Us health information interoperability challenges and hipaa
Download
1 / 33

us health information interoperability: challenges and hipaa - PowerPoint PPT Presentation


  • 314 Views
  • Updated On :

US Health Information Interoperability: Challenges and HIPAA. Roy Rada, M.D., Ph.D. Univ. Maryland Baltimore County [email protected] Point. Interoperability is the holy grail. However, problem is not primarily technical.

Related searches for us health information interoperability: challenges and hipaa

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'us health information interoperability: challenges and hipaa' - Thomas


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Us health information interoperability challenges and hipaa

US Health Information Interoperability: Challenges and HIPAA

Roy Rada, M.D., Ph.D.

Univ. Maryland Baltimore County

[email protected]


Point
Point HIPAA

  • Interoperability is the holy grail.

  • However, problem is not primarily technical.

  • In US, challenge is autonomous professional providers and disconnect between consumer and payer.

  • Progress requires appreciation of complexity.


Interoperable
Interoperable HIPAA

  • U.S. National Committee on Vital and Health Statistics: adequate computerized patient record requires that clinically specific data are captured once at the point of care and that all other legitimate data needs are derived from those data == interoperability

  • What components need access?


Components
Components HIPAA

Major components in a hospital information system are:

  • patient management,

  • administration, and

  • clinical support.

    Patient management includes medical records, registration, and order entry


Medical record
Medical Record HIPAA

Each data element has :

  • patient identifier,

  • attribute (for example, heart beat),

  • value of the attribute (for example, 60 beats per minute), and

  • time the value of the attribute was collected.

    Medical records department ‘owns’ record.


Registration
Registration HIPAA

  • Checks with medical record when arriving patient in Master Patient Index.

  • Mistakes frequently occur due to lack of unique identifier.

  • However, in US politicians axed proposed unique patient identifier regulation due to privacy fears.

  • At mundane level, registration needs to interoperate with other systems.


Order entry
Order Entry HIPAA

  • Interoperability challenge due to physician workflow changes.

  • Impressive support of CPOE in US from www.leapfroggroup.org

  • Over 170 employers who pressure health plans to reward providers who implement CPOE


Administration
Administration HIPAA

  • Patient accounting systems are most popular

  • Scheduling systems tend to serve niche markets but should interoperate

  • Financial management


Clinical support
Clinical Support HIPAA

  • Clinical support departments: operating rooms, pathology, pharmacy, and radiology.

  • Different departments get information systems from different vendors. Interoperability is challenge.


Populations
Populations HIPAA

  • Middle-income: physicians in private practice financed by nongovernmental funds.

  • Poor: emergency room of county hospital.

  • Military: government comprehensive.

  • These 3 systems should interoperate.


Health plan
Health Plan HIPAA

  • A health plan pays cost of medical care.

  • Health plan determines premiums, enrolls members, checks eligibility, adjudicates claims, pays provider.

  • Interoperability in US must involve health plans.

  • If plans compete with proprietary features, what of interoperability?


Standards
Standards HIPAA

From technical perspective, key to interoperability is technical standards.

Stakeholders are:

  • Providers and Payers

  • Government

  • Standards Development Organizations

  • Vendors


laboratories HIPAA

payers

HL7 & ASTM

DICOM

radiology

billing

X12

medical record

HL7

IEEE

HL7

medical devices

patient registration


Hipaa
HIPAA HIPAA

  • Government intervenes for interoperability.

  • Health Insurance Portability and Accountability Act (HIPAA).

  • Administrative Simplification: standardization of ‘identifiers and code sets’ and ‘provider-payer transactions

  • Politicians added privacy and security.

  • Year 2000 - now


Transactions
Transactions HIPAA

Alphanumeric strings

For example, the ‘Information Source Name’ might be transmitted as:

PR*2*Blue Cross Blue Shield Illinois****PI*12345~

Transactions will include a claim attachment which is a medical record.


Problems
Problems HIPAA

Compliance with the intent of the Transactions Rule difficult:

  • Entities promulgate too many entity-specific requirements within a Companion Guide.

  • Challenge to interoperability.


Privacy rule
Privacy Rule HIPAA

National framework for health privacy protection.

Penalties:

  • fine of $50,000 and one year in prison for basic offenses

  • fine of $250,000 and ten years in prison for intent to use information for gain.


Minimum necessary standard
Minimum Necessary Standard HIPAA

  • treatment-related exchange among providers is free;

  • disclosures on a routine basis, such as insurance claims, require policies; and

  • non-routine requests must be reviewed on a case-by-case basis to assure only minimum necessary information disclosed.

    Workflow management is way to get privacy and interoperability.


De identification
De-identification HIPAA

  • Privacy Rule applies only to ‘individually identifiable health information’.

  • Rule defines acceptable de-identification criteria.

    Opens certain path to interoperability.


Administration1
Administration HIPAA

Covered entities are required to:

  • Designate a privacy officer;

  • Document their policies and procedures;

  • Train everyone on privacy;

  • Provide a means for individuals to complain; and

  • Have sanctions for employees who violate.


Result
Result HIPAA

Compliance with Privacy Rule has been at enormous cost to the health care system

But creates a public perception of trust on which interoperability could build


Security rule
Security Rule HIPAA

  • Security Rule makes health information safe from people without authorization.

  • Privacy Rule describes circumstances under which information may be used.

  • Security supports Privacy.


New standard
New Standard HIPAA

  • DHHS must adopt standards developed by accredited Standards Development Organizations when possible.

  • No existing standard was technology-neutral and scaleable enough. So, DHHS developed a new standard.

  • Standard supports interoperability


More flexible than privacy
More Flexible than Privacy HIPAA

Two types of Implementation Specifications:

  • Required: Entity is required to implement the specification.

  • Addressable: The entitymay assess whether the specification is reasonable for the entity.

    If the entity determines that an addressable implementation specification is not a reasonable approach to its security needs, then the entity must only document why.

    This supports diffusion of the standard


Administrative safeguards
Administrative Safeguards HIPAA

Require:

  • risk analysis and risk management

  • sanction policy and activity reviews

  • access policies and contingency plans

    This cost/benefit mentality is wise for system interoperability decisions too


Safeguards
Safeguards HIPAA

Technical Safeguards:

  • access control, audit, integrity, authentication, and transmission.

    Physical Safeguards:

  • facility access controls, proper workstation use and physical security, and device and media controls.


Security result
Security Result HIPAA

Annual maintenance costs are high. Takes time of every employee (e.g. security checks at doors).

But again creates a foundation from which interoperability of EHR can grow.


Diffusion politics
Diffusion: Politics HIPAA

  • The health care system is thousands of relatively autonomous units.

  • Interoperability is political challenge.

  • Standards are needed, and standardization is also essentially political.


Diffusion international
Diffusion: International HIPAA

Health care systems nationally:

  • Entrepreneurial (US),

  • Welfare-oriented (Canada),

  • Comprehensive (Britain), and

  • Socialist (Cuba).

    have differences that are challenge to trans-national interoperability


Many national efforts
Many National Efforts HIPAA

  • UK NHS is integrating local networks.

  • Australia has National Health Information Model.

  • US has Office of National Coordinator for Health Information Technology.

  • Direction is toward national interoperability


Conclusion
Conclusion HIPAA

  • Interoperability of EHR should be approached from multiple levels simultaneously

  • Advantage may be taken of progress made in different countries


ad