Archive | Business RSS feed for this section

Building a viable FOSS and Vendor Eco System

I have the privilege of speaking this year at a few conferences, including the OSEHRA Open Source Summit in DC and OSBridge in Portland.   It is clear that FOSS communities struggle with incorporating the vendors as full fledged and respected members of the community and, conversely, the vendors (sometimes) just don’t get how to balance making money by using the project and their obligation to contribute back in some substantial fashion.  It’s not an  easy problem to solve but some communities seem to do it better than others.   Attached are my slides and notes for your perusal and amusement.  Please feel free to comment, I’d love some feedback on my thoughts.

FOSS Vendor Ecosystem with Notes

Future of Open Source Survey Results


North Bridge and Black Duck Software just published the Future of Open Source 10th Anniversary Survey Results – an activity that OSEHRA participated in.

Some key insights from this year’s study (Excerpted from the study):

  • Open Source Is The Modern Architecture. Open Source is the foundation now for nearly all applications, operating systems, cloud computing, databases, big data and more. Open Source development has gone from the exception to the rule.
  • Open Source IS the Engine of Innovation. Open Source is driving business because it facilitates faster, more agile development. This translates into quicker builds, accelerate time to market and vastly superior interoperability.
  • There is a new generation of companies and business models emerging. Respondents report that in the next two or three years, the business models that will generate the most revenue for open source vendors are SaaS (46%), Custom Development (42%), and Services/Support (41%).
  • Challenges remain: Open Source security and management practices have not kept pace with rapid adoption. In the wake of high profile breaches, there is likely to be more emphasis on security.
  • Participation and contribution will secure the future of open source. Investing in the open source community spurs innovation, delivers exponential value and most of all, it’s fun.

For more information, see the slide show –

Post from OSEHRA Team

See full post:

Meaningul Use Flex-IT and Hardship Exemptions

Is case you hadn’t heard ….

Flex-IT Act – For those not familiar with this act, it would change the attestation period for meaningful use stage 2 from 365 days to only 90 days. This act is being backed by some very strong healthcare organizations including a call from the AMA, CHIME, HIMSS, and MGMA to make this change. As is noted by these organizations, very few hospitals have attested to meaningful use stage 2 and only 2 percent of eligible providers have attested to meaningful use stage 2 so far (they do have until the end of February).

If the meaningful use stage 2 numbers continue on this trend, CMS will need to do something or risk having the program be labeled a failure. It’s hard to predict what will happen (or not happen) in Washington, but the pressure to change the meaningful use stage 2 reporting periods to 90 days is growing. Poor meaningful use stage 2 attestation numbers could very well push this issue over the edge.

EHR Penalty Hardship Exemption – In case you missed it, CMS reopened the meaningful use hardship exception period. Originally you had to file for a meaningful use hardship exception by July 1, 2014, but you now have until November 30, 2014 to apply for an exception. This is a big deal for those who likely didn’t know they’d need an exception for meaningful use.

While this exception is related to the EHR certification flexibility (ie. your EHR vendor software isn’t ready for you to implement and attest), many have wondered if we won’t see more ways for organizations to avoid the coming meaningful use penalties. These prognosticators suggest that if meaningful use stage 2 numbers continue to be as awful as what’s described above, it’s possible that the government will provide some relief from the meaningful use penalties. As of now, the meaningful use penalties are coming, so you better be prepared.

Exerpted from:

Are you subject to Meaningful Use adjustments coming in 2015?

Eligible professionals participating in the Medicare EHR Incentive Program may be subject to payment adjustments beginning on January 1, 2015. CMS will be determining payment adjustments based on MU attestation submitted prior to the 2015 calendar year, with a requirement to demonstration prior to 2015 to avoid payment adjustments. If you haven’t taken a look at your posture in terms of meeting the requirements for meaningful use reimbursement, here are a few things to examine. They break down by the year you started and the program mix that you were accepted into.

If the first demonstration of meaningful use began in 2011 or 2012, MU must be demonstrated for a full year in 2013 to avoid the 2015 adjustment. If demonstration of meaningful use began in 2013, you needed to demonstrate meaningful use for a 90-day reporting period to avoid the payment adjustment in 2015.

CMS Guidelines

If meaningful use begins in 2014, to be eligible you must demonstrate MU for a 90-day reporting period to avoid the payment adjustment in 2015. The reporting period must occur in the first 9 months of calendar year 2014, and eligible professionals must attest to meaningful use no later than October 1, 2014.

All of those who attest must continue to demonstrate meaningful use every year to avoid payment adjustments in subsequent years. If you are eligible to participate in both the Medicare and Medicaid EHR Incentive Programs, you MUST demonstrate meaningful use to avoid the payment adjustments, dual program enrollees may demonstrate meaningful use, and if you are only participate in the Medicaid EHR Incentive Program, you are not subject to these payment adjustments.

OEMR reaches first fund raising goal for OpenEMR Stage II MU Certification


The OEMR 501c3 and the community of OpenEMR Developers and Users have been working hard to raise contributions to cover the high cost of testing for Meaningful Use Stage 2 certification.  We are pleased to announce that goal number 1 achieved. We have $25,000 in the bank to pay for the certification testing with margin for retesting if needed or modular certification.

Huge thanks go to the community, the users and the supporting vendors.

Our goal is to be certified by June 2014 or sooner.

–Tony McCormick

OEMR President

Peace Corps OpenEMR Project Starts Now!

Medical Information Integration. LLC and Ensoftek, LLC are poised to start long awaited Peace Corps OpenEMR integration and deployment project.  We have an incredible team between the two primary companies and we will keep the community updated on the progress.  This project will, over the next two years, deploy OpenEMR to every Peace Corps post in the world.



New HIPAA rules are effective in less than sixty days


The HITECH Act’s wide-ranging changes to HIPAA are effective in less than sixty days. Entities that routinely handle patient information – healthcare providers, health plans, and the vendors and contractors that service the healthcare industry – are subject to the enhanced HIPAA regulations and penalties beginning September 23, 2013. The following eight specific action items will help Covered Entities, Business Associates, and Business Associate “Subcontractors” prepare for the HIPAA – HITECH final countdown.

  1. Implement Security Rule Requirements. Business Associates are now directly subject to the HIPAA Security Rule. As a result, Business Associates must take specific actions to meet Security Rule obligations, including a risk assessment to identify risks/vulnerabilities and adoption of appropriate policies and procedures.
  2. Update Privacy Policies. The HITECH regulations add new restrictions on the use of patient information and expand patient rights to access that information, among other changes. Covered Entities and Business Associates must revise policies, procedures, and internal guidelines to address these changes to the HIPAA Privacy Rule.
  3. Identify Business Associates. The Final Rule expands and clarifies the definition of “Business Associate,” which encompasses the growing universe of vendors and contractors that service the healthcare industry and require access to patient information. Covered Entities must evaluate whether they do business with Business Associates, and if so, execute the required Business Associate Agreements.
  4. Identify Business Associate “Subcontractors”. Subcontractors that create, receive, maintain, or transmit protected health information on behalf of a business associate are now themselves “business associates” – even if the subcontractor does not have a direct relationship with the Covered Entity. Entities that perform any function involving patient information must evaluate whether they are such “business associates” – and if so, meet HIPAA’s requirements.
  5. Update Business Associate Agreements. The HITECH regulations require specific changes to Business Associate Agreements. In certain circumstances, these changes can be implemented after September 23, 2013; however, parties must comply with the new HITECH provisions regardless of whether the Business Associate Agreement has been updated. To avoid inconsistency between the new HITECH requirements and a Business Associate Agreement’s existing provisions, parties should consider revising their Business Associate Agreements at the earliest opportunity.
  6. Update Breach Notification Polices & Procedures. The HITECH Rule significantly alters the HIPAA Breach Notification requirements. Accordingly, Covered Entities and Business Associates should to update Breach Notification Policies and Procedures to address the new breach standards.
  7. Train Workforce on New Policies. Covered Entities and Business Associates must implement the new changes to their HIPAA Policies and Procedures. A key aspect of implementation is workforce training (employees, volunteers, and others who work under the direct control of the Covered Entity or Business Associate) on the requirements of the updated Policies and Procedures.
  8. Establish Vendor Management Program. The actions of a Business Associate can result in significant financial, operational, and reputational harm for a Covered Entity – from breaches to HIPAA investigations. Accordingly, Covered Entities should carefully consider vendor management when contracting with Business Associates. The same concept applies with regard to a Business Associate’s approach to Business Associate Subcontractors. Components of a successful vendor management program include close coordination between representatives from legal, risk management, privacy and information security, as organizations must analyze and understand the flow of, and access to, data. As part of the adoption of a vendor management program, organizations should consider adopting a governance model that addresses the release/access to data; appropriate due diligence measures; appropriate internal standards, and enforcement mechanisms and communication plans. Insistence on adherence to these policies and standards along with a robust program of review and oversight should be clearly communicated from the top down

Speaking at ACO DataQuest Conference

Phoenix Skyline

Our President and Director of Marketing will be speaking at the ACO DataQuest Conference in Phoenix, Arizona on April 23rd and 24th of 2013

Day One:  Tuesday, April 23rd – 2:45-3:30

Solving the Patient Data and EHR Puzzle

The value of an ACO’s analytics depends significantly on the accuracy of its patient data and the accessibility of information across disparate EHR platforms. In this session, you will learn techniques for validating patient data, preventing lapses in data, and verifying CMS-provided patient information. Strategies for successfully managing varying EHR platforms will also be examined:

  • ·        Direct patient contact for ensured data accuracy

o   Preparing for the challenges of patient data reconciliation with established internal protocol

o   Limiting future data gaps by ensuring the accuracy of all data collected from patients

o   Verifying CMS provided patient data with direct contact

  • ·        Merging data for disparate EHR platforms

o   Incorporating written notes into EMR data

o   Employing a Master Patient Index (MPI) to aggregate large data from various sources

o   Managing various image formats from different EHRs

o   Creating an analytics boilerplate to reduce repetition and purge unusable elements

Day Two:  Wednesday, April 24th – 3:00-3:45

Making the Most of Your EHR: Leveraging Meaningful Use to Enhance Care Management and Reduce Costs

Learn how to make the most of your resources and manage costs by successfully integrating varying EHR platforms and maximizing their potential to prevent gaps in care, monitor patient engagement, and manage clinical workflows. This session will examine strategies for:

  • Integrating differing EHR platforms into a comprehensive, system-wide care management system
  • Using EHRs to track the progress of chronic disease management
  • Monitoring the workflow of your clinical teams through the EHR
  • Staying ahead of reminders, goal-tracking, and patient treatment adherence
  • ·        Employing your EHR to:
    • Identify existing gaps and avoid potential lapses in care
    • Manage costs by reducing unnecessary on-site clinical visits and admissions

Tony McCormick

CTO of Physicians ACO, LLC and MI2

Barcamp Portland 2013 Conference, Day 2

Barcamp Portland 2013

Barcamp Portland 2013

Once again Barcamp had an amazing and wild mix of conference offerings.   I attended a discussion on woodworking and an excellent talk about crowd funding “Open” start ups.

I also, as mentioned in yesterday’s post, ran a session of my own to discuss the e-patient idea with a audience of interested patients. We had a good group of folks with a wide range of experiences in their healthcare, from uninsured accident victims to some well insured with chronic issues, and even some health people (if you can imagine that in the USA).

The full notes are posted on the Barcamp Etherpad site, but to  summarize.  It’s complex.

Wide range of differences between the patients needs; from full access and management of their health data to “access as needed” on an specific event or for coordination of care, will make it hard on the providers to manage the HIPAA rules within the patient’s desires.

That, coupled with a far from complete process to standardize the format of health records, including diagnostic images and to provide easy patient-centric tools to use that data, make this a daunting task.

The home brew I helped serve was good though!


Barcamp Portland 2013 Conference, Day 1

Barcamp Portland 2013

Barcamp Portland 2013

This weekend I am attending BarCamp in Portland.  This event is put on by the Stumptown Syndicate.  They offer several amazing conferences that offer an alternative model to the high cost, over organized and pretentious conferences.  Barcamp is an un-conference.  It’s free, they take donations, of course, but they provide food and drinks and open the doors to all types of creative geeks and even non-geeks.  Artists, open source developers from projects big and tiny, hardware hackers, web designers, community oriented organizers and the totally disorganized.

At the social gathering this evening their was a mini-makers fair.  Here people demonstrated video games in alpha and unreleased state and community projects, like a website that helps neighborhoods develop a market of goods to sell or trade with each other, kind of a micro    There was a game where one of the player’s controllers was a piano, and a crowd-sourced font design project.

Tomorrow will be the un-conference. At this event the participants choose the topics and post their ideas on the grid of available rooms and times.  Then the participants vote by attending those of interest and staying only as long as the topic is of interest.  The pressure on the presenter is high, but the reward of a interaction with people that are genuinely interested in what you have to say, is amazing.

Tomorrow I will propose to run a round table discussion on what we, in the Health Information Technology business, call the e-patient.   I am interested to see what this diverse population of mostly young people think about how they would like to interact technologically with the health care system , or not.    Is technology considered part of the solution or part of the problem as it is currently used?   I’ll let you know what I find out tomorrow.