Compliance will be a central issue, for HHS and for providers, once the Office of the National Coordinator (ONC) releases its meaningful use criteria for physician practices and hospitals. (It's expected to be published in the Federal Register by the end of the year.)
To receive federal funding, each entity will have to comply with the criteria. Translation: All providers will need to set up quality assurance programs to ensure compliance. That's where skilled, thorough IT auditors will come in handy. But even the most experienced IT auditor will be charting new territory in evaluating meaningful use compliance.
Based on the current work of ONC, here's where an auditor's system evaluation might take two approaches:
Performance-based: Meaningful use has desired outcomes, such as "engage patients," with desired goals attached to them, such as "provide patients with access to timely data." Drilling down, there are also objectives within each goal. "Provide patients with an electronic copy of health records" is an objective of the "access to data" care goal. In turn, each objective has measures. The measure for this objective is the "percent of patients with access to electronic health records." The evaluator would focus on the objectives and the measures.
Standards-based: In this approach, the system is divided into functional categories, such as "communications and diagnosis." These categories are further divided into quality types, such as "communication with patients." These types have data elements that must meet certain standards. "Communication with patients," for example, includes "smoking cessation counseling/advice." In this case, free-text is acceptable. Other standards include ICD-9 and SNOMED CT. One can envision the system evaluation process as beginning with a standards-based evaluation with periodic performance evaluations following. One thing is certain; those who are talking about meaningful use will be discussing compliance in the near future.
Joseph Ingemi is a Certified Information Systems Auditor and certified Project Management Professional who writes about healthcare IT issues at his blog, Health IT Politics. He also consults on project management and audit services in area of healthcare IT implementation and compliance through his company, Pinarus Technologies.