JamesLHollyMD.com

	James L. Holly, M.D.

About SETMA Joint Commission Contact Information History Mission Statement Medical Home Scope of Services I-CARE Initiative Infusion Center The SETMA Way - What is it? SETMA's Model of Care Patient-Centered Medical Home The SETMA Approach to Patient Care	In The News Letters Vital Signs - Examiner Publication SETMA's Providers as of January, 2015 SETMA Knows - Abraham Lincoln and Healthcare Analytics SETMA – 1999 – Four Seminal Events PC-PCC Award January, 2015 Vital Signs Spring 2015 Vital Signs Q&A for PC-PCC Award Links to SETMA 2012 eHealth Innovator Award for LESS initiative Handout for Attendees eHealth Conference January 12, 2012 eHealth Initiative 2012 Award Program Application The eHealth Initiative's 2012 Award Letter 2012 National Quality Forum National Healthcare Improvement Award Effective prioritization of performance improvement goals Dashboard to Measure and Manage Whole System Performance Commitment to transparency Date-driven improvement of NQS priorities Demonstration of readiness to assume responsibilities of an ACO Demonstrated results on publicly reported performance measures Public Reporting Quality Metrics for 2009, 2010, 2011 Internally Tracked Reporting Quality Metrics for 2009, 2010, 2011 Complete Application in PDF Format SETMA's Medical Home Pilgrimage 2009 Medical Home Series I 2010 Medical Home Series II 2011 Medical Home Series Two 2009, 2010, 2011 Medical Home Miscellaneous Articles The Dr. and Mrs. James L. Holly Distinguished Professorship Universal American Letter of Transmittal for Support Dr. Holly's Acceptance Address for the 2012 Distinguished Alumnus Award CMS Medical Home Feedback Report Qualify & Cost SETMA questions Influenza Data SETMA I - October 2011 SETMA II - October 2011 Mark A. Wilson Clinic SETMA West - October 2011 SETMA and Fox 4 News - Healthy Living Videos SETMA Advertisements - Display and Video SETMA Announcements Featured Content Archive	Syllabus PC-MH Externship SETMA's MS4 Patient-Center Medical Home Selective Syllabus Introduction to SETMA's Senior Externship and Syllabus An Introduction to the Origins and Beginnings of Southeast Texas Medical Associates, LLP Patient-Centered Communication PC-MH Health Affairs August 15, 2013 Policy Brief -- Health Gap SETMA 8.20.13 Provider Training -- Health Affairs 2.14.13 -- Patient Engagement SETMA Provider Training 8.20.13 during First Senior Medical Student PC-MH Externship Medical Home Coordination Review Tutorial 2011 Medical Home Series Two Teaching Tool for PC-MH Course - Patient Care Activation, Engagement, Shared-Decision Making	Patient Information What Does Patient-Centered Medical Home Mean to You? What Does Patient-Centered Medical Home Mean to You? Health information exchange Patient Rights and Responsibilities Patient Directions Contact SETMA – Secure Texting What is HIPAA? Authorization To Release or Obtain Medical Records Complete Privacy Policy Website Privacy Policy	Presentations Invited Presentations SETMA Provider Training
Governance Board Governance Board Responsibilities Governance Board Leadership Training The SETMA Team and The SETMA Culture SETMA's Mission, Vision and Goals: Patient Safety and Quality Care Harassment, Neglect, Abuse, Exploitation - Role of HCAHPS & CAHPS Healthcare Provider Standards Providers Responsibility Medication Refills, Reconciliation and Maintenance Provider and Leadership Use of Data and Analytics Commitment To All Patients -- Ethnic Disparities Kaizen - Board Creates Culture of Safety and Quality SETMA's Policy and Practice for Advanced Directives SETMA's Policy on Completion of Medical Records Care Guidelines : Improve processes to evaluate and treat Integrated patient safety program (Sentinel Events) Effectively Manages all programs, services or sites Provides Patients with information about Primary-care Medical Home Organization-wide Planning to Maintain Focus on safety and quality Organization-wide Planning to Maintain Focus on safety and quality SETMA's Performance Quality & Safety Judged by CMS SETMA's Performance Quality & Safety Judged by CMS SETMA Awarded by HIMSS for Quality and Safety 2011 John M. Eisenberg Patient Safety and Quality Awards Application Healthcare Quality Award 2012 Principles of Quality and Metrics Principles Contacting SETMA & Secure Texting PC-MH Mission, Vision, Goal, Access, End-of-Life Communications and Public Reporting Change Existing Processes to Improve Performance Team Members Focused on Safety and Quality	Your Life Your Health View Articles by Subject Aging Well Behavioral Health Cardiovascular Disease Risk Care Coordination Care Transitions Children's Health COGNOS Project Diabetes Exercise Healthcare Reform:Public Policy HIPAA & Security Labor Day Less Initiative Medical Home Medical Records Men's Health Mental Health Nutraceuticals Nutrition Smoking Cessation Thanksgiving Weight Management Women's Health All Articles	Public Reporting Public Reports by Year (2009-2017) Public Reports by Type Fall Risk, Pain, Functional, Wellness, Stress Assessment Fall Risk, Pain, Functional, Wellness, Stress Assessment for 2011 AND 2012 Core Measures: SETMA & Baptist Hospital Core Measures for January to December 2011 PQRS Diabetes Measures - Blood Pressure Diabetes Measures - Glyco and LDL Diabetes Measures - Nephropathy Screening, Foot Exam, and Eye Exam Preventive Measures - Screening (BMI, Colorectal Cancer, Mammography, Osteoporosis) Preventive Measures - Influenza, Pneumococcal, Urinary Incontinence Preventive Measures - Tobacco Use NQF Care for Older Adults Comprehensive CHF Care Diabetes Measures Diabetes Measures - Blood Pressure Control Diabetes Measures - Glyco and LDL Diabetes Measures - Smoking Cessation Female Measures General Health Measures Medication Measures Persistent Medications Medication Measures Pediatric Measures HEDIS (NCQA) Effectiveness of Acute Care Effectiveness of Chronic Care - Clinic/Hospital Effectiveness of Chronic Care - Clinic Only Effectiveness of Chronic Care - Diabetes (Smoking Cessation) Effectiveness of Chronic Care - Diabetes (Glyco and LDL) Effectiveness of Chronic Care - Diabetes (Blood Pressure Control) Effectiveness of Preventive Care Effectiveness of Preventive Care - Older Adults Effectiveness of Chronic Care - Diabetes Measures Effectiveness of Chronic Care - Persistent Medications (MPM) NCQA Diabetes Recognition Program Audit LESS Initiative PCPI PCPI Hypertension PCPI Diabetes PCPI Chronic Stable Angina PCPI Care Transitions PCPI CHF PCPI Weight Management PCPI CKD Stages IV V SETMA Lipid Audit Lipids Treatment Audit Tutorial Lipids Tutorial AQA COGNOS Project SETMA Audit for CKD Stages I III Patient Satisfaction Survey	Accreditations/Awards Achievements which have Advanced SETMA: The Time-line, Philosophy and Principles which Underlie that Advancement Awards	Diabetes Center of Excellence Education Diabetes Order Referral Form Seven Stations 2011 Advances in Diabetes Diabetes Tutorial Diabetes Prevention
EPM Tools Association of Medication and Diagnosis Automated Team Function Behavioral Health Adult Weight Management Tutorial Annual Questionnaires: Fall, Functional, Pain, Stress, Wellness Behavioral Health in SETMA's Patient-Centered Medical Home Model of Care Depression Tutorial Fall Risk Tutorial Health Insurance Portability and Accountability Act (HIPAA) Privacy Tutorial Intensive Behavioral Therapy (IBT) Obesity and Cardiovascular Disease Medicare Preventive LESS Initiative Tutorial Medical Home Transtheoretical Model Assessment Stages of Change Tutorial Pain Management Tutorial Reduction of Antipsychotic Medications Toolkit Smoking Cessation Tutorial Stratifying End-of-Life Risk for Hospice Services Tutorial Chronic Conditions Tutorial Chronic Renal Disease Management Tool Tutorial Calculating the Stages of Renal Disease Proteinuria Disease Management Tools Acute Coronary Syndrome Tutorial Adult Weight Management Tutorial Angina Tutorial Cardiometabolic Risk Syndrome Tutorial Chronic Renal Disease Tutorial Congestive Heart Failure Tutorial Diabetes Tutorial Hypertension Tutorial Lipids Tutorial Lipid Quality Audit Tutorial Primary Pulmonary Hypertension Tutorial Framingham Cardiovascular Risk Cardiometabolic Risk Assessment Framingham Heart Study Risk Calculators Tutorial Frederickson Classification of Dyslipidemia LDL Level Lipid Disease Management Risk Assessment General principles about ICD-9 Codes and HCC/RxHCC Codes Charge Posting Tutorial Coding to Ensure Accurate Health Risk Scoring E & M Codes Tutorial HCC & RxHCC Risk HCC/RxHCC Risk Tutorial ICD-9 Code Training Manual Hepatitis Screening Hospital Based Tools Hospital Care Summary and Post Hospital Plan of Care and Treatment Plan Tutorial Admission Orders Tutorial Daily Progress Notes Tutorial Care Transition Data Set from PCPI Tutorial Using The Clinic and Hospital Follow-up Call Templates Respiratory Failure Tutorial Hospital Consumer Assessment of Healthcare Providers and Systems (HCAHPS): Tutorial for SETMA's Internal HCAHPS Survey Master GP Suite of Templates Master GP Suite of Templates Tutorial Medical Home Support Materials Department of Care Coordination, Director of Care Coordination and Care Coordination Referral Template Electronic Tickler File Electronic Tickler File Tutorial Follow-up Calls Intensive Behavioral Therapy (IBT) Obesity and Cardiovascular Disease Medicare Preventive Services Medical Home Coordination Review Tutorial Medical Home Plan of Care and Treatment Plan Medical Home Transtheoretical Model Assessment Stages of Change Tutorial Patient-Centered Medical Home Annual Questionnaires Patient-Centered Medical Home: SETMA's Medical Home Coordination Review (MHCR) Tutorial Patient Document for Coordination of Care Transitions of Care Management Coding (TCM Code) Tutorial Merit-Based Incentive Payment System (MIPS) Quality Metric Tool Tutorial Nursing Home Depression Tutorial Fall Risk Tutorial Hydration Assessment Tutorial Nursing Home Guidelines for Care Tutorial Nursing Home Principal Suite of Templates Nutrition Assessment Tutorial Reduction of Antipsychotic Medications Toolkit Skin Care Tutorial Outpatient Infusion Center for Intravenous Antibiotic Therapy and Other Meds Preventive Health Tools Adult Weight Management Tutorial CHF Exercise Tutorial Diabetic Exercise Tutorial Diabetes Prevention Tutorial Exercise Prescription Tutorial Hypertension Prevention Tutorial Intensive Behavioral Therapy (IBT) Obesity and Cardiovascular Disease Medicare Preventive Initial Preventive Physical Exam & Annual Wellness Visit Tutorial LESS Initiative Tutorial Progression to Type 2 Diabetes Smoking Cessation Tutorial Progression to Type 2 Diabetes Quality Metrics ACO and Medicare Advantage Stars HEDIS: NCQA, History, Quality, Safety, STARS, ACO ACO Quality Measures Performance Tool ACO Quality Measures Performance Tool Tutorial STARs - A Tutorial for Utilizing SETMA's Deployment of the STARS MA Program Specialized Tools Annual Questionnaires: Fall, Functional, Pain, Stress, Wellness Association of Medication & Diagnosis Chronic Conditions Tutorial Chronic Care Management Code (CCM) Tutorial Depression Tutorial Drug Interactions Tutorial Electronic Tickler File Tutorial Evaluation Lower Urinary Tract Symptoms in the Male Fall Risk Tutorial Future Labs Tutorial Hydration Assessment Tutorial HCC Risk Training Tool Hypertension: Fulfilling Quality Metrics for the PCPI Program Laboratory Results - Signing Off: Why and How Medication Module Tutorial Medication Reconciliation Tutorial Nutrition Tutorial Pain Management Tutorial Problem List Reconciliation Tutorial Progression to Type 2 Diabetes Referral Skin Care Tutorial SOAAP Opioid Risk Assessment Stratifying End-of-Life Risk for Hospice Services Tutorial Texas State Reportable Infectious Diseases Tutorial Transitions of Care Management Coding (TCM Code) Tutorial	Transforming Your Practice Library Introduction to SETMA's TCPI Library Transforming Your Practice (TCPI) Summary Document of TCPI CMS Quality 12.2015 TCPI Leadership and Governance Care Coordination HIPPA and Security Data Analytics Care Transitions LESS Initiative Medical Records Clinical Decision Support Hospital Care Tools Disease Management Tools Preventive Health Tools Behavioral Health Transformation Tools New Transformation Tools Patient-Centric Care Nursing Home Medical Home Display and Explanation of SETMA's Patient-Centered Medical Home Tools	Medical Home The Story and the Ideals Introduction to Preventive Health Tools PC-MH Patient Engagement & Alternative Payment Models Preventive Care: The Best Way to Treat Illness is Don’t Get it Coordination of Care Patient-Centric Care Population Health Transition of Care - One form of Care Coordination HCAHPS - Hospital Consumer Assessment Of Healthcare Providers and Systems CAHPS - Consumer Assessment of Health Care Provider and Systems Teaching Tool for PC-MH Course – Patient Care Activation, Engagement, Shared-Decision Making Display & Explanation of PC-MH Tools SETMA's Medical Home Pilgrimage Concierge Medicine not Medical Home Medical Neighborhood Security & HIPPA Referrals Patient Web Portal Health Information Exchange Medication Reconciliation The Automated Team Coordination of Care Medical Home Description & Standards AAAHC Joint Commission NCQA Planetree URAC NCQA Interview February 14, 2014	Facebook	Letters

Your Life Your Health - Is Your SETMA Medical Record Secure?: Part I

James L. Holly,M.D.

September 27, 2012

Your Life Your Health - The Examiner

This two-part series explains SETMA’s active program for securing the medical information entrusted to us by our patients. It is critical that the safety, security and the confidentiality of that information be kept safe and available. This is both a professional and a legal obligation. This review lets all of patients know how seriously we take this responsibility.

What is HIPAA? It is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996. HIPAA does the following:

Provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs;
Reduces health care fraud and abuse;
Mandates industry-wide standards for health care information on electronic billing and other processes; and
Requires the protection and confidential handling of protected health information

Meaningful use (MU), in a health information technology (HIT) context, defines the use of electronic health records (EHR) and related technology within a healthcare organization. Achieving meaningful use also helps determine whether an organization will receive payments from the federal government under either the Medicare EHR Incentive Program or the Medicaid EHR Incentive Program.

In order to receive the Federal funds for EHR, a medical practice must attest to having completed a “security analysis” and to having remedied any deficiencies discovered in that analysis. Already Federal investigators are examining medical practices for compliance with this requirement and in several notable cases have levied six-digit fines and penalties.

The amount of money which the MU program will pay a practice is based on the number of physicians in the practice who have met meaningful use standards. Unfortunately, nurse practitioners and physician assistance are not considered to be “eligible providers” (EP) under the law. The incentive is to motivate reluctant providers to invest in EHR. Of course, SETMA started this process in 1997 and has invested ten times more that the MU payments in building a world-class electronic record foundation in Southeast Texas.

Attestation to HIPAA and Meaningful Use

Obviously, all practices have been concerned about “attesting” to having satisfied the security requirements of HIPAA and Meaningful Use. This issue of Your Life Your Health will discuss SETMA’s response to these security requirements. We believe that all of SETMA’s patients will be pleased to know how safe and secure their records are:

In reality, SETMA has always been concerned about the security of the information which is contained in our EHR. The January 24, 2001, Your Life Your Health was entitled, Your Medical Record, Is It Secure? Co-authored by SETMA’s CIO, Richmond Holly and SETMA’s CEO, James L. Holly, the article addressed the security of our medical records. It stated:

“Once you are confident that your medical records contain all of the information important for the management of your health, you want to be sure that only those who have the ‘right or responsibility’ to know your medical history have access to it. In the past, the security of your medical record consisted of the lock on your doctor's office door and the receptionist who sat at the front desk in the doctor's office. No one thought much about how many people had uncontrolled access to the medical records because in reality most people are honest and wouldn't read someone else's record. With the advent of electronically stored data, i.e., electronic health records (EHR), this has changed…now issues of security and the confidentially of that record requires new levels of access control.

“…electronic health medical are more secure than the old paper charts…A humorous anecdote illustrates this. When making the decision to migrate to EHR in 1997, SETMA's founding partners attended the Medical Group Management Associates annual meeting in Washington, D.C. During one of the sessions at this conference, a representative of an EHR company related her experience while making a presentation to a group of hospital administrators in a large mid-western city. Close to the end of her discussion, the elder statesmen of the administrators confronted her and said, ‘Young lady, you can't make your electronic stored medical records more secure than our paper records!’ He was aggressive, adamant and loud. Realizing that her success potential was waning rapidly, she assured this gentleman that the electronic records were more secure than his paper records. He persisted, repeatedly making the same point: your electronic records can't be as secure as our paper records.

“She attempted to convince him without success. Finally, with an instantaneous change in his facial expression -- a smile now broke out on his face -- he said, ‘Young lady, we can't find our medical records, you can't make them more secure than that!’ The entire audience broke out into laughter, and the speaker breathed a sigh of relief.”

That really was true. With paper records someone could walk into a medical office pick up a chart, conceal it, walk out and no one would ever know. And, even when the chart couldn’t be found, it would not be apparent that it had been stolen and there would be absolutely no way to know who had it.

For SETMA, the complexity of the security issue is much greater than the typical practice. The ideal of EHR is achieved when every healthcare encounter is documented in the same record.

For years, SETMA has used the EHR in the clinic, at the providers’ homes, in the emergency department of all hospitals in our area, in all nursing homes in our area, in all hospitals in our area, in hospice, home health, physical therapy and from remote sites when providers are on vacation and want to keep up with their patients and/or to answer questions which arise. This is the ideal of healthcare and one of the first places it existed was in Beaumont, Texas at SETMA.

The question of security is complicated by all of this access. Since the beginning all information has been protected by 256 bit encryption and by security codes. In fifteen years of using EHR, SETMA has not had a security breech. As improved security tools have become available, SETMA has upgraded our system to improve the security of your medical information. The following will summarize some of the state-of-the-art tools which SETMA uses. Hopefully, you will l “get the idea” that we both take your healthcare-information confidentiality seriously and that we have invested a great deal of time, energy and money to give you the confidence that your information is secure.

Two Factor Authentications

Previously, access in the clinic to SETMA’s EHR was via usernames and passwords. Usernames and passwords while still the standard security measure for most systems in the world are showing signs of age. Hackers are getting better at guessing them, breaking them and compromising people accounts. Also, because most people use the same username and password for everything, once one account is compromised they are all vulnerable.

SETMA has taken what most in the industry consider to be the next iteration of security. It is called “Two Factor Authentication. Two factor authentication means you have to have something you physically possess combined with something you know. The physical device is called a “smart card”. It is a card that has a small computer chip in it and it is programmed and tied to a specific users account. The something you know is similar to a traditional password. Someone can steal your smart card, but if they don’t have your password it is worthless. Conversely, they can know your password, but unless they have the physical smart card it does them no good.

SETMA’s system now requires that each employee use two factor authentications to log in. The card is placed in the specially designed key board. Once the “smart card” launches the system, the user has to place their password into the system in order to access patient information. Another security benefit of the smart card is that a provider or staff member can only use it on one computer at a time. It cannot be shared with other people to allow others to log on. A provider cannot forget to log out of a computer, leave the room and continue on about their day. They can forget, but not for long. As soon as they get to the next exam room, they will remember they need to go get their card.

Currently, neither HIPAA nor MU require two-factor authentication but SETMA believes that in the future it will be. When it is, SETMA is ready; meanwhile, SETMA’s data is much more secure than ever before. But, what if someone loses their “smart card”? SETMA has a security policy that requires employees to report a misplaced, lost or stolen card. But, remember without the password, the “smart card” is of no benefit. However, when a card is reported missing, SETMA’s Information Technology (IT) Department can inactivate that card rendering it useless and our system safe.

Remote Access with Random Number

Another risk these days is remote access to medical records. Remote access is critical to ensure the best care for our patients. It allows our providers to access records from the emergency department, the hospital, the nursing home, providers’ homes, etc., for the sole purpose of providing continuity of care. The ultimate goal in all health care is to have all encounters with a patient documented in the same database. This requires remote access.

Remote access to SETMA’s EHR, like the clinic until recently, was controlled by a username and password. SETMA has added a new and elegant improvement to this system. The product is published by RSA and it is named SecurID. RSA is considered the industry leader in their field. Like the “smart card,” RSA is a physical device that is tied to the users account. This device generates what is known as a one-time password. It is a password that is only valid for sixty seconds. Now to gain access remotely, our users have to enter in their username, password and the one-time password, the RSA device generates for them. The providers have to have possession of their unique device in order to log in remotely. Even if someone’s username and password is compromised, no one can log in remotely without their RSA device.

Controlled Access to Patient Care Areas

All of SETMA’s clinics have controlled access to all patient-care areas and all areas where medical records are stored. This includes all exterior doors to SETMA’s clinics. All employs have identification cards which provide them electronic access to the clinics. Based on their needs, that access is for clinic hours or clinic hours and for after hours. A log is kept of when any person enters any of SETMA clinic. Except for patients with appointments a log is kept of all people who enter SETMA’s clinics and no unescorted persons are allowed in patient-care areas, or areas where medical records are accessible.

About SETMA	In The News	Syllabus PC-MH Externship	Patient Information	Presentations
Governance Board	Your Life Your Health	Public Reporting	Accreditations/Awards	Diabetes Center of Excellence
EPM Tools	Transforming Your Practice Library	Medical Home	I-CARE Initiative	NextMD