Thursday, June 13, 2013

How an expert helps you with EHR Selection?

Implementing an EHR can be a time consuming and an expensive affair.  It requires you in most cases to devote a full time staff for the implementation process.  Also the selection of the right EHR is critical to maintain practice efficiency, productivity, and its financial stability and also be eligible for Meaningful Use.

Given the above factors, it is a good option to the have a selection / implementation expert by your side to help you decide on the right EHR for your practice and then help you implement, train your staff and provide on-going support.

Below we outline how we at Technical Doctor Inc. provide EHR Consulting to help our clients select the right EHR, implement it with the right hardware and provide post implementation support / training.

EHR Selection:
1.       Technical Doctor has created and revamped the ordinary "workflow" with a more EHR / IT focused workflow.  This workflow measures the tech savviness of the users and their ability to perform documentation within a computer system to ensure patient care, proactive Billing and Meaningful Use measures.   This workflow takes approximately 2 days and a conversation with all staff members.   

2.       Technical Doctor "shops" the practice's work flow against EHR software that would be most suitable for the practice's budget and level of need.   The shopping list is narrowed to 2-3 EHR's that meet the need of the practice's workflow.

3.       Present the prospective EHR solution to the client with Technical Doctor's discovery of the EHR Company and support staff.  The practice will choose the DEMO's they want to see.

4.       We arrange the Demo and the EHR Company has to win the sale by presenting their product. They use the Technical Doctor - Workflow documentation to give the demo based on the exact requirement of the practice.

5.       Selecting the EHR:  We help the practice decide based on several key parameters.
a.       The main parameter is the clinical understanding that's focused to the specialty 
b.      The secondary parameter is the support and technical programmers on staff
c.       Most physicians do focus on price more than the other parameters
d.    The government and hospital incentives also play a huge role on what EHR is available at discount.

6.        We assist in arranging with clearing house, help selecting the interfaces, and faxing solutions that is a best fit for the practice and the EHR selected.

7.       We ensure the practice Sign contracts with all vendors and help them in understanding the contracts.

EHR Implementation:

1.       We help the practice decide what hardware to Purchase and offer them options and discount pricing due to our leverage with providers.
2.       We help setup, install, and configure the EHR and integrate other solutions with it to help build a secure, HIPAA compliant and robust infrastructure.
3.       We manage Installing and configuring computer equipment including workstations, servers, network hubs, PDA and wireless devices, printers and scanning solutions.
We ensure that proper and secure data backup solution is in place for your EHR data to be safe. 

Post Implementation:
1.       Stay with the client during training and assist after the training is completed.
2.       Provide on-going technical support for your computer equipment and communications infrastructure.
3.       We will provide all the up-to-date information on chosen EHR for version upgrades, updates and new releases. Hence no need for you to keep track or waste time with follow ups.

1.       Save time of staff and decision makers:
a.       No need to research and decide on the initial short list of EHR vendors
b.      Ensure hands-on support for training and hand holding

2.       Save money for the Medical Practice:
a.       Help select the right EHR to maintain profitability.
b.      Help select the right EHR to maximize Meaningful Use incentives.
c.       On hardware by leveraging on our long term tie-ups with Vendors.
d.      By providing you a solid and affordable support plans.

3.       Technical Doctor is an agnostic company for the sake of physician's / practices best interest, hence the EHR selection is finally decided by the Medical Practice based on the demos and expert inputs provided by us.

4.       Expert Advice: Technical Doctor attends and continues to interact with all major EHR vendors across conferences, meet-ups, special training sessions etc. During these meetings Technical Doctor gets time to assess each EHR vendor, their product, their support ability, the product and company longevity, and their certifications. This insight translates into expert advice for the Medical Practice in helping them select the EHR. 

Wednesday, June 5, 2013


What is a HIPAA Risk Assessment?
Title II of HIPAA, known as the “Administrative Simplification provisions”, requires practices to follow a set of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. A HIPAA Risk Assessment is a process that helps ensure that the practice is following the set of national standards. These standards cover everything from the IT side to the physical layout of the practice and to the administrative side of the practice.

Why do a HIPAA Risk Assessment?
As stated within the requirements for Meaningful Use, a practice must “conduct or review a security risk analysis and implement security updates as necessary and correct identified security deficiencies as part of its risk management process”. This means that in order to meet the requirements for Meaningful Use, your practice must conduct at least one security assessment to prove that your practice is HIPAA compliant. Your patients will feel more comfortable as well knowing that their medical records are safe with you. The cost of not being HIPAA compliant can be devastating, with a maximum penalty of $250,000 and 10 years imprisonment.

How can a partner get you prepared for an actual audit?

Technical Doctor has completed 20+ different types of risk assessments with 100% satisfaction from all of our clients. We break down every aspect of your practice and inspect every possible security flaw in your practice. After the assessment, we will provide you with documentation that proves that your practice has met all of HIPAA’s requirements as well as documentation stating what your practice needs to actively do to stay HIPAA compliant.  In the event that your practice is audited, you will have all of the documentation you need to prove that you are HIPAA compliant on hand.


  1. For a start follow the guidelines and rules set by HIPAA.

  1. Keep all paper Medical Records under lock and key and make sure non-authorized personnel have no access to it.

  1. Destroy any paper records which are passed their required storage date or digitized and no longer needed.

  1. Install an antivirus and firewall software on all your PCs and Laptops and also on your internal network. If possible keep only limited internet access on your internal network.

  1. Computers should not be facing the waiting room or any direction where non-authorized people can view it, use password locks when away.

  1. Always log out of the EHR system when leaving the computer.

  1. Do not use social security numbers as a unique patient identifier.

  1. Patients have the right to revoke access to any Health Information Network your practice may be part of. Ensure you have proper written consent/consent forms filled when sharing information with anyone.

  1. Change your passwords as mandated by the Guidelines. Ensure that passwords are not exchanged or written/posted in places where other can see. An employee of the practice making such a mistake can have big repercussions for the whole practice.

  1.  Portable hardware containing data should be kept secure and locked away when not in use.

  1. All hardware should be kept in a clean environment and with minimum or no access possible to non-authorized personnel.

  1.  Train all staff members on data security policies and procedures. Make sure everyone in the practice understands and observes the policies and procedures for protecting patient health information.

  1. Make sure your staffing policies and procedures are up to date. If an employee leaves the practice, change the user’s status to inactive.

  1. Review audit trails periodically. Reviewing audit trails can alert practices to potential system abuse or misuse.

  1. Have a disaster recovery procedure. Accidents happen, stuff breaks, the weather isn't always cooperative. You need to be prepared for everything that happens.

  1.  Make sure your data is backed up every day.

  1. The computer that stores the patient data must be encrypted.

  1. The server should be kept in a locked room with limited access.

  1. Keep a list of third party vendors that interact with your practice. Make sure they sign a NDA or some kind of agreement that states the third party vendor won't disclose any information in your practice.

  1. Designate someone as a "security officer" or someone who is in charge of making sure the practice is HIPAA compliant.

  1. All employees should be wearing badges or something that identifies them as someone that works for the practice.

  1. Train the staff on proper internet use. Going to non-work related sites is incredibly risky.

  1. If a patient's name is stored somewhere that is not in an EHR system, there cannot be anything that identifies that person as a patient.

  1. If flash drives or any external data device is used in the practice, make sure that device stays within the practice and only plugs into computers that are owned by the practice.

  1. In the event that your computer shows signs of being infected, stop what you're doing and tell the security officer right away.

  1. Flash drives or external media that was found on the ground should never be put into your computer. Who knows what is on that media.