Electronic Health Records IT Services in Healthcare Provider Industry PEAK Matrix™ Assessment 2016 | Market Insights™
Electronic Health Records (EHR) IT Services in Healthcare Provider Industry PEAK Matrix™ Assessment 2016
Electronic Health Records (EHR) IT Services in Healthcare Provider Industry PEAK Matrix™ Assessment 2016
While the healthcare industry is reeling over the massive size of the Department of Defense’s (DoD) US$9 billion EHR contract just awarded to Cerner, Leidos, and Accenture, less attention is being paid to the fact that this team won the deal over the hot favourite joint bid of Epic Systems and IBM. Those who know the EHR landscape know there is scant anything that Epic loses (of course, the same used to be said about IBM, and that is where irony can probably find solace). Hence, the focus of this blog is on the fact that the invincible Epic Systems lost the mother of all deals in the EHR space.
Why are we hung up on Epic Systems? For the uninitiated, here is some context:
Predominant market leader: With over 40 percent market share, Epic has precipitated a large ecosystem of providers that are on its EHR platform. Epic has intelligently used its dominant market position to work with its customers in defining the roadmap for the evolution of EMR systems, and to make its competitors react to the steps it is taking to innovate across various care practices. Epic has focused primarily on large hospital systems, with minimal attention on the mid- to low-sized segment of the market. With its hold on the market, one is led to believe that Epic chooses its clients, rather than the other way around
Highly relationship-driven: Clients have traditionally loved Epic for being proactive in evolving its products, responding to suggestions, and quickly fixing issues. This is what set it apart from the biggies, such as Allscripts and Cerner, in its initial days. Epic has strong consultative sales teams that work closely with administrators, CMOs, and physicians. For large pursuits, it deploys dedicated product customization teams that can deliver POCs, manage change, and implement Epic in record time with partners. And most of Epic’s key product people, who can actually understand and address issues, are just a phone call away.
The “Epic” standard EMR? In an era where healthcare is actively pursuing consumer-focused and highly flexible technological innovation, Epic is facing flak – outside of its existing customer base – because of its highly standardized and rigid architecture. Key areas of question include lack of interoperability, lack of efficient APIs for consumer/end-user application development, and foreseen inability to innovate in a digital world due to its MUMPS-based legacy platform. This is what came out starkly when you read between the lines of Frank Kendall, Under Secretary, Department of Defense’s statement: “Market share was not a consideration, we wanted minimum modifications.”
High upfront capital investment: The upfront cost of Epic adoption is increasingly being mentioned as one of the hindrances. Cost is a major factor, and EMR implementations are hospitals’ biggest IT spend and budget areas. More importantly, some of the highly cited large EHR implementations (such as the US$700 million Duke University and Boston Partners deal) create an impression of a highly rigid commercials image for Epic. The case on cost versus benefit of having EHR has not been settled yet. Epic’s high premium positioning put it in a tight corner, despite the US$35 billion subsidies riding the EMR industry, and the general customer preference for Epic. The irony here is that the US$9 billion size of the deal is the reason Epic was such a natural choice for this DoD deal, but it probably lost it because the government needed a more flexible arrangement
Declining quality of services: Epic is facing the classical quality versus quantity challenge when it comes to managing its growing list of clients. The increasing shortfall in expert support staff is impacting its ability to maintain and support its products across many new and old clients. In the last 18-24 months, an increasing number of client executives have raised flags about outstanding and unresolved issues
Training has become a major area of concern, as more and more hospital systems are complaining of lost revenues due to their staffs’ below par or behind the curve Epic readiness. Epic’s inability to provide efficient training modules, and its tendency to keep things close to its chest, is driving wariness among new clients
Vendor-neutral storage: Given dependency concerns, customers are increasingly demanding vendors be aligned to some sort of vendor-neutral storage or archiving architecture. This is likely to lead to more thought leadership on vendor-neutral technologies, which will be directed at Epic’s predominant control regime.
There may be other commercial reasons for this massive DoD EHR deal not going Epic’s way. However, organizations already had a strong sense of circumspection while evaluating Epic’s EHR in terms of interoperability, next generation technology, digital enablement, and control. While before these reasons were less salient because of Epic’s trailblazing success, this lost deal will spur prospects to question them with a far more discerning eye.
Considering the nature of regulations and the sensitivity of personal information, one would assume that IT security is a top priority in the healthcare space. However, an estimated 29 million+ patient health records have been compromised, (classified as HIPAA data breaches,) since 2009. The number of health records breached in 2013 jumped a whopping 138% over 2012. Serious security flaws have even been detected in Obamacare’s much-touted flagship health insurance exchange website, HealthCare.gov, including severe lapses spanning JSON injection, unsanitized URL redirection, user profile disclosures, cookie theft, and unprotected APIs.
The pace at which IT is changing the healthcare landscape makes it a prime target for malicious activity. Industry headwinds such as big data, payer-provider convergence, BYOD, HIX, EHR/EMR, and the Internet of Things (IoT) are adding to the healthcare information security conundrum. Patient records have become increasingly common in the fraud marketplace. When combined with other data sources such as insurance and medical data, the problem assumes more alarming proportions.
And it’s not a case of absence of punitive measures. Under the new HIPAA Omnibus Rule (effective from September 2013), firms face fines of up to US$1.5 million in the event of a violation (“willful neglect that was not timely corrected”). Europe has enacted several data security measures. Even before the latest regulatory rulings, insurer WellPoint was fined US$1.7 million after its online application database exposed information concerning more than 600,000 patients.
Feeding the problem
Although CIOs often list security as a priority imperative, it just doesn’t translate into actual spending. This discrepancy can be attributed to a confluence of reasons. The problem originates in a lax culture regarding IT security. The majority of information security breaches are highly avoidable, and most lapses can be traced back to sloppy system administrator password practices, careless sharing of sensitive information, failure to change default login credentials, among others. Healthcare information security is still not a top execution priority for most personnel, and most security programs are hampered by lack of relevant expertise and attention. Regulatory inconsistencies compounds the issue, i.e., multiple agencies are involved (FTC, FDA, FCC, to name a few), and their often divergent mandates contribute to the travails of healthcare IT security stakeholders.
Healthcare IT security roadmap
Stakeholders – both buyers’ internal IT teams and third-party service partners –face an increasingly complex technology conundrum. Any mitigation strategy should incorporate leading practices utilized in similar initiatives:
Ultimately, any healthcare IT security policy has to encapsulate the individual needs and challenges of various stakeholders – patients, providers, payers, and third parties – to ensure equitable access and health information exchange for coordinated care. The unenviable task of securing healthcare information in the onslaught of exploding devices and touch points calls for a carefully thought-out and implemented approach. But first, healthcare IT security must make a monumental shift from being an afterthought to being a primary strategic imperative in any plan design.
Electronic Medical Records (EMR) has the ability to transform and enhance virtually all communications, transactions and analysis related to healthcare information. All 50 states are quickly adopting EMR, and the government has made adoption of EMR a cornerstone of the healthcare initiative. While EMR can have significant positive impact on physicians’ productivity, patients’ access to information, and insurance companies’ ability to reduce errors and claims administration costs, it must be implemented properly in order to achieve those benefits.
Much of the implementation solution answer lies in what delivery model is best for any given healthcare organization: a private cloud-based next generation IT approach or a client/server-based legacy approach.
Cutting through the hype, there are a number of advantages to adopting cloud-based EMR:
Indeed, a private cloud may be the right EMR solution in many cases. Consider Beth Israel Deaconess Medical Center. It has 1,500 member physician practices and facilities distributed throughout 173 locations in eastern Massachusetts. The Beth Israel Deaconess Physician Organization (BIDPO) provides medical management services. By becoming a member of the BIDPO, physician practices receive reduced contractual rates from health insurance companies. But for compliance, those practices must be able to measure the quality of patient care and transmit those metrics electronically to the insurance companies.
As putting servers in each facility, per a client/server model, was not going to be an effective or cost efficient approach to the electronic transmission requirements, the Center instead adopted a private cloud-based model with a centralized database and application services. BIDPO selected VMware as the virtualization platform, Third Brigade as the security solution provider, and Concordant for the day-to-day operational management of the environment and help desk for the physicians. The solution it adopted is modular, enabling it to grow as more facilities are migrated to the system.
On the other hand, there are numerous potential downsides to a cloud-based EMR solution:
Given these issues, a rural practice of five physicians who see 35 patients a day and want quick access to their medical records and prescription history, especially for those on multiple drugs that could cause adverse or allergic reactions, will fair far better with a client/server EMR model.
If you’re wondering which EMR delivery model is a better fit for your healthcare organization, the following table should help:
Private cloud-based EMR solutions do provide flexibility and scalability, and we will see more healthcare organizations following Beth Israel Deaconess Medical Center’s lead in the near future. But before you jump on the bandwagon, you must consider whether the cloud is suitable for your particular and unique situation.
mHealth (also written as m-health or mobile health) is a term used for the practice of medical and public health supported by mobile devices. It is fast becoming a top priority for large, complex healthcare organizations seeking to make electronic records, patient information, etc. accessible to a wide range of constituencies via the device or appliance of choice. And its importance is not to be underestimated, as it offers the mobility and flexibility necessary for the user to react instantaneously to the provider, thereby facilitating wellness and avoidance of critical outcomes that require intense and expensive treatments.
Many quality applications already exist that create opportunities for physicians and clinicians in their quest to provide efficient quality healthcare. These applications are available from any number of sources and on a variety of platforms, and are designed to keep people healthy, manage existing diseases, increase health literacy, manage medical information, and ensure medical compliance.
Yet despite the growing importance of mHealth, healthcare payer, provider and pharmaceutical service providers are finding themselves increasingly challenged to find mHealth platforms that can accommodate global 99.9999 percent availability of critical data, as well as provide different levels of information access to physicians, clinicians, pharmacists, patients, plan members and others.
Competitive Cooperation Is the Key
There are several types of mHealth providers. One is phone company carriers that offer voice, telephone and data-driven products based on a device with a set of applications (for example, Android, Blackberry, and iPhone.) Hardware provider organizations such as Dell, HP, and Apple also offer applications based on proprietary operating systems. And providers of integration services have created services based on these separate and distinct platforms (for example, Macintosh versus Microsoft.)
While these different types of mHealth providers have traditionally competed separately for new business opportunities, it is becoming abundantly clear that successful provision of mHealth services with its diversity of needs across traditional market boundaries will require a cooperative effort among these provider types. Healthcare organizations have each embraced the major carriers of choice, and have invested heavily in hardware devices and appliances including iPads, Blackberry, and Android. And most have a healthy mix of these given the individual needs of thousands of physicians and clinicians located across national organizations within diverse settings such as clinics, hospitals, billing offices, and home health.
Indeed, the provision of mHealth services is going to require unique relationships between provider organizations to address the entire spectrum from research and development, implementation, and ongoing support and maintenance to the ongoing provision of new technologies as the marketplace and regulatory compliance demands. There will not be a “one size fits all” solution, but a requirement for unique cooperation and partnerships among the client and multiple service and application providers.
Mastering the art of service provider cooperation to provide the continuum of care needs across an ever changing and somewhat controversial market space will be a formidable challenge, but is an absolute must in order for mHealth to deliver on its promise and need for availability of a robust set of tools anytime and anywhere.
Many of us remember funny stories about unknowing users trying to actually speak to ATMs in the early days (after all, the ATMs verbally asked the users for their PIN numbers). And most of us wonder – or should – why many of today’s drive-up ATMs have Braille lettering on them! But the fact is, today we can all very clearly explain what they are, and despite irritation at having to pay service charges, ATMs around the world provide us with cash resources and access to our financial data, and an increasing number even enable us to pay household bills or purchase train or movie tickets… the complete package.
Unfortunately, the same can’t be said for Electronic Medical Records (EMR.) Yes, current EMR implementations enable hospitals with storage access for admissions and creation of patients’ medical histories. But a complete, on-demand picture of an individual’s health records? Not yet. Capabilities within a single Integrated Delivery Network (IDN), much less on a global basis? Not yet. Unfortunately, the complicated nature of healthcare organizations – both providers and payers – and their focus on decisions by diverse committee creates politics that struggle to agree on the definition and rules necessary for complete integration of all information, by all appropriate users (i.e., physicians, clinicians, emergency room workers, pharmacists and patients) wherever they are, by whatever device they choose to use.
Many healthcare organizations have completed the first and most costly step, which is implementing the software able to support basic data entry and tracking to perform clinical workflow, and financial, billing, and decision-making functions. But to achieve complete integration – what constitutes the next generation of services – EMR solutions must include:
So what must companies aspiring to be high-value integrators do to become next generation EMR service providers? Understand the client’s needs. Provide services that can leverage leading edge solution sets from internal and external sources. Shape a solution that leverages horizontal services, Centers of Excellence (CoEs) and creatively team with leading edge organizations that provide domain-specific products as a part of the overall solution set. Doing so will allow world class healthcare organizations to depend upon world class Tier One integrators to supply all their technology needs. These are necessary requirements for a world-class provider of services to effectively compete now and into the next decade.