Step 1 – Opposing Views of EMR’s Ability to Improve Care and a Possible Synthesis

The Argument In Favor of: Computerized electronic medical records (EMR) will improve quality of care. EMR facilitates streamlining administrative processes, reducing overhead. Accurate and quickly accessible patient health information is a prerequisite to timely, informed, patient-centered medical care. Numerous studies have shown that CPOE can reduce medication errors and adverse events as much as 99%, increasing safety and reducing costs.(1) The ability for practitioners to access the same record in real-time from multiple sites or to send a record electronically to another provider puts potentially life-saving information where it is needed most. Decision support systems built on top of EMRs can support care by managing clinical complexity, controlling cost by suggesting less expensive alternatives, catching drug-drug or drug-allergy interactions, and promoting best practices.(2) EMR can help empower patients by connecting them to tailored health education materials. Other information intensive industries spend approximately 10% of their budgets on IT whereas health spends only 3%. If the health sector spent similarly, it would be able to realize significant gains.

The Argument Against: Electronic medical records rarely improve medical care and can even make it worse. Jeffrey Linder et al found that there was no association with presence of EMR and quality for 17 different measures, and this has been confirmed by other studies.(3) Providers who have experienced gains are generally academic medical centers whose results are not reproducible outside of that setting. In one example, Children’s Hospital of Pittsburgh rolled back a multi-million dollar CPOE implementation in the pediatric ICU after it was discovered that mortality had increased. Physician productivity can drop as much as 20% for the first 6 months after EMR implementation. A good ROI has generally only been obtained by large, integrated networks through savings on administrative overhead. Until technology systems mature and implementation processes improved, resources would be better invested elsewhere.

A Potential Synthesis: Electronic medical records are an enabling technology that supports cost-savings and quality improvement processes only if meaningfully and effectively used. David Cutler maintains that other industries required ten years to realize industry-wide gains from the use of information technology. The health sector started using IT later than other industries, but will be able to realize significant gains after clinical workflows and local cultures adapt. EMR data enables providers to do monitoring and evaluation and quality improvement that would not be possible otherwise, but business processes must be modified to take advantage of them. Providers should first implement technologies and features that have proven to be effective, such as CPOE, automated prescribing and dispensation. National “meaningful use” regulations, while imperfect and politicized, help guide physicians, health system planners and vendors on methods to increasingly leverage technology to improve health.

—-

1. Koppel, JAMA 2005; Bates, 1998; Pestotnik 1996.
2. Perreault L, Metzger J. A pragmatic framework for understanding clinical decision support. Journal of Healthcare Information Management. 1999;13(2):5-21.
3. Jeffrey A. Linder, MD, MPH; Jun Ma, MD, RD, PhD; David W. Bates, MD, MSc; Blackford Middleton, MD, MPH, MSc; Randall S. Stafford, MD, PhD. Electronic Health Record Use and the Quality of Ambulatory Care in the United States. Arch Intern Med. 2007;167(13):1400-1405.

Health IT Update – 3/24/2010

1. Networking Event with Jonathan Bush – April 1, 6-8pm @ HBS, Williams Room – RSVP Required

2. Massachusett’s Governor’s National HIT Conference – Health IT: Saving Lives, Reducing Costs & Creating Jobs – April 29-30 (http://mahealthdata.org/Events?eventId=131818&EventViewMode=EventDetails)

3. ONC Releases White Paper on Consumer Consent Options for Electronic Health Information Exchange

———-

1. Networking Event with Jonathan Bush – April 1, 6-8pm @ HBS, Williams Room – RSVP Required

RSVP Required: hit.networking.2010@gmail.com (Include name and organization). Space is limited so reserve your spot quickly!

PHAT and the Health Underground, Boston’s new multi-disciplinary forum for graduate students interested in health IT, invite you to an evening of conversation and networking with Jonathan Bush, CEO of AthenaHealth, on April 1 at the Harvard Business School. Mr. Bush will be sharing the AthenaHealth story and his vision for the future of health IT. Light snacks and drinks provided.

Thursday, April 1, 6-8pm, Williams Room, Harvard Business School

Jonathan Bush, CEO, President and Chairman, AthenaHealth – Jonathan Bush is athenahealth’s Chief Executive Officer, President and Chairman. Mr. Bush co-founded athenahealth in 1997. Prior to joining athenahealth, Mr. Bush served as an EMT for the City of New Orleans, was trained as a medic in the U.S. Army, and worked as a management consultant with Booz Allen & Hamilton. Mr. Bush obtained a Bachelor of Arts in the College of Social Studies from Wesleyan University and an M.B.A. from Harvard Business School.

——

2. Massachusett’s Governor’s National HIT Conference – Health IT: Saving Lives, Reducing Costs & Creating Jobs – April 29-30 (http://mahealthdata.org/Events?eventId=131818&EventViewMode=EventDetails)

Registration for full-time students is only $150!

This is a one-of-a-kind event which will bring together state leaders such as:

• Governors,
• Secretaries of Health and Human Services,
• Medicaid Commissioners,
• HIT Coordinators, and
• key state legislators

along with federal officials and the Massachusetts healthcare community to discuss how we can successfully implement health information technology and health information exchange.

You don’t want to miss the opportunity to hear the remarks from federal and state leaders and to meet and network with people from around the country that are addressing the challenges of HIT policy development and implementation. The program will be held at the Westin Waterfront Hotel, conveniently located near Logan Airport and downtown Boston.

—————–

3. ONC Releases White Paper on Consumer Consent Options for Electronic Health Information Exchange

The whitepaper examines issues regarding whether, to what extent, and how individuals should have the ability to exercise control over their health information in an electronic health information exchange environment.  It looks at existing approaches and details policy options, considerations, and analysis.  This whitepaper will serve as input to, and be reviewed by, the HIT Policy Committee’s Privacy and Security Workgroup as it prepares to make recommendations related to consumer consent in an electronic health information exchange environment.  The whitepaper is the first in a series of privacy and security reports developed by George Washington University under contract with ONC.

The whitepaper can be downloaded at http://healthit.hhs.gov/portal/server.pt?open=512&objID=1147&parentname=CommunityPage&parentid=32&mode=2&in_hi_userid=11113&cached=true

Summary of Massachusetts Health IT Plan

Overview

The Massachusetts Health IT Draft Plan was released for public comment in January 2010 and the commenting period is now closed. The plan outlines high-level statewide goals and strategies for achieving improved health outcomes and reduced costs through the use of interoperable EHR systems and health information exchange (HIE). The document sets up governance structures and policy priorities for the planning for use and implementation of federal HI-TECH funds. Currently MA has been awarded ~$25mil, $14mil to MeHI for regional extension centers (RECs) and $10mil to MeHI for HIE. After the MA HIT Plan is adopted, the HIT Council is responsible for the governance structure and MeHI is the Project Management Office (PMO).

The HIT Plan was created in response to a number of MA statutes, including Chapter 305, MA 201 CMR 17:00, and Executive Order 504. The original plan was publicly announced in Jan 2009, but withdrawn due to the announcement of the HITECH Act portion of ARRA. The HIT Council and MeHI contracted Deloitte to update the plan to correspond with the HITECH Act and Meaningful Use regulations.

The tentative milestones lay out an aggressive plan in line with federal meaningful use requirements.

Tentative Milestones

Target Year	Key Milestone Examples
2010	Develop HIT Strategic Plan Establish PMO Develop Governance structure with decision-making processes Convene Ad-Hoc Workgroups Produce Program communication plan Initiate Vendor Management and contractual agreements Submit the HIE operational plan including sustainability, privacy and security, etc. Develop Certification Program IOO Provider funding alternatives Oversee the REC Operational Plan Establish Medicaid Partnership Recruit approximately 25% Priority Providers for REC Coordinate Workforce development activities Select HIE Vendor(s)
2011	Recruit approximately75% priority providers for REC Establish Patient Engagement baseline Provide Certification Program statewide HIE Pilot Operational HIE (clinical) Ensure REC Priority Providers achieve stage 1 meaningful use Provide Initial Population Health Reporting (local)
2012	Ensure Operational HIE comleted with governance structure in place Provide Consumer Engagement survey Ensure the Integration of EHRs to operational HIE
2013	Ensure REC Priority Providers achieve stage 2 meaningful use Develop Expansive Population Health Reporting (local, state, national)
2014	Pilot Interstate HIE Interoperability Re-Certify IOOs Perform Privacy and Security Audit
2015	Meet Chapter 305 requirement of implementing EHR systems in all provider settings and integrating those systems through a robust HIE Interstate Complete HIE Interoperability REC Priority Providers achieve stage 3 meangingful use Provide Consumer Engagement survey NHIN pilot if available

Statutory Overview

• Chapter 2008 passed in August 2008
• MA Legislation Chapter 305 formed the HIT Council
• The HIT Council was charged with creating a statewide HIT Plan and updating it annually. Plans must be approved by the council and the MA Technology Collaborative Board
• HIT Council Members – (look this up), includes Karen Bell
• Background – contracted BCG to create plan which was completed by Jan 2009, right when the Stimulus bill & HITECH Act were released, so plan was pulled back. Deloitte was contracted to create updated plan which was released Jan 2010
• “Community-Based Approach” – inspired by Mass eHealth Collaborative’s 2004 EHR deployment in 3 communities with attempted interoperability, supported by $50mil MA BCBS grant
• MA Plan adopts opt-in HIE and anytime opt-out (which is different than many other states which are opt-out)

MA HIT Plan – Table of Contents

• Executive Summary
• Introduction
• Establish Multi-stakeholder governance
• Establish a Privacy Framework to Guide the Development of a secure HIT environment
• Implement interoperable electronic health records in all clinical settings and assure they are used to optimize care
• Create a local workforce to support HIT related initiatives
• Monitoring success
• Path forward

Discussion

• ARRA
  • Regional Extension Centers (RECs): Provided ~$14mil to MeHI (the MA regional extension center) for implementation of regional extension centers in MA ($625mil total, and ~$100mil given out so far)
  • Health Information Exchange (HIE): Provided $10.6mil for HIE funds to MeHI (again, the state-selected entity), to create the plan (and no one knows where the plan will take us)
• Carol Rodenstein, MeHI Program Director
• HIT Council Members
  • JudyAnn Bigby, MD, Secretary of HHS Massachusetts
  • Deborah A. Adair, Director of Health Information Services and Privacy Officer, MGH
  • Meg Aranow, VP & CIO, Boston Medical Center
  • Karen Bell, MD, Sr. VP of HIT Services, Masspro
  • Lisa Fenichel, MPH, eHealth Consumer Advocate
  • Jay Gonzales, Secretary of Administration and Finance, Massachusetts
• Median practice size in MA is 3 physicians
• Masspro has a lot of experience with small practices and workflow issues associated with EHR implementation
• End of April, governor is inviting governors from entire country, all 50 HIT coordinators, all 50 Medicare reps, all 50 Mecaid reps, and others to bang heads re: conference
• Health care is the largest employer in Mass, employing ~450k workers with $29bil in revenue in 2005.
• Small practices aren’t going away…will lead to the rise of the IPAs
• Health delivery will look a lot different in 2015

High Level Policy Goals:

• Goal 1: Improve access to comprehensive, coordinated, person-focused health care through widespread provider adoption and meaningful use of certified EHRs
• Goal 2: Demonstrably improve the quality and safety of health care across all providers through HIT that enables better coordinated care, provides useful evidence-based decision support applications, and can report out data elements to support quality measurement.
• Goal 3: Slow the growth of health care spending through efficiencies realized from the use of HIT.
• Goal 4: Improve te health and wellness of the Commonwealth’s population through public health programs, research, and quality improvement efforts enabled through efficient, reliable and secure health information exchange processes.

Strategies to Accomplish these  Goals:

1. Establish multi-stakeholder governance
   1. The components of the proposed governance structure are:
      1. These organizations: HIT Council, MTC, MeHI
      2. 6 Ad Hoc workgroups: Clinical Quality and Public health, consumer engagement, education, and outreach, Privacy and security, regional extension center, HIE, workforce development
   2. Estimated that this will be >= 90% private funded
   3. HIT Council oversees governance structure
   4. MeHI is acting Project Management Office
2. Establish a privacy framework to guide the development of a secure HIT environment
   1. ONC’s 6 Privacy Principles: Individual Access, Correction, Openness and Transparency, Individual Choice, Collection, Use and Disclosure Limitation, Data Quality and Integrity
   2. Commonwealth’s privacy and security framework will focus on four key areas: Compliance with policies and standards, Secure HIE technology, Process for certification, Consent management
   3. Privacy/Security rules based on the following previous rulings:
      1. Federal: HIPAA, HITECH Act, FISMA, MITA, HITSP, NIST 800 Series, Privacy Act of 1974
      2. State: Chapter 305, MA 201 CMR 17:00, and Executive Order 504
3. Implement interoperable health records in all clinical settings and assure they are used to optimize care
   1. MA  has officially adopted the goal of meaningfully used EHR in all physician practices by January 1, 2015
   2. MA will provide direct assistance to ~2500 providers to achieve Meaningful Use by contracting with Implementation Optimization Organizations (IOOs)
   3. To ensure adequate funding – 1) promote a loan program, 2) endorse use of state funds, 3) provide support to providers to receive Medicare incentives
   4. Build an effective REC program for the Commonwealth focusing on: individual & small group practices, public and critical access hospitals, community health centers and rural health clinics, other clinics serving the underserved
4. Develop and implement a statewide HIE infrastructure to support care coordination, patient engagement, and population health
   1. HIE Priorities: administrative simplification, e-prescribing, electronic laboratory ordering, electronic public health reporting, quality reporting, prescription status, coordination of care/clinical summary exchange
   2. Will continue to support PHR’S currently supported by MA providers and payers
   3. This effort will be lead by MeHI
   4. Existing HIE Initiatives in MA: Northern Berkshire eHealth Collaborative, Newburyport, SAFEHealth, CHAPS, and NEHEN
   5. MeHI has selected a hybrid HIE model (as opposed to centralized or federated) which will use both centralized and distributed data repositories, allowing the majority of the data to stay at the site of collection
5. Create a local workforce to support HIT related initiatives
   1. High demand and low supply right now for health IT employees
   2. Estimated through 2016 that 64k new health care jobs will be created in the Commonwealth
   3. Development of training programs using federal dollars focusing on implementation, project management, practice management, and data management. Programs will intentionally seek out unemployed persons.
6. Monitor success
   1. Quality measurement program for REC, HIE, and Workforce Development programs
   2. Indicators selected for reporting will fit into the objectives of the high-level goals of the MA HIT Plan
   3. The HIT Council is responsible for selecting the indicators

Meaningful Use Privacy & Security Concerns

The Privacy and Security requirements of the recently released Meaningful Use NPRM and Certification IFR have received a lot of attention due to their lack of definition. I joined in on the Jan 22 ONC Privacy & Security Workgroup meeting to discuss which topics the workgroup will comment on and send to the HIT Policy Committee. The topics included risk assessments, the phrase “implement security updates as necessary”, HIPAA investigations, privacy and data transparency, and “consumer preference”.

• Risk assessments – There is still a lot of concern about the lack of clarity surrounding risk assessments. The ONC will need to ensure that education on risk assessments is available, especially targeted at small providers. Most organizations currently think they are HIPAA compliant, but few would feel comfortable if the government performed a HIPAA audit, because there is no guidance as to what the government would audit against. Guidance is needed on the “intended outcomes” of MU Security objective and greater transparency, such as Audit Program Compliance Guidelines, is needed on the audit process that will be used. It is unlikely that any guidance will be available by the time the final rulings are released. Large organizations commonly perform internal or 3rd party security/privacy audits, but this is rare (and not feasible) among smaller providers. Many of the comments related to this topic will not change the objective but how the ONC responds to the need for additional information.
• “Implement security updates as necessary” – The term “updates” is both a technology (i.e. software update) and business process (i.e. modify password policy) term, and its intended meaning (whether one or the other or both) should be clearly stated. Time requirements were discussed, such as software security patches must be updated within 90 days of release, but this was thrown out due to complications of implementing updates, especially in enterprise settings.
• HIPAA Investigations – ~5k HIPAA investigations are currently underway. Unclear if these are ~5k different hospitals, individual doctors, multiple investigations per entity, etc. Unclear if an open investigation will prevent an eligible professional or hospital from receiving incentive payments. The “expected” length and cost of investigations will be important to allow providers to make informed decisions. Unclear which HIPAA investigation types are relevant to MU.
• Privacy and Data Transparency – No objectives or measures for privacy and data transparency are present in Stage 1. The Committee wants to propose these for Stage 2. “Accounting of disclosures” is included in Stage 1 and is already required by HIPAA. The connection between the security/certification piece and the MU/privacy piece is weak. For example, the capability to prevent many breaches is a part of certified EHR, but there are no objectives or measures to guide providers in the use of these certification criteria.
• “Consumer-preference” – Also referred to as “patient-choice” requirements, consent management, or access control. There was some disagreement as to what the proper language was to discuss  patient preference. Dixie Baker, who is also involved in the Security Standards Workgroup, posted a presentation (available on the ONC website), to address Access Control and its relation to privacy. There is no IFR criteria for access control to help entities manage the patient consent requirement with which they must comply. This discussion was cut short due to time and will probably be completed in private conversation.

Refer to my previous post to join in on future workgroup meetings: https://singularityblog.wordpress.com/2010/01/11/upcoming-hit-policy-standards-committees-workgroup-meetings/

CCHIT Announces MU Stage 1 Certification Program

Today, the Certification Commission for Health Information Technology (CCHIT) announces its Certification Program for Meaningful Use Stage 1, the first in 3 stages of the CMS/ONC health IT incentive program. The press release is available here: http://www.cchit.org/media/news/2010/01/commission-updates-certification-programs-new-hhs-rules.

CCHIT released 3 gap analyses for Eligible Providers, Hospitals, and Security to assist those that were previously CCHIT Certified get into compliance with MU Stage 1. The gap analyses and certification program details are available here: http://www.cchit.org/get_certified.

CCHIT is hosting a public “Town Call” on January 27 at 3PM CT to discuss the gap analyses and ARRA Preliminary Certification programs. For details about connecting to this call, go here: http://www.cchit.org/about/towncalls/hhs-ifr-hit-gap-analysis.

Meaningful Use Interim Final Rule

This morning, the Office of the National Coordinator for Health IT has released the Interim Final Rule on the Meaningful Use definition. How this document can be both “interim” and “final” is beyond me, but that’s the language being used right now. There will be a 60 day commenting period followed by revisions before the final report is published. The Meaningful Use criteria dictates how providers must modify their electronic medical record systems by 2011 in order to receive additional reimbursement through Medicare/Medicaid.

The full report is available at the federal register here: http://www.federalregister.gov/OFRUpload/OFRData/2009-31216_PI.pdf

HIT Policy and Standards Committees Convene

Over the past 2 weeks, David Blumenthal, the National Coordinator for Health IT and HHS announced members of the Health IT Policy and Standards Committees. Dr. John Halamka, author of Life as a Healthcare CIO and member of the policy committee, wrote about the committee’s first meeting on May 12, 2009.

The committee will focus on 6 priority areas:

• Meaningful Use
• Certification
• Infrastructure
• Privacy and Security
• Health Information Exchange
• Public Health

Of note, Blumenthal stated:

“This is the first time in history that Congress has acted to correct some of the market errors in the healthcare information technology industry.”

Blumenthal is referring to the fact that most people agree health IT can improve quality, but adoption remains low in part due to market failure. The major payers in healthcare, insurers, stand to save a lot of money but providers have to pay for the implementation of EHR, CPOE, etc.

The million dollar question is “What is meaningful use?” Under the ARRA, the federal government will increase Medicare/Medicaid reimbursement for providers with EHR implementations that meat meaningful use criteria. The National Committee on Vital and Health Statistics (NCVHS) convened a Hearing on Meaningful Use of HIT on April 28.  Entire agenda, transcript and slides are available online, including Dr. Blumenthal’s opening remarks. Blumenthal outlined 5 action points for the HIT Policy Committee to follow the NCVHS hearing:

1. Define meaningful use. This is an unprecedented task. The HIT Policy Committee will need to pick-up where NCVHS left off. ONC also has an internal group working on this.
2. Review certification, which is tied to meaningful use.
3. Infrastructure. Congress has allocated billions to accelerate industry adoption including extension centers, money to support information exchanges, training workers, training health professionals who will use these technologies and funding to states to help providers not eligible for Medicare/Medicaid payments.
4. Privacy and security. ONC will appoint a privacy officer
5. Public health and disease surveillance

The HIT Standards Committee also met on May 15. Whereas the Policy committee’s role is to define what standards are needed and how those standards will be implemented, the Standards Committee will actually cover certification criteria and specifications for information exchange and use of health information. The committee’s “8 guiding principles”:

• Technologies that protect the privacy of health information
• A nationwide health information technology infrastructure
• The utilization of a certified electronic record for each person in the US by 2014
• Technologies that support accounting of disclosures made by a covered entity
• The use of electronic records to improve quality
• Technologies that enable identifiable health information to be rendered unusable/unreadable
• Demographic data collection including race, ethnicity, primary language, and gender
• Technologies that address the needs of children and other vulnerable populations

Dr. John Halamka is the vice-chair of the HIT Standards Committee and posted an excellent summary of the meeting in his blog post: The First Meeting of the HIT Standards Committee.

Official HHS communication of committee posts is below.

——————————————————————————-

FOR IMMEDIATE RELEASE
Contact:  HHS Press Office
Friday, May 8, 2009
(202) 690-6343

HHS Announces Members of Committees That Will Advise on Implementation of Health IT Policy and Standards Committees Will Meet Next Week

The Department of Health and Human Services today announced the appointment of three members to the Health Information Technology (HIT) Policy Committee as well as members of the HIT Standards Committee. The two new federal advisory committees were established by the American Recovery & Reinvestment Act of 2009. The first meeting of the Health IT Policy Committee will be held on Monday, May 11 in Washington, D. C.

“The Policy and Standards committees bring together a wide diversity of key stakeholders to help guide the advancement of health IT as an integral part of health reform,” stated Dr. David Blumenthal, National Coordinator for Health Information Technology at HHS and Chairman of the Policy Committee.  “It is an honor to lead one of these committees, and I am confident that these committees will provide valuable insight to help develop important health IT policy in the next few years.”

The HIT Policy Committee will make recommendations to the National Coordinator for Health Information Technology on a policy framework for the development and adoption of a nationwide interoperable health information infrastructure, including standards for the secure and private exchange of patient medical information.

The HHS appointees to the Policy Committee are:

David Blumenthal, MD, MPP,
National Coordinator for Health Information Technology, U.S. Department of Health and Human Services.

Michael J. Klag, MD, MPH
Dean, Johns Hopkins Bloomberg School of Public Health.

Deven C. McGraw, JD, MPH, Director
Health Privacy Project, Center for Democracy & Technology.

An additional 13 members were appointed by the Acting Comptroller General of the United States, and four members appointed by the Majority and Minority Leaders of the Senate and the Speaker and Minority Leader of the House of Representatives. A complete list of the Policy Committee members and information about the May 11th meeting can be found at http://healthit.hhs.gov/. The Presidential appointments from relevant federal agencies are expected to be announced prior to the HIT Policy Committee’s second meeting in June.

In addition, appointments were made to the HIT Standards Committee, also a federal advisory body, which is charged with making recommendations to the National Coordinator on standards, implementation specifications, and certification criteria for the electronic exchange and use of health information.  The first meeting of this committee is scheduled for Friday, May 15, 2009.

Members appointed by HHS are:

Jonathan Perlin, MD, Chair
Healthcare Corporation of America

John Halamka, MD. Co-Chair
Harvard Medical School

Dixie Baker, PhD
Science Applications International Corporation

Anne Castro
BlueCross BlueShield of South Carolina

Christopher Chute, MD
Mayo Clinic College of Medicine

Janet Corrigan, PhD
National Quality Forum

John Derr, R.Ph.
Golden Living, LLC

Linda Dillman
Wal-Mart Stores, Inc.

James Ferguson
Kaiser Permanente

Steven Findlay, MPH
Consumers Union

Douglas Fridsma, MD, PhD
Arizona Biomedical Collaborataive 1

C. Martin Harris, MD, MBA
Cleveland Clinic Foundation

Stanley M. Huff, MD
Intermountain Healthcare

Kevin Hutchinson
Prematics, Inc.

Elizabeth O. Johnson, RN
Tenet Health

John Klimek, R.Ph.
National Council for Prescription Drug Programs

David McCallie, Jr., MD
Cerner Corporation

Judy Murphy, RN
Aurora Health Care

J. Marc Overhage, MD, PhD
Regenstrief Institute

Gina Perez, MPA
Delaware Health Information Network

Wes Rishel
Gartner, Inc.

Sharon Terry, MA
Genetic Alliance

James Walker, MD
Geisinger Health System

Representatives from relevant federal agencies will be named separately.
For more information about these committees, meeting dates and preliminary agendas please visit http://healthit.hhs.gov