Selection Processes: Matching System and Organization

Selection Process: Matching System and Organization Team BDena Cervantes, Justin Lee, Susan Mateo, Necole Robertson, Cassie Chambers HCI / 500

August 18,2014David StibbardsSelection Process: Matching System and OrganizationRequired and desired system components

The RFI and RFP process

Three vendor comparisons

Threats and safeguards for electronic information impact on chosen system Effects of federal mandates and regulationsWhen acquiring anything new, depending on the importance of the purchase, there may be a large amount of research needed to come up with an accurate conclusion. New software is something that many associates or employees may become overly excited about when viewing the outer service. In actuality, vendor selection is often a process that can be very complicated and be an emotional decision to come up with the right vendor for your specific organizational needs. This paper will describe the required and desired system components the selected organization delineated, the RFI and RFP process, three vendor comparisons, threats and safeguards for electronic information impact on chosen system and effects of federal mandates and regulations.2Required System ComponentsA user-friendly method for scheduling based on surgeons assigned time block/availability Physician office interface with the admissions department for patient demographics

Financial component interface with the inventory and supplies and time stamp that helps to track the time in facility as well as in procedureRequired components include a user-friendly method for scheduling with ability to set the days and times each surgeon desires to have as his/her assigned availability to use the suites. Patient demographics information from the physician office needs to interface with the admissions department so the information only has to be shared once (University of Phoenix Material, 2014). The financial component will need to interface with the inventory and supplies component as well as the clinical component that documents physician time in the surgical suite and patient time in recovery in order to calculate costs to the hospital related to supplies and staff. A time stamp that helps to track the time of arrival compared to the departure time, in turn giving an average length of time for each procedure; the time of arrival and surgery start time is needed [as well as end time and d/c time] (Kramer Technologies, 2012). 3Desired System Componentsclinical component system interface with scheduling

just-in-time ordering

automatically order or alert when a stock item is running lowDesired components include a clinical component system that interfaces with the scheduling department to ensure that supplies are on hand for each case and allow for just-in-time ordering by connecting with supplies and inventory to track preoperative, intra-operative and post operative supplies used for surgical prep, procedure trays, along with surgical dressings as well as other supplies used to support patient care (Foley catheters, saline irrigations, NG tubes, etc). The system would also automatically order or alert when a stock item is running low and must be reordered based on the number of items left and how quickly it is being used (University of Phoenix Material, 2014).4Initial StepsProcess and decision for purchasing

Elements that guide questions and influence the consideration of available choices

Trade shows and conferencesThe process and decision for purchasing the system is based on information obtained during the needs assessment phase prior to selection. The selection committee must keep in mind the amount of money available for the purchase, installation, and maintenance of the new system, as this will guide their questions and influence the consideration of available choices. Trade shows and conferences are often beneficial opportunities to obtain information. These events allow organization representatives to examine systems from various vendors in an informal setting, to measure system capabilities against others, and to view demonstrations (Hebda & Czar, 2009). 5The RFI ProcessFrequently the first true contact with the vendor by the organizationA letter or short document sent to vendors describes intent to purchase and install an information systemRequests a description of the system and its capabilitiesVendor responds by sending brochures and literatureOnce the overall goals are determined, the vendor search begins. Vendors are selected by which ones are capable of meeting the basic needs of the organization. A list is compiled, followed by a request for information (About.com, 2014). This is frequently the first true contact with the vendor by the organization. An RFI is a letter or short document sent to vendors that describes the organizations intent to purchase and install an information system. The purpose of the RFI is to gain necessary information about the vendor and its systems so that those vendors who cannot meet the organizations basic requirements can be eliminated. The RFI should request a description of the system and its capabilities. Often the vendor responds to the request by sending brochures and literature. More information can later be obtained by asking more specific questions of the vendor after receiving the initial informational literature (Hebda & Czar, 2009).6The RFP ProcessDocument describing requirements for desired information system in order of importanceEliminates vendors incapable of meeting all needs required by organizationNegotiations include vendor pricing, contract terms and technical support abilitiesVendor response demonstrates how well the product meets the proposed requirementsOnce the steering committee has received and reviewed all the information received from the various vendors who provided information in response to the RFI, the next step is to prepare a request for proposal (RFP). An RFP is a document that describes the requirements for a desired information system. The RFP lists these requirements in order of their importance to the company (Hebda & Czar, 2009). The RFP further eliminates vendors that are not capable of meeting all needs required by the organization. This stage consist of detailed specifications which defines all possible constraints, terms and conditions, and limits vendor selections based on this criteria. Comparison of vendors against each other includes each vendors visibility, missions, total cost of ownership, debt, and history. The RFP process consists of negotiations which includes vendor pricing, vendor contract terms and a vendors technical support abilities. This eventually leads up to a new software system that meets the needs of the organization (About.com, 2014). The vendor response to the proposal demonstrates how well the vendors product meets the proposed system requirements. Often, the RFP and the vendor response for the winning bid are included in the final contract (Abdelhak, Grostick & Hanken, 2012).7Three Vendor ComparisonsEHR VendorsSoftware nameUsed inter-nationallyCost to maintainLimits to practiceMcKessonMcKesson Practice Choice Lytec MD Medisoft Clinical Practice Partner InteGreat EHR McKesson Practice Complete Yes$3600 per yearReaches to allMcKesson is known for its wide range of EHR systems is designed to work both server-based and cloud-based, to help manage practices of all sizes. McKessons Business Performance Services divides itself to two parts: Practice Management and EMR solutions. Practice management includes patient care, scheduling, billings, claims processing and other operations for clinical practice. EMR solutions include EHRs system to enhance care quality and improve physician workflow (McKesson, 2014). In an RFI and asked for key benefits, McKesson would boast that for business improvement, its programs help with: 1. Physician group management, 2. Revenue cycle management, 3. Strategic planning and growth management, and 4. Practice consulting (McKesson, 2014). For clinical effectiveness, McKessons tools include: 1. Accountable Care Services, 2. Population Health Management, 3. Technology, 4. Products and Services, 5. Coding and Compliance (McKesson, 2014). 8Three Vendor ComparisonsEHR VendorsSoftware nameUsed inter-nationallyCost to maintainLimits to practiceCernerCerner MilleniumNoDoesnt revealReaches to allEPICEpicCare EMR, Care Everywhere, Lucy PHRNoDoesnt revealEpic is used only for medium to large sized hospital organizationsCerner has the widest reaching EHR of the three because of all the different aspect that Cerner affects. Just exploring Cerners website, one is bombarded with information of how its software affects healthcare. Cerners product is divided into: Extended Care, Hospitals and Health Systems, Medical Devices, Member Engagement, Physician Practice, Pharmacies, Population, Health Management, Research, and Workplace Health (CERNER, 2014). Epic boasts that it is different than other programs due to its on-time and on-budget track record being one of the best in healthcare (Epic, 2014). Epic software function is divided into two: Care Everywhere and Lucy PHR. Care Everywhere is when doctors control the flow of data across organizations. Lucy PHR is when patients control their health information. In reply to an RFI, it would be brief and effective for Epic to describe how its programs able to help manage medium to large sized organizations by these categories: Clinical Systems, Ambulatory, Specialties, Inpatient, Connecting independents, Departments & Ancillaries, Interoperability, Mobile & Portals, Access & Revenue, Practice Management, Reg/ADT & Hospital Billing, Managed Care, Enterprise Intelligence, Integrated Core, and Connectivity (Epic, 2014). 9Threats and safeguards for electronic informationRequires ensuring adequate protection of data but doesnt limit health care provider access when information neededThreats: three different groupsthreats related to internet liabilitythreats is due to internal threats of the data, program or systemthreats is those caused by internal or external disastersSafeguards: information technologists and users are responsible for providing and performingchoosing the correct system design of infrastructurecontrolling user access and security policies Health care administrators are responsible for managing threats of electronic health care information. There must be a real time threat management system in order to adequately monitor and respond to threats. Threats can be categorized into three different groups. The first group contains threats related to internet liability. Some examples of these include the following: viruses, worms, malware, phishing and spamming. These internet threats can cause system slowness, system penetration or complete system failure (Hebda & Czar, 2009). The second group of threats is due to internal threats of the data, program or system. These threats are unauthorized users, sabotage, and poor password management. Unauthorized users are the greatest threat due to inappropriate view of information. With internal knowledge of a system, sabotage is a real threat that has to be monitored and managed. Sabotage can occur when people are employed at a facility or when they are no longer working there, but continue to have access (Hebda & Czar, 2009). The last group of threats is those caused by internal or external disasters. Examples of this category include the following: poor product design, error messages, and hardware collapse and power failure (Hebda & Czar, 2009). These threats are usually very dramatic and often unforeseen, which can limit access to patient and affect safe care. All risks associated with electronic information can be decreased with placement of safe guards to mitigate the frequency, length or severity of the situation.Health care administrators, information technologists and users are responsible for providing and performing safeguards to protect health care information. This includes choosing the correct system with adequate safeguards in place, design of infrastructure, controlling user access and security policies and plans in place. The system must have an automatic disturbance recognition capability (Hebda & Czar, 2009). In addition, to automation of safeguards there must be the capability of individual authentication, access control, audit trails, disaster recovery and protection of remote access points and external electronic communication (Abdelhak, Grostick & Hanken, 2012). Authentication for access to the system is required to limit those who should not have access to the system and can be completed through passwords, single sign on technology, tokens or biometric devices. Once access is granted, access control is used to limit the amount of information a user has the ability to see or change. The access is generally given based on the users role and the need for specific data. Audit reports are used as a way to review who has reviewed various areas of the health care record. This is a necessary portion of a system in order to have proof of potential violation of view of information. In addition to the audit trail, there should also be a mechanism to notify security of the access to high profile patients. Protection from external violation will need to occur through the use of firewalls, encryption, application security, antivirus software and spyware detection (Hebda & Czar, 2009). Support in disaster recovery is an additional requirement of the purchased system. Recovery from a disaster will require engagement from the vendor in order to get to business as usual as quickly as possible. In determining the final selection, it is necessary to have all of these safeguards available to ensure patients health care information is adequately secure.10Effects of Federal Mandates and RegulationsThree federal mandates and guidelines

Meets the American Recovery and Reinvestment Act of 2009 standards for electronic records

Capable of utilizing information so that it follows the meaningful use guideline

Meets HIPAA standards for security and privacyThree federal mandates and guidelines exist that all electronic health systems must be capable of fulfilling. An EHR must meet the American Recovery and Reinvestment Act of 2009 standards for electronic records. It must be capable of utilizing information so that it follows the meaningful use guideline. It must also meet HIPAA standards for security and privacy.The American Recovery and Reinvestment Act of 2009 sets forth several guidelines in place for all electronic health records (University Alliance, 2013). These include maintaining standing levels of Medicaid reimbursements and avoid penalties. The organization has set out to purchase and implement an EHR system. All of the chosen products meet these EHR criteria. All of the vendors offer EHR systems, which in themselves fulfill the mandate to have this type of system in place, ensure avoidance of penalties and Medicare reimbursement rate decreases. The chosen providers have outlined several key elements for implementing the EHR and subsequently abiding by the meaningful use mandates. This is achieved through an improvement in quality and safety, improvement in care coordination, and reduction of errors through poor patient record keeping (University Alliance, 2013).The HIPAA aspect of the product can be evaluated when examining the security and privacy setting provided. Several of the vendors such as EPIC offer integrated security measures to ensure that all protected health information is kept secure. This can be achieved through multiple layers of system protection, access restriction, and implementation of proper security of the networks. This function will allow the organization to maintain HIPAA compatibility. 11ConclusionSelection process can be complicated and arduous Requires a committed interdisciplinary steering committee committedDiligently adherence to budget constraintsAchievement of goal: successful selection process The selection process for determining the best system to meet the needs of an organization looking to purchase a new system or a system upgrade is complicated and arduous to say the least. It requires a steering committee committed to hearing from all impacted disciplines and departments, looking to meet and integrate all the needs and desires expressed and simultaneously diligently adhering to budget constraints. The aspects covered in this paper which are part of this process include describing the required and desired system components, the RFI and RFP process, three vendor comparisons, threats and safeguards for electronic information impact on chosen system and effects of federal mandates and regulations. When all these components come together a successful selection process is most likely to occur.12ReferencesAbdelhak, M., Grostick, S., & Hanken, M. (2012). Health information: Management of a strategic source. (4th ed.). St. Louis, Missouri: Elsevier Saunders.About.com.(2014).Retrieved from http://operationstech.about.com/od/vendorselection/a/VendorSelectionHub.htmCerner. (2014). Cerner Services. Cerner. Retrieved from https://www.cerner.com/solutions/cernerservices/

ReferencesEpic. (2014). Epic Software. Retrieved from http://www.epic.com/software-index.php

Hebda, T., & Czar, P. (2009). Handbook of informatics for nurses & healthcare professionals. (4th ed.). Upper Saddle River, NJ: Pearson Prentice Hall.

Kramer Technologies. (2012).Hospital Registration Accuracy Why Is It So Important?.Retrieved from http://www.kramergroup.com/hospital-registration-accuracy.html

Mckesson. (2014). Electronic Medical Records (EMR) Software Solutions. McKesson. Retrieved from: http://www.mckesson.com/bps/solutions/technology/electronic-health-records/14ReferencesUniversity Alliance. (2013). January 1, 2014 Federal Mandates for Healthcare: Digital Record-Keeping Will Be Required of Public and Private Healthcare Providers. Retrieved from http://www.usfhealthonline.com/news/healthcare/electronic-medical-records-mandate-january-2014/#.U_EK_JUg_X4

University of Phoenix Material, 2014. System scenarios list. HCI/500 Version 4

15