In 2011, Licking Memorial had an opportunity to go the early adopter route and attest to Meaningful Use stage 1 — which would’ve been a coup for a community hospital. But Sallie Arnett wasn’t confident the software was ready, and decided the risk to patient care wasn’t worth the reward. Four years later, Arnett feels it was “definitely the right move,” and is proud to be with an organization that is willing to wait. In this interview, she talks about the benefits of being a small organization, the three-year strategy to become a fully-integrated Meditech shop, and her team’s strategy to increase patient engagement. Arnett also discusses the myriad benefits of breaking down silos between IS and clinical, the “drive toward best practices” at LMSH, and why she’s stayed there so long.
- Waiting to attest to MU 1 — “We wanted it to be accurate.”
- “Multi-layered” approach to patient engagement
- Ohio Health Information Partnership
- Bringing IS security in-house with a “very controlled approach.”
- Educating staff in a “non-threatening way”
- 2015 Most Wired
- Having a “passionate” team
LISTEN NOW USING THE PLAYER BELOW OR CLICK HERE TO SUBSCRIBE TO OUR iTUNES PODCAST FEED
Despite every vendor’s best efforts, until they get it out there and people use it, and we thoroughly test it, you really don’t know. They’re pushing the code out so quickly, you really don’t know how well the code’s going to work and how well it’s going to function in actual practice.
When they’re coming in for outpatient labs or outpatient radiology, we’re trying to get people informed then, and hopefully before they come to the hospital, get them signed up for the portal. And that, I think, has helped our numbers for MU quite a bit.
It’s going to be kind of step-by-step, learning, getting greater advocacy, and informing folks that HIE is out there. Right now we’re doing a lot of submission of results, so what we’ve really got to get toward is the retrieval of results.
We really felt like having a good solid team here to do that in-house rather than having to rely on consultants coming and going was really important to us, as is having a five-year plan for security just like we have a five-year plan for IS projects.
Building a good security program, educating your staff, educating your physicians and having the frontline people know how to respond is probably the biggest tool that we can have. It just takes constant education and cooperation and teamwork.
Gamble: In terms of the decision back in 2011 to wait until the Meditech products had caught up, that’s a sentiment we’ve heard a lot too just as far as making sure that your vendor products were ready. Looking back, do you feel it was the right move?
Arnett: It was definitely the right move. We actually participated as one of the early adopter hospitals in that Meaningful Use stage 1 release, so we got the code very early. I think everybody was very anxious with stage 1 to get the code in and meet the deadlines. We didn’t know at that time that there was going to be that additional one-year extension, but part of what we found is despite every vendor’s best efforts, until they get it out there and people use it, and we thoroughly test it, you really don’t know. They’re pushing the code out so quickly, you really don’t know how well the code’s going to work and how well it’s going to function in actual practice.
And I don’t think it was necessarily anyone’s fault, but we did find quite a few workflow challenges and some things that we just didn’t feel comfortable in both stage 1 and stage 2 putting it forward for our patients. We basically said we wanted it to be 100 percent perfect and we wanted it to be accurate and we weren’t going to hand a list of discharge meds, for example, to a patient unless it was perfect, unless it was safe.
We have seen some folks say, ‘we’re just going to go ahead and roll this out to check off the box and get the money’ — I wouldn’t feel good about doing that until I know it’s accurate, it’s safe, it’s reflective of the care that’s provided. So in some of those instances we just decided to sit back a little bit and wait, and fortunately we were still able to meet the MU objectives, as well as put out a good quality product.
Gamble: When you touched on the patient engagement challenges, it’s certainly something that we’ve heard a lot, and especially in certain areas or certain patient populations. Are there any specific initiatives, or how are you approaching that as far as getting those numbers up and getting patients to log in?
Arnett: We have an IS staff member who actually rounds every single day and does visits with the patients, informs them about the patient portal, does education with them and if we can, we get them signed up before they go home.
It’s a sort of a multilayered approach. It starts with registration and getting that first touchpoint at registration. We also register all of our staff members. We give them that opportunity; as we do new hire orientation, we actually get that group, if they would like to, into the patient portal. And as our patients go through each step in the process, we have touchpoints built into various pieces of the process. So when they’re coming in for outpatient labs or they’re coming in for outpatient radiology, we’re trying to get people informed then, and hopefully before they come to the hospital, get them signed up for the portal. And that, I think, has helped our numbers for MU quite a bit.
But we do try to touch base with almost every single inpatient that we have in-house and then we do follow up calls as well after they’ve gone home. Because we do find a lot of people are interested, or maybe their family members in many instances are interested. We find that for folks who are taking care of elderly parents or their children, we have the ability to grant proxy access to family members if the patient approves, so a large number of the folks that we have signing up are actually proxies that are helping care for someone in their family.
Gamble: Right. That seems like a smart way to go about, because when you’re talking about some of the patients, they’re not going to be logging on, but there family members do want to be engaged, so that certainly makes sense.
Arnett: And I found in caring for my own family that it has been a wonderful tool, especially when you’re going across multiple health systems, multiple providers, different physicians, different specialists, to be able to have the portals and pull them up for each one of the different providers is wonderful. I think in our region here, where we’re really going to see that bang for our buck is as the health information exchange really gets fully running. As we get more facilities into the health information exchange, having all that data aggregated from facility to facility is really going to be beneficial. And it’s just going to take some time to get there, but we’re getting there.
Gamble: Is there like a statewide HIE you’re participating in or a local HIE?
Arnett: Ohio is sort of broken up. We have a group we call the Ohio Health Information Partnership, which is based in the Columbus area, and then there’s another exchange in the Cincinnati-Dayton area and a little bit more in Cleveland. We’re participating in the Ohio Health Information Partnership, which is the Columbus-based group. And I think we’re growing very quickly. We have quite a few members coming on board and right now we’re focusing on adding the physicians in the community into the health information exchange.
It’s going to be kind of step-by-step, learning, getting greater advocacy, and informing folks that HIE is out there. Right now we’re doing a lot of submission of results, so what we’ve really got to get toward is the retrieval of results, and we’re really making it useful now that we’re getting the data in there.
Gamble: Right. And especially with being the only hospital in your community, as things really progress, it maybe gives more of a motivation to really want to be hooked into the other hospitals.
Arnett: It’s very important for us to provide care here in the community. We have a lot of our community members constantly coming and saying, ‘we really want to be cared for at your facility.’ There are some things that we can’t do here, and when those patients go, typically they’ll go to a facility in Columbus, and then they’ll come back here for OT or PT or rehabilitation. We want to make that as seamless as possible, so if we’re all sharing data into the same health information exchange, it makes it a lot easier to pass data from those patients at the different stages in their continuum of care. So I think we’re going in a great direction, and I really do look forward to seeing what it looks like in five years.
Gamble: Definitely. Now, another thing you mentioned was information security and bringing that in-house, and I wanted to talk about that. Obviously we know the need for this to be something that’s really top of mind, but can you just talk about the strategy behind that?
Arnett: We’re focusing not only on HIPAA compliance — the privacy rule, obviously, and the security rule — but PCI compliance as well. As we’ve gotten larger over the years — when I came in 2000, we had about 15 employees, and as I mentioned, we’re going to 50 — with just the complexity of our environment, we’ve grown so much. It’s not just supporting a hospital; it’s supporting 30 remote sites, and everybody’s using credit cards and payments become more complex and identity theft has risen and you’ve got the assorted HIPAA privacy rules, and obviously all of the penalties that come with privacy and security.
We really felt it would be best if we had a very controlled approach internally so that if we were doing our own internal audits, we had enough staff here to actually perform audit and do it well. That same team also helps us with our business continuity plans. We’re trying to just reinforce the basics — good patching techniques, making sure our firewalls are updated, etc. We’re in the process right now of installing a product called Bit9, which actually monitors all the applications that are on your computer and it will actually stop things from running if it doesn’t recognize those items.
So we’re trying to get out there and not only do the basics but start looking at some probably more advanced technologies. We just actually installed FairWarning as well, which obviously is for privacy rule compliance. It’s going out there and doing auditing and reviewing all of our audit logs, and then we’re going through that process of identifying any infractions and proactively monitoring for the privacy rule.
We really felt like having a good solid team here to do that in-house rather than having to rely on consultants coming and going was really important to us, as is having a five-year plan for security just like we have a five-year plan for IS projects, and just better oversight for that here in-house. And I think it’s added a tremendous amount to our team.
Gamble: I would think you get a different perspective from having it in-house and from a group that really knows the organization well.
Arnett: Well, we’ve built a lot of our skill sets here in-house and are starting to drive toward best practices. It takes a lot to make sure all the staff are educated, and that we’re monitoring our best practices, generating reports, and making sure we’re doing it well. Having somebody just come in once or twice a year and rubber-stamp it and say, ‘yeah, your plan looks good’ — we really didn’t feel it was what we were looking to accomplish.
We really want a good strong security and compliance program, and we felt by controlling that, it would really help us get there, and also improve security awareness for our staff. We’ve tried to approach this in a very non-threatening manner. We do audit extensively, and we’re constantly calling people and saying, ‘we saw this’ or ‘we had this issue.’ We’re really trying to get staff savvy so that they know when we’re calling, it’s not an intimidating call. We’re calling to ask them a question and figure out why they were doing something. We approach a lot of it as helping them protect themselves, and as phishing attempts seem to get more and more frequent, the staff are getting really savvy and saying, ‘I got a call from somebody outside and it didn’t seem right.’ And because we’re doing a lot of the other approaches in a non-punitive way, they feel really comfortable about calling us and saying, ‘Hey, I got this phone call and it just didn’t seem right.’ So it’s I think helping us head off some things that could potentially be a bigger problem.
Gamble: Yeah, it makes a lot of sense to really have that trust established so people don’t feel like they’re being accused of something. And it’s amazing how sophisticated the phishing attacks are becoming. It’s pretty scary to think about.
Arnett: The reality of the world is that the criminals are going to be doing things so quickly and we’re outnumbered. I think most of us in the industry now are saying it’s not a matter of if, but when. So we’re trying to prepare with things like cyber insurance and those types of things as well, but I think really building a good security program, educating your staff, educating your physicians and having the frontline people know how to respond is probably the biggest tool that we can have. It just takes constant education and cooperation and teamwork.
Gamble: Yeah. One of the other items I wanted to talk about was that the organization was named the 2015 Most Wired list. I wanted to talk about leadership’s role in conveying the role of IT in supporting the delivery of care and not just being about implementing systems — and even winning awards, which is a nice thing, but just really in how you approach that with your team?
Arnett: I have to say, we’ve been really fortunate here, from the leadership level, from a staffing level. Our mission is to improve the health of the community, and really that vision and that mission has been permeated throughout our staff, not only for the clinical staff, but for the IS staff as well. It’s not unusual here to have an IS staff member sitting in a meeting being one of the folks to come up with the idea of, we could do this to improve or we could do this to help pharmacy or we could do this to help lab.
I think we’re very fortunate from that regard. I have been in facilities where you sort of have the IT people off to one side in their silo and then you have the HI people in their silo and the pharmacy people in theirs, and down the line. We’re very fortunate that we have a very tightly integrated group. And I think because we’ve been through so many clinical projects, we’ve all had time to work closely together, we have a common goal. And in going through the CPOE process and bedside medication verification, we’re all very passionate about patient safety and improving the clinical process.
I have to say, it makes my job very, very pleasurable. We know that the next patient coming through the door could be one of our own family, so the better we do things, the more we’re helping our friends, the more that we’re helping our neighbors, the more that we’re helping our family. It makes it very easy to drive that home, and it makes it very easy to move down the Most Wired path, because we’re doing things like clinical decision support and PACS and bedside medication verification, all the advanced clinical things. So I have say, it’s truly a joy to go to work everyday having the team of people that we have that are all so passionate about what we’re doing.