Witherspoon serves as system vice president and chief medical information officer for Ochsner, a New Orleans-based delivery system that encompasses eight hospitals, 1,200 employed physicians, 35-plus clinics and 2,500 affiliated community physicians.
It accounts for about one-third of the total care delivered in southern Louisiana. Like other health care providers, both large and small, Ochsner is subject to a plethora of federal, state and accrediting body regulations. Together, they overlay a complex weave of compliance issues on the delivery system. So it's no surprise Witherspoon's list reads like the curriculum for a graduate degree in health care administration.
There's meaningful use, there's data security, there's Joint Commission. Throw in data exchanges, Stark, and a slew of physician practice-based issues. Don't forget payer audits, Medicare quality incentives, and requirements around the electronic signatures in the research setting. And by the way, there's ICD-10. "Not a small ticket," Witherspoon adds dryly.
To finish his list, Witherspoon notes the presence of the U.S. Food and Drug Administration in the lab and radiology departments. "Many other federal agencies get involved with compliance issues as well," he notes, tossing out the Department of Transportation and the Nuclear Regulatory Commission. Witherspoon-to maintain sanity-takes the regulatory environment in stride, describing it as something that no single person could hope to understand. "All the regulations have implications for I.T. and the electronic health record," he says. "We have a significant compliance department and spend a lot of time talking about these issues, and their spin-offs. Between compliance and legal, we have a dozen people who pay attention to the regulations. And we have a quality improvement group that gets involved with pieces of this."
Across the health care industry, hospitals, medical groups, and even clinical I.T. software vendors are facing an extraordinarily busy compliance agenda in 2012 and beyond. Their to-do lists break down into several large categories, many of which overlap.
CIOs will be focusing this year on the meaningful use EHR incentive program, attesting for Stage 1 and tracking the development of the Stage 2 requirements. Privacy and security requirements, tightened under the health reform bill, will be addressed. Accountable care is also on the radar, with any number of related Centers for Medicare and Medicaid Services efforts to shift the industry away from fee-for-service to outcomes-based payment arrangements.
In the financial realm, there's a number of retrospective audit programs underway, as Medicare and Medicaid begin to crack down on potentially overinflated bills. On top of it rests ICD-10, the enormous transition to a new coding and billing system that takes effect in October 2013, but which is sparking an industry scramble (late in coming by most counts) this year.
The impact of these regulations can vary widely. Hospitals, particularly those with varied organizations such as nursing homes and home health agencies under their banner, get hit the hardest, particularly as CMS attempts to constrain runaway inpatient costs. Group practices may not have as broad a regulatory to-do list, but they typically don't have the luxury of a compliance and legal team working on their behalf. EHR vendors feel the pinch too (see sidebar, this page).
The labyrinth-like nature of the regulations has compelled many in the industry to take what they consider a holistic approach to compliance. In other words, they don't adapt systems to each and every rule, but rather try to understand the significant underlying principles and then create the infrastructure they think they will need to adhere to them. Accountable care is one example. But compliance with some programs-namely Medicare RAC audits-calls for production of specific records in a specific time frame. It's a costly, labor-intensive and high-stakes effort at best (see sidebar, page 31).
Setting the stage
Any regulatory to-do discussion almost invariably starts with meaningful use. The lure is more than incentive dollars, which can be in the multi-millions for hospitals. The EHR sets the stage for so many other programs, such as accountable care and health information exchange (likely a later-stage requirement for MU), that providers are determined to keep their attestation efforts on course. Ochsner in 2011 attested for Medicaid on the both the inpatient and ambulatory measures. About 70 physicians met the requirements, Witherspoon says. This year, the process will continue, and Witherspoon hopes Ochsner's eight hospitals will be far enough along the MU criteria to attest by year's end. "We have spent a lot of time preparing," he says.
Part of what makes the job challenging is that Ochsner is transitioning to a new EHR, from Epic, which is supplanting a homegrown ambulatory system and a Siemens legacy system on the inpatient side. Ochsner retired paper charts several years ago, but it was the lure of a unified-and MU-certified-EHR across care sites that compelled the switch. Epic will offer a suite of practice management, clinical documentation, and billing modules. "We'll replace a dozen departmental systems," Witherspoon notes. "Integration trumps everything around physician preference."
One of the thorniest regulatory challenges around the EHR deployment, Witherspoon says, is assuring the technology upholds the various scope-of-practice laws and rules in force. EHR access is role-based, but Witherspoon notes it's not easy to determine exactly who can do what in a medical setting. State laws and policies from the boards of medical examiners and nurses figure. "With the EHR, we have pushed some clerical and secretarial duties down to physicians and licensed nurses," he says. "At the same time, our medical assistants do a lot of things nurses would otherwise do, but medical assistants are not licensed in Louisiana."
Some questions-such as who can enter orders, who can sort out results, and which notes have to be countersigned-will be thrashed out in the year ahead, with Epic access modified accordingly. "There are many nuances depending on who you are and your licensure," Witherspoon says.
