EXCLUSIVE POST - There are a variety of forces driving us toward the adoption of electronic health records and the collection, transmission and analysis of data and information to improve patient care.  But, to some professionals the mere thought is a murky soup of acronyms, confusion and frustration.  I firmly believe a little reflection and refocusing will go a long way toward easing fears, so that is what this post is all about.


Defining the Landscape


As a starting point, we should review a few key terms related to health records of organizational care (hospital, practice, clinic, skilled nursing facility, etc).  First, an electronic medical record (EMR) is a collection of health related information on an individual that can be created, gathered, managed, and consulted by authorized clinicians and staff within one healthcare organization. It becomes an electronic health record (EHR) when it conforms to nationally recognized interoperability standards and can be created, managed, and consulted by authorized clinicians and staff across more than one healthcare organization.  EHRs can also be integrated with departmental record components (lab, radiology, pharmacy, surgery, etc.) and a personal health record (PHR), which is created and managed by the consumer and shared with providers of their choosing. 


Health information exchange (HIE) is the electronic movement of health-related information among organizations according to nationally recognized standards and both administrative (eligibility, claims, enrollment, remittances, referrals, authorizations and other transactions) and clinical (documentation, orders, medication history, lab results, images, reports, etc.) data can be exchanged.   Health information organizations (HIO) provide the needed infrastructure to facilitate governance and coordinate administrative processes when multiple organizations are involved.


Together, EHRs and HIE are helping us move away from the data silos of proprietary systems (EMRs, PACS, other components, etc) toward interoperability and ultimately the creation of true longitudinal health records, which include all information from across organizations and systems and also incorporates data and information from remote monitoring devices and support networks. The envisioned Nationwide Health Information Network (NHIN) will be built upon a foundation of standards, services and policies that enable secure health information exchange over the Internet by HIOs and networks. 


One new tool to help healthcare organizations move closer toward the NHIN is the Direct Project; a simple, seamless, standards-based, inexpensive tool for exchanging structured data packets. The Direct Project expands upon available standards and service descriptions and provides an easy "on-ramp" for providers and organizations to address Stage 1 requirements for Meaningful Use and qualify for incentives.  Information contained in the secure messages can slide directly into an EHR, database or other digital receptacle, making it scalable and an especially useful tool for rural communities, small networks and anyone needing to connect with each and every little practice in a community. 


The Challenge of Privacy & Security


Privacy and security often arises (and rightly so) as an issue related to EHRs and any exchange of data, but there is a cost that needs to be balanced. 


The HITECH Act of 2009 does require stronger safeguards and notification when information breached, as well as, an incident risk assessment within 60 days of identifying the breach.  There is a risk of fines and penalties that can be levied by several agencies for any breach and the cost of detection, escalation and notification processes can be significant.   In addition, a breach of over 500 records (paper, electronic or otherwise) results in the organization being added to the Department of Health & Human Services’ Wall of Shame.  


To complicate this matter, malicious attacks are on the rise, so it is even more important for healthcare organizations and professionals to ensure that adequate management practices, safeguards and systems are in place to prevent and quickly identify any data loss.  Providers who are at greatest risk for malicious attacks are those who have inadequate resources and where security processes aren’t as well developed, especially as it relates to business associates. It is really unfortunate, but most healthcare organizations learn of data breaches from patient complaints (41%). 


Many in the industry believe the privacy and security conversation needs to include a review of transparency and rational discussion and definition of degrees of privacy. The conversation will also need to address who pays for security -- currently another unfunded mandate in healthcare.


A Place for Social Media


There are also opportunities to incorporate social media and mobile health into EHRs.  One significant sign of what we can expect is found in the meaningful use criteria, which are based upon the need to collect and transmit information and data.  Longitudinal health is referenced along with specific criteria to:


  • fully engaging patients & their families in their healthcare
  • patient messaging in their preferred communication medium
  • self-management tools for patients with high priority health conditions
  • reporting experience of care measures online
  • upload and incorporate patient generated data into an EHR & clinical workflow


One example where this is a reality is the San Diego Beacon Community  providers who are building upon their health information technology infrastructure and exchange capabilities and incorporating social media and mHealth solutions.


Looking Ahead


The path ahead isn’t going to be an easy one, but it is one we must take.  Effective leaders recognize that changes in our healthcare delivery system are needed and they appreciate the opportunities offered by an expanding and maturing selection of health information technologies. Keeping a focus on the needs of the patient will help these leaders navigate the options and make those decisions that will truly result in improved care and safety at a reduced cost.