Implement Right - Technology in Your Medical Practice

March 6, 2012

Are you putting off upgrading your technology? Fear not: We offer the three most common tech mishaps, and the five essential steps for avoiding them.

Solo practitioner John Machata would be the first to say his current EHR has made life better for him: It's fuss-free, saves him time, and is loaded with only the templates he needs.

But getting to technology utopia wasn't easy. In the past six years, the North Kingstown, R.I., family physician has worked with five EHRs - two of his own, two owned by hospitals, and one used by a nursing home - that did the opposite of what technology should do: They made life harder for him, and cost him hours of time.

One previous EHR frequently crashed, forcing him to switch to paper at the last minute. Most recently, Machata had the misfortune of working with a hospital EHR that slowed him down so much, thanks to an overly elaborate template, that he needed to work extra hours on the days he accessed it.

"It couldn't be more hostile to get data out of there," he says.

The right technology, used correctly, can provide sustenance by making your practice more efficient - improving patient care and reducing billing and even clinical errors. But when technology goes wrong - either by fault of the person using it or the technology itself - the result can be serious trouble. Machata wasted precious hours using EHRs that were dysfunctional or non-functioning. But for other practices, the problems caused by bad technology can be much worse.

Here are three of the most common mishaps practices will encounter, plus advice on how to deal with or avoid them from healthcare experts who've seen how bad technology can hurt good practices.

Mishap no. 1: it just doesn't work right

Do you hate your EHR or technology system because it simply doesn't function like you thought it would? If so, you're not alone.

Like Machata, plenty of practices have had second (and third) thoughts about their technology purchases: In our annual 2011 Technology Survey, for example, 24 percent of more than 1,000 respondents described their EHR vendor as "mediocre," while another 13 percent said they were either "dissatisfied" or "very dissatisfied" with their EHR vendor.

"The biggest mishap that I hear about is buyer's remorse," says Charlotte Martin, president and chief operating officer for Gateway EDI, a maker of revenue-cycle management software and other healthcare technology products. "A practice will buy a product, and at some point in the future it doesn't do what they thought it would do."

The biggest cause of physician disappointment in a new technology product is too little physician involvement in product selection.

"You hear over and over again about someone at a high level picking something but it isn't something the staff would have chosen," says Martin. "The real users who are going to use it every day are not being involved in the selection."

If it's not practical to allow everyone who'll use the product to test it in advance, Martin suggests creating committees of at least one or two clinicians to evaluate technology choices before a purchase is made. That way, big issues such as the functionality of templates will come to light earlier.

Martin also suggests asking other local practices what they're using, or checking with organizations such as the Medical Group Management Association (MGMA) or the AMA and ask questions such as "Is the product specialty specific? Does it work for your specialty? What was your experience in the buying process? What was your experience with training?" And, "What happened when you went live?"

And while you can't always control when your technology will crash due to server issues, having a contingency plan will make dealing with a meltdown less stressful for your staff.

"Let's say, despite all the research, something happens when you went live on the system and it crashes," says Martin. "You have to have a contingency plan, such as charting on paper for that day. Have everything ready in case you have to, and let everybody know that's what you're going to do if things go bad."

Mishap no. 2: technology marred by human error

It's true technology helps physicians avoid the mistakes caused by human errors (such as medication errors caused by illegible handwriting). But technology can also introduce new opportunities for providers to make mistakes. For example, says David Troxel, medical director of The Doctors Company, a professional liability insurer, EHR drop-down menus make it easy to select a drug from a list of choices - too easy, perhaps. "It's very easy to click the wrong drug inadvertently," Troxel explains. "On a busy day, you can do that and not even be aware of it."

And even if you realize your mistake and remove the drug from the portion of the EHR where you made the mistake, the mistake may still reside elsewhere in the EHR, says Troxel.

Many errors also occur during the transformation phase between written records to electronic records. Troxel recalls a case involving a patient who had an abnormal Pap smear and was told the test needed to be repeated. "Between the time of the abnormal Pap smear and the time she returned, the office switched to an EHR and the abnormal Pap test report hadn't transferred into the laboratory results section of the EHR," says Troxel. "The doctor was on vacation, so his partner saw the patient, and looked at the patient's EHR and didn't see the abnormal Pap smear noted." As a consequence, there was no repeat of the Pap smear, and the patient ended up getting cancer of the cervix, he said.

MGMA consultant Derek Kosiorek says working with two systems that aren't fully linked - such as an aging practice management/billing system and a new EHR system - can also make a practice more human-error prone because data will either need to be entered into both systems or transferred from paper into the system by support staff.

So what's a practice to do to lessen the likelihood of human errors?

Healthcare consultant Beverley Caddigan suggests practices do detailed demos before making a financial commitment to a new product. Often human error happens when people aren't being careful, or have a hard time using the system because they aren't used to its technology. That's why the least tech-savvy physician should test out the system. "Make sure it's the person who's likely going to make the mistake who sits down, and checks it for ease of use," she says.

Mishap no. 3: insecure technology

Are physicians in your practice e-mailing patients' health information to themselves? Are mobile devices that leave your practice protected by encryption? Your answer to these questions could determine the extent to which your practice is at risk for security-related mishaps, as many things can go wrong when digital information is not secured properly.

Physicians need to be especially vigilant today, considering that healthcare security laws are being enforced.

The Health Insurance Portability and Accountability Act (HIPAA), first enacted in 1996, was updated in the early 2000s with the addition of a security rule that included required and recommended actions for health organizations to ensure the security of protected health information (PHI). Then along came the HITECH Act, part of the economic stimulus of 2009, which imposed stiffer penalties on health organizations found guilty of electronic data breaches. Penalties include a maximum of $1.5 million in fines, and, if the breach involves more than 500 records, the covered entity has to notify local media in addition to notifying patients and HHS.

Sharona Hoffman, professor of law and bioethics and co-director of the Law-Medicine Center at Case Western Reserve University School of Law in Cleveland, says that although there hasn't been any "significant litigation" related to EHRs to date, the way you use your EHR could determine your risk of being found in violation of HIPAA.

"Inappropriate disclosures of information, laptops that are stolen or misplaced - that can all lead to a HIPAA violation," says Hoffman.

The root of inappropriate disclosures can be anything from carelessness to maliciousness. And sometimes the tech-related troubles that can land you in legal hot water have nothing to do with the technology a practice owns, but how technology is used.

Physicians have been zinged for sending PHI to each other or to themselves via unsecured methods like nonencrypted e-mail, for example.

"One of the biggest concerns that I have is when people are installing firewalls and security, they're very concerned about what's coming into them, but what nobody's thinking about is what's leaving the practice," says healthcare consultant Beverley Caddigan. "Very few practices are using encrypted e-mails. An e-mail is no better than a postcard unless you've encrypted it." Instead of e-mail, many practices are turning to secure patient portals as a safer way to communicate with patients.

Another thing to consider is the increased security risk of unsecured mobile devices, which are prone to loss or theft.

"Physicians don't have time to secure a device," says IT consultant Fred Pennic of Aspen Advisors. "Major hospitals have some type of security infrastructure in place but if you're a small physician practice, there has to be some sort of plan in place to make sure that data is secure." Pennic recommends purchasing encryption software from companies such as Symantec for all devices, including mobile devices, to ensure your gadgets will not expose PHI in the event of theft or loss, noting that such incidents are among the main causes of security breaches.

Yet data security is about more than just keeping PHI from prying eyes; if your data isn't being backed up regularly, you're at risk of losing crucial patient information altogether.

To avoid issues should your computer servers crash or your practice floods, experts recommend doing some kind of nightly or weekly data backup, whether through backup tapes or a more sophisticated process.

"The best way to avoid data loss is to back it up," Caddigan says. "It is surprising how many do not."

Caddigan says practices can utilize a number of backup methods, depending on their resources.

"There is no one-size-fits-all solution," says Caddigan. "In some cases, servers with hard storage are best, in other cases a semi-virtual solution is better, or, in others, a completely virtual solution might be better."

One warning: Portable storage devices such as flash drives may be more vulnerable to loss and corruption than virtual backup methods, she adds.

5 ways to avoid mishaps

You want your technology to make your life easier, not more complicated. So what can you do with the technology you have - or are planning to purchase - to avoid future mishaps? Here are a few tips on how to be (and stay) mishap-free:

• Don't scrimp on training. Not taking time to conduct the right amount of training is ultimately correlated with a greater likelihood of a technology mishap. Kosiorek offers the common example of the provider who dictates into a chart so his notes show up as loose text, while his colleague uses the electronic chart to structure the data using specific options, checkboxes, and text fields. "If one provider is using an EHR one way, and another is using it differently, the result could be missed information because they could be putting data in different places in the same patient's chart," says Kosiorek.

• Play before purchasing. The best way to avoid purchasing the wrong technology is to involve its users in the purchasing decision. "The doctor needs to be involved in the selection of an electronic health record," says Troxel, who advises physicians to review the EHR's clinical decision support guidelines to confirm they are from a reliable source, such as practice guidelines from the American College of Cardiology. "Following guidelines that are not current or not based on a national specialty society's recommendations potentially may violate the standard of care," he says.

• Ask for testimonials. You wouldn't hire a receptionist without checking her references, so why should you purchase an EHR based solely on the word of the vendor and a brief demo period? "If you don't do reference checks you're only hearing what the vendor wants you to hear," says Kosiorek. "They [may] give you a dog-and-pony show that is designed to sell you on the system and highlight every positive aspect it has while glossing over any negative aspect."

• Do a background check. In addition to checking references, practices investing in a major technology purchase should do a little investigative reporting on the vendor. Caddigan recalls one incident with a past client who spent $15,000 on an EHR only to have the vendor go out of business. If this happens to you, it might mean a lack of support for your technology, or a stall in support services. "Check the financial viability of the vendor," she says. "Make sure they have a DUNS number, or are registered with the Better Business Bureau."

• Read the fine print. Make sure you have a firm grasp on all parts of the contract you sign with your vendor. Have it reviewed by legal representation. Doing so before you sign will protect you against any number of technology mishaps that you may not even have control over once the contract is signed. "Let's say, for example, your practice decides to go with a cloud-based service," says Kosiorek. "You are outsourcing the hosting of all medical information to an outside vendor. Do they have protections in place in case that data gets breached? Do you have recourse in case the speed of the system isn't sufficient?" Having a rock-solid contract in place before you sign can head off technology mishaps before they even happen.

In Summary

When technology works properly and does what it's supposed to, it can be an asset to your practice. But if not used properly, chosen correctly, or purchased wisely, it can cause more harm than good.

• One of the biggest mishaps is technology that doesn't work as well as hoped. At the root of the problem is the fact that the physicians and clinicians who ultimately end up using the technology aren't involved in the selection process.

• So long as there is human involvement in technology - physicians typing their notes, choosing drop-down menus, and using electronic communication - a tech system can potentially hinder physicians.

• Are physicians in your practice e-mailing personal health information to themselves? Are mobile devices that leave your practice protected by encryption? Your answer to these questions could determine the extent to which your practice is at risk for security-related mishaps, as many things can go wrong when digital information is not secured properly.

• Not spending the right amount of training - or less than the right amount - is ultimately correlated with a greater likelihood of a technology mishap.

• Investing in a piece of technology that will set you back four or five figures? Make sure you read all parts of a contract carefully.

Marisa Torrieri is an associate editor at Physicians Practice. She can be reached at marisa.torrieri@ubm.com.

This article originally appeared in the March 2012 issue of Physicians Practice.