Electronic Health Records

(back to index)

A cartoon depiction of a doctor merging health records of patients

Electronic Health Records (EHR) are a digitized form of a health record, used in health systems to collect, store, edit, and transfer patient information. EHRs provide a universal location of all information and history of a patient regardless of region or facility. EHRs are owned by the patient and allow patients to access and edit his or her information. In the coming years, healthcare systems hope to overtake or work in addition to its paper counterpart by providing a universal location for “virtually every facet of clinical information pertinent to patient care.” EHRs provide a comprehensive medical history intended to help medical professionals more accurately diagnose illnesses and prescribe medications based on previous reactions or medical conditions. It also prevents patients from deliberately omitting information that may be medically relevant in situations. During an emergency situation, EHRs enable doctors to immediately obtain necessary information about a patient or previous treatment plans if patients are incapacitated. EHRs have benefits that could potentially save lives, but they still carry a set of ethical problems that must be addressed in order for EHRs to reach their potential in today's medical society.

EHRs should not be confused with Electronic Medical Records (EMR) or Patient Care Records (PCR), which are a computerized record from a single facility. They are not universally shared and may not allow the patient access to his or her information. However, the EHR relies heavily on EMRs in order to attain patient information and must seek permission from the healthcare facilities.

History

Electronic Health Records were developed from Patient Care Record systems. PCR systems began to emerge in the 1960s under the John F. Kennedy presidency. The Lockheed Corporation received a large amount of government grant money for the NASA space program at the beginning of the sixties. The money was to be used for space technology under the stipulation that it be extended it to the common good of society. Lockheed had the idea to develop a computer program that managed patient care. Lockheed presented their idea to El Camino Hospital in Mountain View, CA in 1968, who agreed to pursue the project. Lockheed industrial engineers spent the next two to three years analyzing the patient data flow in the hospital in order to understand how to build an effective infrastructure for the patient care application^[1]. El Camino Hospital began using the program in 1973 on IBM computers. Similar programs began to spread to other hospitals during the 1970s. Some of these projects included IFAS and Medpeo, PCS/ADS, and SMS. These PCR programs were very limited. They were able to send orders and share and gather results. During the 1980s other companies began to develop additional PCR systems, but many of them went out of business. By the end of the decade the Lockheed program was the only functioning system^[2]. Computer network technology emerged and computing costs started to decline in the 1990s, which facilitated the expansion and further development of CPR systems. By the mid 1990s many out patient clinics and physician practices were using EHR technologies. Leading companies during this period were Compaq, Hewlett Packard, Data General, Cerner, HBOC, Meditech, TDS, IBX, and EPIC. Many of these companies created these technologies to fulfill specific needs of particular facilities, which in turn made it difficult to commercialize their systems^[2]. Today many EHR systems exist and are used in many medical facilities. However, many facilities are only just beginning to utilize these systems or have very rudimentary forms of EHR.

Advantages

Electronic Health Records can be updated easily. All additions to the EHRs are constantly being updated over the Internet, and therefore doctors do not need to spend time filling out new forms. The use of EHRs intends to help health professionals coordinate to deliver better quality care to patients. Additionally, EHRs cannot be misfiled or lost like paper records can. EHRs are also more easily moved and accessed by medical professionals. This means that people will be able to have their medical records accessed whenever and whoever needs them. This will be able to help prevent accidental deaths due to problems such as allergies. This is because doctors treating new patients will be able to pull up any relevant data from another doctor, whereas before they had to work without any previous knowledge of that patient. This is potentially dangerous and can be life-threatening.

Disadvantages

Electronic Health Records are expensive to set-up, making it difficult for private physicians and public clinics to adopt the system. Also it is easy to record patient information incorrectly. And EHR information has the potential to be accessed by non-medical professionals. Lastly, if medical professionals are not comfortable with the system, they may be distracted, which would detract from a patient's treatment. Another disadvantage to the usage of Electronic Health Records, is the increased risk of a patient's private medical history and information being exposed to more and more users with access to their Electronic Health Records. An increasing number of providers and healthcare staff have access to these Electronic Health Systems, and there is a potential risk that some of these people will use and view patient information that is not currently relevant to them. For example, providers may look-up patient information on a patient that they are not treating or involved with.

Ethical Issues

Electronic Health Records allow healthcare providers access to a comprehensive medical history of their patients in order to provide them with better care. EHRs are meant to improve healthcare through improved flow of patient information to medical professionals and ethical issues arise when non-health care providers gain access to patient information. These large databases of patients' medical history are more prone to outside access and in turn can cause the unethical exposure of personal health information^[3]. That is to say patients' right to privacy is more susceptible to violation, which raises the question if the benefits of EHRs are worth this potential violation. A few examples of how medical records may be accessed by third-party members are when computers or laptops are stolen, a lapse of security in online billing programs or the EHR network occurs, or when medical facilities accidentally post EHR information online^[4]. Legislation has been put in place to ensure efficiency and confidentiality of electronic health records.

With these types of records, there is an ethical concern if employers end up with access to these documents for whatever reason. There is the potential for individuals to be denied healthcare, benefits, or even work due to medical history or current ailments. If electronic health records are put into a universal location, it is possible that hackers would be able to exploit and sell this information to employers and insurers. This is once again a concern of privacy and must be taken into consideration when crafting policies and designs for such a system.

Meaningful Use

Meaningful use is a term used to define the set of standards of adoption and use of certified EHR systems within a healthcare organization. The criteria are set by the Centers for Medicare & Medicaid Services (CMS). Healthcare organizations receive financial incentives for meeting the criteria according to the five-year, three phase plan. The goal of implementing the meaningful use incentive system is to increase and spread the use of EHR technology to improve healthcare around the U.S. ^[5]

However, the idea of meaningful use is laced with controversy due to its flat standards. For healthcare organizations in rural areas where patients and healthcare institutions have limited internet access, meaningful use widens the gap in the Digital Divide. One of the original twenty-five performance measures states that the institution must provide at least 10% of their patients with electronic access to their record within 96 hours of the clinic receiving the data. ^[6] In areas where fewer than 10% of patients have access to a computer or to the internet, this measure is impossible to attain. These institutions do not receive the bonus and continue to be disadvantaged in comparison to institutions with more affluent and technologically advanced cliental. In this way, not only the healthcare institution is disadvantaged, but the patient is also deprived of reaping the care benefits of the bonus that will not be granted to the institution because it did not meet the meaningful use requirement.

Legislation

Legislation has urged many health care providers to adopt electronic health record systems.^[7]

Health Insurance Portability and Accountability Act (HIPAA)

In 1996 the United States passed the Health Insurance Portability and Accountability Act (HIPAA). Title I of HIPAA protects health insurance coverage of employees and their families when their employment changes or they become unemployed. Title II or Administrative Simplification (AS) Rules of HIPAA outline national standards to facilitate the flow of secure information in order to improve the healthcare system.

The Administrative Simplification Rules consist of the Privacy Rule, the Security Rule, standards for transactions, and standards for national provider identifiers of covered entities (healthcare providers, health plans, and healthcare clearinghouses), and the Enforcement Rule.

The Security Rule provides guidelines for covered entities in securing electronic protected health information (ePHI) when they are created, sent, or received and provides standards for the electronic system to ensure overall system security.

The Privacy Rule applies to all forms of protected health information (PHI), either printed or electronic records, and is enforced by the Office for Civil Rights (OCR) in the Department of Health and Human Services (HHS). The goal of the Privacy Rule is to secure PHIs as it moves through the system by implementing disclosure and uses regulations. A covered entity is permitted to disclose and use PHIs without individual authorization in the following circumstances:

1. To the individual-A covered entity is permitted to disclose an individual’s protected health information to that particular individual within 30 days of the request. Also individuals may request to have any mistakes in their PHI to be corrected.
2. Treatment, Payment, and Health Care Operations- A covered entity is permitted to disclose PHI in its own treatment, payment and health care operation activities. It may disclose this information to another covered entity given that the individual has a relationship with the other covered entity and the information is relevant to the relationship.
3. Opportunity to Agree or Reject- A covered entity is permitted to disclose protected health information by informally asking the individual’s consent. If the individual is incapacitated, the covered entity may decide to disclose and use protected health information based on the individual’s best interest.
4. Incident to an Otherwise Permitted Use and Disclosures- The privacy rule does not require that covered entities eliminate all risks of incidental use or disclosure or protected health information, as long as they follow the Security Rules.
5. Limited Data Set for the Purposes of Research, Public Health, or Health Care Operation- A limited data set is individuals’ protected health information from which they cannot be identified. A limited data set may be used and disclosed for research, health care operations, and public health purposes, provided the recipient enters into a data use agreement promising specified safeguards for the protected health information within the limited data set.
6. Public Interest and Benefit Activities- Permits the use and disclosure of protected health information without an individual’s permission or authorization for twelve national priority purposes.The twelve national priority purposes are:
   1. Required by Law
   2. Public Health Activities
   3. Victims of Abuse, Neglect, or Domestic Violence
   4. Health Oversight Activities
   5. Judicial and Administrative Proceedings
   6. Law Enforcement Purposes
   7. Decendents
   8. Cadaveric, Organ, Eye, or Tissue Donation
   9. Research
   10. Serious Threat to Health or Safety
   11. Essential Government Functions
   12. Worker’s Compensation

The Privacy Rule also states the the protected health information used or disclosed must be the minimal amount of information necessary for its purpose. It also states that covered entities must keep track of all disclosures and uses of PHIs and covered entities must notify the individual when their PHI is used or disclosed. ^[8].

The standards for transactions for electronic data interchange (EDI) of health care information include the use of ASC X12N or NCPDP standard formats and implementing the proper content and formatting requirements with each transactions. Claims and encounter information, payment and remittance advice, claims status, eligibility, enrollment and disenrollment, referrals and authorizations, coordination of benefits and premium payment are transactions that are subject to the previously stated standards^[9].

The national provider identifiers (NPI) of covered entities are ten digit codes made up of numbers and letters used in all of their financial and administrative transactions. NPIs are meant to make transactions more efficient between covered entities. The NPI is intelligence free, meaning it does not provide any additional information on the covered entity it pertains to. Covered entities may have more than one NPI for subparts of their business^[10].

The Enforcement Rule was added to HIPAA in 2006. It outlines the procedures for investigating and conducting hearings for HIPAA violations and establishes civil money penalties for such violations^[11].

Understanding Patient Safety and Quality Improvement Act (PSQIA)

The Understanding Patient Safety and Quality Improvement Act (PSQIA) was passed in 2005 and implemented in 2008. PSQIA is a voluntary reporting system that individuals can use to report health care errors in hopes of improving patient safety. To encourage the reporting and analysis of medical errors, PSQIA provides Federal privilege and confidentiality protections for patient safety information, called patient safety work product. PSQIA authorizes HHS to impose civil money penalties for violations of patient safety confidentiality. PSQIA also authorizes the Agency for Healthcare Research and Quality (AHRQ) to list patient safety organizations (PSOs). PSOs are the external experts that collect and review patient safety information. ^[12].

References

1. ↑ http://www.springerlink.com/content/u83kt1k4142k6550/
2. ↑ ^{2.0 2.1} http://vimeo.com/12202874
3. ↑ http://dl2af5jf3e.search.serialssolutions.com/?ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info:sid/summon.serialssolutions.com&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Third+party+access+to+shared+electronic+mental+health+records%3A+ethical+issues&rft.jtitle=Psychiatry%2C+Psychology+and+Law&rft.au=McSherry%2C+Bernadette&rft.date=2004-04-01&rft.pub=Australian+Academic+Press+Pty.+Ltd&rft.issn=1321-8719&rft.volume=11&rft.issue=1&rft.spage=53&rft.externalDBID=n%2Fa&rft.externalDocID=121082132
4. ↑ http://www.privacyrights.org/data-breach/print
5. ↑ http://www.healthit.gov/policy-researchers-implementers/meaningful-use/
6. ↑ http://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/index.html?redirect=/ehrincentiveprograms/
7. ↑ http://www.accenture.com/SiteCollectionImages/Outlook_PDF_and_Cover/06-11_Healthcare_Chart-02.jpg
8. ↑ http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/privacysummary.pdf
9. ↑ https://www.cms.gov/TransactionCodeSetsStands/
10. ↑ https://www.cms.gov/nationalprovidentstand/
11. ↑ http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/index.html
12. ↑ http://www.fortherecordmag.com/archives/ftr_10292007p18.shtml

External Links

• Electronic Health Record's Wikipedia Page

(back to index)