Ah, the dog days of summer. The local restaurants are empty; there are no lines at the bank. In the electronic health record world, the government and vendors have been relatively quiet. This little break from the rough and tumble of the rest of the year is always welcome.
Yet we all know that this little calm is short-lived. The final rule implementing Stage 2 of the Meaningful Use incentive program was released today; the final mega rule implementing many of the provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, which will have a major impact on EHRs, was due out this summer and is expected at any time. Even the final rule on ICD-10 should be released soon.
It's like waiting for a blizzard or hurricane. You know that they're on their way, and you're going to be socked when they hit. But there's only so much one can do to prepare for them. Sure, you can buy milk and toilet paper, and make sure there are batteries in the flashlights, but it's hard to take additional steps without knowing exactly what type of wallop the disaster, er, regulations will bring.
With regard to the HIPAA privacy and security rule--which will also have a big impact on EHRs--how will forthcoming changes affect how electronic patient data is protected? Will the financial harm assessment be retained or dropped from the security breach notification rule? If it is dropped, then an EHR security breach is likely to be much more costly.
One provision in the HIPAA rule requires providers to keep confidential specified patient records from a patient's health insurer in certain circumstances. What will the final rule require? And will a provider's EHR be able to separate out that data? Will EHR systems need to be upgraded to comply? How much would that cost?
We know that there will be a lot of work in just a few weeks. In the meantime, we can merely anticipate.
Let's just hope that the different rules (Meaningful Use, aside) don't all come out at the same time. Or right before vacation. - Marla