In The Know

Healthcare RCM: Everyone’s Responsibility

Posted by Samantha Serfass on August 7, 2018 in Blog

Healthcare RCM: Everyone’s Responsibility

Emerging technologies now drive the transition and evolution of revenue cycle management. This is brought about by the pursuit hospitals and healthcare providers must focus on to not only improve financial system management, but to also identify hidden streams of revenue. Healthcare organizations are looking to implement newer technologies that will streamline processes, speed up insurance authorization, deliver new streams of income and minimize the time it takes to receive payment.


Improving Patient Workflow Automation

The importance of helping hospitals improve their patient workflows through automation and to accurately drop the bills on time is something healthcare technologist know all too well. Every point of patient contact, patient data collection, diagnosis and treatment, eligibility and verification are critical to the bottom line.

Although every healthcare facility may have a unique culture, whether full service or particular specialties, one thing that ties all healthcare systems together is the patients. The challenge for most facilities is the time it takes to capture patient clinical workflows and processes detailed enough to build a comprehensive and robust system. Unfortunately, developing a well-documented workflow takes multiple reiterations and can require hours of work.

Capturing accurate and efficient patient registration, admissions and eligibility, streamlining ER processes, collaborative and seamless transfers to/from healthcare facilities, enhancing efficiency and patient safety through the reduction of medication errors, to minimizing drug dosage and dispensing issues, and ultimately automating medical records management with secure accessibility –all  have major impacts on healthcare revenue management systems. One big challenge many facilities face is the lack of qualified skilled resources.


Coordination & Collaboration of Healthcare System

With increasing improvements throughout the years, many hospitals continually face the challenge of hiring and keeping qualified skilled resources through important projects. Yet, the even greater challenge comes after a productive project leadership team has been established, along with a clear vision and objectives.

Coordinating and communicating with all the respective stakeholders and areas of a hospital system takes preparation and consistency through planning. As we experience the changes in the revenue cycle system process, it no longer only impacts the traditional revenue cycle model. It impacts the entire patient workflow process, all invested departments, and the new advanced technology teams continuously working together to improve the revenue cycle management system.

Investing time to improve and change the quality of our healthcare resources is a must. One important example is frontline healthcare workers. It is critical that frontline healthcare workers understand the importance of improving the quality of patient care through gathering accurate patient information during the first encounter. Many times unskilled admission, registration and eligibility resources are hired to save money. While in the end, hours of work are spent correcting inaccurate patient information during charge capture, claims, coding, or remittance, which ultimately delays the bill drop.

Just like HIT security has becoming everyone’s business and responsibility, revenue cycle management has also become everyone’s responsibility. Whether you’re a clinician or administrator, working in admissions, registration and eligibility, operations, ambulatory, ER or IT, working together to improve the process and obtain accurate patient information is your responsibility.


Complexity of Revenue Cycle Management System

One thing is clear, the last 10-20 years have brought extensive changes in provider productivity and hospital internal revenue drivers. Regulatory changes, ICD-10 and continued mergers of revenue cycle systems have not only become the norm, but appear to be increasing every year. Hospital systems continue to invest time and money in order to gain knowledge and understanding of how new technologies can be implemented to increase their bottom line. Today, healthcare systems are looking for vendors who can provide end-to-end revenue cycle management that can solve the growing financial challenges they face each year.

There are several benefit to improving revenue cycle management such as streamlining patient workflow automation, improving productivity of departments and resources, and creating positive impacts on patient satisfaction.

By improving not only the quality of the patients experience, but educating and investing in the resources, hospital systems can successfully improve revenue cycle management. This allows for continued collaborations towards successfully finding new streams of revenue and increase the bottom line.


Nina De Los Santos, PMP

VP Operation Delivery at Excite Health Partners

Diabetes Mellitus and the Alphabetical Index

Posted by Samantha Serfass on July 25, 2018 in Blog

Diabetes mellitus and the alphabet index

Diabetes Mellitus and the Alphabetical Index

Within the last few years, there have been some changes with documentation and code assignment for various manifestations of diabetes mellitus.  One of the notable changes was to the alphabetical index; coders could no longer assume that documentation of “uncontrolled” was synonymous with hyperglycemia as it had in the past.

Now, when a coder sees documentation of “uncontrolled” diabetes, the alphabetical index directs the coder to further define the manifestation as either hyperglycemia or hypoglycemia.  This is also discussed in AHA Coding Clinic for ICD-10-CM and PCS, 1st Quarter 2017 p 42.  If the documentation is not specific to whether it is hyperglycemia or hypoglycemia, the coder is directed to query the physician for more specificity.

If a coder were to look up “Diabetes, uncontrolled” in the alphabetical index, it would appear in the index as follows:

Many physicians use other terms to define diabetes that is not within optimal control, such as “poorly controlled”, “inadequately controlled” or “out of control” to name a few.  It is very important that the coders review the alphabetical index entries for all of these terms, as the index contains very specific direction to follow for final code assignment.

The alphabetical index for these other terms is as follows:

Assuming that “uncontrolled” is basically the same as the terms above, it would result in an unnecessary query and potentially assigning the incorrect code.

Another term often found in physician documentation is “borderline diabetes.”  If the coder indexes this diagnosis, it guides the coder to assign R73.03.  Please note that this differs from the guidance given in the Official Coding Guidelines for ICD-10-CM for borderline diagnoses.

Under Section 1.B.17, it states that if the provider documents a borderline diagnosis at the time of discharge, it is to be coded as confirmed unless the classification provides a specific entry (e.g. borderline diabetes).

When assigning codes for diabetes, both the encoder and tabular prompts the coder to assign long term use of medications such as insulin (Z79.4), oral antidiabetic drugs (Z79.84) or oral hypoglycemic drugs (Z79.84).  Interestingly, both the 2018 Official Coding Guidelines for ICD-10-CM and AHA Coding Clinic for ICD-10-CM, 4th Quarter 2017 p 82 state: “If the patient is treated with both oral medications and insulin, only the code for long term (current) use of insulin should be assigned.”  However, in the tabular listing, Z79.84 is considered an “Excludes 2” under Z79.4 and vice versa.

Unfortunately, this is incongruent information, as according to the Official Coding Guidelines for ICD-10-CM, “The conventions for the ICD-10-CM are the general rules for use of the classification independent of the guidelines.  These conventions are incorporated within the Alphabetic Index and Tabular List of the ICD-10-CM as instructional notes.  The conventions and instructions of the classification take precedence over guidelines.”

Therefore, because of the Excludes 2 note in the tabular, this takes precedence over the advice given in the Official Coding Guidelines and Coding Clinic.

Coders are always encouraged to refer to the alphabetical index when looking up descriptors for disease processes, as the index is the first step in guiding the coder to the correct ICD-10-CM code assignment.


Robyn McCoart

Director of Client Services at Excite Health Partners

The Opportunity in Failure

Posted by Samantha Serfass on July 10, 2018 in Blog

The Opportunity in Failure


Success is achieved only after many failures. Some days these failures never seem to leave our rear view mirror. The fact is, even the most skilled and qualified program/project manager makes bad decisions through the life of a HIT project.


Winston Churchill once said,

“Success is stumbling from failure to failure with no loss of enthusiasm.”


This holds true in every aspect of life. From the time we’re born to the time we die, our natural instinct and desire is to succeed. While this is common to everyone, one thing that makes us different is the level of enthusiasm we have to succeed.


It’s easy to remember the failed attempts. However, it’s the paths carved by failures that bring value and lead us to big successes.


I’ve personally experienced these failures. I’ve witnessed the impact they’ve had on project teams. Technology teams, hospital operations, clinical staff, and physician teams alike have experienced major technological growth in the last 15 to 20 years, and through this growth came significant amounts of failure.


Never underestimate the impact of one bad decision on a project. Any large HIT project team that pulls off a successful project with minimal issues should be celebrated.


In fact, when I think about how healthcare technology, as a whole, has evolved in the past decade, from significant strides in medical research, advances and breakthroughs, to the advances in technology in healthcare, software & tools, regulatory changes, the innovations in medical devices, the financial perspective, and changes in how healthcare is administered in our communities it’s overwhelming all the opportunities that come along with these amazing advances. Opportunity to imagine, opportunity to learn, opportunities to save lives and help others. Isn’t that what it’s all about?


Hospital systems throughout the country and throughout the world, watch each other through projects for the outcomes, especially the large, big dollar enterprise wide projects. We hear about the good, the bad and the ugly in HIT online news and TV outlets. The latest news these days is all about data and security breaches, digital transformation, and the big healthcare IT acquisitions. While the standing questions being asked by hospital leadership teams working to transform care are:

  • Which hospital systems achieved a seamless outcome and which failed miserably?
  • How can we avoid making the same mistakes and improve our quality of care?
  • What helped, what hindered and how can we have a better outcome?
  • What are the main takeaways and lessons learned?


From selecting the best tools and applications to fit the needs of your facility, selecting the latest technology solutions, searching and identifying the right resources for your project that still fit your budget; every decision is important.


Today, unlike 10 or 15 years ago, there are so many helpful resources available that have relevant and valuable content. Published white papers and books with outstanding case studies help direct our steps along the way and answer the tough questions, and even provide us with those questions we don’t know to ask. New trending topics like digital transformation, robots, and AI tools create the latest buzz. Also, let’s not forget the breaches and threats to our personal healthcare data.



There is no question that 2018 brings with it a wide range of new topics within the HIT space. However, nothing can happen without the collaboration and enthusiasm of people. Below are 4 key areas that are critical success factors for any project, and working in tandem, will make the difference on whether your project succeeds or flops:


  • A Stakeholder Analysis, Leadership Engagement and Stakeholder Buy In – It is critical to a project that a thorough stakeholder analysis be conducted with a clear understanding of who the key players are on a project and what motivates them. Find out what their needs are, what concerns them, collaborate with them, and most of all listen to their requirements. You want to get them engaged and most of all you want them on your team! Getting stakeholders engaged is a critical success factor and one of the most important activities a project manager can spend their time doing.


  • Focused Goals & Measurable Objectives driven by a Clear Project Vision – While your overall vision, driven by the mission of the organization, is what we want to achieve, our goals and objectives need to be aligned with our vision. Our goals should be stated in unmeasurable terms and should be focused statements. Goals are the things that need to be accomplished in order to implement the strategy or overall vision. Our objectives are broken down to specific actions and timelines for achieving each goal, which are further broken down into tasks, durations and timelines. The final but important step here is follow-up and adjustments, ensuring that everything stays aligned with your overall vision.


  • A Communication Plan and Process – We all understand the importance of clear and concise communication on any project, yet communication breakdown can easily occur on any project. There are so many tools and templates available online today that can help us develop a strong communication plan for any size project. Use your goals and objectives as anchors to help pull the communication plan together. Here are 4 important communication goals that will help any project.
    • Get the right message to the people who need it, in a clear and timely manner. Follow ups ensure the message was correctly received and understood.
    • Reiterate your goals and objectives throughout the project to keep the team focused on the overall vision.
    • Assign an owner to the communication plan who will help develop a good communication process.
    • Monitor effective communication often and tweak when necessary.


  • A Lessons Learned Process, Tools & Library – One of the easiest things to do as a project manager is to develop lessons learned during a project, while you are actually experiencing the failure. However, we fail miserably when it comes to actually doing it. Trying to do it after the fact doesn’t count! You must establish a good process, keeping the information freely available to everyone on the team. Yes, it can be tedious and seem like a chore at times, but in the long run it saves time and money. If you’ve actually done it, then you know how valuable it is, especially for anyone preparing to walk down the same path. Again, there are so many tools and templates available online and it’s very easy to create a lessons learned library on Excel or SharePoint.


If you have anything along this topic that you’d like to share, we welcome your comments and suggestions!


Nina De Los Santos, PMP

VP Operation Delivery at Excite Health Partners

An Overview of McKesson and Paragon

Posted by Ashley McCool on November 16, 2017 in Blog, News

A Brief History of McKesson

Originally founded in 1828 in New York City as Olcott by Charles M. Olcott, and later known as Olcott, McKesson & Co. by Charles Olcott and John McKesson in 1833, the business began as an importer and wholesaler of botanical drugs. Years later, a third partner, Daniel Robbins joined the enterprise as it grew, and it was renamed McKesson & Robbins following Olcott’s death in 1853.

During the mid-20th century, the company transitioned from mainly a pharmaceutical company to a medical technology company. In 1999, McKesson & Robbins acquired a medical information systems firm, HBO & Company and was briefly known as McKessonHBOC. In 2010, McKesson acquired leading cancer services company US Oncology, Inc. for $2.16 billion, which was integrated into the McKesson Specialty Care Solutions business. In addition to its offices throughout North America, McKesson also has international offices in Australia, Ireland, France, the Netherlands, and the United Kingdom. Today, McKesson is one of the oldest continually operating businesses in the United States. As of August 2016, McKesson merged a majority of its IT business with Change Healthcare. McKesson is currently headquartered in San Francisco, California, with 190.8 billion revenue (2016) and 68,000 employees (2016).


About McKesson

McKesson delivers a comprehensive offering of healthcare products, technology, equipment and related services to the healthcare industry and non-hospital market — including physician offices, surgery centers, long-term care facilities and home healthcare businesses — throughout North America and internationally.

McKesson supports pharmacies by expanding the range of medical supplies and services they offer customers. In addition, they work with pharmaceutical manufacturers, as well as practice management, technology and clinical support to oncology and other specialty practices, to help develop and deliver advanced medical treatments that lead to improved care and outcomes. McKesson also provides pharmaceutical distribution services that are customizable and scalable for hospitals and health systems of all types and sizes.


About the Software

Paragon – Inpatient EHR System

Paragon is a fully integrated clinical and financial system designed for hospitals and health systems of all sizes. McKesson highlights these benefits and advantages to using the Paragon system:

  • Helps reduce system complexity and lowered cost of ownership: Designed around a technology platform that helps reduce system operational complexity via a fully integrated clinical and financial system, a modern, non-proprietary operating platform and a Microsoft® SQL server platform. In addition, by using the Microsoft® SQL technology and architecture throughout, Paragon simplifies data management through the normalization and familiarity of the Microsoft® platform.
  • Easy-to-use, comprehensive software applications: Paragon offers a broad suite of clinical and financial applications with anytime, anywhere access via the web.
  • Single vendor for all clinical and financial needs: Partnering with a single vendor for all clinical and financial operations helps navigate the health care landscape while efficiently maximizing the clinical and financial performance of the organization.


Paragon user-friendly applications for clinicians include:

  • Clinician Hub: Web-based information presentation and workflow management solution that allows clinicians to view clinical and administrative information, document care, and place orders for patients
  • Computerized Physician Order Entry (CPOE): Integrated, physician-friendly solution providing direct order management and clinical decision support
  • Clinician Mobile: Provides clinicians with fast, efficient and secure mobile access to patient-specific clinical information
  • Physician Documentation: Integrated solution that supports care communication and charge capture via the physician’s natural workflow
  • Medication Reconciliation: Integrated solution to review medications, communicate changes and place orders
  • Clinical Assessment: Enables caregivers to collect and evaluate patient assessments, vitals and I&O as well as automating flow sheets and therapy assessments
  • Care Plans: Automates the workflow for the patient care planning process and helps reduce the time required to create and document patient care interventions
  • Order Management: Facilitates order entry, charge capture, patient profile information and order interactions for all patient types
  • Medication Administration: Offers a point-of-care solution that helps support medication safety while systematically documenting the administration process
  • Clinical Data Interface: Helps increase efficiency of clinical staff and helps reduce errors by importing discrete physiologic data from third-party devices, such as bedside monitors or ventilators


Paragon applications to assist ancillary departments include:

  • Pharmacy Management: Combines patient demographic and clinical information with specific drug information to help manage drug therapy
  • Operating Room Management: Provides OR and resource scheduling, real-time perioperative charting at the point of care; helps users manage surgical supply inventory; captures charges and provides robust reporting
  • Emergency Department Information System: Provides Emergency Department documentation for physicians, nurses and mid-level providers, while also supplying tracking board, registration, triage and reporting capabilities
  • Inpatient Physical Rehabilitation: Allows users to utilize the CMS standard Patient Assessment Instrument in a clinical setting and for the calculation of RIC codes
  • Radiology Management: Enables hospitals to manage and report on all radiology procedures performed within their organizations
  • Laboratory Management: Helps manage workflow and automate test reporting and quality assurance information
  • Mobile Specimen Collection: Helps improve accuracy and productivity through the use of handheld barcode technology to identify patients and collect specimens at the bedside
  • Microbiology: Helps manage the specialized department workflow in a paperless environment


Paragon administration and hospital financial applications include:

Business Office and Administration

  • Patient Management: Offers a complete patient accounting application, including billing and collection that can interface with ambulatory EMRs and centralized collections
  • General Ledger: Provides inquiry, audit trails and automated entries to help organizations analyze current performance and project future trends
  • Accounts Payable: Provides management of multiple discount rates, minimum dollar order limits and payment cycles
  • Materials Management: Improves control over inventory management with tracking and comprehensive reporting
  • Payroll: Helps improve control over inventory management with tracking and comprehensive reporting
  • Patient Supply Charging: Helps reduce revenue loss from undocumented patient supplies and improve inventory management
  • Fixed Assets: Helps manage the organization’s physical plant and equipment and forecasts future depreciation assets
  • WebStation for Executives: Provides a personalized gateway and decision support tool to a broad array of enterprise-wide information
  • Automated Daily System Close: Enables unattended backup and nighttime operation

Patient Access

  • Referrals and Authorizations: Allows users to enter and track data regarding referrals for services and authorizations
  • Resource Scheduling: Allows users to better manage and control resources through coordinated scheduling of patients for clinics, procedures or exams
  • Registration: Provides access to patient admission, registration and discharge information across episodes of care

Health Information Management

  • Medical Records: Offers an intuitive, cost-effective process for maintaining and updating medical records
  • Medical Records Transcription: Automates the transcription process and decreases completion time
  • Utilization Review: Automates proactive inpatient case management from admission through discharge to help reduce loss from unpaid patient days
  • Release of Information: Helps the Health Information Management department track the release of patient health information data


The Paragon® Ambulatory Care Practice Management module includes:

  • Single registration screen across hospital, practice and clinic
  • Centralized billing across enterprise from one location in the system
  • Ability to schedule lab and radiology orders from a physician practice or clinic to a hospital
  • Single patient record for registering and billing patients
  • Enterprise scheduling across acute-care and ambulatory settings
  • Patient education
  • Health maintenance support

Paragon® Ambulatory Care Practice Management module helps organizations:

  • Reduce maintenance overhead managing disparate systems
  • Provide an improved user experience as module is built in Paragon, reduce potential user training time
  • Reduce the cost and hassle associated with paper/faxed lab and radiology results between the physician practice and the hospital
  • Improve physician and provider workflow
  • Save time by reducing the need to rekey data from the hospital or clinic

Paragon Clinician Mobile includes:

  • Patient Overview: vital signs, intake & output, results, orders, meds & IVs
  • Vital Signs: graphically and in table format
  • Intake & Output Summary: time periods of 24 hours, current shift and since admission
  • Results: critical and non-critical for laboratory, microbiology, diagnostic images, cardiology and more
  • Orders: details on patient orders grouped by active, on hold and recently ended
  • Meds & IVs: active and discontinued medications by STAT, routine, PRN and IV solutions
  • Patient Profile: demographic, longitudinal and care assignment information
  • Care Assignments: caregivers who are associated with a patient visit


In August 2017, Allscripts announced plans to buy McKesson’s EHR, revenue cycle tools for $185 million. Allscripts said that it will keep McKesson’s Paragon EHR for small hospitals and use its own Sunrise for larger systems. For $185 million, Allscripts gained the product portfolio which McKesson calls Enterprise Information Solutions, consisting of the Paragon EHR, Star, and HealthQuest revenue cycle technologies, OneContent content management tools, as well as Lab Analytics and Blood Bank.

Source and additional information:

What is Epic? A Quick Overview of Modalities

Posted by Ashley McCool on November 9, 2017 in Blog, General, News

About Epic

Epic is an electronic health record system (EHR) and company that develops software to help people get well, stay well, and help future generations be healthier. Known as one of the leading EHR vendors in the US, Epic has over 190 million patients with a current electronic record in the system.

About the Company

In 1979, Judy Faulkner, founder and CEO, launched Epic Systems Corporation from her basement with a $70,000 bank loan secured against her home and the equity of a few loyal programming customers. The privately held software company is based in Verona, Wisconsin and has a nearly 1.8 billion revenue. Originally named Human Services Computing but rebranded as Epic Systems in 1983, the company currently has over 9,000 employees.

The headquarters is known for its imaginative campus; each section of the campus has a different theme, ranging from farming to castles to New York City’s Grand Central Station. The campus also features a treehouse for meetings. Not only does the Epic campus boast a unique design, they are also proud of their sustainability efforts, which include six wind turbines and 18 acres of solar panels, and utilizes underground geothermal pipes for heating and cooling the campus buildings.

About the Software

The purpose of Epic is to give patients the tools to lead a healthier life. With MyChart, patients have access to personal and family health information. They can message their doctors, attend e-visits, complete questionnaires, schedule appointments, and have more involvement in managing their health when and where it’s most convenience for them. While in the hospital, patients can stay in touch with their care team by using the MyChart tablet, which also can be used to personalize educational materials.


Epic’s software is most commonly used in:

  • Community hospitals
  • Academic medical centers
  • Children’s organizations
  • Retail clinics (such as CVS Health)
  • Multi-specialty groups
  • Integrated delivery networks
  • Rehab centers
  • Skilled nursing facilities
  • Hospice care facilities
  • Independent practices
  • Patient homes and “on-the-go” mobile version


Types of Modalities

Each care specialty has a dedicated modality tailored to its exact needs. The content in these modalities are guided by the experts in their field, where steering boards contribute content and guide development, meeting the real-world specialty needs. Here is a breakdown of the major modules that Epic has released, along with the clinical areas where they are used:

ASAP ER Module

ASAP is the Epic module that deals with managing ER visits. It has a component that tracks which rooms are occupied, displaying room and bed status on monitors that are mounted on the walls near the nursing stations.

EpicCare Ambulatory

EpicCare Ambulatory is one of the main and largest components of the Epic System. Primary Care and Specialty clinicians use the Ambulatory Module to document visits, place orders, send prescriptions, perform in-office procedures, review results, and send communications to patients.

Epic Beacon Oncology

Beacon Oncology is the chemotherapy module in the Epic system. It is built around treatment plans for patients who are undergoing cancer treatment. Whereas most patient visits are either Outpatient or Inpatient, these visits are considered Series Visit Types, which span a longer amount of time.

Epic Beaker

Epic Beaker is the laboratory system for a hospital lab. Orders that are placed either in other parts of Epic or in an external system are transmitted to Beaker via an HL7 Interface1 for processing. When patients arrive to have their blood drawn, the results are entered into Beaker, which then get transmitted back to the ordering doctor.

Epic Bridges

Epic Bridges1 is the module for installing, configuring and maintaining clinical interfaces to other systems. See the reference below to learn more about interfaces.

Epic Cadence

Cadence is the Epic scheduling module for Outpatient and Specialty clinics. Any time you have an appointment with your doctor, their scheduling staff will use Cadence to book your appointment, then check you in on arrival. The physicians and other staff are able to see the schedule for the whole clinic, or just for their own patients.

Epic Caboodle – aka Cogito Data Warehouse

This area of Epic refers to the data warehouse and analytical tools used to store and retrieve large amounts of clinical data. The data can be queried to provide all manner of reporting to support care decisions, manage costs, and identify trends2. Other data can be brought in from non-Epic systems, and then used along with Epic data to provide reporting results. Until mid-2016, the trade name for these tools was Cogito, from the Latin phrase ergo sum: “I think, therefore I am”. In mid-2016, Epic renamed it to “Cabooble”, ie Kit & Caboodle. Get it?

Epic Care Everywhere

Care Everywhere is the network by which patient records are shared between different Healthcare organizations that use Epic. If you receive care at an Epic hospital in say, New York for example, then move to another state or even another country, your new care providers can run a Care Everywhere query from their instance of Epic to pull in your records from your previous providers. Care Everywhere operates as a Health Information Exchange.

Epic Cupid

Epic Cupid is the module for Cardiology practices. There are special clinical tools focused on cardiology care. Epic can also integrate or interface with external EKG devices to bring the EKG readings into the medical record.

Epic Happy Together

Happy Together is Epic’s effort toward communicating clinical information across different systems, including competing vendors. This is done from the provider standpoint by communicating through Health Information Exchanges. Also, many patients use Epic’s patient portal MyChart at more than one Epic location, such as a primary care office from one organization, and a specialist from another. Happy Together enables patients to see their clinical data from multiple locations in one MyChart session.

EpicCare Home Health

This is the module used in a home health setting, in which visiting caregivers (Nurse, Nurse Aides, PT, OT, etc) document care done in a patient’s home. Clinicians use a remotely installed software program that allows them to document in settings where they might not have any Internet connection. Then after they finish their work, they can reconnect to their organization’s network and perform a sync that uploads their documentation to the main Epic servers.

Epic Hyperspace

Epic Hyperspace is not a clinical module in itself, but rather the actual application client that is presented to users of most areas of Epic. When a nurse, doctor, therapist, or administrative staff launch Epic, the front-end software that is presented to them is called Hyperspace. It is typically installed on hosted servers that are accessed by many workstations throughout an enterprise, rather than being installed on individual users’ PCs. Citrix commonly used to host Hyperspace.

Since it is a core component of the Epic system, upgrades almost always include an update of Hyperspace. Epic Hyperspace is configured to display different menus, tasks, and options to users depending on their specific roles. For example, a pharmacist will be presented with many medication-related options, while a family practice physician will be presented with options to document clinical visits, place orders, and perform other clinically relevant tasks.

EpicCare Inpatient

EpicCare Inpatient is much like EpicCare Ambulatory, except that the clinical tasks are done in the hospital on admitted patients.

Epic Haiku

Epic Haiku is an App for Android and Apple that allows doctors to access a limited version of EpicCare Ambulatory. They can see and respond to test results, access their schedule, and see other clinical data on their patients.

Epic Healthy Planet

Healthy Planet is Epic’s Population Management system to help organizations deliver better care for a given population of patients. It is a direct outcome of the Affordable Healthcare Act, which established voluntary entities called Accountable Care Organizations. An ACO is set up to pay providers not just for delivering services, but for the healthy outcome of the patients who are enrolled in the ACO. Healthy Planet provides a suite of reports, dashboards, and workflow tools that allow Care Managers to manage patient populations in and apart from ACOs.

Epic Kaleidoscope

Epic Kaleidoscope is the Ophthalmology (Eye Care) module for Epic. It allows Ophthalmologists and Optometrists to perform eye exams, document eye related procedures, and write contact lens and eyeglass prescriptions.

EpicCare Link

When a hospital or other healthcare enterprise installs Epic, they typically interact with community physicians who do not have Epic, many of which do not have any electronic medical record system. EpicCare Link allows those providers to be given access to a web-based portal, allowing them to have limited use of the EMR to view activity on their patients who have received care at the associated hospital. It is usually configured to provide read-only access, meaning the external provider cannot place orders or do other clinical activity.

Epic Lucy

Lucy is not exactly a module, but is a concept of allowing patients to download and print their medical record in a usable format. This is called a Continuity of Care Document (CCD), and is considered a form of a personal health record.

Epic MyChart

MyChart is the web-based system that allows patients to manage their medical care in many ways. They can view test results, past and future visits, orders, medications, and more. They can also request appointments with physicians and ask non-urgent medical questions. A supporting App for Android and Apple is also available. Also, a newer feature that is beginning to emerge is the ability to conduct video visits with physicians. More about patient portals.

MyChart Bedside

Where MyChart is focused mainly on the outpatient and specialty parts of the patient record, MyChart bedside is intended for use while a patient is admitted to the hospital. It provides online tools for tracking your progress toward discharge, and can be configured to provide patient education material.

Epic OpTime

Epic OpTime is the Operating Room/ Surgery module for Epic. It has components for Inpatient Surgery as well as Outpatient Day Surgery.

Epic Prelude (ADT Patient Registration)

ADT stands for Admission, Discharge, Transfer. ADT is a critical part of the entire organization’s system because this is where the key information and status of all patients is managed. The Prelude module covers the hospital registration and insurance functions.


Radar is the dashboard configuration that is shared across almost all other Epic modules. Dashboards support reports, graphs, performance measures, helpful links, and much more pertaining to each area. For example, an OB dashboard will have measures relating to C-Section rates and number of births.

Epic Radiant

Epic Radiant is the Radiology module for Epic. It provides documentation, film tracking, and viewing of Radiology images.

Epic Sonnet

Epic Sonnet is a trimmed-down version of the main clinical application that is aimed at smaller organizations that cannot afford or don’t need the full-featured version. Epic will offer Sonnet to organizations as a software service hosted at their campus data center in Verona, WI.

Reporting Workbench

This is Epic’s application-side reporting solution which allows IT analysts to create and manage reports on date from most parts of the system. Users work from templates to get data on patient lists, orders, appointments, diagnoses, and much more. In Reporting Workbench, users do not run SQL queries to the database, as the tool is visually oriented.

Epic Rover

Epic Rover is the module that uses mobile devices to allow Inpatient nursing staff to do review and documentation tasks. Some of the functions that Rover helps with are chart review, medication administration, flowsheet documentation, and recording patient photos. It is not intended to take the place of Epic Hyperspace, the standard client for accessing clinical functions.

Epic Stork

Epic Stork is the Obstetrics module for managing pregnancy episodes on the Outpatient side, and documenting deliveries in the hospital.

Epic Welcome Kiosk

The Welcome Kiosk is about the size and shape of a small ATM, and allows patients to check in for appointments, pay co-pay amounts, sign documents, and print receipts and other materials.




Cyber Security Summary – October 2017

Posted by Ashley McCool on November 7, 2017 in Blog, News

The amount of healthcare breaches has decreased dramatically since September 2017. In the month of September, healthcare providers experienced 36 breaches with 464,722 individuals/records affected; yet in October, healthcare providers experienced 21 healthcare breaches with only 55,673 individuals/records affected. Contributing to these breaches in October were a few email, EMR, and paper/film breaches, and a hacking/IT incident.


Since the beginning to the year

Since the beginning of 2017, there have been 1,140 total data breaches causing over 171 million records to be compromised. Out of those, the healthcare industry accounted for 314 breaches and about 4.8M records compromised. The healthcare industry experience 27.5% of total breaches and 2.8% of records compromised.


Chase Brexton Health Care Notifies More Than 16,000 Patients After Phishing Incident

Between August 2, 2017, and August 3, 2017, a number of Chase Brexton employees received a bogus employee survey via email. It was determined that these email boxes did contain personal health information from several patients, including the following: patient name, patient ID number, date of birth, address, provider name, diagnosis codes, line of service, service location, visit description, insurance, and medication information.

September 2017 – Cyber Security Summary

Posted by Ashley McCool on October 12, 2017 in Blog, News

The amount of healthcare breaches has increased slightly since August 2017, yet individuals/records affected has decreased during this same time period. In the month of August, healthcare providers experienced 28 breaches with 695,225 individuals/records affected; yet in September, healthcare providers experienced 36 healthcare breaches with only 445,702 individuals/records affected. Contributing to these breaches in September were a few phishing schemes, a stolen laptop, and a data hack exposed via Twitter.


Since the beginning to the year

Since the beginning of 2017, there have been 1,080 total data breaches causing almost 171 million records to be compromised. Out of those, the healthcare industry accounted for 289 breaches and about 4.6M records compromised. The healthcare industry experience 26.8% of total breaches and 2.7% of records compromised.


SMART Physical Therapy Hack Exposed via Twitter

A hacking group known as TheDarkOverlord announced a successful attack on a U.S. healthcare provider, SMART Physical Therapy. The hack reportedly occurred on September 13, 2017, with the announcement of the data theft disclosed by TDO on Twitter on September 22, 2017. The database contained a wide-range of information on 16,428 patients, including contact information, dates of birth, and Social Security numbers.


Network Health Phishing Attack Impacts Over 51,000 Plan Members

Network Health notified 51,232 of its plan members that some of their protected health information (PHI) has potentially been accessed by unauthorized individuals. In August 2017, some Network Health employees received sophisticated phishing emails. The compromised email accounts contained a range of sensitive information including names, phone numbers and addresses, dates of birth, ID numbers, and provider information. The company took prompt action by contact Federal law enforcement officials. Network Health is offering one year of free identity theft protection and monitoring to affected customers.


Stolen Laptop from Mercy Health Love County Hospital and Clinic Leads to Credit Card Fraudulence

On June 23, 2017, the hospital discovered an employee had stolen a laptop computer and paper records from a storage unit used by the hospital. The theft of PHI was initially investigated by the Love County Sheriff’s Office and revealed the former employee had used the stolen information to fraudulently obtain credit cards in the patients’ names. A second individual is also understood to have been involved. Only ten patients were directly affected and we notified immediately.


Two Employees Hooked By Phishing Attack at Morehead Memorial Hospital, 66,000 Patients Impacted

Morehead Memorial Hospital in Eden, NC has announced two employees have fallen victim to a phishing attack that resulted in an unauthorized individual gaining access to their email accounts. The types of information exposed includes names, health insurance payment summaries, health insurance information, treatment overviews, and a limited number of Social Security numbers. After the discovery, the hospital performed a network-wide password reset. Phishing scams like this happen often in the healthcare field, as emails are sent to healthcare employees that look authentic and once a link is clicked on and login details are entered, it provides hackers with the credentials to login to those accounts. The hospital reported that the breach impacted roughly 66,000 patients and it was reported to the FBI, Department of Homeland Security and Office of Civil Rights.



What is Meaningful Use of EHR?

Posted by Ashley McCool on September 14, 2017 in Blog, News

In 2009, the US Government introduced the Meaningful Use Program (the Program) as a part of the “Health Information Technology for Economic and Clinical Health (HITECH) Act”, to help modernize our nation’s infrastructure, including medical records which have long been recorded by hand. This was an effort led by the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health IT (ONC). Defined as a program that encourages healthcare providers to show “meaningful use” of certified Electronics Health Record (EHR) technology, Meaningful Use encourages healthcare providers to switch from paper charts to electronic records, improving efficiency, safety, and providing an overall better care to patients.


Providers must follow a set of criteria that serves as a roadmap of effectively using and EHR. The Program was implemented over a series of three stages over a five year span.

Stage 1 (2011-2012): Promotes basic EHR adoption and data gathering.

Stage 2 (2014): Emphasizes care coordination and exchange of patient information; advancing clinical processes.

Stage 3 (2016): Improves healthcare outcomes. This stage is now set to begin as an optional requirement for physicians and hospitals in 2017 and required in 2018.

*After the initial start of the program, Stage 1 was updated and is now considered “Modified Stage 2.”

Incentive Plan

Healthcare providers that participate in the Program and meet reporting requirements are awarded with incentive payments, granted by CMS. Those payments can reach up to $44,000 for individual physicians and other eligible healthcare professionals through the Medicare Meaningful Use program, or up to $63,750 through the Medicaid Meaningful Use program.


Eligible providers not participating in the Program by the beginning of 2015 are penalized by receiving less than 100 percent of their Medicare fee schedule for their professional services.


Ultimately, complying with the Program will result in better clinical outcomes, improved population health outcomes, increased transparency and efficiency, empowered individuals, and more robust research data on health systems.


For more information on Meaningful Use, visit the CDC’s website.



July 2017 – Cyber Security Summary

Posted by Julia Foster on August 4, 2017 in Blog

The amount of healthcare data breaches in July was off-the-chart.  At 46 breaches, July had the highest number of breaches in 2017!  July accounts for 20.5% of all 2017 healthcare data breaches; to put that in comparison, before July there was an average of 25 breaches per month. The 46 breaches caused 572,678 records to be compromised. Contributing to these breaches were an identity theft scheme, a not-so-average phishing email, a threat that was undetected for over a year and a double attack.


Since the beginning to the year

Since the beginning of 2017, there have been 881 total data breaches causing almost 17 million records to be compromised. Out of those, the healthcare industry accounted for 224 breaches and about 3.5M records compromised. The healthcare industry experience 25.4% of total breaches and 20.8% of records compromised.


Identity-Theft Scheme

10 hard-copy medical records were stolen when a county hospital in Oklahoma’s storage building was broken into.  On Thursday July 20th local authorities were able to connect the break-in to two individuals, who were arrested in June 2017 for identity theft.  The suspected thief worked for the County Hospital as a licensed practical nurse. It is reported, after leaving the hospital in early 2017, the suspect returned to the hospital to steal personal patient information. The ex-employee and accomplice, were arrested after the discovery of evidence that linked the partners to numerous reported identity thefts totaling over $300,000. The hospital has taken all necessary steps ensure security of the building in the future and is offering the 10 affected patients free credit support.


‘Phishing’ for Cash

In the beginning of July, a university medical center in California reported a breach affecting nearly 15,000 people. Hackers gained access to medical center employees’ accounts through a phishing email. Once they gained access to the accounts, hackers impersonated account owners to send emails to other employees.  The hack was discovered when accounts were used to request large amounts of money. While there is no evidence to show personal information was acquired, the hackers had potential access to personal information such as names, addresses, phone numbers, medical record numbers, diagnoses and SSNs.  The medical center is evaluation its security measures and offering identity and credit protection services to patients who were possibly affected.


15 months undetected

While investigating into a recent ransomware attack a Georgia-based neurological clinic found a 15-month breach.  While the clinic was able to restore all information without paying a ransom, during the process they found that hackers had potential access to names, SSNs, driver’s licenses, addresses, phone numbers, medical data, prescriptions and health insurance information from February 2016 through May 2017. It is unknown if any of this personal information was accessed, but the clinic is offering identity theft protection services to patients affected by the breach.


Double Whammy

A senior living community reported a second ransomware attack on July 5th. The senior living community, located in Texas, originally reported a breach in May of this year. While investigating into the original attack they found a second ransomware attack. Luckily, the second attack was detected the same day it was discovered and they immediately took action and expanded their investigation to include the scope of the second attack. There is nothing suggesting that hackers accessed personal, but they potentially had access to SSNs, driver’s license numbers, birth dates, addresses, phone numbers, medical record numbers, payment information, health insurance information, and clinical information related to residents.


Cyber Security Summary – June 2017

Posted by Julia Foster on July 18, 2017 in Blog, News

Cyber Security Summary – June 2017

While June was less eventful than May, it was still a big month regarding healthcare cyber security.  June is right in line with the 2017 monthly median for healthcare data breaches, but it is almost three times over the monthly median for records compromised. In June 2017 there were 26 healthcare data breaches and approximately 661,055 individuals affected by these breaches.

Since the beginning of the year
From the beginning of January through the end of June, there has been a total of 12,389,462 records compromised and 791 data breaches. Of those data breaches the healthcare industry, with 178 breaches and over 3 million records compromised, accounted for 22.5% of data breaches and 24.3% of records compromised.


Notable Incidents

Non-secure disposal of information
A Texas-based hospital notified patients about a possible security breach this month. This notification to patients was a result of a box of medical forms with PHI being found near an unsecured dumpster.  This incident, that may have affected 1,842 patients, gave unauthorized access to patient information including names, birth dates, case numbers and phone numbers.  It is unsure if additional information including mailing addresses, SSNs, health information and financial numbers were included in these forms. While there is no evidence to show these forms are being used maliciously, the organization offered concerned patients one year of free credit monitoring and are reviewing their current processes of PHI disposal to make any necessary changes.


Compromised while making education material
A Children’s Hospital in Missouri discovered a security threat through an unauthorized website that contained PHI collected by a hospital physician. The physician was using the information to create an educational resource. While the records were password protected the hospital considered the security measures in place insufficient. If an unauthorized individual or group accessed the site they would have  potentially been able to access sensitive information including names, medical records numbers, gender, dates of birth, encounter number, age, height, weight, body mass index, admission dates, discharge dates, procedure dates, diagnostic and procedure codes, and brief notes. The hospital took down the website immediately after it was discovered.

Health records found on side of the road
A healthcare organization in Tennessee misplaced documents that contained patient names, dates of birth, admitting diagnoses, account numbers and physician names. Luckily these records were found on a rural road in the area.  Further investigation revealed that documents did not include SSNs or medical records.