Embed Size (px)
Citation preview
Washington, D.C. ~ November 7-9, 2007
2007 International 2007 International ConferenceConference
Electronic Health RecordsElectronic Health Recordsand and
Clinical Support SystemsClinical Support Systems
Their Impact and the Nexus Between
Law and Medicine
Who’s Been Reading My Who’s Been Reading My Chart?Chart?
Panel MembersPanel Members
• MODERATOR: Donna Modestine, Shareholder
Marshall, Dennehey, Warner, Coleman & Goggin
• Donna L. Enck, System Administrator of the Emergency Department Information System (EDIS)
Lancaster General Hospital
• Kirk Nahra, PartnerWiley Rein LLP
Program Outline Program Outline
Why are Electronic Health Records a Hot Topic?
Use of EHR's growing
Potential Litigation Issues
Clinical Application of EHR's
Privacy and Security Implications of E-Records
Questions
President Bush's President Bush's Executive OrderExecutive Order
• April 27, 2004 Executive Order
• 10 year strategic plan for all Americans to have Electronic Health Records which would follow them from birth to death
• National Health IT Coordinator
• Purposes Reduce medical errors Improve quality of care Reduce health care costs Administrative efficiencies Expand access to affordable healthcare
President Bush's President Bush's Mission StatementMission Statement
"We will make wider use of electronic records and other health information technology to help control costs and reduce dangerous medical errors."
-President Bush, January 31, 2006
EHR AND SUPPORT EHR AND SUPPORT SYSTEMS ON THE RISESYSTEMS ON THE RISE
• 24% of U.S. Hospitals Use some form of EHR's (up from 18% in 2004)
• 12%, have NO PLANS for EHR (No $$$)
• As many as 40% of Emergency Departments use some form of Decision Support Systems (DSS)
• Government investing & providing grants
Potential Litigation Potential Litigation IssuesIssues
• E-Discovery era- providers must have a system in place to save & produce entire records
• Hospitals/health care practices must develop DSS criteria as part of their Peer Review Process
• Ongoing education/training required
• In medical malpractice cases hospitals will be requested to show how the DSS information systems were created
• Hospital staff may be questioned as to why DSS "alerts" were/were not followed and why
Potential Litigation Potential Litigation IssuesIssues
• Attorneys may seek all E-records, including "comment" or "explain" sections
• With the information that is available- a greater duty on physicians to know about a patient's entire medical history
• System training issues (discovery of training manuals)
• Possibly naming software/hardware manufacturers as additional defendants (indemnification claims)
• Contract disputes between hospitals/health care systems and software/hardware manufacturers of EHR
Potential Litigation Potential Litigation IssuesIssues
• Gaps in quality care due to computer learning curve
• Issues dealing with subpoenas & accessibility of medical records that are otherwise protected
One Emergency Department’s Solution
• 638-bed non-profit community hospital in Lancaster, PA. Nationally recognized as a top 100 hospital (8th year); a top 50 hospital for orthopedics, heart care surgery, urology
• Also received HealthGrades National Patient Safety Award 3 years in a row.
•
BackgroundBackground
Lancaster General HospitalLancaster General Hospital
LGH Emergency Department
Background• Recently renovated ED with 60% growth
over the past 5 years. • We see 95,000+ ED patients per year.
• Level II Trauma Center.
Challenges that were the Challenges that were the drivers for changedrivers for change
• We outgrew our space• Ineffective patient flow• We could not find our charts• We needed updated forms• There were papers everywhere
How did we change?How did we change?
• We made plans to expand our ED; doubled the size from 25 to 50 beds
• We evaluated processes & patient flow; instituted necessary changes.
• We implemented ED Information System, vital to improving our patient throughput.
Selection of an Selection of an ED Information SystemED Information System
• Steering Committee including personnel from ED & ancillary Depts, IT, IT Security, Risk Management, and Clinical Information Management.
• During the selection process narrowed options from 5 vendors to 2. After site visits, we made our final decision
Challenges of Implementing Challenges of Implementing an Information Systeman Information System
• Implementation Vendor was onsite during 1st week and
continuous staff support 24/7. Audited 100% of charts during the 1st week and
continue to monitor charts.
• Training/Support Physicians/Nurses have a minimum of 4 hours of
training. We stress chart completeness, appropriate access & security measures to ensure patient’s PHI is protected.
Considerations of Considerations of Implementing an Information Implementing an Information
SystemSystem
• Patient Privacy Use small individual monitor screens rather than a
big grease board Computers may be in public areas, so workstations
are locked when unattended• Auditing
Audit charts weekly for appropriate access; report findings to the ED mgr., hospital compliance officer
We audit charts monthly for completeness
What does an What does an Information System Information System
provide for Clinicians?provide for Clinicians?
• Tracks all patients in & out of the ED• Tells us acuity status; length of stay • Provides online documentation for
physicians, nurses, and ancillary personnel• Provides real time & concurrent data for
reporting• Provides automated specialized discharge
instructions & prescriptions
• Doctors enter their own orders directly online• Allows us to be “almost” paperless• Allows us to track chart access• Automated patient charges reduce lost
charges• Provides triggers to alert clinicians of
abnormal results or abnormal vital signs
What does an What does an Information System Information System
provide for Clinicians? provide for Clinicians? (cont’d)(cont’d)
What are the challenges?What are the challenges?
• Every employee starts with a different level of computer knowledge.
• System Downtime> reverting back to a paper process
• Getting clinicians to proof read their entries
What does an Online What does an Online Information System Information System
provide for the provide for the patientpatient during their visit?during their visit?
Greet• Minimal Info is entered on the tracking screen • Pagers are given to patients in waiting room
Triage• Triage info is gathered in a private area• The patient is entered on the tracking board
Tracking Patients
TreatmentTreatment
• Bedside registration length of stay• Assessments are documented using
symptom driven templates or voice recognition. This gives immediate chart access to all clinicians
• Physicians enter patient orders directly online which speeds up treatment time
• Test Results are also received online, eliminating phone calls or time looking for results on paper
ChartingCharting
Chart CompletionChart Completion
• Document is reviewed by both the physician and the nurse before signing the chart
• Coders review the chart for appropriate charges
• The completed chart is interfaced to both billing and medical records
PRIVACY AND SECURITY IMPLICATIONS OF E-RECORDS
The Electronic The Electronic EnvironmentEnvironment
• Issue surrounding interoperable electronic health records is the biggest privacy & security policy issue on the horizon
• Can you balance the desire for electronic medical records/personal health records with appropriate privacy & security?
• The debate on EMRs/PHRs likely will drive a new evaluation of HIPAA
Wall Street JournalWall Street Journal
• "As the health care industry embraces electronic recordkeeping, millions of pages of old documents are being scanned into computers across the country. The goal is to make patient records more complete and readily available for diagnosis, treatment and claims-payment purposes, But the move has kindled patient concern about who might gain access to sensitive medical files-data that now can be transmitted with the click of a computer mouse."
PerspectivesPerspectives
• GAO – "As the use of electronic health information exchange increases, so does the need to protect personal health information from inappropriate disclosures."
• True?• Why does this "increase" need "increased"
protection?• Are they talking about privacy or security?
PerspectivesPerspectives
• GAO – "The capacity of health information exchange organizations to store and mange a large amount of electronic health information increases the risk that a breach in security could expose the personal health information of numerous individuals."
• True? Does "bigger" mean more risk? Is it this "exchange" function that makes this environment different?
A Sampling of the A Sampling of the HIPAA IssueHIPAA Issue
• Who is responsible for the records – Covered entity? Business associate? Or both?
• What is the HIPAA status of the entities that oversee the records systems?
• Who is responsible for security? Individual rights?
• Who will determine access issues?
• Whose fault/responsibility is it in the event of a problem?
Balancing InterestsBalancing Interests
• Goal of widespread consumer empowerment
• Consumers need to have confidence in the system in order to use it
• Not discourage innovation
• Keep an eye on costs
• But develop rules that will permit the system to move forward
• Recognize that the marketplace is moving forward in any event
AHIC-CPS AHIC-CPS RecommendationRecommendation
All persons and entities, excluding consumers, that participate directly in, or comprise, an electronic health information exchange network, through which individually identifiable health information is stored, compiled, transmitted, modified, or accessed should be required to meet enforceable privacy and security criteria at least equivalent to any relevant HIPAA requirements.
CPS RecommendationsCPS Recommendations
Furthermore, any person or entity that functions as a Business Associate (as described in 45 CFR 160.103) and participates directly in, or comprises, an electronic health information exchange network should be required to meet enforceable privacy and security criteria at least equivalent to any relevant HIPAA requirements, independent of those established by contractual arrangements (such as a Business Associates Agreement as provided for in HIPAA)
ImpactImpact
• Health care providers who are not covered entities
• PHR providers who provide services directly to patients (websites, software vendors, employers, banks, many others)
• RHIO and other "networks" who play a central role
What's Next?What's Next?
• What constitutes a "relevant" HIPAA requirement for particular "direct participants" in the network? 1. Some persons or entities may have an appropriate
reason for not needed to meet a particular requirement. 2. Evaluate the need for exceptions based on testimony,
workgroup discussions, and responses to questions posed in the Federal Register.
• What, if any, additional confidentiality, privacy, security protections may be needed beyond those already contained in the HIPAA Privacy and Security Rules?
• Translation – Is HIPAA standard "good enough" in this context?
What Else is Out ThereWhat Else is Out There
• NCVHS – "a significant concern…that many of the new entities essential to the operation of the National Health Information Network (NHIN) fall outside HIPAA's authority definition of 'covered entity.'"
• “Business associates arrangements are not sufficiently robust to protect the privacy and security of all individually identifiable health information."
More NCVHSMore NCVHS
• Recommendation
• HHS and the Congress should move expeditiously to establish laws and regulations that will ensure that all entities that create, compile, store, transmit or use personally identifiable health information are covered by a federal privacy law. This is necessary to assure the public that the NHIN, and all of its components, are deserving of their trust.
New HIPAA Legislation?New HIPAA Legislation?
• Kennedy/Leahy Bill - S. 1814
• Revamps, almost from scratch, the entire landscape of health care privacy laws
• Responds to the premise that “fear of a loss of privacy cannot be allowed to deter Americans from seeking medical treatment.”
S. 1814S. 1814
• Abandon the Office of Civil Rights as an enforcement agency
• Create an extensive new notice requirement
• Require that companies publicly ID their agents/subcontractors;
• Creation of new “informed consent” procedures
S. 1814S. 1814(cont’d)(cont’d)
• Require authorizations for a wide variety of other disclosures (esp. health care operations)
• Expansion of civil and criminal penalties;
• Enforcement by State attorneys general;
• Create private right of action for individuals
ConclusionsConclusions
• A spirited ongoing debate• Very significant challenges• The market is moving forward• Debate about feasibility of “appropriate”
privacy & security protections • May need to re-evaluate privacy/security in
the health care industry
