The practice's core Allscripts EHR is driven by some standard clinical dictionaries including LOINC for lab values and SNOMED for certain clinical values. But many databases in the industry are not written to these standards, or if they are, they are written to different versions. "The data integration work needed is incredible," he says. "And sometimes there is no way to join elements between two systems." In those cases, the practice saves some data as PDF image files, which suffice to meet data maintenance regulations (seven years or longer, depending on the patient's age). But the PDF files lack discrete data, which will only grow in importance as the practice moves to population health management.
Terrell hopes the federal government will continue to tighten interoperability standards. HIPAA was a start, but did not go far enough. The meaningful use program may push the requirements even harder, he says.
Terrell's other big wish for 2013 is better security when it comes to cloud-based applications. "We're in transition from the old style computing to the cloud," he says. "We like the trend of the cloud. But for health care, it can be intimidating from the standpoint of security." Current security regulations, he says, are designed as if protected health information resides on an organization's server housed locally. But with more and more data being stored on remotely hosted websites accessible via the Internet, security is no longer is direct control of the provider, Terrell says. "We are in a dangerous intermediary time. If data is stored in a cloud, you don't have access to where it is stored, who has seen it, how secure it is. If data is on my servers, I can run a query and pull out records of who has accessed protected health information. If someone is outside the company and does that, I would never see in my application audit log."
Cornerstone is building out a data warehouse, using Teradata. The vendor's warehouse will be cloud-based, which to Terrell offers some big operating advantages. "They will take care of scalability and growth," he says. "Instead of us investing in a capital expense of scaling a data warehouse, they will charge us a monthly fee." The warehouse will include claims, clinical and patient generated data from remote devices. Terrell says Cornerstone is working diligently with the vendor to assure security, but in the long term he would like to see federal certification programs in place for data security.
Vice President, Chief Information/ Administrative Officer
Beaumont Health System, Royal Oak, Mich.
Wish List Items: Mobile Device Security, Vendor-Neutral Archive
Security is foremost on the wish list of Subra Sripada, who oversees the IT operations at three-hospital Beaumont, which generates $2.2 billion in annual revenue. The health system has been running an Epic EHR for five years, a system used by 700 employed physicians and some 2,300 affiliated ones. The health system is widely automated and has attained Level 6 on the HIMSS Analytics 7-rung scale of IT adoption, a perch occupied by only a small percentage of hospitals nationwide.
Sripada cites security as his top concern. "The fundamental way of delivering information is changing," he says. "We moved to 'bring your own device' two years ago." As physicians and others have clamored for network access privileges through smart phones and other devices, Sripada has faced a growing challenge: how to secure those devices. "We have Epic running on iPhones, and it's easy to lose those devices." He is currently investigating three vendors which offer network device management capability and hopes to have a system in place in 2013.
The considerations are many, however. Sripada has to analyze how well the monitoring software would work with Epic, how easy the system will be for his staff to deploy and manage, and how it would fit in with his operating environment. "We're trying to see what is smoke and mirrors versus what is real," he says. That entails vendor demos and reference checks.
Sripada's other big need is a vendor neutral archive. As Beaumont ascends the EHR ladder, the amount of data it is accumulating grows. The hospital's total data archive has exceeded 2.5 petabytes in aggregate and Sripada says he could spend $2 million annually just to feed the growth of his indigenous systems, where data currently resides. "Our storage costs are spiking," he says. He's looking for a vendor to step in and solve the problem. Beaumont needs a storage archive to house not only radiology images but also EHR and other data. State law requires him to store patient records for 11 years, or longer for children. But not all data needs to be immediately accessible.
He's looking to a vendor who can offer a repository in which access is tiered by immediacy of need, with older records being stored in such a way that is less costly but requiring more time to retrieve them. The archive will set the stage for Sripada's other need: expansion of medical devices integrated with the Epic system. Currently, Beaumont has integrated its ICU and emergency department monitoring devices into its Epic system, sidestepping the need for nurses to re-enter data from the devices to the EHR. The device integration was a hit with the medical staff and nurses, who are now clamoring for more data feeds. "We have a long list of what to do next," Sripada says, adding that the medical staff is prioritizing its requirements. He figures that trapping ventilator and EKG data will be the next move.
Beyond that, Sripada envisions a day when clinicians and administrators can not only retrieve data quickly through the EHR and other systems, but create their own business intelligence reports as well. "In the legacy model, I.T. would create reports," he says. "Now we are moving to giving users access to data." Beaumont has installed software from QlikTech, a self-service data mining vendor, and hopes to expand its use in 2013. "We need data transparency," the CIO says.