HITECH EHR Incentives Kick Off
Will the Electronic Health Record Program Prove Successful?Well, it's finally official: Hospitals and physicians, effective Jan. 3, can apply for the HITECH Act electronic health record incentive payments. And if all goes according to plan, the payments will start flowing in May.
As much as $27 billion in EHR incentives will be available from Medicare and Medicaid. As a result, executives at hospitals and physician groups are taking steps to make sure they can demonstrate they are "meaningful users" of electronic health records so they can qualify.
Although Medicare incentive payment applications can be submitted starting Jan. 3, Medicaid applications will be accepted in phases, based on state readiness, according to David Blumenthal, M.D. national coordinator for health information technology.
Registration for Medicaid incentives began today for those in Alaska, Iowa, Kentucky, Louisiana, Oklahoma, Michigan, Mississippi, North Carolina, South Carolina, Tennessee and Texas. In February, registration will be open in California, Missouri and North Dakota. Other states likely will launch their Medicaid incentive programs in the spring and summer, Blumenthal says.
So will federal authorities be inundated with applications for the incentive payments? Or will the response be underwhelming? Stay tuned.
Slim Chance of Success?
Futurist Jeff Bauer is forecasting that the HITECH EHR incentive program has a slim chance of success. He contends the incentive program has a 70 percent chance of failure, mainly because of the tough standards for qualifying.As more hospitals and physicians become aware of the high costs and hassles involved in qualifying for the federal EHR incentive payments, many will choose not to participate, Bauer predicts. Instead, he says, they'll follow their own "digital transformation" agendas at their own pace.
But Dixie Baker, a well-known security expert who's advising federal regulators on policy issues, predicts that a top trend for 2011 will be the adoption of certified electronic health records.
Will the money start flowing in May as planned? Will the government successfully dole out $27 billion worth of incentives in the coming years? And will the looming cuts in Medicare reimbursements for hospitals and clinics that fail to implement EHRs by the end of 2014 prove to be a powerful additional incentive? Only time will tell.
The only explicit security requirement for achieving meaningful use of EHRs to qualify for the incentives is to conduct a risk assessment and then mitigate all risks identified. Although this has been required under HIPAA for years, far too many organizations have yet to conduct an assessment.
To be certified for the incentive program, EHR software must include a long list of security functions, including encryption and authentication. But the HITECH rules don't spell out what security functions of the EHR software actually must be used.
Security Guidance Needed
As a result, hospitals and clinics will "have a greater need for guidance on how to configure and use the security features that are incorporated into those EHRs to support HIPAA compliance," Baker says.I remain optimistic that the incentive program will lead more hospitals and clinics to make widespread use of EHRs. But as more information is digitized, let's hope that healthcare organizations take adequate steps to protect it.