Electronic health records in the United States

EHR adoption of all physicians in the US. Source: DesRoches et al. (2008).[needs update]

  Fully functional EHR system (4%)
  Basic EHR system (13%)
  Bought but not implemented yet (13%)
  EHR purchase planned in 2 years (22%)
  No EHR system (48%)

Federal and state governments, insurance companies and other large medical institutions are heavily promoting the adoption of electronic health records. The US Congress included a formula of both incentives (up to $44,000 per physician under Medicare, or up to $65,000 over six years under Medicaid) and penalties (i.e. decreased Medicare and Medicaid reimbursements to doctors who fail to use EMRs by 2015, for covered patients) for EMR/EHR adoption versus continued use of paper records as part of the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the, American Recovery and Reinvestment Act of 2009.[1]

The 21st Century Cures Act, passed in 2016, prohibited information blocking, which had slowed interoperability.[2] In 2018, the Trump administration announced the MyHealthEData initiative to further allow for patients to receive their health records.[3] The federal Office of the National Coordinator for Health Information Technology leads these efforts.[4]

One VA study estimates its electronic medical record system may improve overall efficiency by 6% per year, and the monthly cost of an EMR may (depending on the cost of the EMR) be offset by the cost of only a few "unnecessary" tests or admissions.[5][6] Jerome Groopman disputed these results, publicly asking "how such dramatic claims of cost-saving and quality improvement could be true".[7] A 2014 survey of the American College of Physicians member sample, however, found that family practice physicians spent 48 minutes more per day when using EMRs. 90% reported that at least 1 data management function was slower after EMRs were adopted, and 64% reported that note writing took longer. A third (34%) reported that it took longer to find and review medical record data, and 32% reported that it was slower to read other clinicians' notes.[8]

Coverage

[edit]

In a 2008 survey by DesRoches et al. of 4484 physicians (62% response rate), 83% of all physicians, 80% of primary care physicians, and 86% of non-primary care physicians had no EHRs. "Among the 83% of respondents who did not have electronic health records, 16%" had bought, but not implemented an EHR system yet.[9] The 2009 National Ambulatory Medical Care Survey of 5200 physicians (70% response rate) by the National Center for Health Statistics showed that 51.7% of office-based physicians did not use any EMR/EHR system.[10]

In the United States, the CDC reported that the EMR adoption rate had steadily risen to 48.3 percent at the end of 2009.[11] This is an increase over 2008 when only 38.4% of office-based physicians reported using fully or partially electronic medical record systems (EMR) in 2008.[12] However, the same study found that only 20.4% of all physicians reported using a system described as minimally functional and including the following features: orders for prescriptions, orders for tests, viewing laboratory or imaging results, and clinical progress notes. As of 2013, 78 percent of office physicians are using basic electronic medical records.[13] As of 2014, more than 80 percent of hospitals in the U.S.have adopted some type of EHR. Though within a hospital, the type of EHR data and mix varies significantly. Types of EHR data used in hospitals include structured data (e.g., medication information) and unstructured data (e.g., clinical notes).[14]

The healthcare industry spends only 2% of gross revenues on Health Information Technology (HIT), which is low compared to other information intensive industries such as finance, which spend upwards of 10%.[15][16]

The usage of electronic medical records can vary depending on who the user is and how they are using it. Electronic medical records can help improve the quality of medical care given to patients. Many doctors and office-based physicians refuse to get rid of traditional paper records. Harvard University has conducted an experiment in which they tested how doctors and nurses use electronic medical records to keep their patients' information up to date. The studies found that electronic medical records were very useful; a doctor or a nurse was able to find a patient's information fast and easy just by typing their name; even if it was misspelled. The usage of electronic medical records increases in some workplaces due to the ease of use of the system; whereas the president of the Canadian Family Practice Nurses Association says that using electronic medical records can be time-consuming, and it isn't very helpful due to the complexity of the system.[17] Beth Israel Deaconess Medical Center reported that doctors and nurses prefer to use a much more friendly user software due to the difficulty and time it takes for medical staff to input the information as well as to find a patient's information. A study was done and the amount of information that was recorded in the EMRs was recorded; about 44% of the patient's information was recorded in the EMRs. This shows that EMRs are not very efficient most of the time.[18]

The cost of implementing an EMR system for smaller practices has also been criticized; data produced by the Robert Wood Johnson Foundation demonstrates that the first-year investment for an average five-person practice is $162,000 followed by about $85,000 in maintenance fees.[19] Despite this, tighter regulations regarding meaningful use criteria and national laws (Health Information Technology for Economic and Clinical Health Act and the Affordable Care Act)[20] have resulted in more physicians and facilities adopting EMR systems:

  • Software, hardware and other services for EMR system implementation are provided for cost by various companies including Dell.[21]
  • Open source EMR systems exist but have not seen widespread adoption of open-source EMR system software.

Beyond financial concerns there are a number of legal and ethical dilemmas created by increasing EMR use, including the risk of medical malpractice due to user error, server glitches that result in the EMR not being accessible, and increased vulnerability to hackers.[22][23]

[edit]

Electronic medical records, like other medical records, must be kept in unaltered form and authenticated by the creator.[24] Under data protection legislation, the responsibility for patient records (irrespective of the form they are kept in) is always on the creator and custodian of the record, usually a health care practice or facility. This role has been said[by whom?] to require changes such that the sole medico-legal record should be held elsewhere.[25] The physical medical records are the property of the medical provider (or facility) that prepares them. This includes films and tracings from diagnostic imaging procedures such as X-ray, CT, PET, MRI, ultrasound, etc. The patient, however, according to HIPAA, has a right to view the originals, and to obtain copies under law.[26]

The Health Information Technology for Economic and Clinical Health Act (HITECH) (Pub. L. 111–5 (text) (PDF),§2.A.III & B.4) (a part of the 2009 stimulus package) set meaningful use of interoperable EHR adoption in the health care system as a critical national goal and incentivized EHR adoption.[27][28] The "goal is not adoption alone but 'meaningful use' of EHRs—that is, their use by providers to achieve significant improvements in care."[29]

Title IV of the act promises maximum incentive payments for Medicaid to those who adopt and use "certified EHRs" of $63,750 over 6 years beginning in 2011. Eligible professionals must begin receiving payments by 2016 to qualify for the program. For Medicare the maximum payments are $44,000 over 5 years. Doctors who do not adopt an EHR by 2015 will be penalized 1% of Medicare payments, increasing to 3% over 3 years. In order to receive the EHR stimulus money, the HITECH Act requires doctors to show "meaningful use" of an EHR system. As of June 2010, there were no penalty provisions for Medicaid.

In 2017 the government announced its first False Claims Act settlement with an electronic health records vendor for misrepresenting its ability to meet “meaningful use” standards and therefore receive incentive payments. eClinicalWorks paid $155 million to settle charges that it had failed to meet all government requirements, failed to adequately test its software, failed to fix certain bugs, failed to ensure data portability, and failed to reliably record laboratory and diagnostic imaging orders.[30] The government also alleged that eClinicalWorks paid kickbacks to influential customers who recommended its products. The case marks the first time the government applied the federal Anti-Kickback Statute law to the promotion and sale of an electronic health records system.[31] The False Claims Act lawsuit was brought by a whistleblower who was a New York City employee implementing eClinicalWorks’ system at Rikers Island Correctional Facility when he became aware of the software flaws. His “qui tam” case was later joined by the government.[30] Notably, CMS has said it will not punish eClinicalWorks clients that "in good faith" attested to using the software.[32]

Health information exchange (HIE) has emerged as a core capability for hospitals and physicians to achieve "meaningful use" and receive stimulus funding. Healthcare vendors are pushing HIE as a way to allow EHR systems to pull disparate data and function on a more interoperable level.[citation needed]

Starting in 2015, hospitals and doctors will be subject to financial penalties under Medicare if they are not using electronic health records.[33]

Goals and objectives

[edit]
Quality and safety measurement
Clinical decision support (automated advice) for providers
Patient registries (e.g., "a directory of patients with diabetes")
  • Improve care coordination
  • Engage patients and families in their care
  • Improve population and public health
Electronic laboratory reporting for reportable conditions (hospitals)
Immunization reporting to immunization registries
Syndromic surveillance (health event awareness)
  • Ensure adequate privacy and security protections
  • Predict future health conditions through machine learning before diagnoses[34]

Quality

[edit]

Studies call into question whether, in real life, EMRs improve the quality of care.[35] 2009 produced several articles raising doubts about EMR benefits.[36] A major concern is the reduction of physician-patient interaction due to formatting constraints. For example, some doctors have reported that the use of check-boxes has led to fewer open-ended questions.[37]

Meaningful use

[edit]

The main components of meaningful use are:

  • The use of a certified EHR in a meaningful manner, such as e-prescribing.
  • The use of certified EHR technology for the electronic exchange of health information to improve the quality of health care.
  • The use of certified EHR technology to submit clinical quality and other measures.

In other words, providers need to show they're using certified EHR technology in ways that can be measured significantly in quality and in quantity.[38]

The meaningful use of EHRs intended by the US government incentives is categorized as follows:

  • Improve care coordination
  • Reduce healthcare disparities
  • Engage patients and their families
  • Improve population and public health[39][40]
  • Ensure adequate privacy and security

The Obama Administration's Health IT program intends to use federal investments to stimulate the market of electronic health records:

  • Incentives: to providers who use IT
  • Strict and open standards: To ensure users and sellers of EHRs work towards the same goal
  • Certification of software: To provide assurance that the EHRs meet basic quality, safety, and efficiency standards

The detailed definition of "meaningful use" is to be rolled out in 3 stages over a period of time until 2017. Details of each stage are hotly debated by various groups.[41]

Meaningful use Stage 1

[edit]

The first steps in achieving meaningful use are to have a certified electronic health record (EHR) and to be able to demonstrate that it is being used to meet the requirements. Stage 1 contains 25 objectives/measures for Eligible Providers (EPs) and 24 objectives/measures for eligible hospitals. The objectives/measures have been divided into a core set and menu set. EPs and eligible hospitals must meet all objectives/measures in the core set (15 for EPs and 14 for eligible hospitals). EPs must meet 5 of the 10 menu-set items during Stage 1, one of which must be a public health objective.[42]

Full list of the Core Requirements and a full list of the Menu Requirements.

Core Requirements:

  1. Use computerized order entry for medication orders.
  2. Implement drug-drug, drug-allergy checks.
  3. Generate and transmit permissible prescriptions electronically.
  4. Record demographics.
  5. Maintain an up-to-date problem list of current and active diagnoses.
  6. Maintain active medication list.
  7. Maintain active medication allergy list.
  8. Record and chart changes in vital signs.
  9. Record smoking status for patients 13 years old or older.
  10. Implement one clinical decision support rule.
  11. Report ambulatory quality measures to CMS or the States.
  12. Provide patients with an electronic copy of their health information upon request.
  13. Provide clinical summaries to patients for each office visit.
  14. Capability to exchange key clinical information electronically among providers and patient authorized entities.
  15. Protect electronic health information (privacy & security)

Menu Requirements:

  1. Implement drug-formulary checks.
  2. Incorporate clinical lab-test results into certified EHR as structured data.
  3. Generate lists of patients by specific conditions to use for quality improvement, reduction of disparities, research, and outreach.
  4. Send reminders to patients per patient preference for preventive/ follow-up care
  5. Provide patients with timely electronic access to their health information (including lab results, problem list, medication lists, allergies)
  6. Use certified EHR to identify patient-specific education resources and provide to the patient if appropriate.
  7. Perform medication reconciliation as relevant
  8. Provide a summary care record for transitions in care or referrals.
  9. Capability to submit electronic data to immunization registries and actual submission.
  10. Capability to provide electronic syndromic surveillance data to public health agencies and actual transmission.

To receive federal incentive money, CMS requires participants in the Medicare EHR Incentive Program to "attest" that during a 90-day reporting period, they used a certified EHR and met Stage 1 criteria for meaningful use objectives and clinical quality measures. For the Medicaid EHR Incentive Program, providers follow a similar process using their state's attestation system.[43]

Meaningful use Stage 2

[edit]

The government released its final ruling on achieving Stage 2 of meaningful use in August 2012. Eligible providers will need to meet 17 of 20 core objectives in Stage 2, and fulfill three out of six menu objectives. The required percentage of patient encounters that meet each objective has generally increased over the Stage 1 objectives.

While Stage 2 focuses more on information exchange and patient engagement, many large EHR systems have this type of functionality built into their software, making it easier to achieve compliance. Also, for those eligible providers who have successfully attested to Stage 1, meeting Stage 2 should not be as difficult, as it builds incrementally on the requirements for the first stage.[44][45]

Meaningful use Stage 3

[edit]

On March 20, 2015 CMS released its proposed rule for Stage 3 meaningful use.[46] These new rules focus on some of the tougher aspects of Stage 2 and require healthcare providers to vastly improve their EHR adoption and care delivery by 2018.[47]

Barriers to adoption

[edit]

Costs

[edit]

The price of EMR and provider uncertainty regarding the value they will derive from adoption in the form of return on investment have a significant influence on EMR adoption. In a project initiated by the Office of the National Coordinator for Health Information, surveyors found that hospital administrators and physicians who had adopted EMR noted that any gains in efficiency were offset by reduced productivity as the technology was implemented, as well as the need to increase information technology staff to maintain the system.

The U.S. Congressional Budget Office concluded that the cost savings may occur only in large integrated institutions like Kaiser Permanente, and not in small physician offices. They challenged the Rand Corporation's estimates of savings.

Office-based physicians in particular may see no benefit if they purchase such a product—and may even suffer financial harm. Even though the use of health IT could generate cost savings for the health system at large that might offset the EMR's cost, many physicians might not be able to reduce their office expenses or increase their revenue sufficiently to pay for it. For example. the use of health IT could reduce the number of duplicated diagnostic tests. However, that improvement in efficiency would be unlikely to increase the income of many physicians. ...Given the ease at which information can be exchanged between health IT systems, patients whose physicians use them may feel that their privacy is more at risk than if paper records were used.[48]

Doubts have been raised about cost saving from EMRs by researchers at Harvard University, the Wharton School of the University of Pennsylvania, Stanford University, and others.

Start-up costs
[edit]

In a survey by DesRoches et al. (2008), 66% of physicians without EHRs cited capital costs as a barrier to adoption, while 50% were uncertain about the investment. Around 56% of physicians without EHRs stated that financial incentives to purchase and/or use EHRs would facilitate adoption.[9] In 2002, initial costs were estimated to be $50,000–70,000 per physician in a 3-physician practice. Since then, costs have decreased with increasing adoption.[49] A 2011 survey estimated a cost of $32,000 per physician in a 5-physician practice during the first 60 days of implementation.[50]

One case study by Miller et al. (2005) of 14 small primary-care practices found that the average practice paid for the initial and ongoing costs within 2.5 years.[51] A 2003 cost-benefit analysis found that using EMRs for 5 years created a net benefit of $86,000 per provider.[52]

Some physicians are skeptical of the positive claims and believe the data is skewed by vendors and others with an interest in EHR implementation.[citation needed]

Brigham and Women's Hospital in Boston, Massachusetts, estimated it achieved net savings of $5 million to $10 million per year following installation[when?] of a computerized physician order entry system that reduced serious medication errors by 55 percent. Another large hospital generated about $8.6 million in annual savings by replacing paper medical charts with EHRs for outpatients and about $2.8 million annually by establishing electronic access to laboratory results and reports.[53]

Maintenance costs
[edit]

Maintenance costs can be high.[49] Miller et al. found the average estimated maintenance cost was $8500 per FTE health-care provider per year.[51]

Furthermore, software technology advances at a rapid pace. Most software systems require frequent updates, sometimes even server upgrades, and often at a significant ongoing cost. Some types of software and operating systems require full-scale re-implementation periodically, which disrupts not only the budget but also workflow. Costs for upgrades and associated regression testing can be particularly high where the applications are governed by FDA regulations (e.g. Clinical Laboratory systems). Physicians desire modular upgrades and ability to continually customize, without large-scale reimplementation.[citation needed]

Training costs
[edit]

Training of employees to use an EHR system is costly, just as for training in the use of any other hospital system. New employees, permanent or temporary, will also require training as they are hired.[54]

In the United States, a substantial majority of healthcare providers train at a VA facility sometime during their career. With the widespread adoption of the Veterans Health Information Systems and Technology Architecture (VistA) electronic health record system at all VA facilities, fewer recently-trained medical professionals will be inexperienced in electronic health record systems.[55] Older practitioners who are less experienced in the use of electronic health record systems will retire over time.

Software quality and usability deficiencies

[edit]

The Healthcare Information and Management Systems Society, a very large U.S. health care IT industry trade group, observed that EMR adoption rates "have been slower than expected in the United States, especially in comparison to other industry sectors and other developed countries. A key reason, aside from initial costs and lost productivity during EMR implementation, is lack of efficiency and usability of EMRs currently available."[56] The U.S. National Institute of Standards and Technology of the Department of Commerce studied usability in 2011 and lists a number of specific issues that have been reported by health care workers. The U.S. military's EMR "AHLTA" was reported to have significant usability issues.[57]

Lack of semantic interoperability

[edit]

In the United States, there are no standards for semantic interoperability of health care data; there are only syntactic standards. This means that while data may be packaged in a standard format (using the pipe notation of HL7, or the bracket notation of XML), it lacks definition, or linkage to a common shared dictionary. The addition of layers of complex information models (such as the HL7 v3 RIM) does not resolve this fundamental issue.

As of 2018, Fast Healthcare Interoperability Resources was a leading interoperability standard, and the Argonaut Project is a privately sponsored interoperability initiative.[58]

In 2017, Epic Systems announced Share Everywhere, which lets providers access medical information through a portal; their platform was described as "closed" in 2014,[59] with competitors sponsoring the CommonWell Health Alliance.[60]

The economics of sharing have been blamed for the lack of interoperability, as limited data sharing can help providers retain customers.[61]

Implementations

[edit]

In the United States, the Department of Veterans Affairs (VA) has the largest enterprise-wide health information system that includes an electronic medical record, known as the Veterans Health Information Systems and Technology Architecture (VistA). A key component in VistA is their VistA imaging System which provides a comprehensive multimedia data from many specialties, including cardiology, radiology, and orthopedics. A graphical user interface known as the Computerized Patient Record System (CPRS) allows health care providers to review and update a patient's electronic medical record at any of the VA's over 1,000 healthcare facilities. CPRS includes the ability for Licensed Practitioners to place orders, including medications, special procedures, X-rays, patient care nursing orders, diets, and laboratory tests.[citation needed]

The 2003 National Defense Authorization Act (NDAA) ensured that the VA and DoD would work together to establish a bidirectional exchange of reference quality medical images. Initially, demonstrations were only worked in El Paso, Texas, but capabilities have been expanded to six different locations of VA and DoD facilities. These facilities include VA polytrauma centers in Tampa and Richmond, Denver, North Chicago, Biloxi, and the National Capitol Area medical facilities. Radiological images such as CT scans, MRIs, and x-rays are being shared using the BHIE. Goals of the VA and DoD in the near future are to use several image sharing solutions (VistA Imaging and DoD Picture Archiving & Communications System (PACS) solutions).[62]

Electronic health records flow chart

Clinical Data Repository/Health Data Repository (CDHR) is a database that allows for the sharing of patient records, especially allergy and pharmaceutical information, between the Department of Veteran Affairs (VA) and the Department of Defense (DoD) in the United States. The program shares data by translating the various vocabularies of the information being transmitted, allowing all of the VA facilities to access and interpret the patient records.[63] The Laboratory Data Sharing and Interoperability (LDSI) application is a new program being implemented to allow sharing at certain sites between the VA and DoD of "chemistry and hematology laboratory tests". Unlike the CHDR, the LDSI is currently limited in its scope.[64]

One attribute for the start of implementing EHRs in the States is the development of the Nationwide Health Information Network which is a work in progress and still being developed. This started with the North Carolina Healthcare Information and Communication Alliance founded in 1994 and who received funding from Department of Health and Human Services.[65]

The Department of Veterans Affairs and Kaiser Permanente has a pilot program to share health records between their systems VistA and HealthConnect, respectively.[66] This software called 'CONNECT' uses Nationwide Health Information Network standards and governance to make sure that health information exchanges are compatible with other exchanges being set up throughout the country. CONNECT is an open-source software solution that supports electronic health information exchange.[67] The CONNECT initiative is a Federal Health Architecture project that was conceived in 2007 and initially built by 20 various federal agencies and now comprises more than 500 organizations including federal agencies, states, healthcare providers, insurers, and health IT vendors.[68]

The US Indian Health Service uses an EHR similar to Vista called RPMS. VistA Imaging is also being used to integrate images and co-ordinate PACS into the EHR system. In Alaska, use of the EHR by the Kodiak Area Native Association has improved screening services and helped the organization reach all 21 clinical performance measures defined by the Indian Health Service as required by the Government Performance and Results Act.[69]

Privacy and confidentiality

[edit]

In the United States in 2011 there were 380 major data breaches involving 500 or more patients' records listed on the website kept by the United States Department of Health and Human Services (HHS) Office for Civil Rights.[70] So far, from the first wall postings in September 2009 through the latest on 8 December 2012, there have been 18,059,831 "individuals affected," and even that massive number is an undercount of the breach problem. The civil rights office has not released all of the records of tens of thousands of breaches in the United States, it has received under a federal reporting mandate on breaches affecting fewer than 500 patients per incident.[71]

Privacy concerns in healthcare apply to both paper and electronic records. According to the Los Angeles Times, roughly 150 people (from doctors and nurses to technicians and billing clerks) have access to at least part of a patient's records during a hospitalization, and 600,000 payers, providers and other entities that handle providers' billing data have some access also.[72] Recent revelations of "secure" data breaches at centralized data repositories, in banking and other financial institutions, in the retail industry, and from government databases, have caused concern about storing electronic medical records in a central location.[73] Records that are exchanged over the Internet are subject to the same security concerns as any other type of data transaction over the Internet.

The Health Insurance Portability and Accountability Act (HIPAA) was passed in the US in 1996 to establish rules for access, authentications, storage and auditing, and transmittal of electronic medical records. This standard made restrictions for electronic records more stringent than those for paper records. However, there are concerns as to the adequacy of these standards.[74]

In the United States, information in electronic medical records is referred to as Protected Health Information (PHI) and its management is addressed under the Health Insurance Portability and Accountability Act (HIPAA) as well as many local laws.[75] The HIPAA protects a patient's information; the information that is protected under this act are: information doctors and nurses input into the electronic medical record, conversations between a doctor and a patient that may have been recorded, as well as billing information. Under this act there is a limit as to how much information can be disclosed, and as well as who can see a patient's information. Patients also get to have a copy of their records if they desire, and get notified if their information is ever to be shared with third parties.[76] Covered entities may disclose protected health information to law enforcement officials for law enforcement purposes as required by law (including court orders, court-ordered warrants, subpoenas) and administrative requests; or to identify or locate a suspect, fugitive, material witness, or missing person.[77]

Medical and health care providers experienced 767 security breaches resulting in the compromised confidential health information of 23,625,933 patients during the period of 2006–2012.[78]

One major issue that has risen on the privacy of the US network for electronic health records is the strategy to secure the privacy of patients. Former US president George W. Bush called for the creation of networks, but federal investigators report that there is no clear strategy to protect the privacy of patients as the promotions of the electronic medical records expands throughout the United States. In 2007, the Government Accountability Office reports that there is a "jumble of studies and vague policy statements but no overall strategy to ensure that privacy protections would be built into computer networks linking insurers, doctors, hospitals and other health care providers."[79]

The privacy threat posed by the interoperability of a national network is a key concern. One of the most vocal critics of EMRs, New York University Professor Jacob M. Appel, has claimed that the number of people who will need to have access to such a truly interoperable national system, which he estimates to be 12 million, will inevitably lead to breaches of privacy on a massive scale. Appel has written that while "hospitals keep careful tabs on who accesses the charts of VIP patients," they are powerless to act against "a meddlesome pharmacist in Alaska" who "looks up the urine toxicology on his daughter's fiance in Florida, to check if the fellow has a cocaine habit."[80] This is a significant barrier for the adoption of an EHR. Accountability among all the parties that are involved in the processing of electronic transactions including the patient, physician office staff, and insurance companies, is the key to successful advancement of the EHR in the US Supporters of EHRs have argued that there needs to be a fundamental shift in "attitudes, awareness, habits, and capabilities in the areas of privacy and security" of individual's health records if adoption of an EHR is to occur.[81]

According to The Wall Street Journal, the DHHS takes no action on complaints under HIPAA, and medical records are disclosed under court orders in legal actions such as claims arising from automobile accidents. HIPAA has special restrictions on psychotherapy records, but psychotherapy records can also be disclosed without the client's knowledge or permission, according to the Journal. For example, Patricia Galvin, a lawyer in San Francisco, saw a psychologist at Stanford Hospital & Clinics after her fiance committed suicide. Her therapist had assured her that her records would be confidential. But after she applied for disability benefits, Stanford gave the insurer her therapy notes, and the insurer denied her benefits based on what Galvin claims was a misinterpretation of the notes.[82][83]

Within the private sector, many companies are moving forward in the development, establishment, and implementation of medical record banks and health information exchange. By law, companies are required to follow all HIPAA standards and adopt the same information-handling practices that have been in effect for the federal government for years. This includes two ideas, standardized formatting of data electronically exchanged and federalization of security and privacy practices among the private sector.[81] Private companies have promised to have "stringent privacy policies and procedures." If protection and security are not part of the systems developed, people will not trust the technology nor will they participate in it.[79] There is also debate over ownership of data, where private companies tend to value and protect data rights, but the patients referenced in these records may not have knowledge that their information is being used for commercial purposes.

In 2013, reports based on documents released by Edward Snowden revealed that the NSA had succeeded in breaking the encryption codes protecting electronic health records, among other databases.[84]

In 2015, 4.5 million health records were hacked at UCLA Medical Center.[85]

In 2018, Social Indicators Research published the scientific evidence of 173,398,820 (over 173 million) individuals affected in USA from October 2008 (when the data were collected) to September 2017 (when the data was uploaded for the statistical analysis).[86]

Regulatory compliance

[edit]

In the United States, reimbursement for many healthcare services is based upon the extent to which specific work by healthcare providers is documented in the patient's medical record. Enforcement authorities in the United States have become concerned that functionality available in many electronic health records, especially copy-and-paste, may enable fraudulent claims for reimbursement. The authorities are concerned that healthcare providers may easily use these systems to create documentation of medical care that did not actually occur. These concerns came to the forefront in 2012, in a joint letter from the U.S. Departments of Justice and Health and Human Services to the American hospital community.[87] The American Hospital Association responded, focusing on the need for clear guidance from the government regarding permissible and prohibited conduct using electronic health records.[88] In a December 2013 audit report, the U.S. HHS Office of the Inspector General (OIG) issued an audit report reiterating that vulnerabilities continue to exist in the operation of electronic health records.[89] The OIG's 2014 Workplan indicates an enhanced focus on providers' use of electronic health records.[90]

Medical data breach

[edit]

The Security Rule, according to Health and Human Services (HHS), establishes a security framework for small practices as well as large institutions. All covered entities must have a written security plan. The HHS identifies three components as necessary for the security plan: administrative safeguards, physical safeguards, and technical safeguards.

However, medical and healthcare providers have experienced 767 security breaches resulting in the compromised confidential health information of 23,625,933 patients during the period of 2006–2012.[91]

The Health Insurance Portability and Accessibility Act requires safeguards to limit the number of people who have access to personal information. However, given the number of people who may have access to your information as part of the operations and business of the health care provider or plan, there is no realistic way to estimate the number of people who may come across your records.[92] Additionally, law enforcement access is authorized under the act. In some cases, medical information may be disclosed without a warrant or court order.

Breach notification

[edit]

The Security Rule that was adopted in 2005 did not require breach notification. However, notice might be required by state laws that apply to a variety of industries, including health care providers. In California, a law has been in place since 2003 requiring that a HIPAA covered organization's breach could have triggered a notice even though notice was not required by the HIPAA Security Rule.[93] Since 1 January 2009, California residents are required to receive notice of a health information breach.

Federal law and regulations now provide rights to notice of a breach of health information. The Health Information Technology for Economic and Clinical Health (HITECH) Act requires HHS and the Federal Trade Commission (FTC) to jointly study and report on privacy and data security of personal health information. HITECH also requires the agencies to issue breach notification rules that apply to HIPAA covered entities and Web-based vendors that store health information electronically. The FTC has adopted rules regarding breach notification for internet-based vendors.[94]

Vendors

[edit]

Vendors often focus on software for specific healthcare providers, including acute hospitals or ambulatory care.

In the hospital market, Epic, Cerner, MEDITECH, and CSPI (Evident Thrive) had the top market share at 28%, 26%, 9%, and 6% in 2018.[95] For large hospitals with over 500 beds, Epic and Cerner had over 85% market share in 2019.[96] In ambulatory care, Practice Fusion had the highest satisfaction, while in acute hospital care Epic scored relatively well.[97]

Interoperability is a focus for systems; in 2018, Epic and athenahealth were rated highly for interoperability.[98] Interoperability has been lacking, but is enhanced by certain compatibility features (e.g., Epic interoperates with itself via CareEverywhere) or in some cases regional or national networks, such as EHealth Exchange, CommonWell Health Alliance,[99] and Carequality.[99]

Vendors may use anonymized data for their own business or research purposes; for example, as of 2019 Cerner and AWS partnered using data for a machine learning tool.[100]

History

[edit]

As of 2006, systems with a computerized provider order entry (CPOE) had existed for more than 30 years, but by 2006 only 10% of hospitals had a fully integrated system.[101]

See also

[edit]

References

[edit]
  1. ^ U.S. Department of Health and Human Services Centers for Medicare & Medicaid Services 42 CFR Parts 412, 413, 422 et al. Medicare and Medicaid Programs; Electronic Health Record Incentive Program; Final Rule
  2. ^ Black JR, Hulkower RL, Ramanathan T (2018-08-22). "Health Information Blocking: Responses Under the 21st Century Cures Act". Public Health Reports. 133 (5): 610–613. doi:10.1177/0033354918791544. PMC 6134556. PMID 30134128.
  3. ^ "Trump Administration Announces MyHealthEData Initiative at HIMSS18 | CMS". www.cms.gov. Retrieved 2018-11-25.
  4. ^ "Achieving the Interoperability Promise of 21st Century Cures - Health IT Buzz". Health IT Buzz. 2018-06-19. Retrieved 2018-11-25.
  5. ^ Evans DC, Nichol WP, Perlin JB (April 2006). "Effect of the implementation of an enterprise-wide Electronic Health Record on productivity in the Veterans Health Administration". Health Economics, Policy and Law. 1 (Pt 2): 163–9. doi:10.1017/S1744133105001210. PMID 18634688. S2CID 10084450.
  6. ^ "VistA:Winner of the 2006 Innovations in American Government Award" (PDF). The Ash Institute for Democratic Governance and Innovation at Harvard University's John F. Kennedy School of Government. Archived from the original (PDF) on 14 January 2009.
  7. ^ Groopman J, Hartzband P (12 March 2009). "Obama's $80 Billion Exaggeration". Wall Street Journal. Retrieved 3 March 2010.
  8. ^ McDonald CJ, Callaghan FM, Weissman A, Goodwin RM, Mundkur M, Kuhn T (November 2014). "Use of internist's free time by ambulatory care Electronic Medical Record systems". JAMA Internal Medicine. 174 (11): 1860–3. doi:10.1001/jamainternmed.2014.4506. PMID 25200944. (subscription required)
  9. ^ a b DesRoches CM, Campbell EG, Rao SR, Donelan K, Ferris TG, Jha A, Kaushal R, Levy DE, Rosenbaum S, Shields AE, Blumenthal D (July 2008). "Electronic health records in ambulatory care—a national survey of physicians". The New England Journal of Medicine. 359 (1): 50–60. doi:10.1056/NEJMsa0802005. PMID 18565855.
  10. ^ Hsiao CJ, et al. (Dec 8, 2010). "Electronic Medical Record/Electronic Health Record Systems of Office-based Physicians: United States, 2009 and Preliminary 2010 State Estimates". NCHS Health E-Stat. CDC/National Center for Health Statistics. Retrieved 31 October 2011.
  11. ^ Are More Doctors Adopting EHRs? Retrieved 31 March 2011.
  12. ^ National Center for Health : United States, 2008]. Retrieved 15 December 2009.
  13. ^ "Office-based Physician Electronic Health Record Adoption". dashboard.healthit.gov. Retrieved 2017-01-18.
  14. ^ "Big Data in Health Care". The National Law Review. 17 September 2014. Retrieved 27 September 2014.
  15. ^ Simon SR, Kaushal R, Cleary PD, Jenter CA, Volk LA, Poon EG, Orav EJ, Lo HG, Williams DH, Bates DW (2007). "Correlates of electronic health record adoption in office practices: a statewide survey". Journal of the American Medical Informatics Association. 14 (1): 110–7. doi:10.1197/jamia.M2187. PMC 2215070. PMID 17068351.
  16. ^ Menachemi N, Perkins RM, van Durme DJ, Brooks RG (2006). "Examining the adoption of electronic health records and personal digital assistants by family physicians in Florida". Informatics in Primary Care. 14 (1): 1–9. doi:10.14236/jhi.v14i1.609. PMID 16848961.
  17. ^ Bleich HL, Slack WV (January 2010). "Reflections on electronic medical records: when doctors will use them and when they will not". International Journal of Medical Informatics. 79 (1): 1–4. doi:10.1016/j.ijmedinf.2009.10.002. PMID 19939731.
  18. ^ Roukema J, Los RK, Bleeker SE, van Ginneken AM, van der Lei J, Moll HA (January 2006). "Paper versus computer: feasibility of an electronic medical record in general pediatrics". Pediatrics. 117 (1): 15–21. doi:10.1542/peds.2004-2741. PMID 16396855. S2CID 25853906.
  19. ^ Millman J. "Electronic health records were supposed to be everywhere this year. They're not—but it's okay". The Washington Post. Retrieved 8 August 2014.
  20. ^ "The Future of Nursing". Norwich University. Retrieved 25 September 2014.
  21. ^ "EMR – Electronic Medical Records Solutions". Dell. Archived from the original on 3 April 2012. Retrieved 31 March 2012.
  22. ^ Sittig DF, Singh H (April 2011). "Legal, ethical, and financial dilemmas in electronic health record adoption and use". Pediatrics. 127 (4): e1042–7. doi:10.1542/peds.2010-2184. PMC 3065078. PMID 21422090.
  23. ^ Gamble M. "5 Legal Issues Surrounding Electronic Medical Records". Becker's Hospital Review. Becker's Healthcare.
  24. ^ National Archives and Records Administration (NARA): Long-Term Usability of Optical Media. Retrieved 30 July 2006.
  25. ^ Shabo, Amnon (2014): "It's Time for Health Record Banking!" editorial to special issue of Methods of Information in Medicine, Vol. 53, No. 2, pp. 63–65 "change in current legislation so that the copy of a legally-authenticated medical record stored in an IHRB [Independent Health Record Bank] is the sole medico-legal record and healthcare providers are no longer required by the law to hold archives of medical records." page 65, [1]
  26. ^ Medical Board of California: Medical Records – Frequently Asked Questions Archived 2011-08-09 at the Wayback Machine. Retrieved 30 July 2006.
  27. ^ CDC (Jun 3, 2011). "Introduction". Meaningful Use. CDC. Retrieved 31 October 2011.
  28. ^ Blumenthal D (February 2010). "Launching HITECH". The New England Journal of Medicine. 362 (5): 382–5. doi:10.1056/NEJMp0912825. PMID 20042745. S2CID 205106139.
  29. ^ Blumenthal D, Tavenner M (August 2010). "The "meaningful use" regulation for electronic health records". The New England Journal of Medicine. 363 (6): 501–4. doi:10.1056/NEJMp1006114. PMID 20647183. S2CID 205106642.
  30. ^ a b "Electronic Health Records Vendor to Pay $155 Million to Settle False Claims Act Allegations". U.S. Department of Justice. 31 May 2017. Retrieved 16 October 2017.
  31. ^ "EHR vendor eClinicalWorks reaches ground-breaking $155 million whistleblower settlement", Phillips & Cohen LLP Press Release, May 31, 2017
  32. ^ Sullivan T (July 6, 2017). "CMS won't punish eClinicalWorks customers for meaningful use EHR attestations". Healthcare IT News.
  33. ^ Pear R (13 July 2010). "U.S. Issues Rules on Electronic Health Records". The New York Times.
  34. ^ Li, Qian; Yang, Xi; Xu, Jie; Guo, Yi; He, Xing; Hu, Hui; Lyu, Tianchen; Marra, David; Miller, Amber; Smith, Glenn; DeKosky, Steven; Boyce, Richard D.; Schliep, Karen; Shenkman, Elizabeth; Maraganore, Demetrius (2023-02-23). "Early prediction of Alzheimer's disease and related dementias using real-world electronic health records". Alzheimer's & Dementia. 19 (8): 3506–3518. doi:10.1002/alz.12967. ISSN 1552-5260. PMC 10976442. PMID 36815661.
  35. ^ Gabriel B (2008). "Do EMRs Make You a Better Doctor?". Physicians Practice. Archived from the original on 8 June 2010. Retrieved 23 August 2009.
  36. ^ Greenhalgh T, Potts HW, Wong G, Bark P, Swinglehurst D (December 2009). "Tensions and paradoxes in electronic patient record research: a systematic literature review using the meta-narrative method". The Milbank Quarterly. 87 (4): 729–88. doi:10.1111/j.1468-0009.2009.00578.x. PMC 2888022. PMID 20021585. Archived from the original on 15 May 2016.
  37. ^ Cohen GR, Grossman JM, O'Malley AS (2010). "Electronic Medical Records and Communication with Patients and Other Clinicians: Are We Talking Less?". Center for Studying Health System Change, Issue Brief No. 131 (full text)
  38. ^ Centers for Medicare & Medicaid Services (Oct 12, 2011). "CMS EHR Meaningful Use Overview". EHR Incentive Programs. Center for Medicare & Medicaid Services. Retrieved 31 October 2011.
  39. ^ Zhai H, Iyer S, Ni Y (2014). "Mining a large-scale EHR with machine learning methods to predict all-cause 30-day unplanned readmissions". ASE@360 Open Scientific Digital Library. Archived from the original on 2016-01-09. Retrieved 2018-10-14.
  40. ^ Zhai H, Brady P, Li Q, Lingren T, Ni Y, Wheeler DS, Solti I (August 2014). "Developing and evaluating a machine learning based algorithm to predict the need of pediatric intensive care unit transfer for newly hospitalized children". Resuscitation. 85 (8): 1065–71. doi:10.1016/j.resuscitation.2014.04.009. PMC 4087062. PMID 24813568.
  41. ^ "What is Meaningful Use? | Policy Researchers & Implementers | HealthIT.gov". Healthit.hhs.gov. Archived from the original on 26 February 2012. Retrieved 4 September 2013.
  42. ^ "HealthIT.gov | the official site for Health IT information". Healthit.hhs.gov. Archived from the original on 11 March 2012. Retrieved 4 September 2013.
  43. ^ Torrieri, Marisa "Dealing with Meaningful Use Attestation Aggravation" Archived 8 January 2012 at the Wayback Machine. Physicians Practice. January 2012.
  44. ^ "Meaningful Use: Stage 2 Regulations Overview" Archived 2012-09-29 at the Wayback Machine Robert Anthony, CMS, 30 August 2012.
  45. ^ "EHR Incentive Program: A Progress Report" Marisa Torrieri, Physicians Practice, September 2012.
  46. ^ Centers for Medicare & Medicaid Services (30 March 2015). "Medicare and Medicaid Programs; Electronic Health Record Incentive Program-Stage 3". The Federal Register.
  47. ^ Bresnick J (23 March 2015). "Breaking Down the Health IT Impacts of Stage 3 Meaningful Use". EHR Intelligence.
  48. ^ Evidence on the costs and benefits of health information technology.
  49. ^ a b Menachemi N, Collum TH (2011). "Benefits and drawbacks of electronic health record systems". Risk Management and Healthcare Policy. 4: 47–55. doi:10.2147/RMHP.S12985. PMC 3270933. PMID 22312227.
  50. ^ Fleming NS, Culler SD, McCorkle R, Becker ER, Ballard DJ (March 2011). "The financial and nonfinancial costs of implementing electronic health records in primary care practices". Health Affairs. 30 (3): 481–9. doi:10.1377/hlthaff.2010.0768. PMID 21383367.
  51. ^ a b Miller RH, West C, Brown TM, Sim I, Ganchoff C (2005). "The value of electronic health records in solo or small group practices". Health Affairs. 24 (5): 1127–37. doi:10.1377/hlthaff.24.5.1127. PMID 16162555.
  52. ^ Wang SJ, Middleton B, Prosser LA, Bardon CG, Spurr CD, Carchidi PJ, Kittler AF, Goldszer RC, Fairchild DG, Sussman AJ, Kuperman GJ, Bates DW (April 2003). "A cost-benefit analysis of electronic medical records in primary care". The American Journal of Medicine. 114 (5): 397–403. CiteSeerX 10.1.1.649.8226. doi:10.1016/S0002-9343(03)00057-3. PMID 12714130.
  53. ^ "A State Policy Approach: Promoting Health Information Technology in California". California Legislative Analyst Office. February 2007.
  54. ^ Parish C (2006). "Edging towards a brave new IT world". Nursing Standard. 20 (27): 15–6. doi:10.7748/ns.20.27.15.s22. PMID 16566331.
  55. ^ "What is EHR or EMR? | EHR VS EMR | Explained Everything". www.curemd.com. Retrieved 2023-05-17.
  56. ^ Defining and Testing EMR Usability. Healthcare Information and Management Systems Society, June 2009.[2] Archived 2012-03-22 at the Wayback Machine
  57. ^ "U.S. Medicine – The Voice of Federal Medicine, May 2009.". Archived from the original on 2011-10-07. Retrieved 2018-10-14.
  58. ^ "Interoperability in EHR: the medical mine". Medical Economics.
  59. ^ Kobb E, Sauser K (2014). Electronic Health Records (PDF). RAND. Archived (PDF) from the original on March 22, 2016. Retrieved March 7, 2016.
  60. ^ Caldwell, Patrick (October 2015). "EPIC FAIL. Digitizing America's medical records was supposed to help patients and save money. Why hasn't that happened?". Mother Jones. Archived from the original on September 7, 2017. Retrieved September 6, 2017.
  61. ^ "Moving Past the EHR Interoperability Blame Game - NEJM Catalyst". NEJM Catalyst. 2017-07-18. Retrieved 2018-11-25.
  62. ^ "NDAA Image Exchange". United States Department of Veterans Affairs. 3 March 2009. Archived from the original on 24 October 2009. Retrieved 4 March 2010.
  63. ^ "CHDR". United States Department of Veterans Affairs. 3 March 2009. Archived from the original on 24 October 2009. Retrieved 4 March 2010.
  64. ^ "LDSI". United States Department of Veterans Affairs. 3 March 2009. Archived from the original on 24 October 2009. Retrieved 4 March 2010.
  65. ^ Traynor K (November 2008). "National health information network passes live test". American Journal of Health-System Pharmacy. 65 (22): 2086–7. doi:10.2146/news080090. PMID 18997131.
  66. ^ Mearian L (6 January 2010). "VA, Kaiser Permanente launch e-health records exchange". Computerworld. ISSN 0010-4841. Retrieved 31 October 2011.
  67. ^ "What is CONNECT?". CONNECT Community Portal. U.S. Department of Health and Human Services. Retrieved 4 March 2010.
  68. ^ "Federal Health Architecture" (PDF). Federal Health Architecture. healthit.gov. Retrieved June 27, 2016.
  69. ^ "Rural Practice Redesigns Care Processes To Allow Multidisciplinary Teams To Leverage Electronic Health Record, Leading to Better Screening of Medically Underserved". Agency for Healthcare Research and Quality. 2013-05-22. Retrieved 22 May 2013.
  70. ^ "Breaches Affecting 500 or More Individuals". Hhs.gov. Archived from the original on 29 August 2013. Retrieved 4 September 2013.
  71. ^ "Year closes on a note of breach shame | IT Everything, the healthcare IT blog by Modern Healthcare's Joe Conn". Modernhealthcare.com. 2011-12-22. Retrieved 4 September 2013.
  72. ^ Health & Medicine (26 June 2006). "At risk of exposure: In the push for electronic medical records, concern is growing about how well privacy can be safeguarded". Los Angeles Times. Archived from the original on 16 May 2008. Retrieved 8 August 2006.
  73. ^ "FBI seeks stolen personal data on 26 million vets". CNN.com. 23 May 2006. Retrieved 30 July 2006.
  74. ^ Wafa T (2010). "How the Lack of Prescriptive Technical Granularity in HIPAA Has Compromised Patient Privacy". Northern Illinois University Law Review. 30 (3). SSRN 1547425.
  75. ^ US Code of Federal Regulations, Title45, Volume 1 (Revised 1 October 2005): of Individually Identifiable Health Information (45CFR164.501). Retrieved 30 July 2006.
  76. ^ "Health Information Privacy". U.S. Department of Health & Human Services. 2008-05-07. Retrieved 28 March 2013.
  77. ^ Summary of the HIPAA Privacy Rule
  78. ^ "Privacy Rights Clearinghouse's Chronology of Data Security Breaches". Archived from the original on 2016-09-13. Retrieved 2018-10-14.
  79. ^ a b Pear R (18 February 2007). "Warnings Over Privacy of U.S. Health Network". The New York Times.
  80. ^ Appel JM (30 December 2008). "Why shared medical database is wrong prescription". Orlando Sentinel.
  81. ^ a b Nulan C (2001). "HIPAA—a real world perspective". Radiology Management. 23 (2): 29–37, quiz 38–40. PMID 11302064.
  82. ^ Francis T (28 December 2006). "Spread of records stirs fears of privacy erosion". The Wall Street Journal.
  83. ^ "Pittsburgh Post-Gazette". Post-gazette.com. 1969-12-31. Archived from the original on 19 January 2012. Retrieved 4 September 2013.
  84. ^ Holmes A (6 September 2013). "NSA Code Cracking Puts Google, Yahoo Security Under Fire". Retrieved 14 May 2014.
  85. ^ "UCLA Health Says 4.5M May Be Affected In Data Breach". npr.
  86. ^ Koczkodaj WW, Mazurek M, Strzałka D, Wolny-Dominiak A, Woodbury-Smith M (2018). "Electronic Health Record Breaches as Social Indicators". Social Indicators Research. 141 (2): 861–871. doi:10.1007/s11205-018-1837-z. S2CID 148750993.
  87. ^ U.S.Department of Health & Human Services and U.S. Departments of Justice Letter
  88. ^ Umbdenstock R. "Letter addressed to Secretary Sebelius and Attorney General Holder" (PDF). American Hospital Association. Archived from the original (PDF) on 12 March 2016.
  89. ^ Levinson DR (December 2013). "Not all Recommended Fraud Safeguards have been Implemented in Hospital EHR Technology" (PDF).
  90. ^ Hirsch, Marla Durben (1 February 2014). "OIG's 2014 work plan steps up scrutiny of EHRs". Fierce Health Care.
  91. ^ "Privacy Rights Clearinghouse's Chronology of Data Security Breaches involving Medical Information". Archived from the original on 2016-09-13. Retrieved 2018-10-14.
  92. ^ "HIPAA Basics: Medical Privacy in the Electronic Age from the Privacy Rights Clearinghouse www.privacyrights.org". Archived from the original on 2012-10-27. Retrieved 2018-10-14.
  93. ^ Stevens G (2012). "Data Security Breach Notification Laws" (PDF). Federation of American Scientists. p. 3. Retrieved 30 September 2014.
  94. ^ Department of Health and Human Services Breach Notification for Unsecured Protected Health Information
  95. ^ "In EMR Market Share Wars, Epic and Cerner Triumph Yet Again | HealthLeaders Media". www.healthleadersmedia.com. Retrieved 2019-08-06.
  96. ^ "Epic, Cerner Continue to Dominate U.S. Hospital EHR Market, KLAS Finds". Healthcare Innovation. May 2019. Retrieved 2019-08-06.
  97. ^ "Acute care physicians happiest with Epic EHR, but eClinicalWorks and athenahealth score big in ambulatory settings". Healthcare IT News. 2018-01-09. Retrieved 2019-08-06.
  98. ^ EHRIntelligence (2018-03-02). "Epic, athenahealth Most Effectively Enable EHR Interoperability". EHRIntelligence. Retrieved 2019-08-06.
  99. ^ a b "KLAS report shows a lot is riding on upcoming Carequality, CommonWell partnership". FierceHealthcare. Retrieved 2019-08-06.
  100. ^ "Amazon, Cerner team up on AI, machine learning". Healthcare Dive. Retrieved 2019-08-06.
  101. ^ Smaltz, Detlev and Eta Berner. The Executive's Guide to Electronic Health Records. (2007, Health Administration Press) p.03