I haven’t been perusing as many coding sites and Facebook pages recently as I was a couple of years ago, but I did recently come across a post that captured my attention. Someone was asking if there was a way to get trained in a popular electronic medical record (EMR) to help them meet the requirements of a job. It seems many employers are looking for work experience with a certain EMR before considering a person for a position. Is this fair? Well, it may not seem fair if you’ve never worked as a coder, but if you have, chances are pretty good you’ve had exposure to some of the major EMR software vendors. For those of you who don’t have any practical EMR experience, here’s what you need to know.
Is it reasonable to require EMR experience?
First of all, if you’ve never coded before and your coding school didn’t have a relationship with an EMR vendor allowing you to learn the system, any reasonable hiring manager is not going to expect you to have experience. And if they aren’t reasonable, then you don’t want to work for them anyway (problem solved!). If I pick up your resume and see you have taken some coding classes and have never worked in the healthcare field but are “proficient” in EMR software, I am going to have more than a few questions for you. How did you get your EMR experience? Which systems did you use? What did you like or not like about it? In other words, I won’t believe you have experience with it and I will try to weed that out of you. Or even worse, I may be inundated with resumes and feel like you’re lying about something on the resume and I may not have the time or energy to do any investigating. Your resume may be relegated to the “no” pile.
Fact: your employer will train you
Here’s a fun fact. Even if you’ve worked as a coder for 2 years using a certain EMR software, you will have to have training at your new facility. You may think you know everything there is to know about a certain EMR software, but they are all customizable. As a consultant, I’ve used the same EMR software at several clients and they are all a little different. You may find documents stored in different places. Your favorite EMR feature at Hospital A may not have been “turned on” at Hospital B. So expect to be trained on the same software you’ve already been using every time you change employers.
EMRs are from Mars, encoders are from Venus
EMRs aren’t the same as encoders. Of course the EMR is where you will find the medical record documentation, but it is also where you will find financial information and abstracted data. Encoders and computer assisted coding (CAC) software are usually separate from the EMR. As a matter of fact, there aren’t a lot of EMR vendors who are also in the business of encoder software. That makes two different kinds of systems you need to be aware of. But have no fear: while it’s a plus if you have been trained on an encoder, you can expect your employer to train you there too.
You need to understand interfaces
Rather than obsessing over how to get trained on a particular EMR or encoder, here’s something more important for you to focus on: you need to understand software interfaces. Because your EMR and encoder are coming from two different vendors and they have to talk to each other, they rely on interfaces. How that’s set up is not important to you (although it’s very important to the information technology department), but how and why you enter data the way you do is based on interfaces. I’ve coded for lots of hospitals with lots of different computer systems, but in general, here’s how it works:
- You pull up the patient in the EMR.
- If you work with a CAC product, you launch the CAC by clicking a button in the EMR. This opens the CAC using an interface, so that it automatically pulls up the patient you are working on in the EMR and displays medical record documentation for coding.
- If you don’t have a CAC, you review the medical record documentation in the EMR and then launch the encoder using a button in the EMR.
- Once you are in the CAC/encoder, you code the record. This software allows you to look up codes and save them to a list. When you’re done, you click a complete button, and then you find yourself back in the EMR in the abstracting screens.
- If the interface is working properly, everything you entered in the CAC/encoder is shown on your abstracting screens. This is also where you can assign surgeons and dates to procedures as well as any other abstracted data your facility chooses to collect.
- You send the account to billing in the EMR by indicating the account is complete.
Henry Schein Practice Solutions, Inc., a provider of office management software for dental practices, agreed to pay $ 250,000 to the Federal Trade Commission (FTC) to settle charges that Schein lied to consumers about the level of encryption its product provides. The charges specifically address the level of security offered by Schein’s Dentrix G5 software, an office and data management tool that was marketed to address the day-to-day operations of a dental office including database storage of patient records. The software, originally launched in 2012, was marketed as offering encryption capabilities that would help a practice meet HIPAA security requirements.
In contradiction to Schein’s statements to consumers, Dentrix G5 did not use the National Institute of Standards and Technology (NIST) industry standard Advanced Encryption Standard (AES) security. Schein was aware that its product used a less complicated data encryption method and continued to explicitly promote the software’s data encryption capabilities and claimed that the software met “data protection regulations” in marketing material, the FTC alleged in its complaint.
The U.S. Computer Emergency Readiness Team (US-CERT) issued a warning in 2013 about the data encryption method Schein used in its software. Dentrix G5 used Faircom c-tree-ACE which offers a weak level of obfuscation. The algorithm used in this method was called Faircom Standard Encryption, but the name was changed to Data Camouflage to distinguish it from standard encryption algorithms. Faircom describes their Data Camouflage as a supplement to existing security and not a replacement for other security systems. US-CERT notified Schein of this vulnerability on June 10, 2013.
Schein is required by the consent agreement to notify all customers who purchased Dentrix G5 that the software does not offer industry-standard encryption. Schein agreed to provide the FTC with ongoing progress reports on its notification program, and is prohibited from using false advertising to mislead consumers about its products’ data encryption and security capabilities.
The FTC published a description of the consent agreement in the Federal Register. The consent agreement is open for public comment for 30 days. The FTC will then decide whether to make the consent agreement final. The deadline for public comments is February 4.