1 / 33

US Health Information Interoperability: Challenges and HIPAA

US Health Information Interoperability: Challenges and HIPAA. Roy Rada, M.D., Ph.D. Univ. Maryland Baltimore County rada@umbc.edu. Point. Interoperability is the holy grail. However, problem is not primarily technical.

Thomas
Download Presentation

US Health Information Interoperability: Challenges and HIPAA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. US Health Information Interoperability: Challenges and HIPAA Roy Rada, M.D., Ph.D. Univ. Maryland Baltimore County rada@umbc.edu

  2. Point • Interoperability is the holy grail. • However, problem is not primarily technical. • In US, challenge is autonomous professional providers and disconnect between consumer and payer. • Progress requires appreciation of complexity.

  3. Interoperable • U.S. National Committee on Vital and Health Statistics: adequate computerized patient record requires that clinically specific data are captured once at the point of care and that all other legitimate data needs are derived from those data == interoperability • What components need access?

  4. Components Major components in a hospital information system are: • patient management, • administration, and • clinical support. Patient management includes medical records, registration, and order entry

  5. Medical Record Each data element has : • patient identifier, • attribute (for example, heart beat), • value of the attribute (for example, 60 beats per minute), and • time the value of the attribute was collected. Medical records department ‘owns’ record.

  6. Registration • Checks with medical record when arriving patient in Master Patient Index. • Mistakes frequently occur due to lack of unique identifier. • However, in US politicians axed proposed unique patient identifier regulation due to privacy fears. • At mundane level, registration needs to interoperate with other systems.

  7. Order Entry • Interoperability challenge due to physician workflow changes. • Impressive support of CPOE in US from www.leapfroggroup.org • Over 170 employers who pressure health plans to reward providers who implement CPOE

  8. Administration • Patient accounting systems are most popular • Scheduling systems tend to serve niche markets but should interoperate • Financial management

  9. Clinical Support • Clinical support departments: operating rooms, pathology, pharmacy, and radiology. • Different departments get information systems from different vendors. Interoperability is challenge.

  10. Populations • Middle-income: physicians in private practice financed by nongovernmental funds. • Poor: emergency room of county hospital. • Military: government comprehensive. • These 3 systems should interoperate.

  11. Health Plan • A health plan pays cost of medical care. • Health plan determines premiums, enrolls members, checks eligibility, adjudicates claims, pays provider. • Interoperability in US must involve health plans. • If plans compete with proprietary features, what of interoperability?

  12. Standards From technical perspective, key to interoperability is technical standards. Stakeholders are: • Providers and Payers • Government • Standards Development Organizations • Vendors

  13. laboratories payers HL7 & ASTM DICOM radiology billing X12 medical record HL7 IEEE HL7 medical devices patient registration

  14. HIPAA • Government intervenes for interoperability. • Health Insurance Portability and Accountability Act (HIPAA). • Administrative Simplification: standardization of ‘identifiers and code sets’ and ‘provider-payer transactions • Politicians added privacy and security. • Year 2000 - now

  15. Transactions Alphanumeric strings For example, the ‘Information Source Name’ might be transmitted as: PR*2*Blue Cross Blue Shield Illinois****PI*12345~ Transactions will include a claim attachment which is a medical record.

  16. Problems Compliance with the intent of the Transactions Rule difficult: • Entities promulgate too many entity-specific requirements within a Companion Guide. • Challenge to interoperability.

  17. Privacy Rule National framework for health privacy protection. Penalties: • fine of $50,000 and one year in prison for basic offenses • fine of $250,000 and ten years in prison for intent to use information for gain.

  18. Minimum Necessary Standard • treatment-related exchange among providers is free; • disclosures on a routine basis, such as insurance claims, require policies; and • non-routine requests must be reviewed on a case-by-case basis to assure only minimum necessary information disclosed. Workflow management is way to get privacy and interoperability.

  19. De-identification • Privacy Rule applies only to ‘individually identifiable health information’. • Rule defines acceptable de-identification criteria. Opens certain path to interoperability.

  20. Administration Covered entities are required to: • Designate a privacy officer; • Document their policies and procedures; • Train everyone on privacy; • Provide a means for individuals to complain; and • Have sanctions for employees who violate.

  21. Result Compliance with Privacy Rule has been at enormous cost to the health care system But creates a public perception of trust on which interoperability could build

  22. Security Rule • Security Rule makes health information safe from people without authorization. • Privacy Rule describes circumstances under which information may be used. • Security supports Privacy.

  23. New Standard • DHHS must adopt standards developed by accredited Standards Development Organizations when possible. • No existing standard was technology-neutral and scaleable enough. So, DHHS developed a new standard. • Standard supports interoperability

  24. More Flexible than Privacy Two types of Implementation Specifications: • Required: Entity is required to implement the specification. • Addressable: The entitymay assess whether the specification is reasonable for the entity. If the entity determines that an addressable implementation specification is not a reasonable approach to its security needs, then the entity must only document why. This supports diffusion of the standard

  25. Administrative Safeguards Require: • risk analysis and risk management • sanction policy and activity reviews • access policies and contingency plans This cost/benefit mentality is wise for system interoperability decisions too

  26. Safeguards Technical Safeguards: • access control, audit, integrity, authentication, and transmission. Physical Safeguards: • facility access controls, proper workstation use and physical security, and device and media controls.

  27. Security Result Annual maintenance costs are high. Takes time of every employee (e.g. security checks at doors). But again creates a foundation from which interoperability of EHR can grow.

  28. Diffusion: Politics • The health care system is thousands of relatively autonomous units. • Interoperability is political challenge. • Standards are needed, and standardization is also essentially political.

  29. Diffusion: International Health care systems nationally: • Entrepreneurial (US), • Welfare-oriented (Canada), • Comprehensive (Britain), and • Socialist (Cuba). have differences that are challenge to trans-national interoperability

  30. Many National Efforts • UK NHS is integrating local networks. • Australia has National Health Information Model. • US has Office of National Coordinator for Health Information Technology. • Direction is toward national interoperability

  31. Conclusion • Interoperability of EHR should be approached from multiple levels simultaneously • Advantage may be taken of progress made in different countries

More Related