March 2010
S M T W T F S
« Feb   Jun »
 123456
78910111213
14151617181920
21222324252627
28293031  

Legal Disclaimer

Your use of this Blog does not create an attorney-client relationship. Your e-mail or comments do not create an attorney-client relationship. We have no duty to keep confidential the information that is submitted to this blog. This blog is not a substitute for, nor does it constitute legal advice. Only an attorney who knows the details of your particular situation and is properly licensed in the applicable state (or states) is able to appropriately and properly address any legal issues you may have.

Blog Categories
«  
  »

The Elephant in the Room - Implementation Issues for a National Health Information Network from HIMSS 2010

By Robert Hudock, on March 12th, 2010 Print This Post Print This Post

HIMSS is the largest health care technology conference in the United States.  This year the conference was held in Atlanta, the conference brought $25 million to Atlanta.  The tone of HIMSS 2010 was  cautiously optimistic in light of the uncertainty surrounding threatened Governments legislative actions.  Vendors are working hard to meet recently promulgated regulatory requirements for EHR systems; some of legislated requirements for EHRs are not essential or likely to be used by most physicians.  The government is positioned as the primary funding source for EHR and HIE technology.  Grants for HIE implementation total almost 400 million dollars, with a promise of more grants to come.  Implementation models for state HIE’s vary from a federated model to states with loosely associated local HIE’s.  Thus far a strong centralized structure seems to be the most effective implementation method.

Despite the Federal Governments incentives, State HIE grants, new privacy/security regulations, and regulations on how to make meaningful use of an EHR there remain a number of serious issues that will need to be addressed before we can expect a National Health Information Network as envisioned by the Bush administration.  The personal health record and electronic health record distinction created by the Federal government has created a dichotomy between the official and personal health record.  The FTC is responsible for defining appropriate security measures for personal health records and HHS responsible for defining appropriate security measures for EHRs.  Most EHRs contain information that would be defined as protected health information and be subject to the HIPAA Privacy and Security regulations.

The following is a summary of the implementation issues that will need to be addressed by the Federal Government, health-care providers and technology vendors:

  • Ownership. Ownership of the electronic health record and/or the personal health record remains unclear.  There is significant disagreement among providers and privacy advocates as to who owns a person’s medical data;
  • Patient Rights. Similarly, if an individual owns his/her medical record should he/she be permitted to change the record, add material, and/or block portions of the record from being shared with a health care provider.  On the other hand are there components of an individual’s medical record that should not be available to the patient;
  • Proprietary Formats. Electronic medical records largely remain in proprietary formats relegated to various data silos with a small group of providers.  Some larger providers have entered relationships with Google Health and/or Microsoft Health Vault.  However, absent the existence of an information sharing agreement between the provider, the PHR vendor (in this case) and the patient there remains no unified medical record that can be created and then shared with all;
  • Interoperability. Ensuring the interoperability of a diverse array of electronic medical record systems remains a serious limitation with many EHR solutions.  Organizations tend to stick to the old data structures implemented on historical mainframes and disregard interoperability as a key issue when implementing an EHR.  While theoretically versions of the same EHR should be interoperable in house customizations in many instances break any inherent interoperability that may exist within EHR systems of the same type.  There are some promising projects on the horizon like the open source connect initiative, a java framework for defining gateways and interfaces for an organization to communicate with the NHIN;
  • User Acceptance. Building consumer and physician confidence in the use of an electronic medical record system remains difficult;
  • Meaningful Use. Developing criteria for the government to assess whether any given provider is a meaningful user of his/her medical record system.  The real value of an EHR is typically analyzed retrospectively such data is suspect in the absence of an experimental control group and the inability to evaluate the technology without accounting for other variables that may affect the result;
  • Long Term Data. Compiling long term data to evaluate the effectiveness (meaningful use) of various EHR components will be necessary to drive investment by the private sector; there are some proof of concept implementations for certain categories of providers.  Such examples are rare given the diverse array of health care providers and the technology used to store data related to any given patient;
  • Access Controls. There are no industry standards for delineating (describing) and administering rights with respect to an individual’s personal health record.  Various technologies like private key / public key encryption, certificate authorities, and algorithms to ensure the confidentiality and integrity of protected health information exist, but these systems are poorly understood by most health information technology departments even at the largest providers;
  • Appropriate Security Safeguards. The complex array of state and federal laws make defining the appropriate mix of administrative, physical and technical safeguards an intractable problem.  First movers that take the initiative to define how to protect patient data from disclosure, modification while ensuring the availability of this information in the event of an emergency, are subject to government second guessing; and
  • Legal Liability and Storage Limitations. While storage is cheaper than ever, there is not enough space to store all data related to the care of a patient. It is not clear what information must be retained so that a court can subsequently evaluate the quality of care in any given scenario where a physician may be sued for malpractice.  One example are DICOM (see http://en.wikipedia.org/wiki/Digital_Imaging_and_Communications_in_Medicine)  medical images that require 100’s of megabytes of data, if multiple versions of a medical record must be maintained the storage requirements for an individual’s medical record will expand at an exponential rate.  Some algorithmic methods to conserve space for storing data cannot be used.  The application of irreversible compression technology potentially makes an EHR subject to regulatory review by the FDA.

Related Links:

Discussion of MSFT Health Vault Support of  the Continuity of Care Record (CCR) and the Continuity of Care Document (CCD).

Discussion of Google Health’s Implementation of a Subset of the CCR.

Sample DICOM Images

Definitions

Continuity of Care Record -

The CCR  is a patient health summary standard that includes core health information about a patient.  The CCR is not intended to represent a patients entire medical history.  The CCR standard is based on XML.  An XML scheme to be used to verify the proper formatting of a CCR document can be purchased along with a description of the standard from ASTM International.

DICOM-

The Digital Imaging and Communications in Medicine standard created by the National Electrical Manufacturers Association (NEMA) to aid the distribution and viewing of medical images, such as CT scans, MRIs, and ultrasound.

Related Blogs

     Digg  Facebook  StumbleUpon  Technorati  Deli.cio.us 

    Related posts:

    1. Key Issues in Privacy and Security for 2010 Next year should be interesting. From Red Flag compliance, federal...
    2. HIE and NHIN Implementation Issues: (a) Data Sharing Agreements, (b) the Master Patient Index, (c) Data Standardization, (d) Consent Requirements, and (e) Duties of Network Participants On March 19th, HHS published a notice in the Federal...
    3. Office of the National Coordinator — Time to Reorganize. On December 1st, 2009 the Office of the Secretary of...
    4. Health Information Technology Public Utility Act of 2009 Would Facilitate the Adoption of Open Source EMR Solutions On April 23rd Senator John Rockefeller IV introduced the Health...
    5. Analysis of the HITECH Act’s Incentives to Facilitate Adoption of Health Information Technology The “Health Information Technology for Economic and Clinical Health Act’’...
    March 12th, 2010 | Tags: , , , , , , , , | Category: American Recovery and Reinvestment Act, HIMSS, HIPAA Security, HL-7, Health Information Technology, Health Reform, Health and Humans Services (HHS), Interoperability, NIST | Leave a comment Print This Post Print This Post

    Leave a Reply

     

     

     

    You can use these HTML tags

    <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

    Improve the web with Nofollow Reciprocity.