Search the KHIT Blog

Saturday, August 25, 2012

Stage 2 Final Rule and 2014 CEHRT Final Rule


So, the day after the new FRs were released we had this big breathless national REC webinar conference call. The slide deck can be downloaded here.

74 pages into the 101 page deck they get to the EHR Cert Rule.

CHIME chimes in.

 “We commend the Centers for Medicare & Medicaid Services and the Office of the National Coordinator for Health IT for seeing the wisdom and practicality of heeding many of CHIME’s recommendations, filed during the spring public comment period. By allowing providers to demonstrate Meaningful Use through a 90-day EHR reporting period for 2014, government rule-makers have ensured greater levels of program success. And by including additional measures to the menu set, providers have a better chance of receiving funds for meeting Stage 2.

“However, we also recognize that these points are conciliatory and that many details may need further clarification. The final rule still puts providers at risk of not demonstrating meaningful use based on measures that are outside their control, such as requiring 5 percent of patients to view, download or transmit their health information during a 3-month period. Some areas of clarification include some of the exclusionary language as well as nuances around health information exchange provisions, clinical quality measures and accessing images through a certified EHR.

“CHIME will continue to delve into this sizable and weighty effort, including the technical specifications and certification criteria”
I'm sure I'll address the crux of the Stage 2 criteria stuff (petabytes are being posted by every HIT pundit in the nation as we speak), but at the outset I am way more interested in what they've issued with respect to HIT "usability." Technical "capabilities" are necessary and fine, but if navigating them adds appreciable workflow burden to already stressed clinicians and support staffs, it gets increasingly difficult to make the ROI case.

The word "usability" pops up 32 times in the CEHRT FR, beginning at page 90 (of 474 pages).
Safety-enhanced design
In the Proposed Rule, we provided an overview of the ISO definition of usability as “[t]he extent to which a product can be used by specified users to achieve specified goals with effectiveness, efficiency, and satisfaction in a specified context of use.” We outlined that EHR technology certification could introduce some improvements in usability, which we believed would enhance both the safety and efficiency of CEHRT. In the Proposed Rule, we also reviewed the November 2011 Institute of Medicine (IOM) report titled, “Health IT and Patient Safety: Building Safe Systems for Better Care,” in which the usability of EHR technology and quality management was often referenced. The IOM noted that “[w]hile many vendors already have some types of quality management principles and processes in place, not all vendors do and to what standard they are held is unknown.”
To repeat:
The IOM noted that “[w]hile many vendors already have some types of quality management principles and processes in place, not all vendors do and to what standard they are held is unknown.”

ASQ Software Quality Division? Hel-LO? Is ANYONE listening.
Asked and Answered. But, they're up on Twitter now,

so, we'll see what happens after I "tweet" them. What's the latest on the Division website (as of today)?

I have to confess to my perplexity with respect to the ongoing HIT inattention. ASQ generally seems to have come to be increasingly sclerotic in many quarters. I will continue to call them out. It's all in good faith.

Continuing with the CEHRT FR:
We proposed that a significant first step toward improving overall usability would be to focus on the process of user-centered design (UCD). While valid and reliable usability measurements exist, including those specified in NISTIR 7804 “Technical Evaluation, Testing and Validation of the Usability of Electronic Health Records,” we expressed that it would be inappropriate for ONC to seek to measure EHR technology in this way.
Really? Well, then, just who the heck is gonna require it?

Readers might recall that I had a bit of irreverent sport with ONC's 2011 HIMSS Conference "Usability" presentation.

18 months ago. I still just love the "Rigorability" thing.

More snips.
One commenter noted that usability is a quality of interactive software
that can be objectively defined and evaluated. This commenter suggested that we adopt the following standards for EHR technology certification: Standard 13407, UCD/NISTIR 7804, ISO Standard 25062, and Common Industry Format for Summative Usability Tests NISTIR 7742.  [pg 94]
...One commenter expressed support for the certification criterion, but
disagreed with the assumption that user interface (UI) validation testing must be performed by end-users. This commenter’s experience was that UI validation tests performed by internal design experts are more effective than the same testing performed by end-users. This commenter reported that engineering a UI to the needs of a user who is encountering that interface for the very first time, invariably results in an interface designed to accommodate the novice, at the expense of denying power and efficiency to the same user who will quickly gain familiarity with a well designed interface.  [pg 98]
  One commenter suggested that ensuring usability is the key to successful physicianadoption of EHRs, yet expressed concern that our proposals as drafted gave no consideration as to the clinician decision-making process or practice workflow.
One commenter expressed concern that the adoption of a particular methodology does not guarantee that software will improve. Other commenters suggested that the testers would need to be selected who are professionals already familiar with more than one EHR technology and are in the same specialty as the target market of the EHR technology developer. [pg 99]
Response. We thank these commenters for their thorough and thoughtful feedback. Although the implementation of suggestions 1 through 5 may provide a better understanding of EHR usability today and chart a path toward improved usability in the future, they fall outside the scope of this certification criterion. We have not included NISTIR 7804 in the 2014 Edition EHR certification criteria, but may consider it for future editions of certification criteria. We do believe that UCD will – by definition – consider the clinical decision-making process and disagree with the commenter that it does not. Finally, we agree that both formative and summative testing are valuable, and we agree that testing in a lab setting and testing in the field are also important. This certification criterion is a first step toward formal usability testing becoming part of the culture of EHR technology development. We therefore clarify that, at a minimum, only lab-based summative testing is necessary to be performed in order to demonstrate compliance with this certification criterion. Nothing precludes field-testing and formative testing from also being performed and we encourage EHR technology developers to do so.
Quality Management System
In the Proposed Rule we noted that the IOM had also recommended that we “[establish] quality management principles and processes in health IT.” We stated that, working with other Federal agencies, we intended to publish a quality management document that would be customized for the EHR technology development lifecycle and express similar principles to those included in ISO 9001, IEC 62304, ISO 13485, ISO 9001, and 21 CFR part 820. We anticipated that this document would provide specific guidance to EHR technology developers on best practices in software design processes in a way that mirrors established quality management systems, but would be customized for EHR technology development We stated that we understood that some EHR technology developers already have processes like these in place, but did not believe, especially in light of the IOM recommendation, that the EHR technology industry as a whole consistently follows such processes. We indicated our expectation to publish the quality management document around the same time as the Proposed Rule would be available for public comment. We indicated that we were considering including an additional certification criterion in the final rule that would require an EHR technology developer to document how their EHR technology development processes either aligned with, or deviated from, the quality management principles and processes that would be expressed in the document. We emphasized that this certification criterion would not require EHR technology developers to comply with all of the document’s quality management principles and processes in order to be certified. Rather, to satisfy the certification criterion, EHR technology developers would need to review their current processes and document how they do or do not meet the principles and processes specified in the document (and where they do not, what alternative processes they use, if any). We stated our expectation that this documentation would be submitted as part of testing and would become a component of the publicly available testing results on which a certification is based. [pp 100-101]
You got all that? In other words, _____________________________.

Gotta love this FR excerpt as well:
Many commenters expressed support for our proposal adding, in many cases, arguments about the critically important role that usability plays in the aspect of the safety and reliability of EHR systems, noting that if usability is not carefully analyzed it can cause design induced errors. Other commenters were clear that they felt the results of UCD and quality systems testing should not be made publicly available, and that doing so would open the door for EHR developers’ intellectual property to be misappropriated. Some commenters were simply opposed to this criterion, citing an unnecessary burden on the industry. [pg 92]

The hits just keep on comin'...
We encourage EHR technology developers to choose an established QMS [Quality Management System], but developers are not required to do so, and may use either a modified version of an established QMS, or an entirely “home grown” QMS. We also clarify that we have no expectation that there will be detailed documentation of historical QMS or their absence. As specified above, we believe that the documentation of the current status of QMS in an EHR technology development organization is sufficient. [pp 107-108]
"Home Grown"?

I have to wonder whether calls for the FDA to regulate HIT will arise anew in the wake of a ruling such as this. I know they don't want that headache, but, still.


"Price transparency?" This will be much loved. Be interesting to see how the more opaque vendors will comply with (or finesse) this requirement.

Not to worry about any of this. Clinic Monkey EHR is on it.

My new VP of Software QA.


Market For EHR Replacements Is On The Rise
AUG 14, 2012

MedscapeHalf Of EHRs Sold Are Replacements
Use of electronic health records is snowballing, and so is the number of unhappy users. Half of EHR systems sold to physician practices are now replacements, up from 30% last year, according to a recent study by research firm KLAS.  The leading reason for switching systems, cited by 44% of practices, is product issues. Service issues group consolidation — such as when a hospital converts newly hired physicians to a new EHR — are a distant second and third (Lowes, 8/13).
"Product issues."


Notice of this LinkedIn Healthcare Executives Network post recently arrived in my inbox.

Well, I shot this on my iPhone as I was leaving CostCo yesterday.

And we wonder...

1/4 lb hot dog, 20 oz Coke, and Very Berry Sundae, $3.15 (probably add in some fries as well, 'eh?).

CABG px ~$63,000.


J.D. Kleinke says:
August 26, 2012 at 9:54 am
No capitalist ideology here, folks, just calling the game like I see it. I think the health insurers and their shareholders would be better served minding their core business: managing both the health status and costs of commercially feasible populations. No fancy tricks or special press releases for that – just lots of hard work: adjudicating claims, rooting out fraud, aligning payment with evidence, managing provider and patient adherence to that evidence, tracking outcomes, and steering people toward better hospitals and doctors – all those great ideas from the past two decades everyone likes to talk about but almost no one really ever gets around to executing. "Fools' Gold Rush: ObamaCare and the Medicaid 'Opportunity'."

Indeed. No, let's just keep doing Work About The Work About The Work. All while we watch a tsunami of Innovative Lean Agile Six Sigma Health 2.5 Radically Transformative  Startup Apps wash over and deliver us.

This Kleinke observation just zings:
In normal businesses, with willing buyers and sellers and functioning marketplaces, enormous revenue opportunities do not necessarily translate into commensurate opportunities for profit. And Medicaid is about as far from a normal business as one can imagine. It is the emergency room for our worst chronic social problems. Illiteracy, drug addiction, broken families, migrant labor, illegal immigration, teen pregnancy – you name it, and Medicaid gets to deal with it. Medicaid programs attempt, mostly through heroic individual efforts, to serve a desperately needy population of the poor, chronically ill, mentally unstable, and recklessly pregnant. They do so by overworking and underpaying the nation’s most aggrieved providers, gouging drug companies, and transferring costs wherever they can to the rest of the system.
JD pretty much rocks. See my earlier post "Use Case" citing him.


Largely obscured by the hubbub of Stage 2 and CEHRT was the release of this (pdf) on Friday:

Administrative Simplification: Adoption of a Standard for a Unique Health Plan Identifier; Addition to the National Provider Identifier Requirements; and a Change to the Compliance Date for the International Classification of Diseases, 10th Edition (ICD-10-CM and ICD-10-PCS) Medical Data Code Sets 

AGENCY: Office of the Secretary, HHS.

ACTION: Final rule.


This final rule adopts the standard for a national unique health plan identifier (HPID) and establishes requirements for the implementation of the HPID. In addition, it adopts a data element that will serve as an other entity identifier (OEID), or an identifier for entities that are not health plans, health care providers, or individuals, but that need to be identified in standard transactions. This final rule also specifies the circumstances under which an organization covered health care provider must require certain noncovered individual health care providers who are prescribers to obtain and disclose a National Provider Identifier (NPI). Lastly, this final rule changes the compliance date for the International Classification of Diseases, 10th Revision, Clinical Modification (ICD-10-CM) for diagnosis coding, including the Official ICD–10–CM Guidelines for Coding and Reporting, and the International Classification of Diseases, 10th Revision, Procedure Coding System (ICD–10–PCS) for inpatient hospital procedure coding, including the Official ICD–10–PCS Guidelines for Coding and Reporting, from October 1, 2013 to October 1, 2014.
I'm all for "No Dupes-No Nuls" unique identifiers.


Vendor-neutral solution mobilizes and measures clinical quality, meaningful use compliance
SAN ANTONIO and SAN DIEGO – August 27, 2012 – AirStrip Technologies, Inc. has announced an expansion of its leading mHealth platform to incorporate the Meaningful Use Tracker, giving clinicians the ability to follow and measure clinical quality and meaningful use (MU) compliance in a single mobile solution - including real-time tracking and daily analytics updates in a customizable dashboard format...
That's pretty cool.


John Halamka, MD, on Stage 2:
Some complained about the real world operational impact of the workflow changes implied by MU Stage 2.

The Standards Committee is compromised of world class professionals who implement systems for a living. Their advice (especially that of the Implementation Workgroup) is from the trenches.

My honest opinion is that MU Stage 2 creates stretch goals for vendors, IT departments, and providers, but all are achievable. MU Stage 2 lives up the metric first articulated by David Blumenthal - the escalator should move up fast, but not so fast that people fall off.
Difficult to disagree with that.

YouTube of today's webinar
Final Rules: Overview of MU2 and the Standards and Certification Criteria 8-28-12

A couple more FR errata of particular interest to me -- "encryption of data at rest":

We are making a change in this final rule to the language of "data at rest" to specify our intention of data that is stored in CEHRT. After consideration of the public comments, we are finalizing the meaningful use measure as "Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1), including addressing the encryption/security of data stored in CEHRT in accordance with requirements under 45 CFR 164.312 (a)(2)(iv) and 45 CFR 164.306(d)(3), and implement security updates as necessary and correct identified security deficiencies as part of the provider's risk management process" for EPs "at §495.6(j)(16)(ii) and eligible hospitals and CAHs at §495.6(l)(15)(ii).

We further specify that in order to meet this objective and measure, an EP, eligible hospital, or CAH must use the capabilities and standards of CEHRT at 45 CFR 170.314(d)(1) through 170.314(d)(8).

MU Stage 2 FR pg 136

Comment. A commenter stated that they considered information that has been sent to a print queue or downloaded by the user (such as downloading a PDF report) to no longer be managed by the EHR technology.

Response. We generally agree with this statement.

Comment. A commenter asked that we clarify whether data at rest on a server located at a secure data center must be encrypted and, if yes, to please reconsider this requirement because they believed it would slow down response times in large cloud-based EHR systems.

Response. As indicated above, this certification criterion does not focus on server-side or data center hosted EHR technology. We recognized that these implementations could employ a variety of different administrative, physical, and technical safeguards, including hardware enabled security protections that would be significantly more secure than software oriented capabilities.

2014 CEHRT FR pg 284
 Well, pretty weak, IMO.


About Technology Crossroads

National eHealth Collaborative in partnership with InfoComm International, is proud to announce the inaugural Technology Crossroads Conference, which will take place in Washington, DC on November 27 and 28, 2012.

The first of its kind, this conference will explore the intersection between audiovisual (AV) and health information technologies (IT) to spotlight the many ways in which cutting-edge AV technologies and health IT breakthroughs are working together to accelerate healthcare transformation...
Interesting. I'd love to attend that. Pricey, though.

Pondering joining as an indivdual ($100). But, I had to chuckle at this:
Join NeHC

To become a NeHC member, please fill out the application at the link below and return it to Claudia Ellison, Director of Development, at

NeHC Membership Application

Membership applications are subject to the review and approval of the NeHC Membership Committee.  NeHC will strive for balanced, multi-stakeholder membership participation.  To this end, if needed, NeHC will work with applicants on an individual basis to agree on annual membership dues if there are special circumstances or an inability to pay based on the dues structure.  Please contact Claudia Ellison at
OK, an "eHealth" organization requesting that you download, fill out, and return a Word document. Sounds like some of the stuff we do.


We're on a hiring blitz.

She wants to see your risk analysis results and mitigation plan, period.


Tell us again, why are there MU penalties?
August 29, 2012 | Jeff Rowe, Editor, EHRWatch

As we noted yesterday, healthcare providers and consultants are in the process of deciphering the implications of MU Stage 2.

But while stakeholders wade through what one consultant nicely summed up as the “compromise and complexity” of the current program, we’re pondering, once again, one of the attributes of the MU program that policymakers still don’t seem willing to question.

To come right to it, here’s the language from the CMS fact sheet:

“Medicare payment adjustments are required by statute to take effect in 2015 (fiscal year for eligible hospitals/calendar year for EPs). The rule finalized a process in which payment adjustment will be determined by an EHR reporting period prior to the payment adjustment year 2015. Any Medicare EP or hospital that demonstrates meaningful use in 2013 will avoid payment adjustment in 2015. Also, a Medicare provider that first demonstrates meaningful use in 2014 will avoid the penalty if they successfully register and attest to meaningful use by July 1, 2014 (eligible hospitals) or October 1, 2014 (EPs).”

Not surprisingly, some stakeholders are voicing displeasure at the timing of the penalties...
Read the entire post here.

More to come...

1 comment:

  1. I fail to understand how these vendors could be certificated WITHOUT a ISO QMS in place. Big mistake!

    Also almost no CAHs or practices in the Wyoming Montana area have ANY kind of QMS in place or planned.