Impact on the Enterprise Content Management Industry: The 2009 ARRA and HITECH Acts

The February 2009 passage of the American Recovery and Reinvestment Act (ARRA; a.k.a., the Economic Stimulus Bill, PL 111-5) with its Health Information Technology for Economic and Clinical Health (HITECH) Act (for purposes of this publication, together referred to as “the Act”) means that to the tune of roughly $19 billion - $35 billion (net vs. gross outlays, respectively), Americans, through paid taxes, are now directly funding the adoption and “meaningful use” of “certified” electronic health records (EHRs) by healthcare providers and provider organizations, including the investment of a nationwide health information infrastructure that supports the electronic exchange of health information. All this to revitalize the economy over the next 10 years, generate government savings, guarantee EHRs for all Americans by 2014, and continue to protect the privacy of the individual and the security of the individual’s health information. Therefore, it is important for the Enterprise Content Management (ECM) industry as both American taxpayers and potential stakeholders to understand the major provisions and impact of “the Act.”

The Act is complex and, in many instances, still undefined. However, what is clear is that meeting its requirements will necessitate significant healthcare policy, system, technology, and process solutions. Unfortunately, existing healthcare policy, system, technology and process solutions are highly fragmented and incomplete. Consequently, if the health information technology (HIT) addressed in the Act were to be implemented in, for example, the current, fragmented healthcare delivery and healthcare payment (a.k.a., healthcare insurance or reimbursement) systems, the results likely will be only suboptimal and inconsistent. As such, for the program to succeed, the Act must be married to a strong commitment to healthcare delivery innovation and healthcare payment reform in any forthcoming healthcare reform legislation. As of this publication, 2009 healthcare reform legislation is nascent.¹ As of this publication, 2009 healthcare reform is politically divisive and legislation remains hotly debated in several Senate and House bills.

With that said, perhaps the best starting point in understanding the major provisions and impact of the Act for the ECM industry is to highlight the differences between certified EHR systems as defined in the Act and ECM systems.

For all intents and purposes, certified EHRs are patient record systems that consist of structured data (i.e., all the data elements in the record are binary, discrete, and computer-readable, and, typically, are stored in relational databases with predefined fields) and are certified to meet standards pursuant to the Act. In other words, these systems must include structured patient demographic and clinical health information, such as medical history and problem lists. Also, they must provide clinical decision support — interactive tools that help clinicians identify and solve problems and make decisions, and computerized provider order entry (CPOE), such as ePrescribing tools. In addition, these systems must capture and query the structured information for monitoring healthcare quality and for exchanging the information with, and integrating the information from, other healthcare sources. As such, EHR systems are THE clinical, transactional, line-ofbusiness systems for healthcare provider organizations.

ECM systems consist of unstructured data (i.e., the data are non-binary and human-readable, such as the data contained in paper documents, text-based reports, drawings, videos, audios, emails, web pages, etc.) and, typically, are not certified to meet standards pursuant to the Act. ECM systems consist of the technologies, tools, and methods used to capture, manage, store, preserve, and deliver the intellectual substance of documents (content) across an enterprise (ANSI/AIIM/ ARMA TR48-2006). And, given the Federal Rules of Civil Procedure Governing Electronic Discovery effective December 1, 2006, ECM systems have become crucial for healthcare compliance and regulatory purposes. In this manner, ECM systems complement EHR systems, as do other key clinical, unstructured databased systems such as Picture Archiving and Communication Systems (PACS) that consist of bit-mapped, diagnostic image data and medical device systems that consist of vector graphic data.

Complementary, unstructured data-based systems are not mentioned in the Act, and, therefore, are not covered by the Act.
Regarding the adoption of certified EHRs by healthcare providers and provider organizations, for all intents and purposes, the Act provides approximately $17 billion in net outlays for Medicare or Medicaid financial incentives for both clinicians and hospitals. (Both the Medicare and Medicaid sections in the Act define special funding formulas for critical access/rural hospitals. In addition, there are special funding formulas for acute care hospitals that have at least a 10 percent volume of care being paid for through Medicaid and for children’s hospitals. Long-term care facilities [a.k.a., nursing homes], skilled nursing facilities, hospices, rehabilitation centers, mental health facilities, and home health centers are not eligible for the incentive payments.)

For example, based on complicated formulas, approximately $2 million in initial Medicare-only incentive payments will be available to U.S. hospitals (as defined above) demonstrating “meaningful use” of “certified” EHR systems beginning in October 2010. Approximately $20,000 in initial Medicare-only incentive payments (up to approximately $45,000 over five years) will be available to eligible U.S. physicians demonstrating “meaningful use” of “certified” EHR systems beginning in January 2011. Medicaid-only incentive payments also will be available to eligible physicians, dentists, certified nurse-midwives, and physician assistants practicing in rural health clinics or Federally-qualified health centers led by a physician assistant, as well as hospitals demonstrating “meaningful use” of “certified” EHR systems beginning in January 2011. Starting in January 2015 for physicians and October 2014 for hospitals, the incentive payments will decrease with no incentive payments made after 2016.

The Medicare and Medicaid incentive payments have been established as entitlement funds – if one meets the criteria, one will receive the payments. On the other hand, a physician must choose to accept either Medicare or Medicaid incentive payments, not BOTH. And, while acute care hospitals can apply for both Medicare and Medicaid incentives, children’s hospitals cannot.

In addition, the Department of Health and Human Services’ (DHHS) Office of the National Coordinator (ONC) for Health Information Technology will be awarding competitive grants to states to set up loan funds that can be used by states to make loans to “eligible” hospitals and non-hospital- based clinicians to purchase “certified” EHR technology. However, while the Act includes this and other funding for HIT grants and loans² , most healthcare providers will have to make their own upfront investments in the technology.

Regarding the “meaningful use” of certified EHRs for clinicians and hospitals to qualify for the Medicare and Medicaid incentive payments, under the law, DHHS is required to publish a final rule on the initial definition or definitions of “meaningful use” by the end of 2009. (As of this publication, “meaningful use” will be defined through notice-andcomment rulemaking. Therefore, only a preliminary definition will be released by the end of 2009, followed by a 60-day comment period.) Also, DHHS is required to improve the use of EHRs and healthcare quality by requiring more stringent definitions of “meaningful use” over time.

As of this publication, a multitude of healthcare organizations submitted draft, “meaningful use” definitions to DHHS for consideration and ONC released a draft definition prepared by a workgroup of its Health IT Policy Committee. Currently, the Act contains two similar, but not identical, and vague definitions of “meaningful use”; one each for the Medicare and Medicaid payment incentives.

For the Medicare payment incentives,

• Using “certified” EHR technology
• To the satisfaction of the Secretary of DHHS, demonstrating that the certified EHR technology is connected in a manner that provides, in accordance with law and standards applicable to the exchange of information, for the electronic exchange of health information to improve the quality of healthcare , such as care coordination
• Hospitals submitting information in a manner and form specified by the Secretary on clinical quality measures and such other measures as selected by the Secretary

For the Medicaid payment incentives,

• Establishing the definition through a means that is approved by the state and acceptable to the Secretary of DHHS
• Aligning the definition with the one used for Medicare, above

Regarding the “certification” of EHRs, as of this publication, the official body or bodies responsible for this effort has not been determined. Prior to the Act, the Certification Commission for Health Information Technology (CCHIT), a private nonprofit organization, with the sole mission of accelerating the adoption of HIT by creating a credible, efficient certification process and funded through a contract with the DHHS, had been the only organization with the government’s seal of approval for certifying EHR systems.³ However, with the Act, Congress has directed ONC, in consultations with the Director of the National Institute of Standards and Technology (NIST), to identify an existing program or programs to carry out the voluntary certifications. As of this publication, most industry analysts believe that more than one program will be designated to perform this gargantuan function, with CCHIT, given its track record, continuing to have an ongoing role.

Regarding the investment for the electronic exchange of health information, under the ONC grant program, DHHS will invest in the infrastructure necessary to continue to allow for and promote health information exchange (HIE). This means that grants will be provided to support regional, state, subnational, or even national efforts toward health information “networks,” highways” or “dial tones” that will facilitate or expand the electronic movement and use of healthcare information (e.g., that will allow a physician to turn on his/her EHR, receive patient information from other providerbased EHRs that will automatically populate his/her EHR and/or send patient information to other provider-based EHRs that will automatically populate the other providers' EHRs—without special implementations or other highly customized requirements).

Perhaps the one remaining major provision of the Act that impacts the ECM industry has to do with the plethora of privacy and security issues that have arisen since the 1996 enactment and early 2000s implementation of the Health Insurance Portability and Accountability Act (HIPAA)’s privacy and security rules. Dozens of significant enhancements to the existing HIPAA privacy and security regulatory structure were outlined in the Act. Topics include but are not limited to: notification to individuals of security breaches of their health information; “business associates” now governed by law, not contract (i.e., HIPAA privacy and security regulations apply to business associates in the same manner that they apply to “covered entities”); new entities to the list of business associates that were not imagined over a decade ago; patients having the right to request an accounting of all disclosures of their health information; new restrictions on the sale and marketing of personal health information; and, enforcement of both laws. It is the hope that a better balance of privacy/security and portability will be attained when these new Act provisions are translated into rules and regulations.

Finally, the Act appropriated approximately $2 billion in “jump start” funding to formally establish the ONC, to initiate the HIEs, to support the development of data standards, to provide the assortment of the aforementioned grants, loans, and demonstration programs, and to continue to ensure the security and protection of patients’ health information while improving the quality of care and reducing healthcare costs. This promotion of HIT resulted in the following:

• David Blumenthal,M.D. has been appointed the National Coordinator of Healthcare Information Technology. Appointment of a Chief Privacy Officer to advise on patient privacy and information security is forthcoming.
• A 20-member HIT Policy Committee, of which 13 members are appointed, has been created to make recommendations to the Secretary of DHHS on developing a policy framework for the implementation and adoption of a national HIT system, including the standards for exchanging electronic health information. The HIT Policy Committee meets on a regular basis.
• A 23-appointed-member HIT Standards Committee has been created to make recommendations to ONC on EHR standards, implementation specifications, and certification criteria. In addition, the committee is charged with harmonizing HIT standards and pilot testing recommendations. The HIT Standards Committee meets on a regular basis.

Also, this immediate HIT Funding included requiring DHHS to invest other funds through different agencies. Such agencies as ONC, the Agency for Health Research and Quality (AHRQ), Centers for Medicare and Medicaid Services (CMS), and the Indian Health Services have been targeted to help support the HIT architecture that will continue to build the nationwide electronic HIE, expand broadband service in underserved areas, provide workforce training, develop infrastructure and interoperability tools for telemedicine and data repositories/registries (cancer, trauma, etc.), and improve the use of HIT for public health departments. In addition, it includes implementation assistance to healthcare providers to implement and use “certified” EHR technology. It also created a HIT Research Center to provide assistance and best practices for HIT use and it provided support for up to four years to 70 nationwide Regional HIT Extension Centers to provide technical assistance and dissemination of best practices to support and accelerate adoption and integration of HIT.

Every business day, more and more details of the Act are published at a remarkable pace. The magnitude of work ahead is unprecedented, but it must be balanced with the need to move in a wellplanned and executed manner. As such, healthcare provider organizations are encouraged to start thoroughly planning and thoughtfully executing sooner rather than later. For example, for hospitals, this means creating stimulus committees similar to the HIPAA compliance committees formed in the late 1990s/early 2000s. Such committees will need to adjust existing HIT strategies to obtain “meaningful use” of “certified” EHRs (even though the definition has not yet been published), to maximize the potential incentive payments and avoid any penalties, to produce better data regarding clinical quality measures, to acquire better tools for capturing, codifying and reporting the data, to connect HIT spending with definitive business and clinical outcomes, to update existing HIPAA privacy/security policies, procedures, and practices, and to track regional efforts to operate or form HIEs. This might also include amending existing HIT contracts to require vendors to earn whatever EHR certification status becomes necessary under the final regulations. After all, these are long-term projects that will require significant cultural, behavioral, and process modifications, not just technology, to achieve success.

Deborah Kohn, MPH, RHIA, CPHIMS, FACHE, FHIMSS, Principal, Dak Systems Consulting (www. daksystemsconsulting.com), San Mateo, Calif. Dak is a national healthcare information technology advisory consultancy specializing in the analysis, strategy and planning of electronic health record component technologies and systems, including diagnostic image management systems, voice/text/speech systems, electronic document management systems, and health information exchange initiatives. Reach Deborah at 650.345.9900 or dkohn@daksystcons.com.

1 For example, in June 2009, twenty-two highly-respected healthcare organizations sent a letter to members of Congress calling for a greater integration of HIT in broader healthcare reform efforts. “If the adoption and meaningful use of HIT is viewed as a separate endeavor from healthcare reform, the likelihood will only increase that the money spent to encourage HIT adoption and health information exchange will be squandered due to the failure to leverage the capacity of electronic health information and tools to enable and accelerate healthcare reform that is built on the foundation of health information.” www.ehealthinitiative.org/assets/Documents/eHILettertoCongressonHealthReformandHealthIT6909.pdf

2 For example, two grant programs, planning grants and implementation grants, will be provided to state governments or to a state designated entity. The use of the planning grants will be determined by the Secretary of DHHS.

3 Visit www.cchit.org for a list of the many 2007 and 2008 ambulatory and inpatient EHR systems that have been CCHIT-certified for three years, as well as CCHIT’s new, expanded programs for 2010 - 2012.