Most viewers of EHR Scope are physicians and medical office managers, many of whom are becoming educated about the necessity of EHR implementation, and may not be completely up to date with some of the technical progress of the National Health Information Network (NHIN) since HITECH. While the meaningful use final rules are shaping elements of incentive qualifications and penalty enforcement; when all is said and done, HIT work roles and workflows will be significantly changed as well. Defined roles and qualifications for those required to handle personal health information (PHI) will be formed by the security requirements embedded in the National Health Information Network. While these issues are more technical in nature, perhaps there are some of you out there with the ability to contribute to the public discussion while the ONC is listening. Continue reading: ONC Committee Work-groups and Tiger Team Want Your Input
Wednesday October 13th, 2010-Recently we had a chance to catch up with Drummond Group’s President, Beth Morrow, to discuss the current status of EHR certification from the perspective of the approved certification bodies. Thanks to Beth, EHR Scope has gained some insight to share regarding the ONC-ATCB certification testing process, as well as the struggles EHR software companies are currently enduring.
“Our biggest challenge is when folks are registering, and want to get in as soon as possible… then the date comes, and they aren’t ready. The details of running these test scripts are substantial… It is very intensive work and not to be underestimated.”
Electronic medical records are being hailed as a tool to aggregate patient data and advance research, but questions remain about how the vast sharing and compiling of this critical medical/genetic information will remain de-identified to protect patients’ privacy and security.
Researchers at Vanderbilt University have found a unique algorithm to make electronic medical record information anonymous for genome-wide association studies (GWAS), according to a paper that recently appeared in the Proceedings of the National Academy of Sciences.
While at HIMSS10, it was clear that the Health IT movement is progressing. Now that many major hospital systems and larger group physician practices have adopted EHR systems, how is their digitized health information going to move through the larger healthcare system? The HIMSS10 Interoperability Showcase focused on answering this very question. Vendors and other companies are now looking into creating the health information highway, so health information can leave silos and be seamlessly transported between healthcare entities and delivery systems.
However, with this advancement in Health IT interoperability and exchange, more questions about safety and security of Health IT arise. Many companies have emerged to offer services that will securely and safely share and exchange digitized health data.
One of these companies is FireHost, and I had the opportunity to speak with FireHost’s CEO, Chris Drake. Firehost is a secure web hosting company that provides affordable hosting solutions with enterprise level security to companies of all sizes. FireHost is heavily involved in the Health IT, as the security and privacy of digitized health information is an issue at the forefront of the national push for an interoperable health IT infrastructure. Chris spoke about some of the critical issues facing Health IT security with the growing popularity of web-based EHR systems.
HHS is focusing its efforts on developing standards for handling security breaches of electronic health information. The Adoption/Certification Workgroup of the HHS Health Information Technology Policy Committee advisory workgroup has developed a draft proposal that outlines best practices for electronic reporting of patient safety hazards and near misses.
This draft proposal encourages physicians and hospitals to adopt an electronic reporting system for health information security breaches. It also encourages patients to be involved and to report errors, omissions and other mistakes in their health records. The recommendations involve EHR vendors as well, suggesting that they enhance EHR functionality so that “feedback” buttons can be used to quickly report data problems when using the EHR systems.
These best practices are expected to be included in the second phase of “meaningful use” of EHR systems, starting in the fiscal year 2013. The workgroup stated that the goal for incorporating these standards is to establish a “patient-centered” approach to health IT safety. This patient-centered approach would include confidential reporting, liability protections, whistle-blower protections, patients engaged in the system and transparency.
Click here for the original article and a link to the draft proposal.
“Privacy is not something that I’m merely entitled to,
it’s an absolute prerequisite.” -Marlon Brando
Marlon Brando might be on to something here. Is privacy an entitlement or “absolute prerequisite?” In the case of EHR technology, this is certainly a hot topic.
While we know EHRs can improve patient quality of care/safety and reduce healthcare expenditures, questions remain on how to manage and prioritize patient’s privacy in the digitized world. In addition, there is intense debate on exactly what defines a significant breach in privacy to which patients should be notified.
Easy Ways to Secure Your System and Work Towards HIPAA Compliance – by Ryan Ricks, XLEMR
As published in the Spring 2008 Edition of EHR Scope
As we all know, medical practices see patients with the aim of improving their health. Like any other business, medical practices have many concerns, ranging from the quality of services they provide, to regulation and compliance issues, and ultimately, the bottom line and
financial well-being of their practice. Why then, should doctors and their staff worry about information security?
What is information Security?
First, you may wonder exactly what we mean by information security. Simply put, information security is the confidentiality, availability, and integrity of the data, or information
stored at your practice, whether electronic or in hard copy. Medical practices should take information security seriously, because failing to do so could have negative consequences
for quality of care, revenue streams, and may subject the practice to legal action.
Confidentiality is critical for medical practices. A patient’s medical history is highly sensitive, and there are huge consequences for a breach. Unlike a compromised credit card,
medical history can ruin one’s life, resulting in embarrassment, loss of employment, or any other terrible scenarios. Federal regulations like the Health Insurance Portability and Accountability Act mandate severe penalties if a practice fails to protect medical information. Availability is perhaps even more important. Good health care depends upon the availability of information. What
happens at your practice if you misplace a patient’s chart? Usually the staff finds it stuffed inside another chart, but what happens if the chart is destroyed? Hurricane Katrina
wiped out many practices and their charts. If you lose your information, you cannot see patients, and ultimately you lose your revenue as well. Integrity relates to the accuracy of information. Accurate information can mean the difference between life and death. How many news stories have you heard where someone died due to inaccurate medical information? Perhaps a crucial
allergy was missing from their charts, or maybe someone misplaced a decimal point for a dosage. Integrity encompasses accuracy at the point of data entry, (e.g. where there any typos?) as well as malicious tampering (e.g. did someone purposefully change a patient’s history?)