Healthcare providers are required to comply with regulatory requirements pertaining to patient information security, operational practices, service delivery procedures, and electronic health record management. These include ICD-10, JCAHO, ARRA, HIPAA, and HITECH besides accounting related compliance requirements like SOX and national and state regulations pertaining to patient safety. Medicare and Medicaid audits such as the RAC, MIC, and ZPIC audits add further pressure on healthcare providers. Providers are under pressure to deliver quality health care with a shrinking workforce to a larger population.
Independent Software Vendors (ISVs) need to have the ability to align the provider’s strategy to their vision, translate the strategy into initiatives, and deliver the initiatives with innovation, speed and cost effectiveness. ISVs need to respond appropriately to address the business drivers and regulatory challenges as outlined below:
Information security: Tracking confidential information about each patient including personal information, medical records, bill¬ing information and payment details and storing them in a secure manner is a huge challenge. ISVs and the software development companies they partner with should offer solutions with built-in workflow components that allow the creation, review, and auditing to ensure the accuracy of information captured. HIPAA and HITECH certifications are now provided by independent third party companies. ISVs should be able to offer solutions that meet the security requirements and pass muster when the same is audited.
Regulatory requirements: A high degree of regulatory scrutiny and imposition of stiff penalties for non-compliance have become the norm. Regulations at the national level include Health Insurance Portability and Accountability Act (HIPAA), Sarbanes Oxley Act (SOX) and Graham Leach Biley Act (GLBA). The solution provided should cater to the specific regulatory requirements by having an integrated framework that facilitates the definition and maintenance of a central structure of the overall compliance hierarchy. This should ideally include the processes and assets in scope, the risks and the controls to address these risks.
Usage of analytics: Digitization of EHR data in a structured form allows healthcare providers track and monitor activities. ISVs should offer solutions that focus on facilitating analysis of data rather than focus merely on data collection and aggregation. Effective usage of analytics can help providers drive process improvement and service innovation.
Integration capabilities: HIT Solutions should be capable of integrating data that resides in multiple applications including EHRs, PRMs, websites and mobile applications.
In summary, ISVs and their partners need to provide solutions that offer end to end services to gear up to the ever changing regulatory
landscape. The solutions provided should adopt a unified and integrated approach to meet overall objectives, as well as regulatory and compliance requirements. More importantly, ISVs need to realize the importance of having the relevant domain expertise in healthcare besides an in-depth knowledge and understanding of issues pertaining to information security and fraud prevention. This will result in deployment of solutions with a scalable governance, risk and compliance architecture to manage the regulatory compliance requirements and stand scrutiny of regulatory audits. The solutions should be capable of supporting the organizational model across different functions, units and departments.
Healthcare providers should look for the above features in the solutions that they deploy. Besides these features, ISVs should be evaluated and chosen based on their track record and their technical and functional capabilities to meet their specific requirements.