Oasis Is Here. Are You Ready?
OCTOBER: THE LEAVES ARE CHANGING COLORS, football season’s here, and, ready or not, it’s time for all Medicare-participating home healthcare agencies to start collecting OASIS-B (Outcome and Assessment Information Set) data.
Many agencies are prepared to submit the HCFA-required health and functional status assessments with their home healthcare software that is already equipped with OASIS extraction capabilities. Some are even capable of collecting the information electronically at the point of care with handheld devices.
But not the majority, says Steve Lund, executive director of the Minnesota HomeCare Association. "Most of our agencies are too small to be technically compliant."
Reiterating the concern of a small agency in southern Minnesota with 70 clients, 15 of which are not eligible for Medicare, Lund says the agency still doesn’t know what it’s going to do about OASIS. "It doesn’t make sense for them to spend money on that kind of stuff." A small agency operating on narrow margins often has a hard time budgeting for the equipment required to collect data, he says.
So what are agencies that are lagging behind going to do? For starters, HCFA, the government department that administers Medicare, is providing free software called HAVEN (home assessment validation and entry) for entering and transmitting OASIS data. Nurses will continue to make rounds with pencil and paper to collect outcomes information and an assistant will enter the data manually on a PC.
Alternatively, those agencies that have made an investment in scanning technology can skip the data entry step. "But I’d be surprised if half the agencies have the capability to do this," Lund says. The third option is to collect OASIS data at the point of care.
Home healthcare consultant Tom Williams estimates that as many as 15 percent to 20 percent of home caregivers are using computers at the point of care. But for a typical home care agency with 30,000 to 35,000 visits and only 1,500 OASIS assessment per year, "checking a box on a piece of paper can often be more efficient," Williams says. "From a financial standpoint, it doesn’t always make sense to automate clinicians at the point of care."
Regardless of the preparedness, home health agencies are required to start sending assessment data electronically to their states’ survey agency on a monthly basis, beginning Jan. 1, 1999. The state agency--in most cases the Department of Health--will compile the data and send it to HCFA.
Lund agrees that HCFA’s premise with OASIS is good, and even the government’s pressure on agencies to become automated has proven benefits in reducing costs and serving the patient with quality care. But it’s not just OASIS that home healthcare agencies are dealing with now, Lund says. Reimbursement rates have been cut by 15 percent. They are also facing the interim payment system, surety bond issue (currently on hold) and JCAHO’s ORYX performance measurement requirements. "We have three or four elements hitting at the same time, any one of which would be enough to cause commotion in an industry like home care," Lund says.
But many feel that the industry has had plenty of time to prepare for OASIS. "The industry’s been talking about it for awhile now," Williams says. "HCFA turned up the heat with respect to electronic claims submission a few years ago which forced agencies to consider automation."
The real winners in this situation are vendors with clinical data capture tools, he says, with virtually every clinical system vendor building the OASIS data set into its software.
Effort to Secure Standards
A NEW CONSORTIUM IS CALLING FOR STANDARDS development organizations, vendors, providers, security advocates and government agencies to promote healthcare IT security standards.
The group, comprised of the Healthcare Open Systems and Trials (HOST) organization, National Information Assurance Program (NIAP) and ARCA Systems is trying to fill the gap between healthcare data security policy and standards development. "Policymakers have no standard to implement," argues HOST executive director Lewis Lorton.
According to Lorton, the project needs comprehensive industry support--first to define what data elements need to be protected; and second, to determine how to apply a standard to healthcare applications.
NIAP--a partnership between the government’s National Institute of Standards and Technology and National Security Agency--asked HOST to facilitate the effort. Stealing a page from the International Organization of Standardization (ISO), those involved will create healthcare "protection profiles" that outline the requirements needed to protect health information and assign the standards that ensure product compliance.
The model used in developing protection profiles is based on common criteria for information technology security evaluation. This methodology was developed by the United States, Canada, the United Kingdom, France, Germany and the Netherlands in the early 1990s for advancing ISO security standards. The common criteria approach defines the enviroment of information that must be protected.
The consortium’s goal is to apply this same criteria to healthcare security standards, and in the process, nominate standards for data elements that need safekeeping. Austin, Texas-based ARCA Systems will operate as an independent testing laboratory to approve IT security products developed under the common criteria method.
Lorton hopes that eventually a standards development organization will come forward to maintain the healthcare protection profiles. But getting buy-in from the fragmented healthcare industry will be a task of its own. A standards group like HL7 will not dabble in product specifics. "We can protect the messages," says Gunther Schadow, co-chair of HL7’s SIG in secure transactions. "But we won’t influence how applications are built."
And algorithms and protocols are only one part of the story, Schadow says. The other is policy. "There is quite a jungle of legislation that is hardly comprehensive." However, HOST and its partners are betting the upfront legwork on protection profiles will ease policy-making activities in the future.
Five Things to Know When Going Mobile
WITH THE EMERGING POPULARITY OF HAND-HELD computers, healthcare professionals are looking for ways to join the mobile parade without replacing their facility’s wired network.
The IEEE’s 802.11 standard, passed last summer, encourages quick steps toward increasing transmission security and vendor interoperability. But not all products are compliant, and compatibility is more of a goal than a reality. Here’s what the industry says about mobile computing, and how to ensure data security once systems begin roaming from the network:
Know what you’ve got. Unless the legacy system is being scrapped for a new wireless network, its configuration may narrow the field of wireless vendors to choose from. Most vendors can provide the access points for Ethernet networks, but Token Ring networks require a different type of access point, and few vendors sell them, says Phillip Belanger, vice president of marketing at Aironet, Inc., a wireless LAN company in Fairlawn, Ohio.
If the network already has wireless stations, adding new ones can require extra planning, says Scott Lucas, industry marketing manager of wireless LAN developer, Proxim, Inc., Mountain View, Calif. Systems using different radio frequencies cannot communicate with each other, and those using the same frequency may interfere with each other.
Know what you need. A facility’s definition of "mobile" is critical, says Dale Miller, director of consulting services, Irongate Inc., a data security consultancy in San Rafael, Calif. For most vendors, mobility means within a single building or, with the help of a directed beam antenna, between several buildings, Belanger adds. Typically, a mobile system can transmit up to 300 feet away from the nearest access point.
Weigh the costs. Access points must be added along the wired network to transmit data between the mobile systems and the host. Vendors use preliminary site surveys to determine how many will be needed. At $1,000-$2,000 apiece, the number of access points can make or break a budget plan, so ask vendors to explore creative options. Using directional antenna’s to shape the beam down the hallway may cover the area with half as many access points, Proxim’s Lucas says.
Grapple with eavesdropping.RF waves can be intercepted by outside radio equipment--intentionally or not. Vendors have developed ways to make transmissions harder to pinpoint (varying frequencies), harder to receive (signal strength) and harder to understand if intercepted (digital coding).
With data confidentiality at stake, facilities should insist on the latest spread-spectrum technology for their wireless systems, says Brian Grimm, principal of Health Wave, a Wilmington, N.C. consulting and communications firm. Spread spectrum’s two forms, frequency-hopping and direct sequencing, deters snoopers by changing the frequency several times per second or breaking data into unrecognizable pieces during transmission.
Security from the inside out. Mobile pieces must be as accountable to system security as their wired counterparts, Miller says. Ask how the wireless extension will conform to security measures already programmed into the host. Can audit trails be performed on the mobile systems by user ID, activity and location? If a mobile system is stolen, how easy is it to access the server? Rethinking user IDs also can enhance security, he says. A hand-held system can be assigned to a specific person, controlling information access to a single user ID.
--Pamela Tabar is a freelance writer based in Cleveland
Yea, but what’s the ROI?
A WIRELESS LAN IMPLEMENTATION WILL PAY FOR itself in about one year, reports a study commissioned by the Wireless LAN Alliance. Data was compiled from 34 companies (eight in healthcare) with an average of 308 wireless clients. On average, a wireless LAN installation in healthcare paid for itself in 11.4 months.
However, the payback in healthcare, measured in estimated dollars to be saved through productivity gains, was slower than other industries such as retail (9.7 months), manufacturing (7.2 months) and education (7.1 months). Healthcare also had the lowest return ratio, by far, measured by monetary benefits over costs. While retail, manufacturing and education realized 33 percent, 69 percent and 66 percent benefit returns in one year respectively, healthcare saw only a 4.4 percent return. The reason: "Healthcare has much higher application development expenses," says Mack Sullivan, director of the Alliance. "With a longer period of time, payback will reach the higher levels."
Although still a relatively small market, the demand for wireless LANs is growing. A $350 million industry now, wireless LANs are projected to generate a total of $1 billion by the year 2000 for companies such as 3Com Corp., Norand Corp. and Lucent Technologies.
Sullivan expects healthcare will supply a significant portion of revenues, particularly as costs for wireless LAN implementations come down, a benefit of the IEEE 802.11 standard passed last summer.
Get on the Bandwagon
SCOTT AND WHITE MEMORIAL HOSPITAL AND CLINIC based in Temple, Texas recently began upgrading its patient demographics, billing and scheduling software. For an institution with 18 regional clinics spread as far as 129 miles from the main campus, this was no easy task. Administrators met to discuss the possibility of training staff members in Temple, but quickly abandoned the idea, deciding it would disrupt clinics’ caregiving activities.
John Elliott, senior analyst and coordinator of the upgrade project, says he wasn’t listening the first two times his supervisor suggested a mobile training unit. But he eventually conceded and, in two months, Elliott had converted a Blue Bird bus into a 35-foot learning center.
The bus houses 11 computers--10 for trainees and one for the instructor--all networked to a wireless Ethernet antenna that transmits data between the Scott and White mainframe in Temple. It also features an In Focus video screen so trainees can watch the instructor work. A diesel generator supplies power to the computers, lights and cooling system.
Clinic IS training began this past June with the bus traveling to Scott and White regional sites to train small groups of clerical workers. Trainees receive 60 to 80 hours of training, based on their PC experience; if necessary, training coordinator Vilma Elliott teaches basic computer skills before going into the new software. During the training, a team of stand-ins from headquarters takes over in the clinics to avoid interruptions in patient service.