EHR Incentives: A Waiting GameClinic Waits for Vendor to Deliver Before Firming Up Security Plans
Take the case of Summit Medical Associates in suburban Nashville. The internal medicine practice, which has eight physicians and seven nurse practitioners, has had an EHR system in place for three years now, and it's anxious to apply for HITECH incentives, says Tammy Sawyer, information systems manager (See: EHR Incentives Spur Security Steps).
So what's the problem? The clinic's EHR vendor has yet to deliver its upgraded system that meets the HITECH EHR software certification standards, which require, among other things, a long list of security functions.
We don't know what we're going to have to do.
So Sawyer, who's a one-person IT department and relies on an outsourcer for help with risk assessments and other tasks, is playing hurry-up-and-wait. She's waiting to test-drive the next-generation EHR's security functions before making a to-do list for security strategies and technology investments. "We don't know what we're going to have to do," she says.
HITECH WoesSummit Medical's experience is an example of the pains that are coming with launching the multi-billion dollar federal EHR incentive program in a hurry.
Hopefully EHR vendors will be able to meet demand for software certified for the incentive program so that clinics of all sizes -- and hospitals as well -- can apply for and receive their incentives and then make sure automated records are secure.
Meanwhile, Summit is using the encryption functions in its current EHR system and relying heavily on thin clients to minimize costs as well as security risks, Sawyer says.
But until the next-generation EHR arrives, the information services manager can't complete her security plans. It makes me wonder how many clinics are in the same boat.
Is your EHR vendor ready to deliver a system that's certified for the HITECH incentive program? We'd like to hear from you.