http://xw2k.nist.gov/healthcare/docs/170.302.l_PublicHealthSurveillance_v1.1.pdf is the test for the ability to perform syndromic surveillance. Basically some trigger event like the diagnosis of TB should alert the user to send a report to the CDC or other agency. The report has to structured along the lines of HL7 2.3 or 2.5.1, preferably the latter since the former lacks an implementation guide. The "how" of sending does not appear to be covered. There are mapping guides that describe per syndrome what the content of the HL7 message has to be eg. different ones for TB, Varicella etc.
I don't know who is expected to be able to read the Tuberculosis Case Notification Message Mapping Guide http://www.cdc.gov/phin/library/documents/pdf/guides/Tuberculosis_Message_Mapping_Guide-v2.02.pdf but the thing prints out in a 6 point font!
Unlike the HL7 immunization message, the CDC requires that facilities have and submit an OID ( object identifier) that is in the PHIN OID registry. These can be obtained from the CDC.
Syndromic Surveillance is now done using the generic mapping profile. I need at some stage to add more than the minimum required dataset, and to save and restore messages sent to the CDC.
http://xw2k.nist.gov/healthcare/docs/170.304.g_TimelyAccess_v1.1.pdf Timely access means providing a patient with online access to their data. We can do this through the portal but need to add allergy information which is not currently available. *lab test results *problem list *medication list are available already.
http://xw2k.nist.gov/healthcare/docs/170.304.e_ClinicalDecisionSupportAmb_v1.1.pdf tests the ability of an EHR to implement clinical decision support based on diagnoses, medications and lab results. This is satisfied by the existing HMG mechanisms.
http://xw2k.nist.gov/healthcare/docs/170.304.d_GeneratePatientReminders_v1.1.pdf This test is to be able to generate patient reminders. So, we need a way to apply the HMGs to the existing population and bring up a list which can then be notified based on some communication preference. Eg. list all patients on warfarin who have not had an INR done in the last month and send a reminder to them. This means we also have to store the patient preferences on how they are to be contacted. Eg. voice, mail, email ( protected), sms, facebook etc.
Thinking about this again, we can just use the existing report mechanism, and change it to also report the contact preference.
This is now done. We have a new patient preference to store their contact preferences, and this preference is now displayed when you do a query. At this time we do not need to send out a reminder.
http://xw2k.nist.gov/healthcare/docs/170.304.b_eRx_v1.1.pdf This tests the ability of the EMR to be able to generate a NewRx message and then transmit it somehow. We did this work a while ago and just need to make sure that our NewRx messages are compliant.
Looks like there have been some changes in the XML specification since my original implementation. I'll have to get the new specs from surescripts.
I have reviewed the NIST test script and the new items are /Version /Release and something in the /To /From sections which I have no idea as to what they are referring. I implemented Version and Release below Message as that seems to be the logical place. There was one error found in that phonenumbers have a phone section and this is now corrected. However, I found 3 xpath errors in the NIST test script! So, will have to contact them to clarify. In the meantime I consider the NewRx message is now compliant.
Audit Log I can't provide the link as the NIST site is currently down, but the Audit Log records date, time, patient, user and action taken - when health information is created, modified, accessed or deleted. And a log has to be able to be generated. This could potentially create very large tables ... but is easy enough to accommodate.
Integrity 170.302s EHR has to be able to calculate a hash value on health information. Since this implies the exchange of data, I have enabled a SHA-1 calculation on a CCR/CCD.
General Encryption 170.302u Tests the ability of the EHR to encrypt and decrypt using recognized an algorithm recognized by FIPS. Added an applet that encrypts and decrypts files using Rijndael 256 bit.
Encryption when exchanging electronic health information 170.302v Same as General Encryption but additionally the file has to be transmitted somewhere.
Drug-formulary checks 170.302b This tests the EHR to see if it can pick a drug from a preferred formulary as opposed to just typing in the prescription. Synapse maintains 3 separate formularies ie. FDA, RxNorm, and the NZ Drug database. So, no worries here.
Computerized Provider Order Entry 170.304a Need to be able to record, store, retrieve, and modify medications, labs and imaging. We can do all of the above except modify labs, and imaging which we can do by implementing deletion and re-order.
CPOE is now done. You will be able to cancel labs, and imaging and re-order them which fufills the 170.304.a test.