Electronic Health Records

From SI410
Revision as of 20:04, 15 December 2011 by Ivanbrad (Talk | contribs)

Jump to: navigation, search

(back to index)

Electronic Health Records (EHR) are a digitized form of a health record, used in health systems to collect, store, edit, and transfer patient information. EHRs provide a universal location of all information and history of a patient regardless of region or facility.
A cartoon depiction of a doctor merging health records of patients
EHRs are owned by the patient and allow patients to access and edit his or her information. In the coming years, healthcare systems hope to overtake or work in addition to its paper counterpart by providing a universal location for “virtually every facet of clinical information pertinent to patient care.” EHRs provide a comprehensive medical history that helps medical professionals more accurately diagnose illnesses and prescribe medications based on previous reactions or medical conditions. It also prevents patients from deliberately omitting information that may be medically relevant in situations. Emergency situations is where this is the most beneficial because doctors would be able to know everything about a patient and previous treatment plans if patients are incapacitated.

EHRs should not be confused with Electronic Medical Records (EMR) or Patient Care Records (PCR), which are a computerized record from a single facility. They are not universally shared and may not allow the patient access to his or her information. However, the EHR relies heavily on EMRs in order to attain patient information and must seek permission from the healthcare facilities.


History

Electronic Health Records were developed from Patient Care Record systems. PCR systems began to emerge in the 1960s under the John F. Kennedy presidency. The Lockheed Corporation received a large amount of government grant money for the NASA space program at the beginning of the sixties. The money was to be used for space technology under the stipulation that it be extended it to the common good of society. Lockheed had the idea to develop a computer program that managed patient care. Lockheed presented their idea to El Camino Hospital in Mountain View, Ca in 1968 who agreed to pursue the project. Lockheed industrial engineers spent the next two to three years analyzing the patient data flow in the hospital in order to understand how to build an effective infrastructure for the patient care application[1]. El Camino Hospital began using the program in 1973 on IBM computers. Similar programs began to spread to other hospitals during the 1970s. Some of these projects included IFAS and Medpeo, PCS/ADS, and SMS. These PCR programs were very limited. They were able to send orders and share and gather results. During the 1980s other companies began to develop additional PCR systems, but many of them went out of business. By the end of the decade the Lockheed program was the only functioning system[2]. Computer network technology emerged and computing costs started to decline in the 1990s, which facilitated the expansion and further development of CPR systems. By the mid 1990s many out patient clinics and physician practices were using EHR technologies. Leading companies during this period were Compaq, Hewlett Packard, Data General, Cerner, HBOC, Meditech, TDS, IBX, and EPIC. Many of these companies created these technologies to fulfill specific needs of particular facilities, which in turn made it difficult to commercialize their systems[2]. Today many EHR systems exist and are used in many medical facilities. However, many facilities are only just beginning to utilize these systems or have very rudimentary forms of EHR.

Advantages

Electronic Health Records can be updated easily. All additions to the EHRs are constantly being updated over the Internet, and therefore doctors do not need to spend time filling out new forms. The use of EHRs helps health professionals coordinate to deliver better quality care to patients. Additionally, EHRs cannot be misfiled or lost like paper records can. EHRs have benefits that could potentially save lives, but they still carry a set of ethical problems that must be addressed in order for EHRs to reach their potential in today's medical society.

Disadvantages

Electronic Health Records are expensive to set-up, making it difficult for private physicians and public clinics to adopt the system. Also it is easy to recored patient information incorrectly. And EHR information has the potential to be accessed by non-medical professionals. Lastly, if medical professionals are not comfortable with the system, they may be distracted, which would detract from a patient's treatment.

Ethical Issues

Electronic Health Records allow healthcare providers access to a comprehensive medical history of their patients in order to provide them with better care. EHRs are meant to improve healthcare through improved flow of patient information to medical professionals and ethical issues arise when non-health care providers gain access to patient information. These large databases of patients' medical history are more prone to outside access and in turn can cause the unethical exposure of personal health information[3]. That is to say patients' right to privacy is more susceptible to violation, which raises the question if the benefits of EHRs are worth this potential violation. A few examples of how medical records may be accessed by third-party members are when computers or laptops are stolen, a lapse of security in online billing programs or the EHR network occurs, or when medical facilities accidently post EHR information online[4]. Legislation has been put in place to ensure efficiency and confidentiality of electronic health records.

With these types of records, there is an ethical concern if employers end up with access to these documents for whatever reason. There is the potential for individuals to be denied healthcare, benefits, or even work due to medical history or current ailments. If electronic health records are put into a universal location, it is possible that hackers would be able to exploit and sell this information to employers and insurers. This is once again a concern of privacy and must be taken into consideration when crafting policies and designs for such a system.

Currently there are many companies that develop EHR systems, but there are only a few that dominate the new emerging market. A few of these companies are Meditech, McKesson, Cerner, Siemens Healthcare and Epic Systems. EHRs that have been successfully adopted by hospitals have proven to help save lives by providing information quickly and easily to doctors. However, with this huge improvement in information technology, it is imperative that we currently have a slowly evolving set of ethics that grow with the technology to address the issues that arise from situations that may not be so clear.

Legislation

Health Insurance Portability and Accountability Act (HIPAA)

In 1996 the United States passed the Health Insurance Portability and Accountability Act (HIPAA). Title I of HIPAA protects health insurance coverage of employees and their families when their employment changes or they become unemployed. Title II or Administrative Simplification (AS) Rules of HIPAA outline national standards to facilitate the flow of secure information in order to improve the healthcare system.

The Administrative Simplification Rules consist of the Privacy Rule, the Security Rule, standards for transactions, and standards for national provider identifiers of covered entities (healthcare providers, health plans, and healthcare clearinghouses), and the Enforcement Rule.

The Security Rule provides guidelines for covered entities in securing electronic protected health information (ePHI) when they are created, sent, or received and provides standards for the electronic system to ensure overall system security.

The Privacy Rule applies to all forms of protected health information (PHI), either printed or electronic records, and is enforced by the Office for Civil Rights (OCR) in the Department of Health and Human Services (HHS). The goal of the Privacy Rule is to secure PHIs as it moves through the system by implementing disclosure and uses regulations. A covered entity is permitted to disclose and use PHIs without individual authorization in the following circumstances:

  1. To the individual-A covered entity is permitted to disclose an individual’s protected health information to that particular individual within 30 days of the request. Also individuals may request to have any mistakes in their PHI to be corrected.
  2. Treatment, Payment, and Health Care Operations- A covered entity is permitted to disclose PHI in its own treatment, payment and health care operation activities. It may disclose this information to another covered entity given that the individual has a relationship with the other covered entity and the information is relevant to the relationship.
  3. Opportunity to Agree or Reject- A covered entity is permitted to disclose protected health information by informally asking the individual’s consent. If the individual is incapacitated, the covered entity may decide to disclose and use protected health information based on the individual’s best interest.
  4. Incident to an Otherwise Permitted Use and Disclosures- The privacy rule does not require that covered entities eliminate all risks of incidental use or disclosure or protected health information, as long as they follow the Security Rules.
  5. Limited Data Set for the Purposes of Research, Public Health, or Health Care Operation- A limited data set is individuals’ protected health information from which they cannot be identified. A limited data set may be used and disclosed for research, health care operations, and public health purposes, provided the recipient enters into a data use agreement promising specified safeguards for the protected health information within the limited data set.
  6. Public Interest and Benefit Activities- Permits the use and disclosure of protected health information without an individual’s permission or authorization for twelve national priority purposes.The twelve national priority purposes are:
    1. Required by Law
    2. Public Health Activities
    3. Victims of Abuse, Neglect, or Domestic Violence
    4. Health Oversight Activities
    5. Judicial and Administrative Proceedings
    6. Law Enforcement Purposes
    7. Decendents
    8. Cadaveric, Organ, Eye, or Tissue Donation
    9. Research
    10. Serious Threat to Health or Safety
    11. Essential Government Functions
    12. Worker’s Compensation

The Privacy Rule also states the the protected health information used or disclosed must be the minimal amount of information necessary for its purpose. It also states that covered entities must keep track of all disclosures and uses of PHIs and covered entities must notify the individual when their PHI is used or disclosed. [5].

The standards for transactions for electronic data interchange (EDI) of health care information include the use of ASC X12N or NCPDP standard formats and implementing the proper content and formatting requirements with each transactions. Claims and encounter information, payment and remittance advice, claims status, eligibility, enrollment and disenrollment, referrals and authorizations, coordination of benefits and premium payment are transactions that are subject to the previously stated standards[6].

The national provider identifiers (NPI) of covered entities are ten digit codes made up of numbers and letters used in all of their financial and administrative transactions. NPIs are meant to make transactions more efficient between covered entities. The NPI is intelligence free, meaning it does not provide any additional information on the covered entity it pertains to. Covered entities may have more than one NPI for subparts of their business[7].

The Enforcement Rule was added to HIPAA in 2006. It outlines the procedures for investigating and conducting hearings for HIPAA violations and establishes civil money penalties for such violations[8].

Understanding Patient Safety and Quality Improvement Act (PSQIA)

The Understanding Patient Safety and Quality Improvement Act (PSQIA) was passed in 2005 and implemented in 2008. PSQIA is a voluntary reporting system that individuals can use to report health care errors in hopes of improving patient safety[9].



References

  1. http://www.springerlink.com/content/u83kt1k4142k6550/
  2. 2.0 2.1 http://vimeo.com/12202874
  3. http://dl2af5jf3e.search.serialssolutions.com/?ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info:sid/summon.serialssolutions.com&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Third+party+access+to+shared+electronic+mental+health+records%3A+ethical+issues&rft.jtitle=Psychiatry%2C+Psychology+and+Law&rft.au=McSherry%2C+Bernadette&rft.date=2004-04-01&rft.pub=Australian+Academic+Press+Pty.+Ltd&rft.issn=1321-8719&rft.volume=11&rft.issue=1&rft.spage=53&rft.externalDBID=n%2Fa&rft.externalDocID=121082132
  4. http://www.privacyrights.org/data-breach/print
  5. http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/privacysummary.pdf
  6. https://www.cms.gov/TransactionCodeSetsStands/
  7. https://www.cms.gov/nationalprovidentstand/
  8. http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/index.html
  9. http://www.fortherecordmag.com/archives/ftr_10292007p18.shtml

(back to index)