of their health information. Incentive payments will be made through 2016, with penalties of a percentage of all Medicare charges beginning in 2015. Receipt of the meaningful use incentive will disqualify providers from earning the e-prescribing bonus (see p.6).More details on the incentive program are available at www.aad.org/hsr.
Total available incentive, by year of adoption:
- 2011 $44,000
- 2012 $44,000
- 2013 $39,000
- 2014 $24,000
- 2015 $0 (1 percent penalty for non-adoption)
- 2016 $0 (2 percent penalty)
- 2017 onward $0 (3 percent penalty)
*Note: Incentives are paid out over the course of five years.