News Stay informed about the latest enterprise technology news and product updates.

HITECH moves electronic health records forward; standards to come

Healthcare experts see HITECH improving privacy protection and metrics, but HIT standards for electronic health records are still being finalized.

As billions of dollars are set to start flowing to doctors and clinics to convert to electronic health records (EHRs), many questions remain as to how that money is to be doled out and used.

To receive funds, health care practitioners will have to show "meaningful use" -- key language in the Health Information Technology for Economic and Clinical Health (HITECH) Act that was passed with the federal stimulus bill -- and protect patient privacy.

"If there is meaningful use, can you measure not the quantity of the use but the quality of the outcomes?" asked Dr. John Halamka. CIO at Beth Israel Deaconess Medical Center in Boston and Harvard Medical School, at a forum hosted last week by the Center for Democracy & Technology (CDT) in Washington, D.C.

Despite such questions, HITECH is already opening up new horizons for electronic health records, health information technology (HIT) and privacy efforts.

"This is the first time Congress has succeeded in enacting major privacy in decades," said Leslie Harris, executive director of the CDT.

Dr. Peter Basch, senior fellow for health IT policy at the Center for American Progress and medical director for ambulatory clinical systems at MedStar Health, added, "The past decade has seen fairly rapid growth in HIT, but there's been a stunning lack of public policy. HITECH changed all that. It eliminated two of the biggest barriers -- cost and complexity -- and included financial incentives should physicians implement electronic health records. HITECH covers almost all up-front costs. It creates and funds regional centers."

HITECH serves as a "multidirectional compass that points clinicians to HIT and enabling better care," Basch said. Alluding to the popular "Cash for Clunkers" program, he explained that instead of past "cash for computers" programs for physicians, which often meant buying cheap computers, the focus of HITECH funding is on meaningful use that is then evaluated later on.

Integrating authentication, improving collaboration

Halamka offered a statistic that that might be surprising to zealous privacy advocates: 95% of adults opt in to share everything on electronic health records in his system. That trust is backed by role-based authentication that healthcare staff members interact with whenever they access the electronic health record system that Halamka oversees.

The challenge faced within the IT systems he is responsible for isn't implementation -- Beth Israel has had electronic records since 1979, according to Halamka -- it's tracking the use of medicines by patients. "Pharmaceutical reconciliation is very hard," he said. "Keeping track of what a patient is taking today is critical and a difficult task. We've made a huge effort to create software to allow us to get better at this."

One tool that has been developed in-house is an example of HIT that other hospitals are likely to want more information on. "We created a metric for each patient that tracks data and pharmaceuticals that documents could collaborate upon and update," Halamka said, referring to it colloquially as a "patient wiki."

Basch expressed cautious enthusiasm for the effects of HITECH on IT operations within his practice. "The top five policy decisions that HITECH covers are things we would have done anyway," he said in an interview after the forum. "We're just moving forward on a faster timeline than we might have otherwise."

Interoperability and standards issues

As physicians, clinics and hospitals adopt electronic health records, standards and interoperability will be important on any number of levels, in terms of portability, efficiency and quality of care. "One of the beneficial aspects of HITECH is the marrying of policy to technology," said Deven McGraw, director of the Healthcare Privacy Project at CDT. "The infrastructure is there in the legislation -- but we're not doing enough on the policy side."

HIT standards are still evolving. "What we have to do is be prescriptive enough so that we can guarantee that if you send a piece of medical information from one organization to another that we know who sent it and it wasn't changed along the way and the disclosure was authorized -- but we don't provide the architecture," said Halamka. "If you do transmission, here's the level of encryption you need to use. Here's a standard format for the audit trails. If a patient wants to find out what was disclosed, it's always the same format."

Halamka, also known as the "geek doctor," acknowledges that gaps remain, particularly in the consent area. "Today's incentive standards enable us to create visual consent about how we should sign it and keep as part of the record. There don't yet exist standards that I will call quilted."

By quilted, Halamka referred to standards for encoding data that indicate the permission associated with it, "represented in a computable form, as opposed to something a human can read." Who gets to see what? "Those aren't represented in an electronic form," he said.

McGraw said she still sees issues of interoperability around lab data. Until now, she said, "there has been a lack of incentives for vendors to create standards." McGraw indicated that EMR vendors' systems will have to meet common interoperability standards if a proposal from the Health IT Policy Committee that she sits on is adopted by the Office of the National Coordinator.

"It's not enough to have a silo with a lot of data. You want to exchange data -- and engage the patient," said Halamka.

Securing privacy, improving care

HHS hasn't missed any deadlines in terms of implementation, according to McGraw. "What I'm still looking for is for HHS to take more of a leadership role," she said. "They have oversight through the OCS [Office of Community Services]. So much of what we're talking about is technology-dependent. There needs to be solid coordination between the two offices. We have yet to really see that. We don't feel the enforcement mantle has been taken up. Security and Privacy Rule were consolidated."

With respect to privacy and security, McGraw said that very few of the amendments to the Health Insurance Portability and Accountability Act affect implementation. "On the policy side, we have not answered some of the questions that need to be answered before we get to standards. What information has to be conveyed to the patient upon request – and what must it look like?"

Basch is already using a role-based authentication system to protect patient privacy. "What shows up on the screen is dependent upon your need for clinical data, depending upon whether you're a nurse, pharmacist, doctor, internist or other specialist," he said. He added that the next step is making the results of data queries actionable, "applying the right data to the right question" with automated controls.

Why should HIT be integrated in a meaningful, thoughtful way? "It's not to implement HITECH or take advantage of 30 or 40 or 60 billion dollars," said Basch. "That's a tiny percentage of the total money we spend on healthcare. We're doing this to improve care. My focus is on what we can do practically to improve outcomes now."

Video of HIT Challenges panel

Video of the panel "Implementing HIT: Progress and Promise," was streamed on through a webcam and is embedded below:

Let us know what you think about the story; email Follow @ITCompliance for compliance news throughout the week.

Dig Deeper on HIPAA and other healthcare compliance requirements

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.