Is EHR safe? Anthem Breech affects several million

The recent breech at Anthem that resulted in the access of the personal information of over 10 million people makes us go back and ask “how safe is EHR?”  It has been a long debate since Medicare has been trying to mandate the use of EHR by all Medicare providers by introducing a penalty program that became effective this year.  Any Medicare provider that does not demonstrate meaningful use of EHR will receive a 1% penalty for services in 2015.  The argument is that EHR makes health records more accessible which will save lives and that it decreases paperwork for the provider.  However, many do not agree with those arguments.  There are many smaller offices that are now required to use EHR.  While there are some free EHR systems available, most cost quite a bit of money.  For smaller offices, or part time providers it simply may not be feasible.  And of course there are some patients who absolutely do not want their records in an EHR system.  There are a variety of reasons patients may want to avoid their records being on such a system.  One of them being safety.  Anthems recent breech just strengthens this argument.

“Anthem was the target of a very sophisticated external cyber attack,” according to Anthem president and CEO Joseph Swedish.  And this is not the only recent breech.  Sony was recently hacked as well.  Even though this did not affect the medical field it shows that information on the internet is vulnerable.  Breeches such as these are unfortunately becoming all too common.  Which brings us back to the original question, is EHR safe?  Unfortunately there is a price tag on patient data and medical data brings a high pay off.  This makes hacking into an EHR system even more desirable.  There is really no way to make it so that you are not vulnerable at all.  Most businesses use internet in some way or another.  Credit card companies, banks, and department stores are just a few.  So your information is out there.  But does EHR open you up to even more of a risk.

Doctors Face Another 1% Cut By Medicare

Congress has mandated adjustments to the MPFS, Medicare Physician Fee Schedule, for all eligible professionals providing covered services to Medicare beneficiaries who are not demonstrating meaningful use of EHR or Electronic Health Records.  These adjustments are effective January 1, 2015.

Some people read that above statement and are still scratching their heads as to what it means.  Why does CMS have to make things so difficult to understand?

Basically the government has taken another incentive program and turned it into a penalty program.  They have been trying for several years to get providers to use EHR in an effort to make patients health records more easily accessible.  They started out by offering monetary incentives to providers who voluntarily implemented EHR programs in their practices.  As with PQRS, the incentive program turned into a penalty program.  Any eligible professional who does not use EHR will be penalized by receiving a lower payment.

The penalties will be applied beginning January 1, 2015 and will be a 1% reduction.  So instead of allowing 100% of the Medicare allowed amount, providers who have not demonstrated meaningful use of an EHR will receive 99% of the allowed amount.   This is on top of the 2% being taken back for the sequester and the 1.5% penalty for PQRS.

What is meaningful use?  How does CMS know if a provider is demonstrating meaningful use?  Is this like Big Brother and they just know?  As with most of the government programs they do not make it easy for the provider to understand.  Actually providers who are using EHR must register that use with CMS at the following website:

We have found that many providers are actually using EHR but they didn’t know that they had to register their use.  EHR companies that are compliant with CMS have a code that they supply to the provider to input into the registration to show CMS which software they are using.

When it is spelled out in plain English it doesn’t seem like such a big deal.  But trying to wade through the government’s information about the program can seem overwhelming.

Providers who have not registered as using an EHR program received letters in the past few weeks advising them that they have been identified as an eligible professional who did not demonstrate meaningful use and therefore will be penalized the 1%.

If you or your provider has received this letter and you are using EHR then you need to register that use ASAP.  If the use is not registered then it doesn’t matter if you are using EHR, you will still be penalized.

Once the EHR use is registered the provider must complete the attestation to demonstrate meaningful use.  The attestation is a series of questions the provider must answer to show that their use of the EHR program complies with CMS’s guidelines for “meaning use”.  In order for a provider to avoid the penalty they must successfully register and attest to their use of EHR.