us health information interoperability challenges and hipaa n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
US Health Information Interoperability: Challenges and HIPAA PowerPoint Presentation
Download Presentation
US Health Information Interoperability: Challenges and HIPAA

Loading in 2 Seconds...

play fullscreen
1 / 33

US Health Information Interoperability: Challenges and HIPAA - PowerPoint PPT Presentation


  • 320 Views
  • Uploaded on

US Health Information Interoperability: Challenges and HIPAA. Roy Rada, M.D., Ph.D. Univ. Maryland Baltimore County rada@umbc.edu. Point. Interoperability is the holy grail. However, problem is not primarily technical.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'US Health Information Interoperability: Challenges and HIPAA' - Thomas


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
us health information interoperability challenges and hipaa

US Health Information Interoperability: Challenges and HIPAA

Roy Rada, M.D., Ph.D.

Univ. Maryland Baltimore County

rada@umbc.edu

point
Point
  • Interoperability is the holy grail.
  • However, problem is not primarily technical.
  • In US, challenge is autonomous professional providers and disconnect between consumer and payer.
  • Progress requires appreciation of complexity.
interoperable
Interoperable
  • U.S. National Committee on Vital and Health Statistics: adequate computerized patient record requires that clinically specific data are captured once at the point of care and that all other legitimate data needs are derived from those data == interoperability
  • What components need access?
components
Components

Major components in a hospital information system are:

  • patient management,
  • administration, and
  • clinical support.

Patient management includes medical records, registration, and order entry

medical record
Medical Record

Each data element has :

  • patient identifier,
  • attribute (for example, heart beat),
  • value of the attribute (for example, 60 beats per minute), and
  • time the value of the attribute was collected.

Medical records department ‘owns’ record.

registration
Registration
  • Checks with medical record when arriving patient in Master Patient Index.
  • Mistakes frequently occur due to lack of unique identifier.
  • However, in US politicians axed proposed unique patient identifier regulation due to privacy fears.
  • At mundane level, registration needs to interoperate with other systems.
order entry
Order Entry
  • Interoperability challenge due to physician workflow changes.
  • Impressive support of CPOE in US from www.leapfroggroup.org
  • Over 170 employers who pressure health plans to reward providers who implement CPOE
administration
Administration
  • Patient accounting systems are most popular
  • Scheduling systems tend to serve niche markets but should interoperate
  • Financial management
clinical support
Clinical Support
  • Clinical support departments: operating rooms, pathology, pharmacy, and radiology.
  • Different departments get information systems from different vendors. Interoperability is challenge.
populations
Populations
  • Middle-income: physicians in private practice financed by nongovernmental funds.
  • Poor: emergency room of county hospital.
  • Military: government comprehensive.
  • These 3 systems should interoperate.
health plan
Health Plan
  • A health plan pays cost of medical care.
  • Health plan determines premiums, enrolls members, checks eligibility, adjudicates claims, pays provider.
  • Interoperability in US must involve health plans.
  • If plans compete with proprietary features, what of interoperability?
standards
Standards

From technical perspective, key to interoperability is technical standards.

Stakeholders are:

  • Providers and Payers
  • Government
  • Standards Development Organizations
  • Vendors
slide13

laboratories

payers

HL7 & ASTM

DICOM

radiology

billing

X12

medical record

HL7

IEEE

HL7

medical devices

patient registration

hipaa
HIPAA
  • Government intervenes for interoperability.
  • Health Insurance Portability and Accountability Act (HIPAA).
  • Administrative Simplification: standardization of ‘identifiers and code sets’ and ‘provider-payer transactions
  • Politicians added privacy and security.
  • Year 2000 - now
transactions
Transactions

Alphanumeric strings

For example, the ‘Information Source Name’ might be transmitted as:

PR*2*Blue Cross Blue Shield Illinois****PI*12345~

Transactions will include a claim attachment which is a medical record.

problems
Problems

Compliance with the intent of the Transactions Rule difficult:

  • Entities promulgate too many entity-specific requirements within a Companion Guide.
  • Challenge to interoperability.
privacy rule
Privacy Rule

National framework for health privacy protection.

Penalties:

  • fine of $50,000 and one year in prison for basic offenses
  • fine of $250,000 and ten years in prison for intent to use information for gain.
minimum necessary standard
Minimum Necessary Standard
  • treatment-related exchange among providers is free;
  • disclosures on a routine basis, such as insurance claims, require policies; and
  • non-routine requests must be reviewed on a case-by-case basis to assure only minimum necessary information disclosed.

Workflow management is way to get privacy and interoperability.

de identification
De-identification
  • Privacy Rule applies only to ‘individually identifiable health information’.
  • Rule defines acceptable de-identification criteria.

Opens certain path to interoperability.

administration1
Administration

Covered entities are required to:

  • Designate a privacy officer;
  • Document their policies and procedures;
  • Train everyone on privacy;
  • Provide a means for individuals to complain; and
  • Have sanctions for employees who violate.
result
Result

Compliance with Privacy Rule has been at enormous cost to the health care system

But creates a public perception of trust on which interoperability could build

security rule
Security Rule
  • Security Rule makes health information safe from people without authorization.
  • Privacy Rule describes circumstances under which information may be used.
  • Security supports Privacy.
new standard
New Standard
  • DHHS must adopt standards developed by accredited Standards Development Organizations when possible.
  • No existing standard was technology-neutral and scaleable enough. So, DHHS developed a new standard.
  • Standard supports interoperability
more flexible than privacy
More Flexible than Privacy

Two types of Implementation Specifications:

  • Required: Entity is required to implement the specification.
  • Addressable: The entitymay assess whether the specification is reasonable for the entity.

If the entity determines that an addressable implementation specification is not a reasonable approach to its security needs, then the entity must only document why.

This supports diffusion of the standard

administrative safeguards
Administrative Safeguards

Require:

  • risk analysis and risk management
  • sanction policy and activity reviews
  • access policies and contingency plans

This cost/benefit mentality is wise for system interoperability decisions too

safeguards
Safeguards

Technical Safeguards:

  • access control, audit, integrity, authentication, and transmission.

Physical Safeguards:

  • facility access controls, proper workstation use and physical security, and device and media controls.
security result
Security Result

Annual maintenance costs are high. Takes time of every employee (e.g. security checks at doors).

But again creates a foundation from which interoperability of EHR can grow.

diffusion politics
Diffusion: Politics
  • The health care system is thousands of relatively autonomous units.
  • Interoperability is political challenge.
  • Standards are needed, and standardization is also essentially political.
diffusion international
Diffusion: International

Health care systems nationally:

  • Entrepreneurial (US),
  • Welfare-oriented (Canada),
  • Comprehensive (Britain), and
  • Socialist (Cuba).

have differences that are challenge to trans-national interoperability

many national efforts
Many National Efforts
  • UK NHS is integrating local networks.
  • Australia has National Health Information Model.
  • US has Office of National Coordinator for Health Information Technology.
  • Direction is toward national interoperability
conclusion
Conclusion
  • Interoperability of EHR should be approached from multiple levels simultaneously
  • Advantage may be taken of progress made in different countries