Apr
01
2014

Most of us take the concept of “identity” for granted. We know and recognize ourselves, our co-workers, family and friends and do not usually give a second thought to this phenomenon in our daily lives. We base these assumptions of identity on our memory and day-to-day interactions. More importantly, we trust these identities implicitly and act upon them automatically nearly every minute of our waking lives. Think about this — if everyone in your life was somehow magically removed from the Earth and replaced with an identical, look-alike copy, how would you be able to tell? You might be able to pick up on the change by asking questions or noticing a lack of knowledge of prior events, but some of the lesser players in your world might escape attention. Could you discern if the clerk at the local grocery was no longer the person you (fleetingly) knew, but rather someone else, posing as them? While it might be the basis for a science fiction story, the absurd nature of this example is actually close to the truth of the identity issue facing the healthcare industry today.

Within the healthcare industry, identity authentication poses perplexing issues for those engaged in creating transparency and interoperability for all parties in the healthcare ecosystem. Of course, the computer systems and databases used by physicians lack human empathy or insight. For them, identity is proven when a user presents some credential that gains them access to information. Hence, all access attempts to a system that use the same credential are indistinguishable from other attempts, despite who or what is behind them and whether they are presenting the credential honestly or with authorization. For example, how can we prove that a healthcare provider is who they purport to be? Who should prove that fact? How often should this proof be renewed?

The issue of identity becomes more complex as the number of credentials afforded a provider increases. In the past, providers have had one or two primary medical information systems with which they interact, usually located at their practice or place of work (hospital). Since the advent of Meaningful Use Stage 2, the rise of Health Insurance Exchanges (HIE) and Health Information Service (HIS) providers, the number of credentials a provider requires is rapidly rising. Despite recent pilot progress sponsored by the Identity Ecosystem Steering Group (IDESG) and the National Institute of Standards and Technology (NIST), we are still working to develop standards related to proving identity, and credentials that could be used to evidence that identity proof.

Proving identity is not easy, since it requires a number of cooperative steps and the willingness of a provider to answer questions or present existing identity proof that has already been established by a trusted source. In many cases, government issued photo identification may be used by a party to identify a physician. This is common practice in hiring, for example, and used in various other circumstances both within and outside of healthcare. Unfortunately, this level of proof has already been superseded by more rigorous processes, such as those required to enable a provider to electronically prescribe controlled substances (EPCS). Under controlled substance e-prescribing, a provider must be verified by a third party (not someone they work with or even the vendor offering e-prescribing). It must be based on financial data and verifiable with trusted sources.

As you can tell, trust is a central theme of the entire process. The essence of this trust is an acknowledgment of the certification given an organization and its processes to create a consistent and truthful result. The system or organization granting the provider access to a restricted process (as in controlled substance e-prescribing) or data (as would an HIE) must trust the entity doing the identity proofing of that provider. They must also trust the method by which that identity was proven. In turn, the identity provider must trust the answers to whatever criteria is placed before the healthcare provider (the subject). Usually, this process starts with a piece of private information supplied by the subject, such as an account number. Indeed, the subject must also trust that the identity provider is using information they are supplying only for purposes that the subject intends. Once the identity is proven, it is used by applications wishing to offer exclusive access to the subject/healthcare provider. Those applications must trust that the identity provider did their job effectively and indisputably. If any single link in this trust chain is broken, the entire chain fails and the subject’s identity is not conclusively proven.

Providing everything goes well, the fact that the identity has been proven is “bound” to a credential; a means to gain access to a system. We use the term “bound” to mean that the credential is assigned irrevocably to the identity of the person using it, the same person whose identity has just been proven.

Usernames and passwords have historically been popular credentials, but are now increasingly coming under fire due to their fragility and relatively insecure nature. Other credentials have emerged as more secure and less vulnerable, including two factor authentication devices (Public key infrastructure [PKI], one-time password, etc.) and multifactor devices that creatively use smart phones and other technology to avoid the use of passwords altogether. Regardless of the type of credential and its strength, it is the systemic equivalent of the identity it represents. That is, for purposes of system access, we assume that once the bound credential is validated, the intended provider is authenticated and allowed to enter that system. The credential and the identity are interchangeable, for purposes of access control.

In today’s healthcare environment, identity is ordinarily defined with a particular purpose in mind. That is, it’s defined separately by each application wishing to establish an identity control. This is unfortunate, because forming this identity and the trust that surrounds it is often time-consuming, expensive, and distracting to healthcare providers who must be intimately involved in the process. Consequently, providers often find themselves repeating the identity proofing process for each application that needs this level of assurance. Additionally, they are left with multiple credentials, one per application. This is quickly becoming untenable for several reasons:

  • the process is expensive, and these costs are very often shifted to the provider or the hospital
  • having multiple credentials that essentially prove the same fact can lead to inconsistencies as well as redundancies, since each application, identity proofer, and credential is separately managed and possibly vulnerable in different ways
  • the provider must remember which credential is to be used with each application, since most credentials are not transferable
  • there is no way to identify a fraudulent use of a credential across applications, since there is no gold standard for either identity or credential interoperability

The process of proving an identity and the trusting the provider, identity proofer and application is complex. The existing solutions in the marketplace do not meet a single standard, nor has such a standard been adequately articulated, at least not yet. There are many current workgroups addressing this deficiency, and all of them are reaching for the same brass ring: to create an interoperable, inexpensive, reusable identity standard that can be shared between applications without any degradation of trust; and, to identify an inexpensive solution to the federation of credentials, allowing them to be interchangeable with uniformly trustable results.

In the future, it should be unnecessary to create application access controls, security controls, and so on, for each application individually. Providers should not be forced to repeatedly prove their identity, nor wrestle with a host of application credential controls. The credentials that remain should include only those whose technology surpasses any password control, including biometric, multifactor, and similar approaches.

In future blog posts, I will expand on this theme and discuss the work at DrFirst and other leading firms that are addressing this issue. Together, we are forming answers to these difficult problems. Our success will signal the beginning of a new era in healthcare systems management.

About Eric Rosenfeld:

Eric Rosenfeld is the Chief Information Officer, having broad responsibility for all Information Technology at DrFirst, including software product development, computer operations, Quality Assurance, and Project Management. Mr. Rosenfeld possesses over 25 years of business and IT experience in companies throughout the health care industry. In March, 2010, he came to DrFirst from BlueCross BlueShield of Tennessee, where he was the Senior Vice President of Information Technology for BCBST’s wellness division. Mr Rosenfeld is an expert in the process of application design and development, project management, and process control.

Find all posts by Eric Rosenfeld | Visit Website

Add a comment
Mar
27
2014

In the very short amount of time since the New York State Bureau of Narcotics Enforcement (BNE) finalized its guidelines for providers and pharmacies to implement the Internet System for Tracking Over-Prescribing (I-STOP) there has been a widespread movement from the New York healthcare community to begin using the new technology. As of this writing, there are currently 1,346 pharmacies across the state that accept electronic transmissions of controlled substance prescriptions. Rite Aid was the first of the large pharmacy chains to become enabled in New York, followed quickly by Duane Reade and Walgreens. As of the publication time for this blog, CVS also has plans in motion that will bring its pharmacies across New York into the network of controlled substance e-prescription-enabled pharmacies within the next six months.

In essence, after a long runway, I-STOP is finally taking off.

New York providers have until March 27, 2015 to comply with the mandate to e-prescribe. But what, exactly, does that mean? First, providers need to identify an e-prescribing option that includes controlled substances well in advance of the deadline in order to complete the identity proofing (IDP) process. Providers must follow all of the requirements established by the United State Drug Enforcement Administration (DEA) in its Interim Final Rule regarding Electronic Prescriptions of Controlled Substances (information about these requirements can be found here, on the DEA website). In addition to following federal regulations, New York providers must also submit registration materials to New York’s Department of Health, Bureau of Narcotic Enforcement. More information about this process can be found on the BNE website, and a complete list of New York State requirements for EPCS can also be found here.

In short here are the 3 things a provider needs to do:

  1. Contract with e-prescribing company that is approved for controlled substance prescribing
  2. Complete the identity-proofing process and receive your token
  3. Complete the New York BNE registration form, sign it, scan it and email to narcotic@health.state.ny.us

Proponents of controlled substance e-prescribing are highly encouraged by I-STOP and applaud New York for leveraging technology to help combat the continued diversion and abuse of controlled substances. DrFirst in particular is proud of its history as the pioneering leader of this emerging technology that started with our helping the DEA shape its interim final rule requirements, continued when a DrFirst prescriber sent the very first electronic prescription for a controlled substance in Berkshire County, Massachusetts in 2009. DrFirst has long recognized the amazing potential which controlled substance e-prescribing has in the fight to keep the controlled drug abuse pandemic at bay.

About Michelle Soble-Lernor:

Michelle Soble-Lernor is DrFirst’s Principle Pharmacist, and works in our Clinical Quality Office. Michelle plays a leading role in ensuring the security, quality, and precision of DrFirst’s interactions with key stakeholders. She earned her BA in Pharmacy and her Master’s in Toxicology at the University of Arizona prior to receiving her MBA in Healthcare Management at Western International University. In addition to her duties at DrFirst, Ms. Soble-Lernor is also an active and influential voice within her pharmacy community, serving as a Clinical Instructor of Pharmacy Practice and Services for the University of Arizona’s pharmacy school, as well as an Adjunct Assistant Professor of Pharmacy Practice at Midwestern University Glendale’s pharmacy school. Ms. Soble-Lernor also continues to work as a retail pharmacist on a limited basis in order to stay abreast of new industry trends and dynamics.

Find all posts by Michelle Soble-Lernor | Visit Website

Add a comment
Mar
14
2014

On Wednesday, I shared my thoughts on privacy and interoperability with the HIT Standards Committee’s Privacy and Security Workgroup. As the Chair of the U.S. Department of Commerce Healthcare Industry Committee that deals with emerging strategies for “Trusted Identities in Cyberspace” I have a front row seat, so to speak, on the issues facing the healthcare community on these topics. In essence, I expressed my belief that the nexus of privacy and interoperability surrounding identities is one of our most pressing concerns when it comes to healthcare technology.

You can read my full comments here: http://www.healthit.gov/facas/sites/faca/files/PSWG_Testimony-Tom%20Sullivan_2014-03-12.docx

About Tom Sullivan:

Dr. Sullivan is a practicing cardiologist who joined DrFirst in 2004, just after completing his term as President of the Massachusetts Medical Society. He is known throughout the healthcare industry as the father of the Continuity of Care Record (“CCR”) and a leader on the future of healthcare technology. He is assisting DrFirst in ensuring that Rcopia continues to add the functionality necessary to maintain its leadership position both in electronic prescribing and in the channel of communication between various sectors of the healthcare community and the physician. Dr. Sullivan is active in organized medical groups at the state and national level, and is both a delegate to the AMA and the Chairperson of their Council on Medical Service as well as past Co-Chair of the Physicians EHR Consortium.

Find all posts by Tom Sullivan | Visit Website

Add a comment
Jan
21
2014

Much has changed in the prescriber and the clinical IT vendor communities since the DEA issued the Interim Final Rule in early 2010, making electronic prescribing for controlled substances (EPCS) legal at the federal level. For instance, the White House’s decision to highlight the controlled substance drug abuse epidemic and crisis has spurred state legislators and regulators to pass new laws and strengthen existing regulations, such as the regulations that govern the state PDMP registries mentioned in earlier installments of this series. Some of the most far reaching changes have resulted in significant new obligations on physician practices, as well as EHR and EPCS vendors.

Prior to the 2010 IFR, it was generally the responsibility of the dispensing pharmacy to act as the first line of defense in detecting and addressing fraud, abuse, and diversion through strict reporting rules, in addition to its obligation to contact providers or their offices should questions arise over a given prescription. The requirement for detailed, organized audits, paper record keeping, and other protocols had already been in place for some time. The arrival of EPCS has added a series of new responsibilities to physicians and their software vendors. These new responsibilities include: very strict third-party identity proofing, new requirements for 2-factor authentication (often including a “hard token”), certification of the vendor application, and comprehensive electronic audit trails.

In addition to those federal requirements, some states have recently updated their PDMP to near-real-time reporting and secure web availability for all dispensed controlled substance drugs. New York in particular has enacted and recently implemented a mandatory “Duty to Consult” law, though certain waivers are permitted. I expect this will have a significant—and largely beneficial—impact over the next year and beyond, and will do much to help address the controlled substance problems in the state of New York.

Nevertheless, state authorities need to recognize the importance of working with the healthcare IT industry to minimize “the number of clicks” necessary to utilize any given technological solution, while also accomplishing the laudable objective of helping to curb abuse and illegal diversion of controlled drugs. It’s my opinion that these new regulations, along with other trends, have a potential downside in the form of disruptions to physicians’ workflows that could hamper productivity and efficiency across the healthcare industry.

Over the past 20 years, physicians have been paying much greater attention to workflow efficiency. There are so many interruptions and nonclinical obligations in most physicians’ offices today that a large percentage of practicing doctors have become angry and frustrated with a healthcare system that limits the amount of time that they devote to direct patient care. Unfortunately, these frustrations have been exacerbated by recent clinical information technology incentives, penalties, and software requirements that distract these highly-trained individuals from making the best use of their time. The time that physicians spend wrestling with technology is time they cannot spend with their patients. In fact, it is well documented that the burnout rate for physicians is approaching 30-40%, an unacceptable and astonishingly high rate. Clinical IT requirements, healthcare IT usability, and the demands on physicians’ time are all contributing factors to the high burnout rate among doctors, especially among more experienced practitioners, who did not grow up with computers and the Internet.

For these reasons, it’s extremely important that every mandate, incentive, and penalty for clinicians is carefully considered and implemented only after the completion of credible pilot programs. Additionally, there must be a mechanism for constructive feedback, and in some cases delays in deadlines when physicians, their organizations, and the vendor industry have demonstrated the need to make changes to newly instituted statutory programs.

DrFirst has been a proactive leader at both the regional and national levels in designing clinician-oriented, workflow-optimized, and easy-to-use healthcare software designs. We also have a strong history of collaboration with legislators and regulators as they craft new policies and regulations, helping to educate them about the importance of efficient workflow.

In fact, when asked to give a presentation last year to Dr. Farzad Mostashari, former director of the ONC, as well as his sub-committee, I reminded Dr. Mostashari of the wisdom behind what is widely accepted as the first rule of patient care, namely: “Primum Non Nocere” meaning “First of All, Do No Harm.”

Given the observations mentioned above I suggested a contemporary, new rule, namely: “Secundum, Tardus Ne Me,” which, translated from the Latin, means “Second of All, Don’t Slow Me Down.”

I hope that the brief humor generated by that comment, which was instantly Tweeted by Dr. Mostashari, will remind legislators, regulators, software designers, and policy makers that workflow efficiency is a serious industry concern.

  1. The Controlled Substance Epidemic and Crisis
  2. PDMP – What is it?
  3. EPCS – What’s New?
  4. Which one is more important…PDMP versus EPCS?
  5. The Physician and prescriber role in Controlled Substance Fraud and Abuse
About Tom Sullivan:

Dr. Sullivan is a practicing cardiologist who joined DrFirst in 2004, just after completing his term as President of the Massachusetts Medical Society. He is known throughout the healthcare industry as the father of the Continuity of Care Record (“CCR”) and a leader on the future of healthcare technology. He is assisting DrFirst in ensuring that Rcopia continues to add the functionality necessary to maintain its leadership position both in electronic prescribing and in the channel of communication between various sectors of the healthcare community and the physician. Dr. Sullivan is active in organized medical groups at the state and national level, and is both a delegate to the AMA and the Chairperson of their Council on Medical Service as well as past Co-Chair of the Physicians EHR Consortium.

Find all posts by Tom Sullivan | Visit Website

Add a comment
Dec
19
2013

To follow on to my introductory blog post regarding prescription quality, this blog series is dedicated to examining current quality issues in the e-prescribing industry in order to help foster cross-industry conversations about some of the most pressing dilemmas in the field today.

In this blog, let’s examine the broader question of mandating specific fields for prescriptions such as days supply, diagnosis and structured and codified sig, and how this move could impact the broader industry.

The question is this: should the e-prescribing industry standardize specific, mandatory fields beyond what is traditionally encompassed in the current script standard? This would be a contentious step for the industry. Ease of use, flexibility, and limitations of software are just some of the reasons that point-of-care vendors cite when discussing the issue of making certain fields mandatory.

It’s wise to guard against industry developments that have the potential to stifle or otherwise limit innovation, but there are areas where we can make improvements, without placing arbitrary or unnecessary obstacles in the way of providers. For example, we can add some additional fields to ensure that patients are getting the right medications and know how to take them. However, I believe that there should be limits on how much emphasis we as vendors place on mandates, given the realities of a complex and dynamic clinical environment: the fact is, not all prescriptions fit into a nice neat box.

For instance, we know that current standards require quantity but do not require a stipulated days supply. I think the two go hand in hand. Why require days supply? Well, for pain medications, it allows the pharmacist to know whether the medication is to last a certain number of days, and to notify the prescriber for a possible overuse situation. For creams and ointments, it allows the pharmacist to know how long the patient should use the medication. This is important, for example, for corticosteroid topical agents, as long term use can have negative consequences. The days supply aids the pharmacist’s understanding and therefore aids proper patient counseling.

In addition to adding in a stipulated days supply, it would be highly beneficial to the healthcare industry if we finally began moving toward a structured and codified sig. This has been discussed for a long time by many leaders across the e-prescribing industry, but we have always delayed moving forward with the structured and codified sig over concerns regarding the complexity involved in implementing it. Continuing to delay implementing this initiative is detrimental to the industry’s long-term interests. My suggestion is that we begin with an interim solution, with the e-prescribing industry building in some segments of the structured and codified sig while gradually building toward the completed product. All participants should implement a minimum of two segments and up to at least 6 segments.

Certain specialties require prescriptions that are fine tuned for each patient, which generally means that the medications require tapered directions or titration instructions. At DrFirst, we are routinely asked when the industry will support prescriptions of this nature. Adjustments should also be made to account for the difficulty of placing some drugs neatly into boxes. Drugs like Azithromycin packs and Medrol dose packs, or even GI preps do not fit neatly into simple structured directions. These types of products have multiple day directions over several days. Other pharmaceutical products, such as GI preps, are even more distinct since they also include custom directions by GI specialists. And, while some Latin abbreviations are slowly being phased out due to the ease of e-prescribing applications, we still see providers using these abbreviations. It is time to rethink their continued utility within the field.

Finally, patient diagnosis information should be required for all prescriptions sent or printed from providers to pharmacists. This step has the potential to add an entirely new level of clinical benefits to e-prescribing because including patient diagnosis information will allow for far more meaningful consultations between patients and pharmacists, which further supports the information that the prescriber has given the patient. As a pharmacist, I am frustrated by the lack of information regarding patients’ conditions over the course of routine consultations, because there are so many drugs that have multiple indications and are prescribed to treat a variety of different symptoms, ailments, and conditions. For example, I would have a very different conversation with a patient who is taking metformin for polycystic ovarian disease (PCOS) versus one taking the medication for type 2 diabetes. In general, having access to provider diagnosis can aid pharmacists in helping patients understand their medication and the importance of adhering to their medication regimens.

I challenge my colleagues across the e-prescribing industry to begin thinking about how mandatory standards like these can help minimize many of the most common errors, and to join me in considering how best to implement these new standards. And don’t worry about rocking the boat or proposing something that may cause some initial alarm within the broader healthcare community. I remember when the quantity field was first made mandatory. Providers were upset because in the past, they relied on the pharmacist to figure out the quantity. We all have a responsibility to ensure that the right patient has the right drug, with the right directions, at the right time. These proposed improvements in e-prescribing would provide very real, positive impacts for pharmacists, providers, and most importantly, to patients.

Now, I’d like to turn this discussion over to my readers and industry colleagues. What do you think? Are these proposals worthwhile? Are there other standards you would like to see?

  1. E-Prescription Quality: An Industry Issue
  2. Should the E-prescribing Industry Require Mandatory Standards?
  3. Change the way we determine certification requirements?
  4. Force usability standards or specific workflows?
  5. Attempt to alter provider behavior to reduce common errors? If so, how?
  6. Require that vendors mandate more rigorous training regimens for providers and their staff prior to authorizing the use of their specific e-prescribing solution?
About Michelle Soble-Lernor:

Michelle Soble-Lernor is DrFirst’s Principle Pharmacist, and works in our Clinical Quality Office. Michelle plays a leading role in ensuring the security, quality, and precision of DrFirst’s interactions with key stakeholders. She earned her BA in Pharmacy and her Master’s in Toxicology at the University of Arizona prior to receiving her MBA in Healthcare Management at Western International University. In addition to her duties at DrFirst, Ms. Soble-Lernor is also an active and influential voice within her pharmacy community, serving as a Clinical Instructor of Pharmacy Practice and Services for the University of Arizona’s pharmacy school, as well as an Adjunct Assistant Professor of Pharmacy Practice at Midwestern University Glendale’s pharmacy school. Ms. Soble-Lernor also continues to work as a retail pharmacist on a limited basis in order to stay abreast of new industry trends and dynamics.

Find all posts by Michelle Soble-Lernor | Visit Website

Add a comment
Dec
12
2013

In light of CMS’s recent announcement that it has decided to delay the onset of Meaningful Use Stage 3 until 2017, the first question everyone seems to be asking has been: how does this affect providers and MU Stage 2? The short answer is there probably will not be many, if any, immediate or impactful changes for the great majority of providers in small to medium ambulatory clinical practices.

However, this is a qualified “win” for vendors, data analysts who work at the ONC and CMS, and selected large hospital based health systems. Hospital based systems, in addition to a large number of stakeholders across all of the affected industries, have advocated for a delay in the start of Stage 2 (which began in October of this year for hospitals) rather than just an extension. Stage 2 will still start in January for all other affected medical professionals such as physicians or eligible providers.

Over the past 6 to 12 months, major industry and professional organizations such as CHIME, the AHA, the AMA, the AAFP, the ACP, HIMSS, and MGMA have joined a large number of senators advising that CMS and the ONC delay Stage 2. Many providers have found it incredibly difficult to successfully implement Stage 1 requirements within their workflow without having productivity suffer. These providers are increasingly concerned about their practices’ abilities to efficiently adapt to the more technical and secure patient communication requirements of MU Stage 2.

Only three percent of vendors have successfully certified for Stage 2 as recently as October of this year, which reflects the sheer amount of time and effort that certification requires for the healthcare IT industry. Delaying Stage 3 until 2017 demonstrates that CMS wants to avoid any further issues going forward and wants to give the healthcare IT industry, among others, enough time for research and development to get Stage 3 right from the beginning. Both the IT industry and the analysts at CMS and the ONC will now have additional time to examine what is working and what is not. This will be most helpful for CMS itself as they determine how much more everyone will be “pushed” to adopt more stringent requirements that promote interoperability, the use and documentation of clinical quality measures and more secure, clinical communications particularly through the Direct Project protocols (especially with patients, not just with providers).

The delay in the onset of Stage 3 will help propel IT vendors into a stronger position of readiness. This will also help providers, as they will not have to face the potential of lost incentive money or worry about the possibility of penalties as their EMR systems attempt to satisfy CMS’s stringent requirements.

CMS has also announced that an additional option set of Meaningful Use Stage 3 certification standards will be developed in an effort to help keep Stage 3 responsive to the dilemmas providers encounter over the course of navigating Stage 2 of the program. According to their press release, CMS will release “proposed rulemaking (NPRM) for Stage 3 and corresponding ONC NPRM for the 2017 Edition of the ONC Standards and Certification Criteria…in the fall of 2014, which will outline further details for this proposed new timeline. The final rule with all requirements for Stage 3 would follow in the first half of 2015. All stakeholder comments will be reviewed and carefully considered before the release of the final rules.” Later in its press release, CMS notes that the ONC will be soliciting feedback from across the industry in order to formulate this second set of certification standards. CMS notes that its 2015 standards will not be mandatory and that any vendors or providers that have chosen to go with a 2014 certified product will not be penalized or forced to adapt their systems. This approach has met mixed reviews from CIOs and Health IT execs who feel that creating two sets of standards in consecutive years will be cause for confusion and frustration, and will not have the desired effect of making for a smooth transition in 2017.

Finally, one benefit of the delay, perhaps unintended by CMS, is that it allows room for competing priorities in small and large systems in 2014. These include the ICD-10 deadline in October, meeting the much stricter HIPAA Omnibus rule (which is already in effect), the PQRS quality reporting system requirements, and the new accounting changes and accommodations needed to meet the increased patient load from ACA staged rollouts.

On the bright side, it does appear that CMS is being much more sensitive and responsive to the general concerns of providers, hospitals, and the healthcare IT industry as it moves forward. This shows that CMS has been able to reflect on and their approach and make essential changes after receiving so much criticism for its handling of Meaningful Use Stage 2.

About Tom Sullivan:

Dr. Sullivan is a practicing cardiologist who joined DrFirst in 2004, just after completing his term as President of the Massachusetts Medical Society. He is known throughout the healthcare industry as the father of the Continuity of Care Record (“CCR”) and a leader on the future of healthcare technology. He is assisting DrFirst in ensuring that Rcopia continues to add the functionality necessary to maintain its leadership position both in electronic prescribing and in the channel of communication between various sectors of the healthcare community and the physician. Dr. Sullivan is active in organized medical groups at the state and national level, and is both a delegate to the AMA and the Chairperson of their Council on Medical Service as well as past Co-Chair of the Physicians EHR Consortium.

Find all posts by Tom Sullivan | Visit Website

Add a comment

Subscribe

Whether you're looking for the latest news in healthcare technology, best practices for clinical and patient care, or to stay up to date on the latest federal and state healthcare legislation, you’ve come to the right place. The DrFirst blog is your source of insight, analysis and helpful content, to help you and your patients succeed in the ever-changing healthcare industry.