Practice at other system facilities:  non-medical staff responders
document in “significant event” system of the EMR and medical staff responders either document in the clinical documentation system template-driven tools or dictate.

Proposal: as above, exclusive of dictation (takes 24 hours for TAT &
upload to EMR).

Attached is screen print of significant event progress note.  If
additional documentation is needed for PI purposes, that would be
extraneous to this process.

Please vote “yes” or “no” to the proposal so that I can put
closure to this item. Thanks.

Nurse Practitioner for stroke program response:

I would need more info because we have a particular process for
documenting particular times and use it for data collection for stroke.
Also, we have to keep a log per what we capture and have to report on for state agency and Joint Commission

Personal COMMENTARY on issue:

Actually this is a more complex workflow question that gets to the core of several similar issues in the field of informatics. unless I am mistakenly making too many assumptions, in the absence of seeing the screens or knowing the details behind this discussion.  Stroke certification processes have been mandated all over the country with guidelines based “reporting” that have created huge resource expenditures by hospitals just to keep up with the data collection and reporting. A big factor has been a global lack of understanding of the “documentation” workflow that ties the real time clinical care process to concurrent case review  to near term data monitoring, to back end data retrieval, reporting to third parties, and analysis.  The closer one gets to seeking the core principle of clinical documentation—document ONCE, document efficiently, effectively, legibly, etc—the more this issue keeps rearing its ugly head. (Again, please forgive me if I am making too much of this, having not seen the initial email).

If a stroke team response is a team-based response, where each team member is playing multiple roles that relate to both clinical care, clinical documentation, clinical data capture, and clinical case tracking workflow, then the separation of documentation solely based on pre-defined “job type” is highly artificial that leads to different locations and methods of capturing information that must inter-relate for both clinical, operational and data analytic purposes.  So lets start with a description of how clinical electronic documentation should function in order to meet the above objectives. Where the current or near term “system or systems” does not meet this need, then the “price to pay” in terms of professional or staff time duplicating information capture or losing continuity due to its separation must be calculated as part of decisions about how to “work around” the inadequacies of what is available.  This is an absolute general rule of medical informatics that is, unfortunately, rarely set in motion due to the lack of its inclusion in design of documentation systems to begin with  (until quite recently in limited scenarios)

This is how this should work:

In emergency room a series of data points begins, starting with time of entry, triage, decision support, pending diagnosis, vital signs, relevant neurologic system findings, radiology results, documentation of nurse observations, then clinician observations, then comments or suggestions of remote specialists, orders and transition to next point of care.  When ANYONE involved in the care of this patient is about to document anything they do, it is immediately assumed to be starting with data captured in previous steps, by people playing roles that overlap clinical and process flow. (for example, a stroke responder might be documenting the actual NIH stroke scale and it is “confirmed or signed off” by the provider, not re-entered in a second clinical documentation process).  The “time” stamps should be automatically captured at each critical point of –triage, decision, result, order, next order, result, event, etc—, associated with that event whether machine or human generated phenomenon, and carry forth thru the documentation without any downstream clinician or data manager having to “recreate” the presumed time based on retrospective chart review or copying over from some parallel “system”. This leads to the primary goal of the system, which is not to generate reports for third parties, but to efficiently lead to safer and more consistent care. The fewer places to re-document a single piece of information that has downstream clinical or analytic relevance, the fewer opportunities for further error and inefficiency.

So without going too far into the abyss of the massive issue in medical informatics of interlocking roles-based fluid non-redundant clinical documentation (the holy grail in many ways, that the whole industry struggles with)—I would very much warn against band-aid solutions that try to vote on one of the lesser of two evils. Because systems of documentation currently tend to not function like this even WITHIN one single workflow domain like the ER (but getting a bit closer) when new programs with external reporting accountabilities are imposed-even if a good thing overall-there is the new creation of added time, inefficiency and duplication of effort on the data entry/capture/reporting realm without concomitant allocation of human time resources to achieve this effectively. Happens all the time, everywhere, over and over.  As both a medical informatics person and accountable for a cross-organizational neuroscience care program, it is difficult to embrace this phenomenon repeatedly, knowing the consequences.

So I would ask that we look as a group at “team based documentation and communication” as it relates to at least a few core clinical processes in the future state, the current state and the intermediate state, with an eye toward confidence in probability of the future state. We map the workflow and roles of each of the participants, being careful to not assume that today’s stroke responder or stat responder assistant/tech/nurse/primary md/captain/intensivist/remote specialist, etc are necessarily the same people doing the same aspects of this process one year from now as they are today. If the documentation needs are tied to the minute-by-minute “dynamic and contextual role” of the individual documentor, rather than the “static job role” then the solutions recommended, even if interim work-arounds, will have far fewer negatives and more positives.

Here is a simpler way to look at this:

At any point in anyone’s documentation process relative to what they are accountable for the common principle applies that before he/she has to enter, dictate, type or create a piece of data –a time stamp, an event capture, a clinical finding, a result, etc—that the documentation “system or application” he/she is using FIRST makes available anywhere else in the “systems” that the data exists, so that it can be viewed and “IMPORTED” into the relevant location.  That is why the current iteration of PN2G documentation templates and discharge depart processes, however limited by still being a “work in progress” at least try to incoporate importation of vitals, diagnoses, demographics, etc that are relevant to non-duplicative continuity of care.  Even these fall way short but are directionally consistent with this principle.

If that simple (but not readily achieved) concept is being adhered to, then it will be far less relevant or critical to any downstream workflow what specific documentation “system” is being used by any one “person or role” at any point in time. The problem is that, in the absence of being even close to that model, we end up with different overlapping roles, where there is not such a black-and-white separation of specialist medical staff/primary care medical staff/midlevel/nurse/support staff roles and accountabilities as it relates to how/when each is “documenting” what is being done at the moment.

]]> http://apractis.com/blog/2008/05/10/clinical-documentation-processes-must-map-to-workflow-and-roles/feed/ 0 http://apractis.com/blog/2008/04/11/drug-alerts-and-reminders/ http://apractis.com/blog/2008/04/11/drug-alerts-and-reminders/#comments Fri, 11 Apr 2008 08:26:33 +0000 abarbashmd http://apractis.com/blog/2008/04/11/drug-alerts-and-reminders/ I was recently asked to look at a good article from the VA about physicians over-riding drug-drug interaction alerts, the reasons why, the measure of whether alerts were useful to end-users, etc A few thoughts:

When we developed and deployed an automated referral system for specialty care in the past, we struggled with the same question but looked at an approach such as

If an alert is to pop up during an order process, it must meet the following criteria
It must be highly useful to the person entering the order
It must be highly accurate most of the time
It must enhance efficiency on both ends (ie avoids a followup phone call back to the person entering in order to clarify, or get a different provider requested, etc)

It must be monitored for efficacy and dynamically updated based on a learning system

While doctors are not always cognizant of all the needs of “other departments’ workflow and accountabilities” , they are in fact highly accountable people generally who are dealing in levels of uncertainty around risk/benefit all the time, with varying levels of information at the moment, of varying levels of accuracy. Therefore, designing systems that are intended to assist clinicians in their outcomes and efficiencies has a primary obligation to prove that will happen before introducing more uncertainty or inefficiency into the process.

I have always believed that the future of information systems in healthcare will be realized when the systems evolve rapidly and dynamically by learning based on the behaviors and decisions of those who provide healthcare, and the first sniff test will be like the microsoft ad
:where do you want to go today?

A clinician should login to a location, and the system should be able to learn their question, their context and their task at hand rapidly
The system should provide information in a manner which has been demonstrated via real time workflow evidence to enhance the efficacy AND efficiency of the clinician/ The screens one sees should derive not from the needs of the data or the back-end departmental needs but from an intersection between what busy clinicians need in order to get the specific job done at that moment, but increasingly “made aware of” what other systems or processes appear to know, or might know, about that context

So perhaps if instead of thinking of these as alert overrides, we began thinking about any alert as never appearing until it can be shown to have passed a performance test that meets those criteria in real world settings, we would end up with alerts that had the type of content and context that users now ASK FOR, or create themselves. This would be very different from today, where users are viewed as “reacting to and “bypassing” because the alert process only represents one perspective on a subset of data about a particular patient or clinician or medication, that is highly likely to be not so aware of the rest of the context at that time. Obviously that improves as systems become more sophisticated, but starting with assumptions of the inadequacy of the data sometimes are better methods than starting with the assumption that the data or rules are consistently useful enough to begin shoving in the face of very busy people who are multi tasking!!

Very interesting subject/

There are many tools that can launch a message center to send an embedded message center and you have the option to encrypt an outbound message in such a way that one has to have a special downloaded reader (an acrobat model) to view. But every clinician I have known has had their patients sign or opt a HIPAA waiver and has their lab and other messages just emailed to them directly,. Secure web encrypted web messaging, special encrypted packeted email all have solutions–medem, relayhealth, zix, biometric enabled, etc–and most consumers simply do not care. They want their information sent to the same place they work all day long in their own email and where they would get their banking password emailed to them as well! (I am not being facetious, this is just the reality)

Nevertheless, if one used something like relayhealth, for example,, one could just attach the resulting lab report, with comments, or the CCR with comments, etc by opening relayhealth inside the web browser, etc.

This is a very interesting and important topic. We enabled all clinicians, for example to offer a free encrypted medical email account to their patients with a special domain address so it was encrypted out and all going thru one network., Highly practical. And guess what?–the patients would still have it forwarded unencrypted of course to their personal gmail, yahoo or other email, and it was just an extra step. So at the end of the day most clinicians just email the patient directly, out of the patients request and more practical workflow. That is not a system issue, it is a practical and individual preference one.

There is alot of discussion about messaging with patients in EMR users forums, the Ideal Micropractice, specialty AAFP and other primary care forums, and in the medical and general press, as you know. Many clinicians are available who would be happy to share their thoughts as well

AJB

Many hospitals and other healthcare organizations who have internal networks, web portals, and particularly electronic patient records that need to be made more accessible remotely are looking at additional “security” options such as Key Fobs (where a number linked to the user changes every 3 minutes) or Biometrics (finger prints, voice) and I believe that a few key questions need to be addressed before the “IT Security arm of an organization” pushes an operational strain that drives resources, dollars, support issues, and user satisfaction issues onto the backs of others.
The assumption behind these efforts should be made clear and, I believe, needs to be proven first. It is that the use of a user name and password, even if one has to change the password regularly, is insufficient to appropriately authenticate that another individual, who presumably has different “rights or privileges”, is not “falsely misrepresenting themselves” to the “system”. Given that these same “users” also interact with banking, legal, insurance, and other “medical” entities without requiring the use of a physical authentication device, and that the information in those “systems” is just as important to appropriately protect, the logic of all this rings very hollow.
While there have been many people smarter than me expounding about the pros, cons, methods and limitations of different approaches to physical authentication for information access, I would propose it is much simpler to look at the whole issue from the perspective of the “consumer” and the “supplier of support” for when things don’t go as expected. The “consumer” in this discussion is a physician, nurse, other healthcare provider, case manager, patient, family—anyone who needs to access information in order to carry out their job in a timely fashion and who presumably has been asked by some other entity to do that job (beyond the scope of any one IT organization to question whether that job is appropriate for that person). I would argue that the user has just as strong an incentive for authentication to work properly as the “system” does—as in the example of my personal bank or credit card account, which most people are far more worried about than their health information.
An important principle in dealing with an issue that intersects the presumed interests of “access vs security” and “organization vs client” is not to assume that everything will work as planned “most of the time”, but to assume that the “worst case scenario” that challenges all the assumptions of normality, is the “expected event” (ie.—I am in outer space and need immediate access to something that might be located in the Earth’s molten core right now)
So let’s look at the whole issue from the standpoint of protecting the interests of the “consumer” , or perhaps better to use the term “user”, though not optimal. What is the user and what do they want to accomplish?
When a request is made for me to take action about a particular “patient/client” or to respond to another professional/clinicians request for advice, or to carry out a task that was requested of me by a “system of care”—ie signing an order request from another professional/nurse, etc—(the main reasons one would need to bother “logging in”—here is what needs to happen…

The amount of time this takes needs to be defined as a Minimum (to keep me from making an unintended error in authenticating myself for my own personal interests) and a Maximum (to keep me from wasting time, resources or efficacy as a professional). I should be determining that time limit, since it is MY authentication we are discussing, not YOURS. But when I then try to interact with YOU, I would want to make sure the same standard applies and I know who you are.
The requirement that I be able to complete whatever task is on the other end of this “authentication” process is likely driven by the requestor just as much as by myself. (example, –Dr, we need you to look at this Xray online and give us an opinion before we take the person to surgery for an urgent procedure) or (This is a form we need signed within a week)
If the task has any sense of urgency, which we should assume is always the potential scenario, then we have to assume I have NOT been able to plan where I am, what time it is, what I was doing 2 minutes before the request, or whether I have any specific piece of equipment with me other than my brain and my body.

The task should take me the same time to complete regardless of time or location, with the understanding that acceptable barriers are those I would anticipate with any communication task-financial, legal, personal, medical, professional…
· Do I have a mobile phone and/or am I within “range” of a mobile network

· Do I have access to a reasonably functioning computer

· Do I have reliable high speed access to data through any open communications network

· Am I presently inside or outside the walls of the “organization” that “created the task request”

· Do I have access to some other device which can easily enhance the ability to “authenticate” myself without introducing new barriers to access

· How many different devices by how many different “organizations” are an acceptable limit without causing me neck pain or needing to carry a “device suitcase” around!

In the year 2008 I would suggest that there are only three (really just two) “devices” that we can assume are HIGHLY likely to be easily accessible to any professional at any time when they have any reasonable likelihood of needing to get to information:

· Their finger print (presumably on their own fingers at present!)

· Their mobile phone or a mobile computing/communicating device of some sort(one could not be “available” for clinical communication of care without one in reality)

· A communications network (wireless, land line, etc)

And then there are the attributes of the task that should be determined by the “user”, not by the “system”
· How urgent do I feel this task is, and how comfortable am I not being able to complete it if I have any issues getting to the information

· How do I feel about the “organization’s” attitude toward my needs for access and urgency

· Do I know my current user name/password

· Do I need to access something that is so private that, if the information were about ME, that I would want someone else to be forced to “physically” authenticate themselves in order to see it or carry out the task

· Am I going to be interacting with other people, and how do I wish to know THEY have been identified or authenticated in order for me to carry out my task. (example..the industry pushes HIPAA compliant secure web messaging, but every consumer will sign a waiver form so that they can get their lab results sent to the email that they use all day long for other things and in which they are perfectly comfortable only having an “email address” as a way of identifying the other party)

Once the user has made these determinations I would suggest the following is the most pragmatic methodology of “enhancing” authentication where appropriate, because it addresses the most common denominators:
Eliminate the use of any physical device requirement other than that which has a high probability of being present and universally usable at that moment in time
· Voice/Finger print (Iris not quite, until camera on every phone)

· Mobile Phone/Text message

So now back to the focus of Key Fobs…

Such systems make an assumption that there is a reliable backend database that links a User, their Password, with the Physical ID of a Key Fob and system knowledge of the “current rotating randomly assigned number” that is displaying on that device. Since anyone who “finds or takes” a key fob from someone else is fairly likely to have found that on a key chain or in association with some other identifiers, then fraudulently using one’s user name and associating with the key fob is not as fool-proof as proposed, and not worth the inefficiency or expense.

· Have each “user” register with the organization or a central shared authority with a profile that contains (signed, online, just as with a bank)-

· Full name, address, etc

· Professional License identifier/Organizational identifier, etc

· Email address that is NOT going to be changed within the next 12 months and that the user reliably checks every day and in which they have assured that an organization’s outbound email will not be spam-blocked

· Mobile phone number that is NOT going to be changed within the next 12 months and in whom the user checks a box to confirm they promise to notify the organization if either mobile number or email address changes

· Option to accept text message notification of authentication codes

If a user is willing to register their mobile and confirm they receive text messages and, since other services use one’s mobile number in registration as a primary method to deliver initial passwords anyway…then have their personal mobile device serve as their authenticator

If the user logs into a website, portal, EMR system or even to a specific task within a specific “domain” within that “system” a trigger might pop up asking for further confirmation of “who they are” They are presented with the following options

· IF you have a registered key fob and it is with you, enter the number now and you get right in

· IF you have a registered physical device but it is NOT with you at present, but you HAVE registered your mobile device, click to have that key fob number text messaged to your mobile phone immediately

· IF you are a more intermittent “user” , or just do not have a registered physical device but have registered your mobile with us, click to have a special one-time access code text messaged to your phone (you will need to re enter your user name/password after you get this number)

· IF you have none of these options available but need urgently to get into the “system” that houses the “task” you have to perform, click here to “break the glass”, enter your user name and password and check the reason why you just don’t have access to any other mode of authentication at present.—we will EMAIL you a special access code

· IF for some reason you have full Web Access but no Email Access (this is highly unusual and very unlikely, so don’t expect too much here!!!—but it is truly an emergency to get in, call this number, we will ask you a few questions from your profile and grant you temporary access

· Down the road, as the finger print, iris scan or voice print “readers” are just as easily accessed as one’s mobile phone, then they would represent “user preferences” at some point as well
In Summary, I don’t believe the question is what the “system’s” needs are, those should strictly be limited to the physical security of the network, etc

The issue is what the “highly accountable professional, who is the “end-user” needs in order to satisfy their time/task requirements. If EMR systems and user interfaces were built from the ground-up in this manner we could stop using the term “user-friendly” anyway, because by definition it would be “user-centric” but that is a different blog discussion. The issue of authentication process should tie into the communication processes and methods that are already a part of peoples’ daily lives and for which they take appropriate levels of precaution around certain types of information and communications.

I am not an IT systems security expert, but if you were to add up the costs of the backend “database system” PLUS the costs of the physical devices PLUS the support costs of all those situations where the synchronization does not work as planned, and instead moved to where it is ONLY the “database system” that is required because the rest of the physical and communications infrastructure is already being used and paid for by the consumer—that this approach would also represent a true savings all around. Add to that the interest of telecom providers in participating at a sponsorship level, and this, from a neurologists perspective is a true No-Brainer.

AJB

Maybe it is better to just ask ourselves why we continue to be looking at health information as so unique in all its attributes. Those of us who have been in the “PHR” arena either as developers, users, partners, promoters, speakers, etc really struggle with the fact that it is not necessarily a “thing” that everyone agrees exists or can define. I think we can all agree what a phone fundamentally does, who uses it and why. As more features and capabilities are added, and smartphones are the term for some, we still do understand that the thing “helps you call, respond and talk in real time to people” and that “if you type in a number it will ring” If it does email, then you know what email does also.

Health records are either something totally different than any other type of information, or share many other attributes and have some that are distinct. For the majority of people who look at health records as documents, reports and “page views” of content about an individual, the storing, sharing and creation of them is really not terribly different than legal, financial ,real estate or other files. However the differences might be viewed more in the complexity of how they are generated, the level of integrity of pieces of information in them because they reflect “results” that came from some other source, the different points in time and place that pieces of a document originated, and whether the author is the validator or even knows how the document will be used by anyone else in the future.

But until one can develop any consistent concept for a large proportion of human beings what a personal health record really is, maybe it is better to just realize that microsoft and google are already in the business of health records. Doctors send email to each other, faxes are received thru telecom companies, phone calls about consultations are made on sprint phones, medical searches are done from within web browsers in EMR’s on the open web, powerpoint can be used to create a case demonstration, etc, etc. People store some documents in their google account, they keep reports from doctors in Word on their PC or elsewhere, and some people use third party document storage services for all sorts of things. We might be better off if we primarily just looked at Health records as one other element of personal records, and just focus on what specific attributes are somewhat, largely, completely or not at all different than other types of information.

On the other hand, if one views person-centered health information as subserving a context (the person and their behaviors and conditions) that can be tied to other similar contexts, then the ability to advance medical knowledge based on the open leveraging of this in the search and communication process would be a natural step along the path of human biological understanding. If that is the case, then microsoft and/or google are merely formalizing what is already occurring to some degree.

Since the healthcare technology privacy industry is far more legally and technologically self serving, not having emanated from what busy clinicians and consumers think privacy needs to mean, any excited discussion about the impact of these moves on privacy is of questionable value. The more important question is this….if entities begin to align themselves with the workflow, collaboration and business models about person-centric health information, will that finally help eliminate this “industry centric” focus on what an EMR or PHR or HIPAA is, and enable a more natural, “user or physician/consumer” centric perspective on the relative meaning and value of the different attributes of these records, how they are created, managed, shared, secured, etc

Maybe this is an opportunity to really open up the dialogue and end up with something called a PHR that ends up having some common meaning to a critical mass of people. And maybe it will result in nothing like a PHR at all, just another set of practical processes to facilitate sharing, retrieval, documentation, etc that are not so distinct from the rest of our daily workflow

Here is a link to an interesting blog in ecare management on a personal health information network 
Just my thoughts

AJB

As more of all generations move away from sequestered and constrained information definitions, tools, containers and “others’” rules, and into more open modalities of posting, sharing, sending and even modifying….the individual now has an expansive relationship to information. When we create content with a certain meaning (as of this moment in time) and direction (ie it is for me, or for you, or for a group) we now have to be cognizant of how that same information can be read off line, or real time, synthesized, copied in snippets, become part of some other totally different media, and ultimately traced back partly to us, partly to others, and transformed beyond recognition as of source. It is as though by talking in the phone parts of our “vocal dna” can be mixed with other signals and create a new voice.

Privacy now becomes something that the individual must take a huge responsibility over, not “outsource” to a government or other protective agency, because what is private at one time needs to be more public at another. And humans will need to understand how to manage information just as they do when they are talking face to face real time and interacting with selective words, body language, etc

And along with this will come new accountabilities for the ramifications of our person-generated information being leveraged by others distant in time and place for other purposes. Doctors resist the idea that consumers will put credible information into a personal health record, But if the person entering it actually bears some accountability for the results of how it is used, then he/she will become a much more active participant in its creation, transmission, and maintenance. Just as we should have far more people insisting that they get a text message to their mobile phone to confirm ANY time their credit card is being used and money is leaving their account. The banks might not like the inconvenience of having to “hold money” and lose the float, but they are not the ones who pay the price for our credit card being used inappropriately.

More on this really interesting area later.

AJB

What people want is something like this

Not have a big chance of getting a medication that wont help or will give them inconvenient side effects

Not have to worry that someone will advise them and neither will have time to figure out that they are likely to have an allergic reaction to something

Not have to repeat tests that have risks

Not have to waste time filling out the same information every time they do something different in healthcare

Be able to get an answer to a personal question from someone that they trust, know, or can rely on

Not waste time getting to an answer

Have doctors and nurses spend the right amount of time with them when needed

Communicate with the healthcare industry in a way that they want, when and how they want. just like other industries

Whether keeping a personal health record is a primary goal or a “default” objective because there is no more realistic way to achieve all this, and whether their keeping personal records in the absence of the industry believing that a PHR is the PRIMARY source of core information, not an offshoot, is a serious question to ask if we are to understand why this “no brainer” is not a more ubiquitous reality. But there is not much question that figuring out how to achieve this in a pragmatic, non intrusive, non-technology centric model is a laudable objective. I have always believed that we should be thinking of this as a technology facilitated “service”, not a thing in itself. And if we dont start getting the message across that this is something an individual can expect to “Do work on” and “Pay for the sanity of having” we wont get there

I have met the people from VitalKey, for example, and that is a centralized supported workflow process that acknowledges the idea of a PHR is a dynamic ongoing process rather than a “thing” There are other models, and technologies. Alot of the industry, as with the EMR industry is still a population based research project in my view!

More later, just some thoughts