![Issue Brief: Electronic Health Records Seeler 1
Background
President George Bush signed an executive order in April 2004 directing the Secretary of
Health and Human Services (HHS) to establish the position of National Health Information
Technology Coordinator. This individual was tasked with overseeing the development a
nationwide interoperable health information technology infrastructure that, among other things:
• improves health care quality,
• reduces medical errors,
• decreases health care costs resulting from inefficiency, medical errors,
inappropriate care, and incomplete information,
• while ensuring the security of personally identifiable health information.1
The Office of the National Coordinator for Health Information Technology (ONC), as the
department is now called, is focusing on electronic medical records to achieve its mission of
“improv[ing] health and health care for all Americans through use of information and
technology.”2
What is an Electronic Health Record (EHR)?
Also known as electronic medical records or personal health records, EHRs can loosely
be seen as “a set of computer-based tools that allow people to access and coordinate their
lifelong health information and make appropriate parts of it available to those who need it.”3
More particularly, HHS defines an EHR as:
1
President, Executive Order, “Incentives for the Use of Health Information Technology and
Establishing the Position of the National Health Information Technology Coordinator,” Federal Register 69, no. 84:
(April 2004).
2
Office of the National Coordinator for Health Information Technology, FY 2012 Congressional Budget
Justification (Washington DC, 2011).
3
Kaelber, David C., Ashish K. Jha, Douglas Johnston, Blackford Middleton, and David W. Bates, "A Research
Agenda for Personal Health Records (PHRs)," Journal of the American Medical Informatics Association 15, no. 6
(2008): 729-736.](https://image.slidesharecdn.com/625issuebrief-111106202630-phpapp02/85/Issue-Brief-EHRs-1-320.jpg)
Issue Brief - EHRs
- 1. Issue Brief: Electronic Health Records Seeler 1 Background President George Bush signed an executive order in April 2004 directing the Secretary of Health and Human Services (HHS) to establish the position of National Health Information Technology Coordinator. This individual was tasked with overseeing the development a nationwide interoperable health information technology infrastructure that, among other things: • improves health care quality, • reduces medical errors, • decreases health care costs resulting from inefficiency, medical errors, inappropriate care, and incomplete information, • while ensuring the security of personally identifiable health information.1 The Office of the National Coordinator for Health Information Technology (ONC), as the department is now called, is focusing on electronic medical records to achieve its mission of “improv[ing] health and health care for all Americans through use of information and technology.”2 What is an Electronic Health Record (EHR)? Also known as electronic medical records or personal health records, EHRs can loosely be seen as “a set of computer-based tools that allow people to access and coordinate their lifelong health information and make appropriate parts of it available to those who need it.”3 More particularly, HHS defines an EHR as: 1 President, Executive Order, “Incentives for the Use of Health Information Technology and Establishing the Position of the National Health Information Technology Coordinator,” Federal Register 69, no. 84: (April 2004). 2 Office of the National Coordinator for Health Information Technology, FY 2012 Congressional Budget Justification (Washington DC, 2011). 3 Kaelber, David C., Ashish K. Jha, Douglas Johnston, Blackford Middleton, and David W. Bates, "A Research Agenda for Personal Health Records (PHRs)," Journal of the American Medical Informatics Association 15, no. 6 (2008): 729-736.
- 2. Issue Brief: Electronic Health Records Seeler 2 A real-time patient health record with access to evidence-based decision support tools that can be used to aid clinicians in decision making. The EHR can automate and streamline a clinician's workflow, ensuring that all clinical information is communicated. It can also prevent delays in response that result in gaps in care. The EHR can also support the collection of data for uses other than clinical care, such as billing, quality management, outcome reporting, and public health disease surveillance and reporting.4 What Types of Legislation are Related to EHRs? There are two main pieces of legislation that greatly impact the nature and use of EHRs: the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH), which was passed as part of the American Recovery and Reinvestment Act (ARRA) of 2009. HIPAA The main objective of HIPAA when originally enacted was to “improve portability and continuity of health insurance coverage in the group and individual markets.”5 Sections 261 through 264 of HIPAA, referred to as “Administrative Simplification” rules, require the Secretary of HHS to publicize national standards for the electronic exchange, privacy and security of health information. The Centers for Medicare & Medicaid Services (CMS) administer and enforce the following Administrative Simplification rules: Transactions and Code Sets Standards, Employer Identifier Standard, and National Provider Identifier Standard.6 The act also mandated that the Secretary issue privacy regulations governing personally identifiable health information, if Congress did not enact privacy legislation within three years. Because Congress did not reach a consensus, HHS developed a proposed rule and released it for 4 Department of Health and Human Services, “HealthIT.hhs.gov:Glossary,” Glossary of Selected Terms Related to Health IT, last modified December 4, 2009, http://healthit.hhs.gov/portal/server.pt/community/health_it_hhs_gov__glossary/1256 5 Health Insurance Portability and Accountability Act of 1996, H.R. 3103, 104th Cong., 2nd sess. 6 Department of Health and Human Services, “HIPAA Administrative Simplification Statute and Rules,” HIPAA Administrative Simplification Statute and Rules, http://www.hhs.gov/ocr/privacy/hipaa/administrative/index.html
- 3. Issue Brief: Electronic Health Records Seeler 3 public comment in November 1999. The final regulation, known as the Privacy Rule, was published December 2000. It was later amended in August 2002.7 The Privacy Rule applies to all health plans, health care clearinghouses, and any health care provider who transmits health information in any format. It seeks to protect individually identifiable health information, such as a person’s past, present, or future physical condition by defining and limiting circumstances in which someone’s protected health information may be used or disclosed by covered entities. Some measures include requiring covered entities to provide notice of their privacy practices to patients, the ability of patients to authorize access to their medical records, and the right of people to view and obtain a copy of their own records.8 HHS proposed rule protecting the integrity, confidentiality, and availability of electronic personally identifiable health information held or transmitted by covered entities and released it for public comment in August 1998. The final regulation, known as the Security Rule, was published in February 2003. The Security Rule applies to covered entities that transmit health information in an electronic format. It specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality, integrity, and availability of personally identifiable health information. Covered entities are also expected to protect against reasonably anticipated and impermissible uses or disclosures, guard against anticipated threats to security or integrity of information, and ensure compliance by their workforce.9 Neither the Security Rule or Privacy Rule dictate how covered entities should achieve these objectives, understanding that providers vary greatly in size and needs. 7 Department of Health and Human Services, “Summary of the HIPAA Privacy Rule,” Summary of the HIPAA Privacy Rule, http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html 8 Ibid. 9 Department of Health and Human Services, “Summary of the HIPAA Security Rule,” Summary of the HIPAA Security Rule, http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html
- 4. Issue Brief: Electronic Health Records Seeler 4 HITECH President Barack Obama signed the American Recovery and Reinvestment Act (ARRA) in February 2009, which the Health Information Technology for Economic and Clinical Health Act (HITECH) was part of. The act widens the scope of privacy and security protections offered under HIPAA, increases potential liability for non-compliance, and provides more enforcement. HITECH also amends Title XXX of the Public Health Service Act by adding various opportunities to advance health information technology. One example of this is the grant, loan, and demonstration programs. The Secretary of HHS is required to allocate funds among various agencies, such as ONC, CMS, Agency for Healthcare Research and Quality, and Indian Health Service with the intent to support health information technology, development and adoption of appropriate certified EHRs, and training on and dissemination of information on best practices to integrate health information technology into providers’ delivery of care among others.10 HITECH also provides specifications for regional assistance centers, state grants, and to Indian tribes. The act allocates funding for demonstration projects to develop academic curricula integrating certified EHR technology in the clinical education of health professionals.11 During the 2009-2010 fiscal year, HHS allocated $235 million to the Beacon Community Cooperative Agreement Program for communities to build and strengthen their health information technology infrastructure. The Strategic Health IT Advanced Research Projects (SHARP) Program was given $60 million to fund research focused on finding solutions to address well-documented problems that have impeded adoption of EHRs: security of health information technology, 10 Health Information Technology for Economic and Clinical Health (HITECH) Act, Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009 (ARRA), Pub. L. No. 111-5 (Feb. 17, 2009) 11 Ibid.
- 5. Issue Brief: Electronic Health Records Seeler 5 patient-centered cognitive support, healthcare application and network platform architectures, and secondary use of EHR data.12 A key component included in the HITECH Act is the provision of financial incentives to professionals, eligible hospitals and critical access hospitals for certified EHR adoption under Medicare and Medicaid. CMS coordinates this aspect of the legislation. Eligible providers can register as early as 2011, but must participate by February 29, 2012 in order to receive the maximum incentive payment. Starting in 2015, eligible parties that do not successfully demonstrate meaningful use will have a payment adjustment to their Medicare reimbursement, although this will not apply under the Medicaid EHR Incentive Program.13 What is “Meaningful Use”? Providers are expected to demonstrate their use of certified EHR technology in ways that be measured significantly in quality and in quantity. More particularly, ARRA outlines three elements of Meaningful Use: • The use of a certified EHR in a meaningful manner, such as e-prescribing. • The use of certified EHR technology for electronic exchange of health information to improve quality of health care. • The use of certified EHR technology to submit clinical quality and other measures.14 Meaningful Use criteria will by laid out in three stages from 2011 to 2015. Stage 1 (2011 and 2012) sets a baseline for electronic data capture and information sharing. Stages 2 and 3 12 Office of the National Coordinator for Health Information Technology, Celebrating the First Anniversary of the HITECH Act and Looking to the Future, Health Information Technology for Economic and Clinical Health (Washington DC, 2010). 13 Centers for Medicaid and Medicare Services, “Overview EHR Incentive Programs,” Overview, last modified April 18, 2011, http://www.cms.gov/EHRIncentivePrograms/ 14 Centers for Medicaid and Medicare Services, “CMS EHR Meaningful Use Overview EHR Incentive Programs,” CMS EHR Meaningful Use Overview, last modified April 20, 2011, http://www.cms.gov/EHRIncentivePrograms/30_Meaningful_Use.asp#TopOfPage
- 6. Issue Brief: Electronic Health Records Seeler 6 (2013 and 2015 respectively) will continue to expand on the established baseline. Current criteria for Meaningful Use includes both a core set and menu set of objectives specific to eligible professionals or eligible hospitals and critical access hospitals.15 What is a Certified EHR? Legislators and HHS want health care providers and their patients to be confident that the electronic health information technology products and systems they use are secure, can maintain data confidentially, can work with other systems to share information, and can perform a set of well-defined functions. A Final Rule on an initial set of standards, implementation specifications, and certification criteria was issued July 2010. According to HHS, the certification criteria adopted in this initial set establish the required capabilities and related standards and implementation specifications that certified EHR technology will need to include in order to support the achievement of meaningful use Stage 1 by eligible professionals and eligible hospitals under the Medicare and Medicaid EHR Incentive Programs.16 Several examples of certification criteria include drug-drug and drug-allergy interaction checks, encryption, audit logs, and access control.17 CMS will only reimburse eligible entities under its Medicare and Medicaid Incentive Programs for EHR technology that has been tested and certified by an Office of the National Coordinator Authorized Testing and Certification Body (ATCB). Who Provides Certified EHRs? 15 Ibid. 16 Department of Health and Human Services, “HealthIT.hhs.gov:Standards IFR,” Standards & Criteria Certification Final Rule, last modified March 31, 2011, http://healthit.hhs.gov/portal/server.pt?open=512&objID=1195&parentname=CommunityPage&parentid=97 &mode=2&in_hi_userid=11673&cached=true 17 Department of Health and Human Services, “HealthIT.hhs.gov:Reference Grids,” Reference Grids for Meaningful Use and Standards and Certification Criteria Final Rules, last modified March 31, 2011, http://healthit.hhs.gov/portal/server.pt?open=512&mode=2&objID=3584
- 7. Issue Brief: Electronic Health Records Seeler 7 Many commercial vendors offer EHR systems that have been certified by the ATCB. Users can go to the Certified HIT Product List website maintained by HHS to locate and select a provider based on practice type (ambulatory or inpatient). The 600 plus products are designated as “Complete EHR,” which means that it meets all of the certification criteria, or “Modular EHR," meaning that it meets at least one certification criteria. What Information is Included in EHRs? This varies widely and depends on the particular data fields included by the vendor. Information in an EHR may include: • personal identification, such as name and birth date • emergency contacts • health insurance information • living wills, advance directives, or medical power of attorney • a list and dates of significant illnesses and surgical procedures • current medications and dosages • immunizations and their dates • allergies or sensitivities to drugs or materials • important events, dates, and hereditary conditions in the family history • test results How can Consumers Use EHRs to Obtain Information? A joint task force consisting of individuals from the Medical Library Association and National Library of Medicine investigated the characteristics of personal health records in 2008 and 2009. They also looked at how librarians could help consumers locate reliable and authoritative health information since many users might be consulting questionable sources such
- 8. Issue Brief: Electronic Health Records Seeler 8 as wikis, blogs, and social networking sites. The task force created a statement that could be inserted in EHRs to alert users that they can obtain information from authoritative resources such as NLM’s MedlinePlus, MLA’s Consumer and Patient Health Information Section website, and through direct contact with medical librarians.18 Medical librarians, including those found in public libraries, can assist patrons in many capacities such as: • assisting patients with registering for EHRs • training employees in the use of EHRs • educating staff on how use of EHRs might reduce costs, inform consumers, and benefit the institution • incorporating information about EHRs into academic courses • helping implement patient portals that include EHRs • selecting and evaluating consumer health content to be included in personal health records • coordinating with health information management professionals responsible for EHRs • assisting health care providers in adopting the use of EHRs • providing EHR vendors with information regarding the UMLS and how it can be integrated into EHRs • promoting the use of EHRs through consumer • outreach efforts to build trust and acceptance 18 Dixie A. Jones, Jean P. Shipman, Daphne A. Plaut, and Catherine R. Selden, “Characteristics of personal health records: findings of the Medical Library Association/National Library of Medicine Joint Electronic Personal Health Record Task Force,” Journal of the Medical Library Association 98, no.3 (2010): 247.