News

New Report Identifies State-Level Privacy and Security Solutions for Secure Exchange of Health Information

The Department of Health and Human Services (HHS)’ Agency for Healthcare Research and Quality (AHRQ) has released a report, “ Privacy and Security Solutions for Interoperable Health Information Exchange,” which review 34 state Health Information Exchange plans and identify the challenges and feasible solutions for ensuring the safety and security of electronic health information exchange. This work was funded under a contract with AHRQ, the Office of the National Coordinator for Health Information Technology and RTI International.

All states followed a standard core methodology, but each was provided an opportunity to tailor the process to meet their needs. As a result, states varied on several key dimensions, including degree of adoption of electronic health information exchange, healthcare market forces in the state, legal and regulatory conditions related to health information, demographic composition of the state, and financial status of the state.

“These reports address one of the greatest concerns that Americans have about health information technology: Will their personal data be safe?” says AHRQ director Carolyn M. Clancy, MD. “This work presents information on how to develop privacy and security solutions that allow for the exchange of information safely and securely.”

“Work at the state and local levels is integral to our success. The number of stakeholders involved in this initiative demonstrates the magnitude of this work,” says Robert Kolodner, MD, national coordinator for health information technology. “The report findings and recommendations will provide ongoing guidance for local, state and federal governments as we move toward greater interoperability.”

Some of the key findings point to the need for additional research and guidance on:

• Identifying different interpretations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule among states and increasing awareness among stakeholders 
• Addressing variations regarding the potential intersections between federal/state privacy laws 
• Evaluating the technologies available to protect security and privacy of individuals as well as the associated administrative processes and liabilities 
• Developing a system that accurately and consistently matches individual patients with their health record information — one that is created and updated by various healthcare providers/organizations 
• Developing a standard set of definitions and terms to facilitate sharing of health information. For example, terms such as medical emergency, current treatment and related entity do not have agreed-upon definitions and may increase variation as organizations attempt to meet compliance.

The report can be downloaded from AHRQ’s Health IT Web site, http://www.healthit.ahrq.gov 

New Survey Addresses Relationship of EMRs to Malpractice Risk

Medical Records Institute, Inc. of Boston and Professional Risk Associates, Inc. of Midlothian, Va. announce results of a survey regarding adoption of EMRs in physician practices and the impact of EMR usage on patient safety and malpractice risk. Respondents from 115 practices in 27 specialties representing 36 states completed the Internet-based survey conducted from March 21 to June 30, 2007.

Of the 62 percent of respondents with EMR systems, more than two-thirds have stand-alone systems and have had the systems for over a year. A physician was identified as the “power user” by almost half of the practices with an EMR system, and nearly two-thirds indicated their providers fully use the system. Approximately one-quarter of those who have EMR systems complained the system does not have the functions they need, and a similar percentage stated they did not receive adequate training.

Nearly 20 percent of respondents stated their malpractice insurer offers a discount for having an EMR System, and 45 percent believe EMRs will make them less vulnerable to malpractice cases. Among the almost one-fifth who have had a malpractice case in which documentation was based on the EMR, 55 percent said the EMR was helpful.

“This is an important first survey on the current status of EMRs and their impact on malpractice risk,” says C. Peter Waegemann, CEO of the Medical Records Institute. “It shows the need to address EMR system usage, training, and legality.” 

Recommendations for EHRs Designed to Increase Efficiency, Detect Inaccuracies

A new report prepared by RTI International for the Office of the National Coordinator for Health Information Technology (ONC) recommends 14 functional requirements that would serve to increase efficiency and improve billing accuracy for clinicians using electronic health records (EHRs).

The recommendations were developed by a team of experts and reviewed by more than 75 health- care industry leaders, practitioners and organizations. RTI researchers also worked with the American Health Information Management Association (AHIMA), and leading statistical software companies SAS and SPSS.

Many of the recommendations are designed to improve existing standards for electronic health record systems. Others work to create additional requirements to improve oversight of billing accuracy and detect potential improper payments.

“If adopted, these recommendations will strengthen current standards and provide new efficiencies to clinicians who use electronic health records in their practices,” says Robert Kolodner, MD, ONC’s national coordinator for health information technology. “Updating the current criteria to include more of our recommendations will provide an opportunity to reduce costs associated with inaccurate billing and potential healthcare fraud.”

Among the recommendations are steps to strengthen audit functions, improve patient identification and verify provider identification, thus improving efficiency and reducing the likelihood of inaccurate payments. Such steps may assist with the management of antifraud efforts.

EHRs can benefit clinicians, patients and payers by reducing human error and improper payment. They can also help detect and deter improper billing by documenting that correct procedures were used, highlighting abnormalities before they become serious issues, and providing patients with a clear understanding that their health records are being disclosed only to authorized users.

The researchers also suggest that plans need to be developed to ensure that the recommendations are implemented into the infrastructure for the nationwide health information network, which will provide the foundation for interoperable, secure and standards-based health information exchange nationally.