1 / 54

MAINTAINING SECURITY AND PRIVACY OF PATIENT INFORMATION

This presentation discusses the importance of electronic medical records, software & hardware samples, barriers to EHR implementation, HIPAA regulations, medical data transmission requirements, and security measures for patient records.

felts
Download Presentation

MAINTAINING SECURITY AND PRIVACY OF PATIENT INFORMATION

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. http://www.ieeeusa.org/volunteers/committees/mtpc/documents/EMBC06-NYC-Panel.ppthttp://www.ieeeusa.org/volunteers/committees/mtpc/documents/EMBC06-NYC-Panel.ppt MAINTAINING SECURITY AND PRIVACY OF PATIENT INFORMATION September 2, 2006 Frank E. Ferrante, MSEE, MSEPP President FEFGroup, LLC Past Chair, Medical Technology Policy Committee IEEE-USA, Washington, DC Presented at 28th IEEE EMBS Annual International Conference Aug 30-Sept. 3, 2006, New York City, New York, USA

  2. Outline • Why Electronic Medical Records? • Software Sample/hardware samples • Barriers/Standards for EHR • HIPAA Security and Privacy Regulations • Medical data transmission requirements • Wireline and Wireless Telecommunications Services Security • Security of Patient Medical Records • References

  3. Why Electronic Medical Records (EMRs) • Time spent filing and pulling patient charts, searching for charts • Time re-creating records if destroyed by natural disaster or accident • Cost of supplies to maintain charts • Cost of facility space for records (can better use of space be made?) • Storage and Backup Cost • Transcription services cost • Cost of doing nothing today • Better Security/Privacy Maintainable

  4. Software/Hardware Supporting Digital Medical Records • Electronic Medical Record (EMR)Software • Soapware - check it out $300 Starting Price see: http://soapware.com/ • e-MDs Electronic Medical Record Support Software http://www.e-mds.com • a4Healthsystems EMR and Access systems http://www.a4healthsystems.com • Companion Technologies http://www.companiontechnologies.com • Security and Privacy - all EMRs must be protected • Sample approach: indigenous authentication of digital information (US Patent 6,757,828 B1 of June 29, 2004) by Signa2 http://www.gjtdc.com • Backup routinely onto remote servers or storage offerings

  5. What are the Barriers to EHR and e-Health Implementation?* • Lack of a Unique Personal Identifier • Lack of HIPAA Compliant Middleware • Lack of Incentives • No Paradigm or “First Mover” for Some System Components • Evolving Standards • Disincentives • Lack of an NHIN Architecture • [Fear of Cost/Benefit] * [Corr 06]

  6. Barriers and SolutionsIdentifiers and Middleware • Lack of a Unique Personal Identifier: • Solutions: • Voluntary Personal Healthcare Identifier (IEEE-USA Voluntary Healthcare Identifier Position Statement, 17 June 2004) • Center for Certification of Health Information Technology Multiple ID Approach (Provider ID + Provider Unique Personal ID) • DOD Common Access Card Model • Lack of HIPAA Compliant Middleware: • Solutions: • RHIO Contracts • Marketplace Solutions • Shortcomings: • Public Health and Research Interfaces may not be included HIPAA compliant Identification, Authentication, and Access * [Corr 2006]

  7. EHR Standards Evolution* • International Statistical Classification of Diseases and Related Health Problems (ICD) from ICD-9 to ICD-10 • ASCI X12 Version 4010 to ASCI X12 Version 5010 (HIPAA Business Transactions) • National Council for Prescription Drug Programs Telecommunication Standards from version 5.1 to version D.0 • Conversion of all standards to XML * [Corr 06]

  8. HIPAA Security and Privacy Regulations • Health Insurance Portability Assurance Act (HIPAA) • Security - Required stronger and more focused provision of security around medical information (supports maintaining of information privacy) • Privacy - Enforces increase in privacy protections for medical information (Not just speaking privacy- required under penalty if failure occurs)

  9. Electronic Medical Record (EMR) Data Requirements • Page of text for entering and storing non-image information • Less than 64 Kbytes(large file) • Image Data • (Refer to estimate table)

  10. Medical Images Data Transmission Requirements* *Source: Ferrante, F.E.,“Evolving Telemedicine/eHealth Technology,” Telemedicine and e-Health, Vol 11, Number 3, June 2005, Mary Ann Liebert, Inc Publisher, ISSN-1530-5627.

  11. Wireless Telecommunications Services • Broadband Services • 802.11n • WiMax • Security • PKI • VPN • Secure ID • WEP/WPA/WPA2 (802.11i)

  12. 1,000 Ultrawideband 100 4G cellular Wi-Fi (802.11n) WiMax mobile (802.16e) Wi-Fi (802.11a/g) 10 3.5G cellular Wi-Fi (802.11b) WiMax (802.16) Bluetooth 2.0 3G cellular 1 Bluetooth 1.2 2.5G cellular -1 2G cellular Established Emerging How New Technologies Stack Up Actual performance will vary depending on factors such as how the technology is deployed, the user’s distance from base stations, and interference. WPAN WLAN WMAN WWAN Data Rate (megabits per second) Source: Technology Review, October 2005

  13. Security of Patient Records • Wireline Communications/Computer Access • Database Encryption • Public Private Key access control • Routine Password Control and Management • Isolation of Database Server from outside access • except via Virtual Private Network (VPN) and Secure ID hand-held devices or Secure Private Key system • Wireless Communications • Wire Equivalent Privacy (WEP) • Poorly designed, vulnerable • Wireless Protocol Architecture (WPA)& WPA2 • Improved Security Encoding • Enterprise Security Offering(Both WPA and WPA2 now available for Wireless operations as alternate to WEP)

  14. References • [Corr 2006] Corrigan, Mike (Current Chair MTPC), “Consumer-Centered Electronic Health Records and e-Health - Roadblocks and Opportunities,” presented to GEIA Roundtable, June 29, 2006 -Available at:http://www.ieeeusa.org/volunteers/committees/mtpc/index.html • [IEEE-USA]IEEE Medical Technology Policy Committee Web Site - ttp://www.ieeeusa.org/volunteers/committees/mtpc/index.html

  15. http://www.ahcccs.state.az.us/eHealth/Presentations/Endsley.ppthttp://www.ahcccs.state.az.us/eHealth/Presentations/Endsley.ppt Electronic Health Record (EHR) Adoption in Arizona:A View from the Frontlines Scott Endsley MD MSc Medical Director, System Design Health Services Advisory Group

  16. Health Services Advisory Group • Medicare Quality Improvement Organization (QIO) for Arizona • Founded in 1979 by Arizona doctors and nurses, HSAG is one of the most experienced QIO’s in the nation. • Dedicated to improving quality of care delivery and health outcomes through information, education, and assistance • Partner with physicians, health plans, nursing homes, hospitals

  17. Most Healthcare Comes from Small Practices • 1460 primary care practices • 92% 1-3 physicians • 98% less than 8 physicians

  18. Health Information Technology Use in Arizona • AzAFP/ACP/AOMA Survey (Jan-March 2005) • Harris Survey (Maricopa County Medical Society) Summer 2004

  19. Key Findings • 87% have high-speed Internet access • 13.5% currently using electronic health records • 25% ready to purchase in next 2 years • 29+ electronic health record vendors active in Arizona market

  20. Office Practices are Saying…. • Drug checking, reminders sound great, but can I afford this as a solo practitioner? • Will I be able to connect with my hospital? • Will the vendor be able to support my needs? • Will my patient’s information stay private? • Most of my colleagues still use paper, shouldn’t I wait till electronic medical records are the standard of care? • I have been using paper for 20 years, how will I ever get them all into my electronic medical record?

  21. The IT Adoption ‘Gap’ How do we get here We are here

  22. PREDICTING THE FUTURE • Tipping point in next 3 years • Interpersonal effect 20x more potent than mass marketing effect Source: Ford et al. “Predicting the Adoption of Electronic Health Records” JAMIA, 2006, 13: 106

  23. IT Market Failure: A Prisoner’s Dilemma • $1.6 billion in health care • Highly fragmented delivery and financing models • Asymmetric risk assumption and benefit sharing • 12% DECLINE in proportion of pay for performance programs with IT incentives • IT incentives small = 4% of total incentive. Are you locked behind your medical loss ratio?

  24. If HIT were a Gallon of Gas…. We spend 400X LESS than Great Britain

  25. $28K $12.3K $16.6K $2.2K $2.5K Per “Average” Provider Annual Cost Saving Projections Only 11% ($3080) accrues to physician

  26. The Market Opportunity $200 Billion Market

  27. Costs • Highly variable (e.g. $3,000- $134,000) • Components: • Hardware • Application (both primary and 3rd party) • Training • Support • Maintenance • Interfaces

  28. Bridging the GAP Ten Key Strategies • Demonstrate relative advantage • Triability • Observability • Use multiple channels of communication • Work with homophilous groups • Stay tuned to changes • Social networks • Opinion leaders • Compatibility • Infrastructure Source: Cain and Mittman, Diffusion of Innovation in Health Care, Institute for the Future, May 2002

  29. Barriers to Electronic Transformation • Financial • High up-front cost • Underdeveloped business case • High initial physician time costs • Technical • Inadequate technical support • Lack of standards • Security and privacy Behavioral • Concerns about IT effect on office culture Organizational Change • Patient-physician communication • Workflow changes • Technical competence • Staff Training

  30. Hard Dollar Benefits Example Conditions Amount Hard DollarBenefits ROI ~$33,000/provider starting at 2.5 years after investment, most of which accrues from better coding and charge capture

  31. Doctors Office Quality Information Technology (DOQ-IT) Initiative • 3-year initiative of Centers for Medicare & Medicaid Services (CMS) focused on small to medium sized primary care practices • Aim: transformation of care through widespread adoption of electronic technologies in office practice • State Quality Improvement Organizations have developed technical assistance services Expand the Adoption Rate by 5-6%

  32. Roadmap • ASSESSMENT – practice readiness, workflow analysis • PLANNING – make business case, prioritize needs, set goals • SELECTION – identify options, evaluate, decide, contract • IMPLEMENTATION – prepare, build interfaces, go-live, problem solve • CARE MANAGEMENT- chronic care redesign, report data, improve Vendor Selection Care Management Assessment Planning Implementation

  33. DOQ-IT Services • EHR University • Onsite consultations • Web resources – www.azdoqit.org • Physician Champions Network • IT Events/ Vendor Fairs

  34. DOQ-IT Support

  35. Our Website – www.azdoqit.org • Tools & Resources • Consulting Services • Arizona IT news & events • Register for EHR University • Complete Practice Readiness Assessment

  36. Early Lessons from Frontlines • Cost and loss of productivity concerns • Huge disinterest on part of payers • Second wave of adoption • Free isn’t free enough • Waiting for the government solution

  37. University of Arizona implementing Allscripts systems across 22 site network • Arizona Community Physicians implementing Allscripts across 89 providers • Arizona State Physicians Association promoting Synamed to 900 practice network • Arizona Medical Clinic implemented GE Centricity, uses as basis for pay for performance • Canyonlands Community Health Centers rolling out NextGen across 5 clinics • …..and many more clinics and organizations engaging in electronic transformation

  38. Yuma Regional Center for Border Health • Administer a discount care program – Community Access Program of Arizona (CAPAZ) • 52 providers, 500 patients • Exploring use of CCR-based technology to track patients (especially medications across Arizona/Sonora border)

  39. Our Challenge • Define electronic health care as the standard • Close the technology gap-help small offices find ways to finance technology • Assist practices accomplish the practice redesign to effectively use new technologies, including use of data for improvement • Connect all parts of the healthcare system including consumers

  40. THANK YOU! Scott Endsley 602.745.6342 sendsley@hsag.com Email: azdoqit@hsag.com Website: www.azdoqit.org

  41. Maximizing Personal Health!

  42. http://www.informatics-review.com/talks/TEPR-2003/max.ppt “Electrifying” 1/7th of US Economy May 13, 2003 Presentation to TEPR Gary A. Christopherson, Senior Advisor to Under Secretary Veterans Health Administration, Department of Veterans Affairs

  43. Population, Person/Enrollee, Episode BP/ Ideal BP/ Ideal H&IT H&IT Status - Well, Acute Illness, Chronic Illness, Custodial Maximize Health/Ability & Satisfaction US Health System National Health Policy Care Episode / Chronic Care Clinical Care Death Health Surveillance Preventive Measures Education Evaluation/Diagnosis In-/Outpatient Treatment Community Treatment Rehabilitation Information “Community” Environment “Occupational” Environment Quality Assurance Community Care (Home / Workplace) Research & Development Health Surveillance Preventive Measures Education Evaluation/Treatment Rehabilitation Information Health Risks Birth Direct Care / Info/Prevention US Health – Goals, Strategic Principles, Outcomes, Leadership/Management, Benefits, Culture/Environment, Resources, Information, History

  44. Drivers for health • Maximize health/abilities • Maximize satisfaction • Maximize quality • Maximize accessibility/portability • Maximize affordability • Maximize patient safety (defects/errors to zero) • Minimize time between disability/illness & maximized function/health (time to zero) • Minimize inconvenience (inconvenience to zero) • Maximize security & privacy

  45. Potential timetable to “paperless” • Standards • Data • Communications • --------------------- • Health Info Systems • Electronic Health Records Systems (EHRs) • Personal Health Record Systems (PHRs) • Info Exchange Paperless (IOM) Affordable, high quality, standards-based EHRs, PHRs & Info Exchange Adoption by health organizations Adoption by persons 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010

  46. Toward standards & high performance info systems

  47. S S S S S S S S S S HealthePeople - High Performance Information Systems Components/Links/Standards My HealthePeople [web site, virtual health Outside health record, trusted information, self - reported information, organizations “e” communications/ link to other health transactions providers] Registration, Enrollment Management & & Eligibility System Financial System Health Provider (including clinical Interface, e.g. CPRS, CHCSII, & RPMS) & Data System Database/ Standards Database/ Standards Database/ Standards Blood System Laboratory System Scheduling System System Pharmacy System Billing System Enrollment System Provider Payment Radiology System

  48. Personal Health Record S S S S S S S S S S HealthePeople - High Performance Information Systems Components/Links/Standards My HealthePeople [web site, virtual health Outside health record, trusted information, self - reported information, organizations “e” communications/ link to other health transactions providers] Registration, Enrollment Management & & Eligibility System Financial System Health Provider (including clinical Interface, e.g. CPRS, CHCSII, & RPMS) & Data System Database/ Standards Database/ Standards Database/ Standards Blood System Laboratory System Scheduling System System Pharmacy System Billing System Enrollment System Provider Payment Radiology System

  49. S S S S S S My HealtheVet / My HealthePeople Other health organi-zations Electronic Health Record System My HealtheVet / HealthePeople [Personal Health Record System] “health in a box” on PC & web site via community, health, non-health, government Software & Hardware Database/ Standards • Health Record • Access to health records • Sharing health records • Self-entered health record • Services • Checking/filling prescriptions • Checking/confirming/making appointments • Checking/paying co-payments • Participating in support groups • Health decision support • Health self-assessment • Messaging with health provider • Diagnostic/therapeutic tools • Reminders • “Checking in” • Safety services/tools • Links to other health sites • Information • Trusted information Person Primary health provider Electronic Health Record System (e.g. VistA) Software & Hardware Database/ Standards

  50. My HealtheVet Phasing • Phase 1 • Presentation framework • Health education content • VA developed content (e.g., seasonal health bulletins, health tip of the day, Veterans Health Initiatives, interactive chat) • Portal personalization features • Phase 2 • Rx Re-fill • Self Entered Data (excluding self entered metrics) • Phase 3 • View Co-pay balance • View Appointments • Self Entered Metrics • Phase 4 (Electronic Health Record) • eVAult • VistA extracts • Delegate function • User and system administration functions

More Related