Electronic Medical Records: An Introductory Tutorial - PowerPoint PPT Presentation


PPT – Electronic Medical Records: An Introductory Tutorial PowerPoint presentation | free to view - id: 4a64c-ZDc1Z


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

Electronic Medical Records: An Introductory Tutorial


Electronic Medical Records: An Introductory Tutorial. William Tierney, MD. Atif Zafar, MD ... Why do we need Electronic Medical Records (EMRs) ... – PowerPoint PPT presentation

Number of Views:1042
Avg rating:3.0/5.0
Slides: 119
Provided by: syeda6


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Electronic Medical Records: An Introductory Tutorial

Electronic Medical Records An Introductory
  • William Tierney, MD
  • Atif Zafar, MD
  • AHRQ PBRN Resource Center

Outline of Presentation
  • Introduction to EMRs (very basic information)
  • Barriers to Adoption Some Problems with Data
    Accessibility and Care Processes
  • EMRs for Clinical Research
  • EMRs and HIPAA Security
  • No Nonsense Guide to Selecting an EMR
  • Examples of EMRs
  • OpenSource
  • Commercial
  • Lessons Learned

Introduction to EMRs
Introduction to EMRs
  • Why do we need Electronic Medical Records (EMRs)?
  • Many problems with the current healthcare system
    (underuse and overuse)
  • 30 of children receive excessive antibiotics for
  • 20-50 of surgical procedures are not necessary
  • 50 of back pain x-rays not necessary
  • 50 of elderly patients dont get a pneumovax

Introduction to EMRs
  • Why do we need EMRs?
  • Clinical practice is a data intensive operation a
  • Inadequate data communication causes medical
  • Human cognition is good at pattern recognition
    but not at remembering lists or evaluating
    multiple business rules.

Why do we need EMRs?
  • Available 24 x 7
  • Can be viewed by more than one user at a time
  • Is available from remote locations
  • To covering MDs
  • Others with appropriate needs
  • Data can nearly always be found
  • Is legible

Why do we need EMRs?
  • Enhances Communication
  • Between providers--clinical messaging
  • Can tag EMR location with message
  • Referrals
  • Half of specialists didnt know what main
    question was
  • A third of the time no information came back to

Why do we need EMRs?
  • Cost Savings
  • Dictation cost savings
  • 170/FTE/month
  • Chart pull savings
  • 217/FTE/month
  • Savings accrue to practice, apply to all payers

Why do we need EMRs?
  • Assist with Decision Support
  • Many domainscost and selection of
  • Drugs
  • 18 reduction found by Overhage
  • Lab tests
  • 10-15 reduction in cost for charges, last
    result, probability of abnormal
  • Radiological studies

Why do we need EMRs?
  • Decision Support
  • In inpatients, computerizing ordering decreased
  • Serious medication errors by 55
  • All medication errors by 81
  • EMR can help by
  • Structuring medication orders
  • 34 error rate with paper vs. 6 with electronic
  • Alerting about
  • Allergies
  • Duplicate medications
  • Many other issues

Introduction to EMRs
  • Do EMRs make a difference?
  • In multiple studies, EMRs have been shown to
  • Shorten Length of Stay in a Hospital setting
  • Decrease Adverse Drug Events (ADEs)
  • Improve Readability, Consistency and Content of
    the medical record
  • Improve Continuity of Care
  • Reduce practice variation
  • Most benefits come from Decision Support.

EMR Use in the United States
  • Even though the US Health Care system is the
    costliest in the world, its performance ranks
    37th in the world according to the WHO!
  • Only 5 of US primary care providers use EMRs
    (Bates et. Al., JAMIA 2003), 7 of all physicians
    (Wang, Bates, et. Al., American Journal of
    Medicine, April 2003)

EMR Use Around the World
  • Use PCs Use EMR
  • Australia 90 53
  • Denmark 95 62
  • Netherlands 95 88
  • Sweden 95 90
  • United Kingdom 95 58
  • (c) 2001 Harris Interactive

Breakdown by Function - 2002
  • Australia UK
  • Use EMR 90 99
  • Of Those
  • Prescrip 100 80
  • Notes Unknown 45
  • Reminders Unknown 70
  • Clin Vocab 15 (ICPC) 100 (Read)
  • Paperless Unknown 45
  • 2B initiative by UK to get all physicians online

What is an EMR?
  • At their heart, EMRs are just a database
  • This database hold many kinds of information
    (coded and not coded)
  • This database is organized by date, time, pat ID
    and contains
  • Patient registration data (name, contact info,
    DOB, SSN, etc.)
  • Test results (laboratory, radiology, nuc med
  • Medications (active, inactive) and Allergies
  • Current list of diagnoses and problems
  • Appointment Data
  • Clinical Notes
  • Billing Information

What is an EMR?
  • So if an EMR is just a database, how is it
    different from other databases, and why is it so
  • Value Added
  • A Clinical Knowledge Heirarchy (term dictionary)
  • How do clinical concepts work together
  • Ex Digoxin toxicity can occur with hypokalemia
  • A List of Current Clinical Recommendations
  • A List of Appropriate Medication Indications,
    Doses, Adverse Effects and Interactions and Cost
  • Costs, Indications and Utility of Tests

What is an EMR?
  • What are some typical EMR Components
  • Lab System Contains all lab tests ordered and
    their results and stored as coded results (LOINC
    etc.) in many systems
  • Radiology System Stores test reports
  • Pharmacy SystemList of current medications,
    inactive meds and when they were last dispensed
    or ordered
  • Billing System A list of diagnostic codes used
    for billing (ICD9, CPT, etc.)
  • Registration System Names, Contact Info,
    Personal Info, etc. for patients

What is an EMR?
  • Additionally, many EMRs have
  • An Order Entry System (where physicians enter
    orders, prescriptions, notes etc. online)
  • A Decision Support System
  • Often linked to the order entry system to provide
    guidance at the point of care
  • Contains databases for clinical knowledge,
    guidelines, list of medication indications, doses

What is an EMR?
  • The spectrum of EMRs
  • EMRs target specific user bases, from solo
    office-based practices to large, multispecialty
    tertiary care centers
  • Many features are thus directed at managing
    workflows specifically to these user bases
  • For example, large commercial EMRs unbundle
    services such as clinical documentation, results
    display etc. while office systems typically
    integrate all of these under the same interface.

How do Clinicians Interact with EMRs
Order Entry/Results Reporting
Different Types of EMRs
  • EMRs dont necessarily need to be expensive and
    complicated or require that a computer be used to
    enter data
  • Can have hybrid computer/paper based approaches
  • Ex In the CHICA System, paper is used to
    interact with an electronic data repository
  • Standardized paper forms are printed and then
  • Characters are recognized and the electronic data
    so generated interacts with the data repository

Different Types of EMRs
  • At Indiana University, pediatric clinics use this
  • A data repository was developed using Microsoft
    SQL Server
  • A clinical guideline system was written in Arden
  • An optical character recognition system called
    Cardiff Teleforms is used to process handwritten
    numerical data on preprinted scanned forms
  • The data so generated is stored in the database
    and dynamic reminders are generated for the
  • These are printed on the clinic computer
  • The entire operation takes lt 2-3 minutes!

Different Types of EMRs
  • The Mosoriot Medical Record System
  • Indiana University has an HIV Effort in Kenya
  • A Simple MS Access based database holds all
    patient records (3 years worth!)
  • Provides forms for data entry, standard term
    dictionary, medication listings, registration
    system, clinical documentation system etc.
  • Created by 1 programmer over 2-3 weeks!
  • Highly effective, easy to maintain, inexpensive!

Data Sources
  • So how can EMRs populate their databases?
  • Data can come from many many sources
  • Admission/Discharge/Billing
  • Anesthesia Systems
  • Cytology Systems
  • Diagnostic Imaging Management Systems
  • EKG Carts
  • Endoscopy Systems
  • ER Systems

Data Sources
  • More Data Sources
  • Home Care Systems
  • ICU Monitoring Systems
  • IV Fluid Infusion Control Systems
  • Laboratory Systems
  • Nurse Triage
  • Order Entry Systems
  • Pharmacy Systems (Inpatient/Outpatient)
  • Pulmonary Function Systems

Data Sources
  • More Data Sources
  • Radiology systems
  • Risk Management systems
  • Registration Systems
  • Scheduling and Clinic Charge Systems
  • Transcription Systems
  • Unit Dose Dispensing machines
  • Ventilator Management systems

Data Sources
  • So if there are so many data sources available
    and so many people are interested in using EMRs,
    why are they not more prevalent?

The Challenges of EMR Implementation
Problems with Electronic Data
  • For the last 30 years the medical informatics
    community has struggled with how to architect the
    vessel that will hold patient data
  • Problem is that they have focused on the wrong
  • We dont just want to create a system that
    permits entry of data electronically, we want to
    create a system that can acquire this data
    automatically from other electronic data
    repositories and make it available at the time of

Problems with the Data Sources
  • Too many repositories or islands of systems
  • Difficult to bridge and combine in useful ways
  • Contain different data at different levels of
  • Each uses a different code to identify the same
  • Many institutions do not capture all of the data
    of interest to clinicians.
  • Labs are sent to external reference laboratories
  • Patients fill their scripts at community
  • As a result many implementations do not lead to
    satisfactory achievement of the intended quality
    assurance goals

Problems with Data Sources
  • Another problem is that there are many many care
    providing sites in the United States
  • Hospitals 5000
  • Nursing Homes 19000
  • Pharmacies 59722
  • Physician offices 200000
  • Laboratories 63000
  • Emergency Rooms 4856
  • Hospice Care 2800
  • Home Care agencies 4258
  • All of these sites generate data that are not
    necessarily compatible.

Problems with Electronic Data
  • Thus, the problem is not one of creating database
    fields de novo, it is one of merging existing
    fields from many different sources in meaningful
  • When commercial and other EMR vendors create
    proprietary, closed, systems, with custom
    database architectures, they often worsen the
    problem and make it harder to populate the
    database with useful information, inexpensively

(1) The Role of Standards
  • Fortunately, most of the informatics community
    has realized that the solution to the problem of
    merging data lies in the implementation of
    Standards for Data Communication.
  • These standards permit data to be easily
    translated from one database system to another

(1) Standards
  • There are many many standards, each for a
    different purpose
  • Lab Data Communication
  • General Clinical Messaging
  • Radiology Image Transmittals
  • Diagnostic Coding
  • Procedure Coding
  • Need to distinguish between coding standards and
    messaging standards.

(1) Standards
  • HL7 (Health Level 7)
  • Most widely used standard
  • General clinical messaging standard
  • Communicates structured data
  • Fields for
  • Diagnostic Results
  • Notes
  • Referrals
  • Scheduling Information
  • Nursing Notes
  • Problems
  • Clinical Trials data

(1) Standards
  • Health Level 7
  • 2000 hospitals, the CDC and most referral labs.
  • Also used in Canada, Australia, New Zealand,
    Japan and extensively in Europe
  • Bridges many systems, including laboratory,
    dictation, pharmacy, electronic patient records,
    performance databases, data repositories (cancer
    registries) etc.
  • Web Site
  • http//www.mcis.duke.edu/standards/HL7/h17.htm

(1) Standards
  • Logical Observations and Indicators Names and
  • A coding standard that is used for LAB data
  • Used for representing laboratory observations and
    common clinical measurements
  • At least 5 large commercial labs (Corning,
    MetPath, LabCorp, ARUP Labs and Life Chem) have
    adopted LOINC

(1) Standards
  • Another messaging standard
  • Standard of choice for transmitting diagnostic
  • Closely supported by all of the imaging vendors
    and is working with the HL7 group
  • Web site
  • http//www.xray.hmc.psu.edu/dicom/dicom_home.html

(1) Some other coding standards
  • ICD9/10 Used to code diagnoses
  • CPT Used to code procedure data
  • ISO - Used to code units of measure
  • UMDNS Device classification standard
  • NDC Drug entities classification
  • SNOMED organism names, topologies, symptoms and
  • HOI Outcomes variables
  • UMLS Metathesaurus for clinical nomenclature
  • Arden Syntax Clinical knowledge

(2) Patient Identification
  • How do we ensure that the information belongs to
    the correct person?
  • Patients move and change addresses/tels
  • Patients change names or use aliases
  • Patients sometimes have multiple SSNs
  • There are differences in patient, provider and
    place of service identifiers among data sources

(2) Patient Identification
  • Solutions to this problem do exist but at a local
    institutional level at the moment
  • Our institution uses a combination of mothers
    maiden name, SSN and DOB to uniquely identify the
  • The Kassebaum-Kennedy Bill (PL 104-191) will make
    this into a national effort and standardize
    patient and provider identifiers

(3) Physician Data Capture
  • The ultimate EMR promises to capture whatever
    data is needed to perform any EMR task outcomes
    analysis, utilization review, profiling and cost
  • This prospect excites many CEOs and CIOs
  • However, much of the data needed for such
    functionalities comes from physicians (disease
    severity and clinical findings) and most of this
    data is recorded as un-coded free text.

(3) Physician Data Capture
  • In order for physician generated data to be
    useful it needs to be in coded form so that
    algorithmic assertions can be made
  • The problem of coding free text data is of
    paramount importance and information systems
    designers have struggled with this as long as the
    field of medical informatics has been in existence

(3) Physician Data Capture
  • One approach we could take would be to translate
    existing free text dictations into coded,
    computer readable information, but
  • Human coding is error prone and expensive and is
    at too high a level of granularity to be useful
  • Decades of research into computer based coding
    has still not yielded satisfactory results
  • Or the physician could code the data themselves
    by entering structured notes but
  • This is costly in terms of time as it requires
    the user to map the terms into computer
    understandable words at a level of granularity
    which is useful

(3) Physician Data Capture
  • Commercial EMR vendors bypass the problem and
    provide every mode of data entry possible
  • Direct keyboard entry
  • Dictation with human transcription
  • Voice Recognition
  • Structured Data Entry
  • Paper based data collection
  • Web/PDA/Mobile devices
  • Problem is that we dont know which one is the
    most efficient so users have to think with their

(3) Physician Data Capture
  • We did a study at Indiana University comparing
    voice recognition with typing and
    dictation/transcription and found that (at least
    for 1 user)
  • Voice recognition almost doubled the note size as
    compared with typing
  • It took longer to use voice recognition by 1.3
    min as compared with typed notes
  • Voice recognition was 30 fold less accurate than
  • During proofreading, the user missed 30 of
  • 1.2 of errors changed the intended meaning
  • Dictated note turnaround time was from 2-5 days!

(3) Physician Data Capture
  • Managers and quality analysts want data that is
    often never captured
  • Formal functional status
  • Detailed Guideline criteria
  • And we dont even know how much of this kind of
    information is needed?
  • For some disorders (angiography and knee surgery)
    data sets have been developed but we do not know
    the operating characteristics or predictive value
    of the data elements?
  • How do we define and collect the soft data

(3) Physician Data Capture
  • We do have some instruments for some disorders
    (CAGE, Hamilton Scale, SF12/36 etc.)
  • But we lack them for many other clinical entities
    and for much of specialty clinical care
  • And checklist based symptom questionnaires as
    opposed to validated instruments elicit many more
    symptoms than open ended questions, so which of
    these are really important?

(3) Physician Data Capture
  • Coding of all medical information is unnecessary
  • So where do we draw the line?
  • (how much should be coded and how much can be
    stored as free text) in order to maximize the
    utility of the information.
  • The other issue is with longevity of clinical
  • How often do you use a note from 2 years ago?
  • How long do we need to keep the EMR data?

(4) Cost
  • Cost is perhaps the biggest barrier to
  • Unfortunately there are few studies that have
    looked at the long term ROI with EMRs
  • Most existing studies have been done by the
    system vendors and so the data should be examined
    with a cautious note
  • However, the data that is available suggests that
    the ROI is excellent!

(4) EMR Cost Analysis Studies
  • Several studies are worth mentioning
  • (1) Renner et. Al. looked at implementing an EMR
    in 1996 in 40 primary care practices
  • Its net present value (1996 dollars) was about
    280,000 based on a 5-year model
  • They found that reducing the cost of medications
    and preventing ADEs was of the greatest benefit
    in primary care

(4) EMR Cost Analysis Studies
  • (2) Wang, Bates et. Al. looked at the cost of
    implementing a full EMR in primary care as
    compared with paper based chart systems
  • Primary outcome was the cost benefit per provider
    over a 5-year period
  • Used average statistics from their institution
    (Partners Healthcare, Boston), expert opinion and
    national data to estimate costs
  • System Costs (13,100 initial, 3100 each year
  • Induced Costs (11,200 in year 1)

(4) EMR Cost Analysis Studies
  • (2) Wang, Bates et al.
  • Benefits resulted from costs averted (/year)
  • Transcription savings (2700)
  • Reduction in need for chart pulls (5/chart
  • Drug cost savings and prevention of ADEs (2200)
  • Laboratory and Radiology cost savings (10,700)
  • Charge capture improvement (7700)
  • Decrease in Billing Errors (7600)
  • All benefits finally being realized in year 4

(4) EMR Cost Analysis Studies
  • (2) Wang, Bates et. Al.
  • Resulted in present value of net benefit (2002
    dollars) to be 86,400/provider in year 5
  • Breaking down by EMR feature they got
  • Light EMR (net loss of 18,200/doc in year 5)
  • Online patient charts only
  • Medium EMR (net benefit of 44,600/doc in year 5)
  • Adds an Electronic Prescribing Module
  • Full EMR (net benefit of 86,400/doc in year 5)
  • Adds Lab, Radiology and Charge Capture systems

(4) EMR Cost Analysis Studies
  • (2) Wang, Bates et. Al.
  • Conclusions An Ambulatory EMR
  • Resulted in net benefits across a range of
    assumptions, which increase as more features are
    added and as the time horizon lengthens
  • Most benefit was derived from reductions in drug
    expenditures, improved test utilization, improved
    charge capture and reduced billing errors
  • The greater the portion of capitated patients the
    greater the return, although benefits also accrue
    for fee-for-service patients (but mostly to
    payers and not health care institutions)
  • Limitation Did not consider malpractice
    reduction, increased provider productivity or
    decreased staffing requirements.
  • Intangible benefits Improved Quality and
    Decreased Errors

(5) Other Barriers
  • (1) Physician reluctance and fear that their
    productivity may decline (which it does)
  • (2) Unreliability of EMR Vendors in a volatile IT
    economy. Lack of adequate IT support from the
  • (3) Concerns over data security

Summary Barriers to EMR Use
  • Too many data sources, no simple way to
    coordinate and connect them except to use
    standards which are still evolving
  • Unique patient identification still a problem
    esp in large tertiary care centers
  • Physician data capture inefficient and expensive

Summary Barriers to EMR Use
  • Startup costs can be prohibitive but long term
    benefits are clearly evident form pilot studies
  • Physician reluctance a major barrier to use
  • Concerns over security still an issue, eg HIPAA
  • System vendors are transient and fail to provide
    adequate support

EMRs for Clinical Research
EMRs for Research
  • So what EMR functions do we need in order to
    effectively do clinical research?
  • Answer Depends on what you want to do
  • However, to be able to ask questions of your
    practice, you need
  • Registration data (Registration system)
  • Diagnoses (Billing data)
  • Medications (Pharmacy data)
  • Labs and other Test Results (Lab/Radiology data)
  • AND
  • A system to query these databases intelligently

EMRs for Research
  • You dont necessarily need a decision support or
    order entry system but if you want to intervene,
    you may want to include these systems as well

EMRs for Research
  • Note that the registration, billing, pharmacy and
    lab/radiology data usually (but not always)
    exists, outside of the context of any specific
    EMR system
  • These are just data repositories which need to be
    tapped into and queried
  • So you need a system to access and query these
    databases, independent of any electronic medical
    record system.

EMRs for Research
  • Alternatively, you could build a master
    repository which acquires and stores this
    information and permits intelligent queries to be
  • This is exactly what we did in Kenya in the
    Mosoriot Medical Record System, although data is
    still hand-entered. Eventually it will be
    downloaded using HL7 messages.

Mosoriot Medical Record System
  • An example of an EMR that is inexpensive and
    functional and supports both clinical care and
    research in rural Kenya
  • Built in 2-3 weeks by 1 programmer using
    Microsoft Access
  • Consists of
  • Data dictionary tables which define test names,
    medications, diagnoses etc.
  • Forms which are used for data entry
  • Has tables for registration data, billing data,
    medication lists, lab and test results
  • Currently running on Tablet PC devices in Kenya

Research Workflow Model
EMR Features Conducive to Research
  • Reliance on Standards (HL7, LOINC, ICD9, CPT)
  • Easy access to data repository, i.e. database
    structure is well documented
  • Built-in Practice Profile Management systems
  • Built-in decision support and order entry
  • Able to export data in a standard format (CSV,
    MDB etc.)

HIPAA Security
  • HIPAA Heath Information Portability and
    Accountability Act
  • Final Security Rule Published in the Federal
    Register on February 20, 2003 (effective 60 days)
  • http//www.cms.hhs.gov/hipaa/hipaa2/regulations/se
  • Designation 45 CFR 160, 162, 164
  • Compliance Dates April 20, 2005
  • Covered Entities 24 months after effective
  • Small Health Plans 36 months after effective

HIPAA Security
  • Some excellent links
  • http//privacy.med.miami.edu/glossary/gt_security_
  • http//www.hipaadvisory.com/tech/wireless.htm
  • http//www.hipaadvisory.com/regs/securityoverview.

HIPAA Security
  • Security should not be confused with Privacy or
  • Privacy The rights of an individual to control
    his/her personal information without risk of
    divulging or misuse by others against his or her
  • Confidentiality only becomes an issue when the
    individuals personal information has been
    received by another entity. Confidentiality is
    then a means of protecting this information
  • Security refers to the spectrum of physical,
    technical and administrative safeguards used for
    this protection

HIPAA Security
  • Addresses 3 tiers of protection
  • Administrative Safeguards
  • Physical Safeguards
  • Technical Safeguards

Administrative Safeguards
  • Institutional level
  • Develop security management process where
    potential threats to PHI are determined
  • Provide training to all employees about HIPAA
  • Provides appropriate level of authorization based
    on a protocol for granting access
  • Violations should be clearly documented and
  • A disaster recovery plan should be in place

Physical Safeguards
  • Applies to 3 elements of the PHI data storage
  • Facility where PHI data is stored
  • Workstations on which it is stored
  • Media on which it is stored

Physical Safeguards
  • Require that the facility have access control
  • Contingency plans need to be in place in case an
    intruder gains access
  • Workstation security measures be in place
  • Automatic logoff
  • Screen is placed away from potential viewers
  • PDAs should be password protected
  • Devices and media should be appropriately
    disposed of in case they are no longer needed and
    data should be erased properly

Technical Safeguards
  • Applies to how information is stored, verified,
    accessed and transmitted/received
  • Access and audit controls
  • Emergency access to information when needed
  • Automatic logoff is enforced
  • Data is encrypted and decrypted during
  • Verify integrity of the storage and transmission
    (digital signatures)

Am I HIPAA Compliant?
  • Questions to ask yourself and your institution

Questions to ask your institution
  • 1. Was a security audit done and if so what are
    the results?
  • 2. Did I get the appropriate HIPAA training and
    do I have a certificate to prove this?
  • 3. Are there procedures in place to grant access
    to PHI to authorized users?
  • 4. What are the procedures in place in case of
    disaster, data loss or data theft? Are Backups
    made frequently?

Facility, Workstation, Media
  • 1. What are the procedures in place to safeguard
    the facility from intruders? Are there
    contingency plans for dealing with intruders,
    data theft or other event?
  • 2. How do protect the safety of workstations? Are
    they password protected?
  • 3. Can bystanders view the screens on which PHI
    may potentially be displayed?

Facility, Workstation, Media
  • 4. Is an automatic logoff mechanism enforced?
    What time limits are provided before this occurs?
  • 5. What types of data are stored on PDA devices
    and if PHI is stored is it password protected or
  • 6. What procedures are used when disposing of,
    reusing or archiving data on hard disks, CDs,
    floppys and Zip disks? Are PHI data erased
    properly if the disks are to be disposed of or

Data Level
  • 1. Are there audit mechanisms for checking who is
    accessing the PHI data and is this done on a
    regular basis by authorized personnel?
  • 2. Are there procedures in place to grant
    emergency access to information if needed?
  • 3. Is data integrity checked when the data is
    transmitted or received? (digital signatures,
    digital certificates, checksums etc.)
  • 4. Is the data encrypted and decrypted during the
    transmission process?

HIPAA Wireless Security
Before you Begin
  • Do I really need to be wireless of can I get by
    with a wired connection?
  • Is space limitation a problem?
  • Is mobility absolutely necessary?
  • Do I have the permission of my institution to
    install wireless networks?
  • Do I have adequate IT support to do this?

11 Steps to Wireless Security
  • Wireless is inherently unsecure
  • Many Many ways of hacking into wireless networks
  • Technology base is there to make it secure
  • Some simple steps can be taken to maximize the
    security of your wireless network

11 Steps to Wireless Security
  • 1. Change the default SSID (network name) on the
    router so that your name/location is kept secret
  • 2. Disable the SSID broadcast, if your router
    supports it. This will prevent hackers from
    seeing you
  • 3. Change the administrators password on your

11 Steps to Wireless Security
  • 4. Turn on the highest level of security
    supported by your hardware (i.e. Wireless
    Equivalent Privacy WEP, which is older or WPA
    which is the latest and most secure)
  • 5. Make sure you have the latest firmware
    updates. Implement MAC (media access control),
    which specifies exactly which WLAN PC cards can
    access the network and excludes others

11 Steps to Wireless Security
  • 6. Place the Wireless Access Point (WAP) towards
    the middle of the building, keeping the zone of
    potential access within the building.
  • 7. Do your own security audit. Use Network
    Stumbler (www.netstumbler.com) on your Tablet PC,
    laptop of PDA and walk around the perimeter of
    your building to see where and what a would-be
    hacker may see

11 Steps to Wireless Security
  • 8. If you have a limited number of wireless
    clients (Tablet PCs), provide them with static
    IP addresses, and disable DHCP on your router.
    This ensures that only authorized machines can
    see your network.

11 Steps to Wireless Securit
  • 9. If we are in an enterprise setting, use VPNs
    (Virtual Private Networks). You can isolate your
    WLAN from the wired network using products such
    as the Netgear FVM318 or the SonicWall SOHO TZW.
    Then you can use the VPN to tunnel directly into
    the wired network securely

11 Steps to Wireless Security
  • 10. Avoid using public hotspots, areas that are
    insecure and open for general use.
  • 11. Turn off file and print sharing on your
    Tablet PCs. Most devices do not prevent
    client-to-client traffic, so people sitting
    across the street from you can be looking at your
    shared directory remotely.

Guide to Selecting and Deploying an EMR
Selecting an EMR
  • Award winning EMRs
  • CPRI Davies Award Winners (1995-2000)
  • Emphasis on successful implementation, not on
    technology that is behind the design
  • Functional Requirements
  • Integrate data from multiple sources
  • Provide decision support
  • Used by caregivers as primary source of
  • Must enhance care, not just replace paper
  • So who are there award winners and what are their
    strategies for success?

Davies Award Winners
  • Intermountain Healthcare System, Salt Lake City
  • Columbia Presbyterian Medical Center
  • Department of Veteran Affairs CPRS (now
  • Brigham and Womens Hospital
  • Kaiser Permanente, Cleveland OH
  • Regenstrief Medical Record System
  • North Mississippi Health Services
  • Kaiser Permanente, Portland OR
  • Northwest Memorial Hospital, Chicago
  • Kaiser Permanente, Rocky Mtn. Region
  • Harvard Vanguard System

Davies Award Winners
  • Common Strategies and Attitudes towards
    implementing EMRs

Common Strategies
  • Vision of healthcare as an information business
  • Sustained leadership (5 years )
  • Run by project leaders and not CIOs
  • Most projects had physician champions
  • EMRs subjected not to a cost benefit ROI analysis
    but to an unremitting pressure to show value

Common Strategies
  • Customer Service, Customer Service!
  • Frequent, sustained, end-user orientations and
    feedback with demonstrated responsiveness to
  • Weekly Regenstrief Pizza Meetings
  • Kaiser physician focus groups
  • Northwestern weekly feedback with supplements
  • System developers were also the salespeople,
    troubleshooters, coaches and colleagues!

Common Strategies
  • Plans in place for system evaluation and change
  • All winners had to re-engineer some workflow
    process dont automate a manual process that
    occurs commonly but does not work!
  • Incremental deployment dont rush things
  • Each increment overcame a specific barrier to
  • Systems were viewed as tools to enable care
    process improvement and were not an end to

Common Strategies
  • All resulted in a decreased reliance on
    paper-based sources of information
  • Decision Support, Decision Support, Decision
    Support -gt provides the largest value added
    compared to a paper system
  • Focus on standards based data architecture rather
    than specific applications to do this or that
  • Flexible enough to adapt to organizational change

So what can I do to implement an EMR in my
Can I implement an EMR?
  • Depends on your size and your budget
  • Solo practice -gt yes, definitely
  • Multispecialty group (2-100) -gt probably (cost is
    around 4-20K per provider)
  • Multispecialty, multisite groups maybe
  • Tertiary care centers with scattered secondary
    care sites -gt probably need to be brave and

What EMR should I choose?
  • Do not start in product selection mode
  • Begin by identifying the practice processes that
    you wish to improve first
  • Then search for the functions you need
  • Problem List Medications
  • Clinical Encounters Lab/Xray/Pathology
  • Telephone Calls Referrals
  • Preventive Care Managed care

Which EMR should I choose?
  • Anticipate primary and secondary users
  • Primary
  • Clinical decision making,
  • Documentation
  • Support for Billing
  • Secondary
  • Provider profiling and service utilization
  • Quality report cards and outcomes analysis
  • Regulatory reporting and justification for studies

What if I have a limited budget?
  • Again, think of using selected modules to enhance
    parts of your practice
  • Clinical Note Systems
  • Prescription Writer
  • Use one or more of the OpenSource EMRs
  • Need some level of IT expertise to deploy
  • No real support available from the developers

Examples of OpenSource EMRs
  • a. OpenEMR (http//www.synitech.com/openemr/
  • b. Care2002 (lthttp//sourceforge.net/projects/care
  • c. Open Infrastructure for Outcomes UCLA
  • d. PatientRunner (lthttp//sourceforge.net/projects
    /patientrunner/gt) mental health record system
  • e. OpenSDE (lthttp//sourceforge.net/projects/opens
    de/gt) structured note entry system
  • f. MedSurvey (lthttp//sourceforge.net/projects/med
    survey/gt) clinical information system for
    Windows PCs
  • g. OpenEMed (lthttp//sourceforge.net/projects/open
    med/gt) Java based EMR
  • h. Hardhats (VAs VISTA software) yes this IS
    open source now and available to EVERYONE
    (lthttp//www.hardhats.org/gt), (lthttp//sourceforge

EMRs for Primary Care Practice
  • Recent survey done by the journal Family Practice
    Management (2001)
  • Surveyed 28 vendors
  • Price structure highly variable
  • Found that the market is highly volatile and some
    vendors went out of business or merged with
    others during the time of the survey

EMRs for Primary Care Practice
  • Five star systems
  • ChartWare
  • HealthProbe Patient Information Manager
  • EpicCare

EMRs for Primary Care Practice
  • Four Star Systems
  • Logician
  • NextGen
  • Pearl
  • Physician Practice Solutions
  • PowerMed EMR
  • Practice Partner Patient Records
  • QD Clinical

EMRs for Primary Care Practice
  • Four Star Systems
  • SOAPWare
  • Welford Chart Notes
  • Clinical Works Module (ASP)
  • NextGen (ASP)
  • Physician Practice Solution (ASP)
  • topsChart (ASP)

EMRs for Primary Care Practice
  • 4 physician practices
  • ENTITY, Logician, NextGen, ClinicalWorks
  • 10 physician practices
  • EpicCare, PEARL, Physician Practice Solution
  • All others can serve practices of any size

EMRs for Primary Care Practice
  • Most allow ICD9 and CPT codes
  • Many allow access from the web
  • Most allow multiple modes of data entry
    (keyboard, mouse, touch-screen, light-pen, voice
    recognition etc.)
  • Most permit integration of hospital data with a
    primary care database

Integration with Handhelds
  • Some EMRs allow data access from PDAs and other
    handheld or laptop devices
  • ChartWare - O-HEAP
  • DOCUMENTOR - Partner
  • ENTITY - PowerMed
  • EpicCare - SOAPWare
  • MedicWare - Welford ChartNotes
  • NextGen - ClinicalWorks
  • topsCHART

Other EMR Surveys/Resources
  • HealthCare Informatics 2004 Resource Guide
  • Comprehensive listing of EMRs, features, costs,
    contact information etc.
  • 50 per copy
  • Order from
  • http//www.healthcare-informatics.com

Some Lessons Learned
Lessons learned the hard way
  • Well-designed renowned vendor products meet about
    80 of your needs -gt where will the other 20
    come from?
  • Poorly designed systems will be quickly abandoned
    by time-pressured end-users
  • Caveat Emptor Total Solution, Turnkey
    solution, esp if a proprietary black box

Lessons learned the hard way
  • Clinical/Administrative information is inherently
    structured. Capturing it in unstructured ways
    (images) is a costly mistake
  • Data acquisition costs may be more expensive than
    operational expense (I.e. keyboard entry time
    more costly than provider input)

Lessons learned the hard way
  • Users will accept a tradeoff if there is a clear
    payback in functionality
  • Attitudes towards computer use are not age
  • Be the 10th customer to a vendor, never the
  • Beware of vendors who say we can do that what
    is it?

Lessons learned the hard way
  • The most important information a vendor will give
    you is the address of 2-3 sites where their
    system is currently in use

  • David Bates, MD
  • Daniel Masys, MD

About PowerShow.com