Health IT JumpStart The Best First Step Toward an IT Career in Health Information Technology Patrick Wilson Scott McEvoy Acquisitions Editor: Mariann Barsolo Development Editor: Mary Ellen Schutz Technical Editor: Patrick Conlan Production Editor: Liz Britten Copy Editor: Kim Wimpsett Editorial Manager: Pete Gaughan Production Manager: Tim Tate Vice President and Executive Group Publisher: Richard Swadley Vice President and Publisher: Neil Edde Book Designer: Judy Fung Compositor: Kate Kaminski, Happenstance Type-O-Rama Proofreader: Sheilah Lewidge; Word One, New York Indexer: Ted Laux Project Coordinator, Cover: Katherine Crocker Cover Designer: Ryan Sneed Cover Image: © Sarah Fix Photography Inc /Getty Images Copyright © 2012 by John Wiley & Sons, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN: 978-1-118-01676-3 ISBN: 978-1-118-20394-1 (ebk.) ISBN: 978-1-118-20396-5 (ebk.) ISBN: 978-1-118-20395-8 (ebk.) No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600 Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose No warranty may be created or extended by sales or promotional materials The advice and strategies contained herein may not be suitable for every situation This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services If professional assistance is required, the services of a competent professional person should be sought Neither the publisher nor the author shall be liable for damages arising herefrom The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S at (877) 762-2974, outside the U.S at (317) 572-3993 or fax (317) 572-4002 Wiley publishes in a variety of print and electronic formats and by print-on-demand Some material included with standard print versions of this book may not be included in e-books or in print-on-demand If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com For more information about Wiley products, visit www.wiley.com Library of Congress Control Number: 2011938576 TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc and/ or its affiliates, in the United States and other countries, and may not be used without written permission All other trademarks are the property of their respective owners Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book 10 Dear Reader, Thank you for choosing Health IT JumpStart This book is part of a family of premiumquality Sybex books, all of which are written by outstanding authors who combine practical experience with a gift for teaching Sybex was founded in 1976 More than 30 years later, we’re still committed to producing consistently exceptional books With each of our titles, we’re working hard to set a new standard for the industry From the paper we print on, to the authors we work with, our goal is to bring you the best books available I hope you see all that reflected in these pages I’d be very interested to hear your comments and get your feedback on how we’re doing Feel free to let me know what you think about this or any other Sybex book by sending me an email at nedde@wiley.com If you think you’ve found a technical error in this book, please visit http://sybex.custhelp.com Customer feedback is critical to our efforts at Sybex Best regards, Neil Edde Vice President and Publisher Sybex, an Imprint of Wiley To our families, without whose love and support this book would not have been possible —PW and SM To Gina, the best spouse for life’s adventures To Mom and Dad whose commitment to Christ, continuous learning, and lives of adventure were passed on to their kids and grandkids —PW Acknowledgments When writing a book, you always think about who you are going to personally thank Well, they haven’t given us enough pages to that for everyone, so we want to thank the following folks who have made a lasting impact on our lives Patrick Wilson would like to thank the following folks The Burckhardt’s, Brown’s, and Boucher’s: You invested time praying and playing with the Wilson kids no matter how unique we were Ernie Ruiz: With your guidance, we built so many projects together including a shuttle simulator for my eighth-grade science fair Mike Wood and Mrs Caetano: You made science a blast, literally Doug Canby: No matter what crazy camp I wanted to go to, you would help me work with Rotary to find funding Wayne and Sheila Wiebe: You let me participate as a member of your family and I am forever grateful Mark Hayward: As my history and English teacher, you taught me that life is precious and to pursue my dreams (I still owe you that Volvo) Tina Darmohray: You instilled in me the drive to finish school Your mentoring was instrumental in my career choices, and school has opened up many doors Jennifer and Chris Stone, my flight instructors: You gave me the freedom of flight JR Taylor, Denise Taylor, and Marty Martinez: you gave me the training necessary from day one to handle any parachute emergency Pastor Verne: You have always been around to answer any philosophical question—or just to beat me at tennis Dave Fry: Thank you for your ongoing mentoring in information security Karon Head: thanks for all the help in keeping work interesting and fun David Runt: Thanks for giving me the opportunity to grow at CCHS Blythe and Bob at CompTIA: your ongoing support serves the entire HIT VAR community Marc Miyashiro, Lance Mageno, and Earle Humphreys: Thank you for providing guidance on the many topics of healthcare IT Lastly, thanks to all who have allowed me to participate in their lives; each experience has helped shape who I am today The accomplishments listed in my bio would not have been possible without unwavering support from my family, faith, parents, mentors, and business partner Thanks to my wife, who endured long weekends, put up with calls from the editor hunting for me, and maintained the home front while I was working or writing To my kids, who can now finally have the full attention of their father as they grow into adulthood To my parents, who gave me space to be my own person You had your hands full I want to thank my pastors, who prayed and worked with me to maintain some semblance of balance in my life Thanks to my Bible Study members, who pitched in and opened their home or led the group as I traveled To my brother and sister, who supported me, even if their brother took a briefcase to school Thanks to God, who gave us all unique abilities to serve and meet the needs of others Scott McEvoy would like to thank his lovely wife, Sharon, and his wonderful daughter, Patty, for their patience during this project and for providing the support necessary to enable him to complete this endeavor He would also like to thank his colleagues, clients, current and previous co-workers, as well as friends for their contributions to this work And there are some folks we both would like to thank We can’t leave out some of the wonderful staff at medical practices who have chosen to work with us Patty and Michelle, not only are you awesome to work with, but you gave up precious time to give feedback on the book Dr Cook, Dr Jacobs, Dr Freinkel, Dr Tremain, Dr Pramanik, and Dr Bronge: Each of you provided valuable feedback on the book’s content The information you have shared will help so many other IT professionals and the practices they serve We would like to thank the good folks at Sybex and Wiley for giving us the opportunity to write this book Pete Gaughan and Mariann Barsolo were instrumental in helping us with the concept and worked very hard to bring the concept to fruition Without Mariann’s tireless effort, this book may not have gotten off the ground, much less made it to the printing presses We also want to give a special thank you to our developmental editor, Mary Ellen Schutz, for her patience and skillful handling of these first-time authors I can’t think of a better person to bird-dog me (PW) and keep me on task and point Without her tutelage, this book would not be what it is—and our formatting errors would have certainly put us in mortal danger (the term hit men was used frequently) with the rest of the production team That said, let us acknowledge and thank the rest of the production team, including our technical editor Patrick Conlan, production editor Liz Britten, copyeditor Kim Wimpsett, compositor Kate Kaminski, proofreader Sheilah Ledwidge, and indexer Ted Laux Their efforts truly made an improvement and provided polish to the finished product About the Authors Patrick Wilson has been intrigued by the amazing potential of technology, patient care, and customer service for more than a decade and has been passionate about computer applications for more than 32 years His dad, an educator and blogger (www.grandadscience.com), brought home the first personal computer in the county when Patrick was just four years old This early start fueled his lifelong passion for technology and also provided him with a keen understanding of both legacy systems and bleeding-edge technology A 17-year veteran of the computer industry, Patrick currently serves as the assistant director of IT, security, and infrastructure for Contra Costa County Health Services (CCHS) CCHS consists of a 160-bed hospital, three large clinics, 25+ smaller clinics, a health plan, public health, hazardous materials, and environmental health Previously, Patrick headed up the IT organizations for several Silicon Valley startups, including Global Network Manager, serving as the director of IT and CTO In 2006, Patrick cofounded Vital Signs Technology, Inc with Scott McEvoy, which serves the technology needs of small to midsized medical practices on the West Coast Patrick has a bachelor’s degree in business from Western Baptist College He is a CISSP, MCSE + Security, CompTIA Security+, certified in Homeland Security CHS-I, and a Microsoft Small Business Specialist He also has federal certifications from CERT and FEMA Patrick lives in Northern California with his wonderful (and patient) wife and two awesome kids His hobbies include spending quality time with his family, flying, and skydiving—of course, never both at the same time Scott McEvoy is a seasoned IT professional from the fast-paced startup world and has held a number of roles, including systems and network administrator, IT manager, and senior director of World Wide Information Systems As the director of IT at Vitria Technology (Red Herring: Number in their Digital Universe Top 50 Private Companies of 1999), he helped the company grow the employee base from 50 to more than 1,500 in a little over two years Tiring of Silicon Valley, Scott took his leadership skills and his passion for a good wine to Jackson Enterprises where he directed the IT Operations team of Kendall-Jackson for the corporate headquarters, affiliated wineries, and distributors In 2006, Scott cofounded Vital Signs Technology with Patrick Wilson and set out to develop technology solutions targeting healthcare and emerging technology companies He is among a limited number of healthcare professionals in the United States who has a CPHIMS certification He has installed EMRs from single-doctor practices to multi-site medical groups His early involvement with a public health record company has allowed them to grow with reduced security risks to the patient data in the organization’s custody Scott has a bachelor of business administration degree in MIS from Pace University, as well as a number of vendor certifications from nearly all major technology companies including Microsoft, Cisco, Juniper, and CPHIMS Scott lives in Northern California with his lovely wife and daughter In his spare time, he enjoys cooking and hiking with his family, SCUBA diving, practicing karate, and participating in his daughter’s school activities 400 Glossary privacy rulꕇ╇ The HIPAA privacy rule establishes national standards to protect individuals’ medical records and other personal health information The rule applies to health plans, healthcare clearinghouses, and those healthcare providers that conduct certain healthcare transactions electronically In 2008, the ONC released the Privacy and Security framework for electronic exchange of individually identifiable health information This document can be found at http://healthit.hhs.gov/portal/ server.pt/community/healthit_hhs_gov_privacy_ security_framework/1173 professional component╇╇ A billing modifier used by radiologists for the professional services component of a radiology study protected health information (PHI)╇╇ Individually identifiable health information that is transmitted by electronic media, maintained in electronic media, or transmitted or maintained in any other form or medium provider╇╇ A professional engaged in the delivery of health services, including physicians, dentists, nurses, podiatrists, optometrists, clinical psychologists, and the like Hospitals and long-term care facilities are also providers The Medicare program uses the term provider more narrowly to mean participating institutions: hospitals, skilled nursing facilities, home health agencies, and so on Q qualified electronic health record╇╇ An electronic record of health-related information on an individual that includes patient demographic and clinical health information, such as medical history and problem lists, and has the capacity to provide clinical decision support and physician order entry qualified electronic health record technology╇╇ The ONC has identified six companies to complete the assessment of an EHR’s functionality Once certified, customers of the certified EHR solution are allowed to seek reimbursement from the ARRA incentive money qualified security assessor (QSA)╇╇ Companies that have staff who have been certified by the PCI Security Standards Council, an open global forum that was launched in 2006 It is their business to act as vulnerability scanners and auditors for companies that handle credit card transactions At the time of printing, there were only 266 qualified security assessors for PCI compliance R radiology information system (RIS)╇╇ The system that handles the scheduling of patients, collects demographic information from patients, and in some cases calls patients to confirm the appointment This system interfaces with the clinical applications and hospital billing systems for proper billing and assignment of studies to the right modality regional extension center (REC)╇╇ An organization that has received funding under the HITECH Act to assist healthcare providers with the selection and implementation of EHR technology See also electronic health record (EHR) and Health Information Technology for Economic and Clinical Health Act (HITECH) registered nurse (RN)╇╇ A clinical staff member who has graduated from a nursing program at a university or college and has passed a national licensing exam and is allowed to treat the patient, collect vitals, and other associated tasks required implementation specification╇╇ A required implementation specification is similar to a standard, in that a covered entity must comply with it S Sarbanes–Oxley (SOX)╇╇ A federal law passed on July 30, 2002, after the Enron stock scandal that requires that companies larger than $75million Glossary 401 have their CFO and CEO certify the veracity of corporate financial statements transaction See also electronic data interchange (EDI) SAS70 Type II╇╇ An independent, third-party audit that verifies that a service organization’s policies and procedures were correctly designed at a point in time and were operating effectively enough throughout the period (typically six months to one year) in order to achieve the specified control objectives triage system╇╇ A nursing intervention defined as establishing priorities and initiating treatment for patients A triage system supports the intake of patients into the emergency department security rulꕇ╇ The HIPAA security rule establishes national standards to protect electronic personal health information that is created, received, used, or maintained by a covered entity The security rule requires appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information situation, background, assessment, recommenda­ tion (SBAR)╇╇ A technique that provides a framework for communication between members of the healthcare team SBAR is an easy-to-remember, concrete mechanism useful for framing any conversation, especially critical ones, requiring a clinician’s immediate attention and action SOAP notꕇ╇ A method used by many physicians to document their interactions with patients SOAP stands for Subjective, Objective, Analysis, and Plan Many EHR systems behave in the same manner in an effort to improve the EHR adoption rate T technical component╇╇ Billing modifier used by radiologists for charges related to the equipment used during the radiology study technical safeguards╇╇ Technology and the policy and procedures for its use that protect health information and control access to it transaction sets╇╇ Used in EDI A collection of data that contains all the information required by the receiving system to perform a normal business Two-Factor authentication╇╇ Utilizing two different factors such as: something you know (password, user ID, something you are (iris scan, fingerprint, hand print), or something you have (token, phone, smartcard), to identify that the entity, person, or process requesting access is who or what they say they are V Vital Signs Technology╇╇ A healthcare IT solutions provider in the greater San Francisco Bay Area W Wireshark╇╇ The prominent leader in the freeware space for network packet capture and analysis The application, which is written for multiple operating systems, can capture data of the network in real time or for later processing When properly analyzed, the data capture can point to the underlying problem workforce management╇╇ Having the right amount and kind of staff is important in high-cost labor industries such as healthcare A workforce management system helps scheduling the right staff for the right times, notifying management of deficiencies in the number of staff, highlighting staff vacation schedules, and reporting what the labor costs are for any given area X X12╇╇ The national standards group tasked with defining the transaction code sets for electronic data interchange X12 also refers to the specific national standard that defines transaction code sets for insurance for which healthcare is a component Index Note to the Reader: Throughout this index boldfaced page numbers indicate primary discussions of a topic Italicized page numbers indicate illustrations A access controls email, 294 HIPAA, 87, 93, 98, 102–103 patient records, 131 PCI-DSS, 172 remote, 259–261, 354 wireless, 251–252 access points networks, 312 small practice deployment, 335 ACCMA magazine, 45 account revocation for email, 297 accountability in HIPAA, 101 accounting applications, 289–290 accounting of disclosures, 133–134 accounts receivable (A/R) management, 219–220 Accredited Standards Committee (ASC) X12N, 107 Acronis True Image tool, 332–333 acronyms for business processes, 60–67 Active Directory/LDAP technology, 292 adaptability, authentication, 292 addressable safeguards, 17, 85 administrative activities in nursing workflow, 232 administrative applications, 285 accounting, 289–290 authentication, 292–293 email, 293–298 hosted vs local solutions, 298–299 payer portals, 301–302 payroll systems, 290 phone systems, 302–304 practice management system, 286–289 productivity, 300 review questions, 305–306 servers, 299–300 single sign-on, 291 terms, 304 time and attendance systems, 291 workflow, 292 workforce management, 290–291 administrative safeguards, 17, 87–95 admission, discharge, and transfer (ADT) system, 268 Adopt, Implement, or Upgrade (A/I/U), 60 ADPIE process, 228–230 advanced directive status, 150–151 affiliated medical practices, 325 AirPcap devices, 252, 331 “Aligning Properly Places Incentives to Improve Health and Healthcare Services”, 48 Allscripts MyWay EHR vendor, 361 American Academy of Family Physicians (AAFP), 352 American Association of Healthcare Administrative Management (AAHAM) group, 109 American Dental Association (ADA), 213 American Health Information Management Association, 133 American Medical Association (AMA), 58 American Medical Informatics Association (AMIA), American National Standards Institute (ANSI), 107 American Nurses Association (ANA), 58 American Psychiatric Association, 213 American Recovery and Reinvestment Act (ARRA), 8, 125–127, 141 background, 142–143 core objective sets eligible professionals, 153–154 hospitals, 148–150 CQM eligible providers, 156 hospitals, 152 EHR adoption, 143–144 eligible professionals, 144–146 hospitals, 146–147 Medicaid EHR incentive, 147–148 menu sets eligible professionals, 154–155 hospitals, 150–152 review questions, 165–166 Stage and Stage objectives, 156–163 terms, 164 analyst conflicts of interest, 189 anesthesia, answers, finding, 327 Antonine plague, appeals process, 222 application service providers (ASPs), 298–299 applications administrative See administrative applications clinical See clinical applications HIPAA safeguards, 94 warranties, 373 appointments patient, 203 reminders, 303 approved scanning vendors (ASVs), 169 ARPANet, 106 Arthur Andersen firm, 186 assessment nursing workflow, 228–229 in SOAP method, 118, 201 associations information from, 33 local, 44–45 Atlas of Protein Sequence and Structure, auditing appeals process, 222 compliance, 323 email, 294 HIPAA, 103, 287 authentication compliance, 323 email, 294 HIPAA, 87, 103–104 technologies, 292–293 authorization, 92–93 automatic logoff, 103 404 back office workflow – CMS certification numbers B back office workflow, 209 charge creation, 215–219, 216–217 claims processing cost, 214, 215 collections process, 219–222 contracts, 211 HIPAA and EDI, 213–214 medical coding and billing, 211–213 revenue management cycle, 210 review questions, 225–226 terms, 224 third-party billing, 222–224 backups HIPAA, 85, 101 servers, 318 tools, 332–333 balancing work and life, 329–330 bandwidth networks, 311–312 PACS, 270–271 Barrier Profile tool, 25, 330 Barrymore, Drew, 84 Baylor Health, bee-sting kits, 273 Beller, Steve, 48 Bible passages, billing, 209, 222–224 biometric devices authentication, 292–293 compliance, 323 limitations, 105 BlackBerry Enterprise Server (BES),€241 blogs, 47–49 blogs.msdn.com/b/healthblog, 48 Blue Cross, 7–8 Blue Shield, breaches California State Law SB 1386, 185–186 defined, 131 vs disclosures, 134 HITECH, 126–132 Massachusetts 201 CMR 17.0 law,€179 Bureau of Labor and Census Bureau, 63 burning bridges, 329 burning out, 329–330 business associates defined, 15 EHR vendors, 372–373 HIPAA, 72, 80 HITECH, 127–129 business-grade product support, 255 business needs in clinician workflow, 253–254 business process acronyms, 60–67 C cabling networks, 312 CACE Pilot software, 331 Caesar ciphers, 105 California State Law SB 1386, 167, 184–186 California State Law SB 1389, 27 call forwarding, 303 call management activities, 202 Cammann, George, Candid CIO blog, 48 cardiology systems, 278 Cascade Pilot device, 252 cash flow, 209 Center for Disease Control and Prevention (CDC), 58 Centers for Medicare and Medicaid Services (CMS), 16, 59, 142, 147–148 Certificate of Group Health Plan Coverage, 74 Certification Commission for Health Information Technology (CCHIT), 22 certification programs, 42–44 certifications for hosted applications,€299 certified EHR technology testing, 150,€154 certified electronic health record technology, 142 Certified Professional in Healthcare Information and Management Systems (CPHIMS) exam, 39 charge creation, 215–218, 216–217 check-in process, 198–200 Checklist Manifesto, 353 checkout process, 202 Chinese menu option, 144 ChiroPad EMR vendor, 362 chloroform, CIGNA Healthcare, Cisco Connected Health, 41–42 Citrix XenApp, 325 claims processing cost, 214, 215 rejections, 221–222 clearinghouses, 15, 79–80, 217–218 client-server models, 365 clinical activities in nursing workflow, 232–233 clinical applications, 265 cardiology systems, 278 CDSSs, 278–279 disease registries, 276–277 emergency department systems, 277 encounter forms, 271–272 laboratory systems, 275–276 maternal and infant care systems, 266–267 PACS, 268–271 patient eligibility, 273 pharmacy systems, 279–280 platforms, 10–13 prescription labels, 272 radiology information systems, 267–268 review questions, 282–283 terms, 281 third-party databases, 273–275 clinical decision support (CDS), 142, 353 clinical decision support rules, 150, 153–154 Clinical Decision Support Systems (CDSSs), 60–61, 278–279 clinical documentation, 242–243 Clinical Documentation Architecture (CDA), 60 clinical lab results, 151, 155 clinical quality measures (CQMs), 144, 148, 152, 156 clinical summaries, 155 clinician workflow, 247 challenges, 248, 248 communication, 249–250 continuing education, 261 needs, 252–255 overview, 250 point of care devices, 255–257 preparation, 249 RECs, 261–262 remote access, 259–261 review questions, 263–264 staffing expenses, 248–249 technology, 251, 257–259 terms, 262 wireless access issues, 251–252 clinicians, working with, 326–327 CMS 5010 codes, 214 CMS certification numbers (CCNs), 58, 147 Code on Dental Procedures and Nomenclature (CDT) codes – demographics Code on Dental Procedures and Nomenclature (CDT) codes, 115, 213 codes and code sets, 112 CDT-2, 115 color, 56–57 CPT, 116–118 DICOM, 119–120 disease, 30–32 EDI, 107–108 HCPCS, 115–116 HL-7, 120–121 ICD-9 CM, 112–115 medical, 212–213 NDC, 118–119 coding specialists, 211 collections process, 219–222 color codes, 56–57 Committee of Sponsoring Organizations (COSO), 189–190 Common Procedural Terminology (CPT) codes, 14, 116–118 Common Security Framework (CSF), 40, 331 communicable diseases, communication badges, 240 communication in clinician workflow, 249–250 community associations, 44–45 Community Emergency Response Team (CERT), 277 Community for Connected Health Summit, 42 compliance authentication, 292 EHR, 144 HIPAA, 294–296 regulatory, 322–324 CompTIA Physician Assessment tool, 330 compute power in workstations, 320–321 Computer-Aided Detection/Diagnosis (CAD), 67–68 “Computer System Security Requirements” title, 182–184 Computer Technology and Information Association (CompTIA), 33, 42–44 Computerized Patient Record System (CPRS), Computerized Physician Order Entry (CPOE), 22, 61, 142, 280 computers guidelines, 334–335 history, 9–13 computers on wheels (COWs), 12, 239, 277 computing models, 365–367 concepts, healthcare, 15–16 confidentiality, 87 conflicts of interest, 189 Connected Health, 41–42 “Connecting Care, Sharing Information Between Healthcare Providers, Patients and Families”, 48 Consolidated Omnibus Budget Reduction Act (COBRA), 17, 74 “Constructing the Ultimate EHR” (Beller), 48 consumer workstation devices, 320 contingency operations in HIPAA, 95–97 continuation coverage, 74 continuing education, 261 Continuity of Care Document (CCD) specification, 134 Continuity of Care Records (CCR), 61 contract language for EHR vendors, 372–374 Contractors General Hospital, contracts, 211 conventional workstation systems, 319–320 conventions, 38 core objective sets in ARRA, 148–150, 153–154 Corepoint Health, 49 Corporate and Auditing Accountability and Responsibility Act, 186 cost per encounter pricing model, 356 costs HIPAA security, 85 processing, 214, 215 covered entities, 15, 72, 79–80, 80 CPSI Systems Computer Programs and Systems vendor, 362 criminal fraud accountability in SOX, 189 criminal penalties HIPAA, 84 SOX, 189 Critical Access Hospital (CAH), 58 Crouse, Bill, 48, 204 Crystal Reports application, 279 CT scanners, 13, 28–29 405 cultural differences in nursing, 231–232 Curing Healthcare Blog, 48 current condition in ARRA objective sets, 149, 153 Current Procedural Terminology (CPT) code sets, 116–118, 212 custom programming in EHR vendor partnering, 374 customization clinician workflow, 253 EHR, 325 email encryption rules, 297 D data backup and storage in HIPAA, 85, 101 data elements in X12N, 111, 111 data encryption See encryption data exchange EHR vendors, 353, 359, 373 PMS, 288–289 standards, 29–32 data portability in EHR vendor partnering, 374 data recovery plans, 91 data storage system, 11–12 data type conversions, 289 data volumes in servers, 315 data warehouses, 276 databases drugs, 273–274 history, 9–10 Medicare reimbursement, 147 toxicology, 274–275 Davis, Gray, 184 Davis’s Drug Guide, 243 Davis’s Laboratory and Diagnostic Tests, 243 Days in Account Receivable (DAR), 62 DDT, de-identified data, 15, 81, 134 De Motu Cordis (Harvey), decision making and reasoning in nursing workflow, 233 delays, patient, 204 Dell Latitude laptops, 334 Delmarva Foundation, 25 demo support in EHR vendor partnering, 370 demographics ARRA objective sets, 148–149, 153 check-in, 199 406 dentists – ERD Commander tool dentists, 5, 273 Department of Medical Informatics, deployment issues with EHR vendors, 360, 370–371 deployment tasks hospitals and large practices, 338–341 midsize practices, 336–338 small practices, 335–336 DHCP, 313 diagnosis EHR benefits, 350–351 nursing workflow, 229 diagnostic and procedural codes, 14, 31 Diagnostic and Statistical Manual of Mental Disorders (DSMIV-TR) codes, 213 diagnostic equipment, 28–29 Diagnostic Imaging and Communications in Medicine (DICOM), 13 data exchange, 30 HIPAA, 106 overview, 119–120 PACS, 268–269 radiology information systems, 267 Diagnostic-Related Group (DRG) codes, 62, 212 DiCaprio, Leonardo, 84 dictation, EHR-integrated, 253 Direct Project, 137 Discharged Not Final Billed (DNFB),€62 disclosure defined, 15 HIPAA, 87 HITECH, 133–134 disease codes, 30–32 disease registries, 276–277 Diseases and Disorders, 243 disk images, 316–317 dispute resolution, 221–222 documentation appeals process, 222 electronic, 242–243 Doing Common Things Uncommonly Well blog, 48 Dojser, King, Dorenfest Institute for Health Information (DIHI), 39 Drager’s Isolette neonatal units, 266 drug-to-drug and drug allergy interaction, 149 drugs databases, 273–274 formularies, 150, 154 Drummond Group Inc (DGI), 22 durability issues for point of care devices, 256–257 “Duty to Protect and Standards for Protecting Personal Information” title, 180–182 E eClinicalWorks vendor, 362, 368 education See training and education Egyptian medicine, ehrmentor.blogspot.com, 49 802.1X standard, 313 electrical needs of servers, 315 electronic clinical documentation, 242–243 electronic data formats in HIPAA, 287 electronic data interchange (EDI) code sets, 107–108 cost savings, 32 defined, 15 overview, 105–107 X12 data format, 213–214 electronic data repositories, 15 electronic discharge instructions, 150,€154 electronic health record (EHR) systems, 8, 10 adoption rates, 347–348 ARRA, 142–144 benefits, 349–355 decision tools, 330–331 deploying, 324–326, 348–349 EHR-integrated dictation, 253 high-level overview, 346–347, 347 HITECH, 126 incentive program, 143 Medicaid incentives, 147–148 office visits, 27 and PMS, 288 and RECs, 46–47 vendors, 345 computer models, 365–368 narrowing selections, 357–361 partnering with, 368–372 pricing models, 355–357 review questions, 375–376 standard terms and contract language, 372–374 summary of applications, 361–364 terms, 374 electronic master patient index (eMPI) database, 15 electronic media in HIPAA, 87 electronic medical record (EMR) systems, 8, 10, 211–212 electronic medication administration (eMAR), 242 electronic medication order fulfillment, 241–242 electronic personal health information (ePHI), 142 authentication, 104 security and privacy, 127–128 electronic remittance advice (ERA), 218–219 eligibility, patient, 273 eligible hospitals in ARRA, 146–147 Eligible Professional Clinical Quality Measure, 156 eligible professionals in ARRA core objective sets, 153–154 funding, 144–146 menu sets, 154–155 eligible providers (EPs), 141 elopement, 56 email, 293 encryption, 295–297 HIPAA compliance, 294–296 retention considerations, 297–298 emergency access procedures in HIPAA, 102 emergency department systems, 277 emergency mode operation plans in HIPAA, 92 Emergency Recover Pro tool, 333 emergency repair disk tools, 332 empirically supported treatment (EST), 234 employee behavior, 131 encounter forms, 271–272 encounters, 15 encryption data, 322 email, 295–297 HIPAA, 87, 103 history, 105 Massachusetts 201 CMR 17.0 law,€180 wireless networks, 312–313 Enron fraud, 186 entity authentication email, 294 HIPAA, 103 environment controls for servers, 314 EpicCare EMR vendor, 364 ePrescribing (eRx), 62, 143 ERD Commander tool, 332 evaluation phase in nursing workflow – Health Insurance Portability and Accountability Act (HIPAA) evaluation phase in nursing workflow, 230 evidence-based medicine (EBM), 234 evidence-based practice (EBP), 234–235, 234 exam rooms, computers in, 256 examination process, 200–201 Exodus vendor, 366 explanation of benefits (EOB), 218–219 F facilities in HIPAA security, 87, 95–98 Fair Labor Standards Act, 291 Falcon EHR vendor, 363 False Claims Act, 297 Family Medical Leave Act, 291 faxing, 303 Federal Fiscal Year (FFY), 59 federal information processing standard (FIPS), 20 Federal Register, 21 Federal Trade Commission (FTC) PHR breaches, 138 red flag rules, 167, 199 federally qualified health centers (FQHCs), 146 Fee for Service (FFS), 62 fee schedules, 211 Fibre Channel, 12 field product support, 255 film, printing, 269 Final Rule for Meaningful Use Stage 1, 144 financial counseling, 303 financial disclosures in SOX, 188 fines HIPAA, 83–84 Massachusetts 201 CMR 17.0 law,€183 fingerprints, 292 First Data Band (FDB) database, 274 five rights of patients, 79 fixed-fee pricing models, 223 flat file data exchange, 30 fluoroscopy, 29 follow-up activities, 202 follow-up logs, 222 Food and Drug Administration (FDA),€59 forms, encounter, 271–272 formulary coverage, 16 Foundstone tool, 184 Fox Rothschild, LLP law firm, 47 fraud Enron, 186 patient, 78 fraud accountability in SOX, 189 Free Dictionary, 210 freeware pricing model, 357 friendly vendors in EHR vendor partnering, 369 front office workflow, 195 check-in process, 198–200 checkout process, 202 examination process, 200–201 follow-up activities, 202 guidelines, 205–206 intake, 200 miscellaneous activities, 202–203 patient impact, 203–204 resource tracking, 197 review questions, 207–208 sales cycle, 202 scheduling, 196–197 steps, 197–198, 198 terms, 206 full disk encryption, 82 G Galen, 3–4 Garfield, Sidney, GE Care Plus Giraffe OmniBed incubator systems, 266–267 GE Centricity RIS product, 268 GE Centricity vendor, 361 geekdoctor.blogspot.com site, 47–48 Geneva Code of Ethics, Giraffe OmniBed workstations, 266–267 government entities, 58–60 government regulations, 16–17 HIPAA See Health Insurance Portability and Accountability Act (HIPAA) HITECH See Health Information Technology for Economic and Clinical Health (HITECH) Greek in medical terminology, 54–56 Greenes, Robert, Greenway PrimeSUITE vendor, 363 Group Health Association (GHA), Group Health Cooperative, guest operating systems for servers, 316 407 H Halamka, John D., 47 handsets, VoIP, 240 handwriting recognition, 358–359 hardware PACS, 270 as practice sizing factor, 309–310 troubleshooting, 331–332 workstations, 321 Harvey, William, Health and Human Services (HHS), 127, 142 Health Information Exchange (HIE), 46, 62, 137, 235 Health Information Management System Society (HIMSS), 14 HIT dashboard, 236 membership benefits, 39 website, 330 health information network (HIN), 45, 62 Health Information Technology for Economic and Clinical Health (HITECH), 17, 125 background, 126–127 breach notifications, 129–132 business associates, 127–129 disclosures, 133–134 minimum necessary concept, 134 NHIN system, 136–137 overview, 20–25 penalties, 132–133 PHI marketing and sale, 135 PHRs, 138 review questions, 139–140 scenarios, 135–136 terms, 138 Health Information Technology Policy Committee (HITPC), 59 Health Information Technology Research Center (HITRC), 261 Health Information Trust Alliance (HITRUST) CSF, 331 HIPAA security, 85 membership benefits, 39–40 Health Insurance Plan (HIP) of Greater New York, Health Insurance Portability and Accountability Act (HIPAA), 71 code sets See codes and code sets compliance email, 294–296 PMS, 286–288 408 covered entities – IT Governance Institute covered entities, 79–80, 80 EDI, 105–108, 213–214 elements, 73–74 HITECH & HIT Blog, 47 NPI and HNPI, 108–109 overview, 17–20, 17, 72–73 privacy rule, 81–84 review questions, 122–123 security, 85 implementation, 85–88 safeguards See safeguards, HIPAA terms, 121 Title II, 75–79 transaction sets, 109–111, 110–111 Health IT Buzz blog, 33 Health Level (HL7), 62, 120–121 data exchange, 30 HIPAA, 106 radiology information systems, 267–268 health plans in HIPAA, 79 Health Professional Shortage Areas (HPSAs), 59 HealthBlog, 48, 204 Healthcare Common Procedural Coding System (HCPCS) codes, 115–116, 212 Healthcare Information and Management Systems Society (HIMSS), 14 HIT dashboard, 236 information from, 33 website, 330 Healthcare IT: An Overview of Ambulatory Workflow, 43 Healthcare IT: Insights and Opportunities, 43 healthcare primer, computer use, 9–13 government regulations, 16–25 knowledge updates, 32–33 lingo, 14–16 managed healthcare, 6–9 pre-twentieth century healthcare, 2–5 religion, 5–6 review questions, 35–36 terms, 34 workflows, 26–32 healthcare providers in HIPAA, 79 healthcare terminology, 57 business process acronyms, 60–67 government, private, and nonprofit entities, 58–60 heat maps, 240, 312 Hesy-Ra, Hewlett-Packard, 84 hierarchical level (HL) in X12N, 111,€111 high severity condition CPT codes, 117 HIPAA Security Rule Toolkit, 128 hipaahealthlaw.foxrothschild.com site, 47 Hippocrates, 2–3 Hippocratic oath, 2, hiring practices, 329 historical data in check-in, 199 history computer use, 9–13 managed healthcare, 6–9 pre-twentieth century healthcare, 2–5 religion, 5–6 HL7 Standards Blog, 49 Hospital Association of Southern California (HASC), 56 Hospital Incident Command System,€56 hospitals clinical quality measures, 152 core objective sets, 148–150 deployment tasks, 338–341 founding, funding and eligibility, 146–147 menu sets, 150–152 PCI regulations, 176–178 hosted administrative applications, 298–299 hot standby on RAID controllers, 315 hubs, 310–311 humors, Hunton & Williams LLP law firm, 47 hybrid computer models, 367 hybrid funding pricing model, 356–357 hypervisors, server, 316 I identification issues, 292 imaging clinician workflow, 253 devices, 13 DICOM See Diagnostic Imaging and Communications in Medicine (DICOM) outsourcing, 128 immunization data submission testing, 152 immunization registries, 137, 155 Impax RIS, 268 implementation phase in nursing workflow, 229 implementation specification for contingency operations, 95–96 incentives in EHR, 147–148, 325–326 incident response and reporting, 91 incubator systems, 266–267 Independent Physician Associations (IPAs), 325 individually identifiable health information, 88 infant care systems, 266–267 information request response time in ARRA core objective sets, 150,€154 information security in PCI-DSS, 173 information systems in HIPAA security, 87, 90 informed consent, 16 Insight Software Solutions products,€358 insurance companies, 209 insurance coverage, 329 insurance information in office visits,€27 insurance pricing model, 357 intake, 200 Integrated Delivery Network (IDN),€63 Integrated Delivery System (IDS), 68 integrity email, 294 HIPAA, 87, 104 Intensive Care Unit (ICU), 63 Internap vendor, 366 International Classification of Diseases (ICD), 14, 30–32, 112–115, 212, 287 International Classification of Functioning, Disabilities, and Health (ICF) codes, 213 Internet Explorer (IE), 270 Internet Protocol Flow Information eXport (IPFIX), 311 Internet Protocol-Private Branch Exchange (IP-PBX), 302–303 interrupting, 327 InterSystems Caché, inventory, hardware, 309–310 IT Governance Institute (ITGI), 190 J Java, 270 JD Edwards application, 289 Joint Commission on Accreditation of Healthcare Organizations (JCAHO) color codes, 56 healthcare terminology, 59 K Kaiser, Henry J., Kaiser Family Foundation spending study, 126 Kaiser Permanente, 6–7 keeping current, 328 key management, 322 KeyChart vendor, 363 keyfobs, 323 kiosks, 199 KLAS reports, 360 KnollOnTrack tools, 333 Koch, Robert, L lab data in clinician workflow, 253 labels, prescription, 272 laboratory systems in clinical applications, 275–276 Laennec, René Theophile Hyacinthe, language, 53 color codes, 56–57 diagnostic and procedural codes, 14 healthcare terminology, 57 business process acronyms, 60–67 government, private, and nonprofit entities, 58–60 medical terminology, 54–56, 54 review questions, 69–70 terms, 68 LANSurveyor tool, 332 laptops in toolkit, 334 usability issues, 256 large practices deployment tasks, 338–341 PCI regulations, 176–178 Latin in medical terminology, 14, 53–56 lease times in DHCP, 313 Ledley, Robert, Java – midsize practices legible records, 349–350 licenses EHR vendor partnering, 373 Massachusetts 201 CMR 17.0 law, 180 Life as a Healthcare CIO blog, 33, 47–48 lingo See language listening skills, 250, 326–327 local administrative applications, 298–299 local area networks (LANs), 12 local community associations, 44–45 local extension centers (LECs), 262 logistics in front office workflow, 203 Long-Term Care (LTC), 63 low-dosage radiation, 29 low severity condition CPT codes, 117 lump sum pricing model, 355–356 lunch-and-learn sessions, 261 M MacBook computers, 334 magazines, 45, 328 magnetic fields, 29 maintenance records in HIPAA, 98 malicious software, 87 managed healthcare, 6–9 Marble, Curtis, marketing, PHI, 135 Massachusetts 201 CMR 17.0 law, 167, 179 Section 17.02, 179–180 Section 17.03, 180–182 Section 17.04, 182–184 Massachusetts General Hospital Utility Multi-Programming System (MUMPS), Master Person Index (MPI), 63 maternal care systems, 266–267 meaningful use ARRA, 142 defined, 16 intake data, 200 overview, 21–25 measurement in front office workflow,€medGadget Blog, 49 media disposal and reuse, 100–101 Medicaid (Title 19) ARRA, 147–148 defined, 16 patient volume, 148 reimbursement, 144–146 409 Medical Assistant (MA), 63 medical associations, 44–45 medical billing process, 214, 215 medical coders, 211 medical codes, 212–213 medical coding and billing, 211–213 Medical Group Management Association (MGMA), 33, 38 medical insurance, medical terminology, 54–56, 54 Medicare (Title 18) defined, 16 formulary lookups, 273 reimbursement, 144–147 Medicare Care Management Performance Demonstration (MCMP), 59–60, 143 Medicare Catastrophic Act, 113 Medicare Electronic Health Record Demonstration, 143 Medicare Improvements for Patients and Providers Act (MIPPA), 143 Medicare Physician Quality Reporting Initiative (PQRI), 60, 143 Medicare Prescription Drug, Improvement, and Modernization Act (MMA), 59–60 medications ARRA core objective sets, 149, 153 electronic order fulfillment, 241–242 reconciliation, 155 medicine scanners, 13 Medispan database, 274 menu sets in ARRA eligible professionals, 154–155 hospitals, 148, 150–152 messaging in HIPAA, 287 Metropolitan Statistical Areas (MSAs), 63 microphones, 240 microscopes, Microsoft Desktop Optimization Pack (MDOP), 332 Microsoft Dynamics GP application, 289 Microsoft Health Users Group (MS-HUG) information from, 33 membership benefits, 40–41 Microsoft Sysinternals tools, 332 midsize practices deployment tasks, 336–338 PCI regulations, 175–176 410 minimum necessary concept in HITECH – patients minimum necessary concept in HITECH, 134 mobile platforms in EHR vendor selection, 358 modality in radiology information systems, 267 moderate severity condition CPT codes, 117 monitoring email encryption, 297 employee behavior, 131 equipment, 28–29 networks, 173, 313–314, 333–334 MRI scanners, 13 multipayer portals, 301–302 multiple customers, handling, 328–329 multiple user access in EHR, 350 My Rooms application, 241 N Nagios monitoring tool, 333 Napoleon, nation provider identifier (NPI), 32 National Biomedical Research Foundation (NBRF), National Council of Prescription Drugs Program (NCPDP), 286 National Drug Codes (NDC), 118–119, 213 National Health Data Systems, Inc., €48 National Health Information Network (NHIN) defined, 137 healthcare terminology, 60 HITECH, 136–137 national health plan identifier (HNPI), 108–109 National Incident Management System (NIMS), 56 National Institute of Standards and Technology (NIST) HIPAA Security Rule Toolkit, 128 PACS standards, 270 safe harbor, 20 national provider identifier (NPI), 108–109 national standards in HIPAA, 78 NCD format, 119 Neonatal Intensive Care Unit (NICU),€63 neonatal units, 266 NetFlow protocol, 311 NetWitness Corporation, 331 NetWitness Investigator Freeware,€331 network interface cards (NICs), 311 networks, 310 access points and cabling, 312 analysis tools, 331 bandwidth capacity, 311–312 hubs and switches, 310–311 infrastructure, 203 monitoring, 173, 313–314, 333–334 security, 312–313 servers, 314–319 New England Journal of Medicine study, 143 next business day (NDB) product support, 255 NextGen EHR vendor, 364, 368 NextPen vendor, 364 NightHawk Radiology Services, 128 nitrous oxide, noise issues, 257 nonprofit entities terminology, 58–60 Notice of Proposed Rulemaking (NPR), 60 nuclear medicine scanners, 13 nursing and nursing workflow, 227 cultural differences, 231–232 evidence-based practice, 234–235, 234 HIE, 235 operational, 230, 230 process, 228–230, 228 review questions, 244–245 technology implementation, 236–238 technology innovations, 239–243 terms, 243 Nursing Central suite, 243 O Obamacare, objective observations examinations, 200 SOAP method, 118, 200 office efficiencies from EHR, 351 Office for Civil Rights (OCR), 82 Office of the National Coordinator (ONC), 22, 142 office visits, 26–28 on-call forwarding, 303 ONC-Authorized Testing and Certification Bodies (ONCATCB), 142 online reviews in EHR vendor selection, 360 online training, 42 Open Web Application Security Project (OWASP), 322 OpenDNS service, 300–301, 313 operating rooms (ORs), 346 operating systems history, 9–10 multiple, 11 servers, 316 operational workflow back office See back office workflow clinician See clinician workflow front office See front office workflow nursing See nursing and nursing workflow order sets, 353 Orion Network Performance Monitor,€332 Orlando, Ida Jean, 228 outpatient pharmacy information systems, 280 outsourcing EHR, 325, 352 imaging, 128 for support, 328 Oxley, Michael G., 186 P PacketTrap tool, 333 pagers, 239 Pano System, 201 Pappalardo, Neil, partnering with EHF vendors, 368–372 passwords compliance, 323 HIPAA security, 87 Pasteur, Louis, patches, EHR, 325, 371 patient lists by condition, 154 Patient Protection and Affordable Care Act, patients access to records, 155, 353–354 defined, 210 educating, 205 eligibility, 273 five rights, 79 fraud by, 78 front office workflow, 203–204 questions from, 203 reminders for, 155 scheduling, 26, 196–197 screen pops technology, 303 staff access to records, 131 Pay for Performance (P4P), 16, 64, 352 payer portals, 301–302 payer systems, payers charge process, 218 defined, 210 payment application standards, 169 Payment Card Industry Data Security Standard (PCI-DSS), 167–178 payment card information (PCI), 167 California State Law SB 1386 law, 184–186 check-in, 199 Massachusetts 201 CMR 17.0 law, 179–184 PCI-DSS, 167–178 review questions, 193–194 Sarbanes-Oxley Act, 186–190 terms, 192 payments collections process, 220–221 EHR vendor partnering terms, 372 payroll systems, 290 PCI Security Standards Council, 169–170 Peachtree application, 289 pediatric carts, 266 penalties HIPAA, 83–84 HITECH, 132–133 Massachusetts 201 CMR 17.0 law,€183 SOX, 189–190 performance P4P, 16, 64, 352 PMS, 286 person authentication email, 294 HIPAA, 103 Personal Health Records (PHRs), 64, 138 personal information in Massachusetts 201 CMR 17.0 law, 180 pharmacy systems clinical applications, 279–280 Pay for Performance (P4P) – radiology and PACS NDC codes, 118–119 Rx IS, 280 phone systems, 302–304 physical safeguards in HIPAA, 18, 87, 95–103 physical space reductions from EHR,€352 Physician Assistant (PA), 64 Physician Quality Reporting Initiative (PQRI), 60, 143 physicians ARRA funding, 146 EHR vendors, 360 working with, 326–327 Picture Archiving and Communication System (PACS), 13, 64 overview, 268–271 radiology information systems, 267–268 planning phase in nursing workflow, 229 plans in SOAP method, 118, 201 point of care (POC) devices, 255–257 portable computers, 319–320 portal tools and support, 371 post-clinical activities in nursing workflow, 233, 233 Practice Fusion system, 357, 364 practice management (PM), 197 practice management system (PMS), 286–289 practices, sizing, 308–310 pre-twentieth century healthcare, 2–5 prefixes in medical terminology, 54–55, 54 preparation in clinician workflow, 249 prescriptions formulary eligibility factors, 273 labels, 272 legible, 349–350 refills, 303 presenting problems, 116 pretexting, 84 pricing models EHR vendors, 355–357 fixed-fee, 223 Primary Care Physician (PCP), 68 printer issues, 271–272 printing film, 269 privacy ePHI, 127–128 HIPAA, 72, 81–84, 294, 2967 HITECH, 126 Privacy and Data Security Law Deskbook (Sotto), 47 411 Privacy and Information Security Law Blog, 33, 47 privacy notices, 16, 83 privacy officers, 83 privacy practices notice, 83 Privacy Rule, 81–84, 294, 296 private entities, 58–60 probability in HIPAA security, 86 ProCare services, 256 process review in front office workflow, 205 productivity applications, 300 professional components in ARRA funding, 145 professional needs in clinician workflow, 253 Proofpoint company, 295–296 protected health information (PHI), 81, 199 breaches, 131 defined, 20 HIPAA security, 82, 88 HITECH marketing and sale, 135 providers defined, 210 EHR vendor partnering, 372 proximity cards, 293 compliance, 323 limitations, 105 public company accounting oversight in SOX, 187 Public Company Accounting Reform and Investor Protection Act, 186 public health agency reporting, 152 public policy in CompTIA, 44 Q qualified electronic health record (qEHR), 25, 142 qualified security assessors (QSAs),€169 questions in front office workflow,€203 Quick Start Guide: Steps to Healthcare IT, 43 QuickBooks application, 289 R Radiant RIS product, 267 radiation, 28–29 radiology and PACS, 268–271 412 radiology information systems – speed of authentication radiology information systems (RISs), 267–268 RAID controllers, 315 real-time tracking in EHR, 354 reasonable and appropriate security, 85, 296 record retrieval in EHR, 350 referral documentation in EHR, 355 refills, prescription, 303 refused medication, 280 regional extension centers (RECs) clinicians, 261–262 EHR, 347 overview, 45–47 Regional Health Information Organizations (RHIO), 64 Registered Nurse (RN), 64–65 registries disease, 276–277 immunization, 137, 155 regulatory compliance, 322–324 reimbursable costs in EHR vendor partnering, 372 rejections, claims, 221–222 release forms, 269 religion, 5–6 remaining benefit amount checks, 273 reminders, patient, 155, 303 remote access, 259–261, 354 remote monitoring of servers, 317–318 reports accounting, 290 email encryption, 297 incidents, 91 KLAS, 360 SOX, 189 Request for Information (RFI), 68 required and addressable devices in HIPAA, 100 required implementation standard in HIPAA, 85 Research in Motion (RIM), 241 resource tracking, 197 rest, importance of, 330 restrooms for servers, 100 retention of email, 297–298 Retina eEye tool, 184 revenue management cycle, 210 risk analysis and management ARRA, 150, 154 HIPAA, 89 risk assessments vs security, 132 robotic medication dispensing machines, 242 role-based security, 287 root drive for servers, 315 roots of medical terminology, 54, 54 Ross-Loos Medical Group, Roth, Anna, 48 rural health centers (RHCs), 146 Rx IS (pharmacy information system),€280 S safe harbor statute, 20 safeguards, HIPAA, 88 administrative, 88–95, 104 physical, 95–103 technical, 104 safetynethospital.blogspot.com, 48 Sage Mas90 application, 289 sales, PHI, 135 sales cycle, 202 sanction policy in HIPAA, 89 sanity, maintaining, 327–330 Sarbanes, Paul, 186 Sarbanes-Oxley (SOX) Act, 167, 186–187 COSO, 189–190 provisions, 190 titles, 187–189 SAS drives for servers, 315 SATA drives for servers, 315 SB 1386 law, 167, 184–186 SB 1389 law, 27 scanners medical, 13, 28–29 workflow, 199, 242 scheduling front office workflow, 196–197 patients, 26, 203–204 schema access in EHR vendor partnering, 374 schema crosswalks, 289 Schwarzenegger, Arnold, 84 security ARRA core objective sets, 150, 154 audits, 323 authentication, 292 EHR benefits, 350 email, 294–297 ePHI, 127–128 HIPAA See Health Insurance Portability and Accountability Act (HIPAA) hosted applications, 299 Massachusetts 201 CMR 17.0 law, 182–184 PCI-DSS, 169–178 vs risk assessments, 132 servers, 316 WEP, 72–73 wireless networks, 312–313 Security Rule in HIPAA, 294 segments in X12N, 111, 111 servers, 299–300 backup architecture, 318 checklist, 319 hardware troubleshooting, 331–332 locating, 100 overview, 314–315 remote monitoring, 317–318 SAN environments, 318 selecting, 315–317 service level agreements, 373 Shadid, Michael, shared space in EHR, 324–325 ShortKeys software, 233, 358 Simple Network Management Protocol (SNMP), 311 single sign-on, 291 Situation, Background, Assessment, Recommendation (SBAR), 65–67 size factor in HIPAA security, 85–86 sizing practices, 308–310 Skilled Nursing Facility (SNF), 67 Small Business Server (SBS), 292 small practices deployment tasks, 335–336 PCI regulations, 174 smallpox, SmartRoom technology, 241 sneaker net, 106 Snow, John, SOAP method CPT codes, 117–118 examinations, 200–201 social history in CPT codes, 117 software applications, 12–13 software-as-a-service (SaaS) models, 298, 316, 365–366 software needs as EHR benefit, 352–353 SolarWinds products, 332 Solution Provider Self-Assessment Tool for Healthcare, 43 Sotto, Lisa J., 47 Speakeasy provider, 366 specialized workstation systems, 320 specialties in EHR, 325, 361 specific condition reports, 151 speed of authentication, 292 SQL Report Services application – vulnerability management programs SQL Report Services application, 279 SSL VPN platforms, 260 staff access to patient records, 131 compliance by, 323 educating, 205 expenses, 248–249 reductions from EHR, 352 staff physicians in EHR vendor selection, 360 Stage meaningful use, 21, 148–150 Stage and meaningful use, 156–163, 360 standard evaluation in HIPAA, 95 standard terms for EHR vendors, 372–374 Statement on Auditing Standards (SAS) N0.70 Type II report,€299 Stehno, Christopher, 49 stimulus incentives in EHR, 351 storage area networks (SAN) servers,€318 Strengths, Weaknesses, Opportunities, Threats (SWOT) tool, 67 studies and reports in SOX, 189 subjective observations, 200 subjectivity in SOAP method, 117, 200 subscription pricing model, 356 suffixes in medical terminology, 54–55, 54 SuperBills, 215–217, 216–217 support structure, 328–329 switches, 310–311 Synapse RIS, 268 syndromic surveillance data, 155 system integration in EHR vendor selection, 359–360 system parameters, monitoring, 317 system reviews, 117 systems implementation in nursing workflow, 237–238 T Taber’s Cyclopedic Medical Dictionary, 243 tablet devices, 320 handwriting recognition, 358–359 usability issues, 256–257 tap cards, 323 target markets in EHR vendor partnering, 368 technical components and needs ARRA funding, 145 clinician workflow, 254–255 HIPAA security, 18, 86, 88, 104 technical feasibility in security, 183 technology clinician workflow, 251, 257–259 front office, 205 nursing workflow, 236–243 10 Week Guide to Healthcare IT, 43 Terminal Services, 102, 325 terminology See language test environment licensing, 373 testing and revision in HIPAA, 94 third parties billing, 222–224 security, 181 third-party databases drugs, 273–274 toxicology, 274–275 time and attendance system (TAS),€291 tokens in authentication, 323 toll-free numbers, 329 tools backup, 332–333 EHR, 330–331 networks, 331, 333–334 toxicology databases, 274–275 tracked changes in clinician workflow, 253 training and education, 37 ARRA menu sets, 151 blogs, 47–49 Cisco Connected Health, 41–42 clinician workflow, 261 compliance, 323 CompTIA, 42–44 EHR vendor partnering, 369–370 front office, 205 HIMSS, 39 HITRUST, 39–40 local communities, 44–45 MGMA, 38 MS-HUG, 40–41 nursing, 238 regional extension centers, 45–47 review questions, 51–52 terms, 50 transaction message types, 213–214 transaction sets in HIPAA, 31, 109– 111, 110–111 transcription, 211–212 transition of care in ARRA menu sets,€151 413 transmission security email, 294 HIPAA, 104 Transport Layer Security (TLS), 295–296 treatment plans in nursing workflow, 233 triage systems, 277 Tripwire tool, 331 true partners in EHR vendors, 371 tunnels, 325 24/7 product support, 255 two-way pagers, 239 typhus, U ultrasound devices, 13 Unbound Medicine, 243 unsecured PHI, 130 updates and upgrades in EHR, 325, 358, 371 UPSs, 315 uptime SLAs, 373 urgent IT issues, 259 usability issues, 256–257 USB drives, 333 user interface in EHR vendor selection, 357–358 V vendors EHR See electronic health record (EHR) systems support packages, 334 Veterans Affairs (VA), 9–10 Victoria, Queen, virtual desktop infrastructure (VDI), 201, 321 Virtual Lifetime Electronic Record, 48 virtual local area networks (VLANs), 12 virtual storage area networks (VSANs), 12 vital signs in intake, 200 Vocera devices, 240 voice recognition, 358 VoIP handsets, 240 VPN platforms, 260 VPN tunnels, 325 vulnerability management programs, 171 414 wall-mounted screens – Zhou W wall-mounted screens, 256 Warner, Homer R., warranties for devices, 255–256 wearable mobile communication devices, 240 Weider, Bill, 48 Wells, Horace, Western Clinic, WhatsUp network monitoring tools, 333 Windows Remote Desktop Services, 102 Wired Equivalent Privacy (WEP), 72–73 Wireless Medical Telemetry Service (WMTS), 266 wireless networks and access, 12 access points, 312 clinician workflow, 251–252 nursing workflow, 239–241 security, 312–313 Wireshark tool, 331 workflows, 26 administrative applications, 292 back office See back office workflow clinician See clinician workflow data exchange, 29–32 EHR, 326, 351 front office See front office workflow monitoring and diagnostic equipment, 28–29 nursing See nursing and nursing workflow office visits, 26–28 scheduling patients, 26 workforce administrative safeguards, 90–91 clearance procedure, 93 management, 290–291 workstations hardware troubleshooting, 331–332 HIPAA security, 88, 99 overview, 319–321 World Health Organization (WHO) codes, 30–31, 112, 212 healthcare terminology, 60 wound pictures, 13 www.candidcio.com site, 48 www.dsltools.com tools, 311 www.h17standards.com/blog site, 49 www.huntonprivacyblog.com site, 47 www.medgadget.com site, 49 X X-rays, 28–29 X12 data format, 30, 49, 213–214 X12 Transaction Set subcommittee N (X12N), 110–111, 111 X12N format, 30–31 XML format, 30 Z Zeiss, Carl, Zeiss Company, Zenoss tools, 333–334 Zhou, Huping, 84 ... hospitals, 800 clinics, and approximately 130 nursing homes The challenges are daunting, but the VA is an example of the proliferation of technology within the healthcare setting Maintaining information. .. contracting with the insurance companies that were providing workers’ compensation insurance This allowed the insurance company to have a known cost for covering the insurance and Dr Garfield and... Health IT JumpStart The Best First Step Toward an IT Career in Health Information Technology Patrick Wilson Scott McEvoy Acquisitions Editor: Mariann Barsolo Development Editor: Mary