6. Develop a Process for Managing Clinical Decision Support (CDS)
In the clinical decision support criteria the required Stage 1 meaningful use of five CDS rules has to be demonstrated by each eligible professional. In multi-specialty and multi-provider practices, that may mean having to implement a separate subset of rules for each specialty and/or provider, because those five rules also have to be relevant to the specialty or otherwise a high clinical priority. Every practice that wants to meet the Stage 1 CDS requirement is encouraged to design and use a robust process for designing, developing and implementing rules. That process should include review and approval, specification documentation, development and testing, and finally formal release of each rule, including version documentation and control. This process puts practices in a position to get started with rules (and rule components) that can be shared among providers and specialties, and expand them both to qualify more providers and expand the kinds and number of rules used — as Stage 2, Stage 3 and healthcare demands in general expand.

7. Implement Patient Health Information Exchange Workflows
Patient health information exchange criteria require communication with patients based on and using the EHR. It includes sending patient notifications and sharing care information such as visit summaries and test results. One of the challenges arising from Stage 1 criteria is that in order to both make the communication convenient for patients and accommodate practices without PHRs and/or patient portals, ONC has specified options. Sharing the information and managing the options represent yet another need for workflows. Examples include:
• Notification: processes to collect and store information about how patients choose to be notified when they are due for routine or follow-up care, plus management of separate system-triggered alert delivery processes (e.g., automatic patient portal messaging, printed letters, telephone reminder lists).
• Visit Summaries: a visit exit process that includes printing and delivering summaries to patients, or if patient portal or PHR delivery is an option, logging/fulfilling that request.
• Copies of Electronic Data: processes for collecting, logging, and fulfilling requests. If portable media, such as CDs and USB drives are used, this includes manual controls to be sure copies get to the right patients and that confidentiality and security of the  information is not otherwise compromised. Mobile media security and confidentiality standards, such as whether passwords or other protection such as encryption are required, are also still being defined and must be tracked for compliance.

8. Formulate a Provider Health Information Exchange Strategy
Stage 1 demonstration of interoperability with other EHR systems is limited to, "one test of a certified EHR technology's capacity to electronically exchange key clinical information." Although a network for exchanging data in production mode (HIE network, interfaces, etc.) is not required for testing, EHR system exchange functions and features need to be installed, configured and readied for use. Those functions and features are required for certification, but with most EHR products they are new and require the latest version of the system, and in many cases separate purchase of one or more additional system modules. They also should be informally tested before formal testing, as well as production use. Key features to look for include the ability to create summary patient data packets (such as problem list, drug allergies and test results) for transmittal, receive packets from other systems for display and incorporation into the record, and preserve the coding and structure of the data exchanged. Eligible professionals (particularly those selecting new EHR products) are strongly advised to also examine the features for usability, particularly how much manual intervention by the provider is required, whether that intervention is reasonable (e.g., contributes to data integrity), and includes an intuitive and otherwise straightforward user interface.

9. Ensure Privacy and Security Compliance
The challenge to privacy and security criteria compliance comes from concern that existing HIPAA regulations have not been carefully addressed and that enforcement of breaches is being increased. That makes the required privacy and security assessment important — as a means of identifying and addressing potential workflow and other weaknesses. However, many of these are common sense steps practices should look for and take as the EHR makes it easier to share and access patient information. Examples include being sure to password or otherwise protect electronic patient records distributed via mobile media, logging distribution and receipt of that media, and instituting workflows (such as HIE "opt in/opt out" processing) to obtain and record (and of course enforce) patient agreement or refusal to share their electronic records with other providers and stakeholders.

10. Initiate EHR-Based Quality Performance Measurement Support
The key to successfully meeting quality performance measurement is in capturing the data. In the context of performance measurement this means ensuring that every data element in the notice of proposed rulemaking that applies to participating eligible professional(s) is both: a) configured as a structured data element that is captured or stored as a code or other appropriate format, and b) is reliably and accurately captured via downloads from other systems or data entry. The need is having this data in formats that the system can subsequently search, retrieve and aggregate and compare for reporting. Two logistical issues surrounding this challenge: a) demonstration requirements for 2011 will be attestation, and electronic submission of one measure for 2012, and b) required measures are still being determined.

Click here to read the full report.