Although only a small percent of healthcare entities actually go through a "Meaningful Use" audit, in reality it is the anxiety of a single misstep, setting off an audit or a penalty that is a major concern for a number of healthcare CIOs. Healthcare entities are in a quandary, trying to determine if their EHR will be safe in instances, where they have made slight changes in "what’s written" to be followed as customization of enterprise software to suit a vendor’s certified product makes it very hard to discern whether a healthcare enterprise has stepped out of bounds, in meeting meaningful use requirements.
Many healthcare entities share a similar trepidation. Colin Banas, MD, the chief medical information officer at the Virginia Commonwealth University (VCU) Medical Center firmly believes that this process is driven by – "fear of audit, fear of penalty, and fear of vendor abandonment if should a client choose to forge a different path." His worries stem from the fact that VCU occasionally tailors a vendor’s certified product in order to make it more usable, and this could fail meaningful use requirements. Given that VCU already follows the intent of the measure, Banas, further states that it could be next to impossible to estimate the resources used by VCU to readjust clinical workflows and codes to adhere to the letter of the law.
The New York-Presbyterian Hospital also shares a like-wise anxiety. According to Virginia Lorenzi, a health IT veteran with nearly 25 years of experience and associate manager of information services, the hospital has spent time and energy aplenty in trying to ascertain if its EHR would be safe when there were modifications to what was actually written into the certified product. Bad meaningful use audit drives many of her decisions, worries Lorenzi, and if an area is gray and unclear, like all others, she would prefer to land on the safe side.
What do the certifying bodies say?
The truth is that many certifiers believe that the gray areas are indeed convoluted. To add to this, the Office of the National Coordinator for Health Information Technology (ONC) has not unified the way various certification bodies interpret measures. Considering that some believe that there is a lack of guidance from the ONC, Kyle Meadors, director of EHR testing with the Drummond Group, also an authorized testing and certification body of the ONC, suggests that information-sharing among the certification bodies is likely to bring some clarity. Given that the certifiers are not privy to each other’s interpretations, Meadors deems it is necessary for ONC to start engaging the certification bodies periodically to understand the challenges and start seeing different interpretations from other vendors. Amit Trivedi, program manager of healthcare at ICSA Labs, a certification body, thinks it may be best for ONC to conduct pilot certification tests involving all the bodies, observe testing, understand the expected results, learn how test tools operate, and provide feedback.
As always, ONC on its part is listening to feedback, and will accordingly make necessary changes when appropriate. Certification workgroup member Charlene Underwood, senior director of government and industry affairs at Siemens Medical, doesn’t think it is possible to certify the actual intent of what they are trying to accomplish, as the same gets lost in the standards. However, Jacob Reider, MD, deputy national coordinator, who is in charge of certification, stated that ONC is gearing up a new initiative that will soon address the challenges and irregularities in certification and auditing.
A clean gap analysis of a company’s security posture and compliance levels to regulatory controls, using cloud-based solutions such as Aegify Security Posture Management or Aegify SecureGRC can help organizations meet the Meaningful Use requirements more effectively through a thorough gap analysis and remediation recommendation in a comprehensive manner ensuring that health records remain safe, while also ensuring that there is significant benefit from ‘Meaningful Use’ of EHR. The adoption of such a unified and comprehensive solution can take away all fears and anxieties from the process of Meaningful Use.