Transcript US Health Information Interoperability: Challenges and HIPAA

US Health Information Interoperability:
Challenges and HIPAA
Roy Rada, M.D., Ph.D.
Univ. Maryland
Baltimore County
[email protected]
Point




2
Interoperability is the holy grail.
However, problem is not primarily technical.
In US, challenge is autonomous professional
providers and disconnect between consumer
and payer.
Progress requires appreciation of complexity.
Interoperable


3
U.S. National Committee on Vital and Health
Statistics: adequate computerized patient
record requires that clinically specific data
are captured once at the point of care and
that all other legitimate data needs are
derived from those data == interoperability
What components need access?
Components
Major components in a hospital information
system are:
 patient management,
 administration, and
 clinical support.
Patient management includes medical records,
registration, and order entry
4
Medical Record
Each data element has :
 patient identifier,
 attribute (for example, heart beat),
 value of the attribute (for example, 60 beats per
minute), and
 time the value of the attribute was collected.
Medical records department ‘owns’ record.
5
Registration




6
Checks with medical record when arriving
patient in Master Patient Index.
Mistakes frequently occur due to lack of
unique identifier.
However, in US politicians axed proposed
unique patient identifier regulation due to
privacy fears.
At mundane level, registration needs to
interoperate with other systems.
Order Entry



7
Interoperability challenge due to physician
workflow changes.
Impressive support of CPOE in US from
www.leapfroggroup.org
Over 170 employers who pressure health
plans to reward providers who implement
CPOE
Administration



8
Patient accounting systems are most popular
Scheduling systems tend to serve niche
markets but should interoperate
Financial management
Clinical Support


9
Clinical support departments: operating
rooms, pathology, pharmacy, and radiology.
Different departments get information
systems from different vendors.
Interoperability is challenge.
Populations




10
Middle-income: physicians in private
practice financed by nongovernmental funds.
Poor: emergency room of county hospital.
Military: government comprehensive.
These 3 systems should interoperate.
Health Plan

A health plan pays cost of medical care.

Health plan determines premiums, enrolls
members, checks eligibility, adjudicates
claims, pays provider.
Interoperability in US must involve health
plans.
If plans compete with proprietary features,
what of interoperability?


11
Standards
From technical perspective, key to
interoperability is technical standards.
Stakeholders are:
 Providers and Payers
 Government
 Standards Development Organizations
 Vendors
12
laboratories
payers
HL7 &
ASTM
DICOM
radiology
billing
medical
record
HL7
IEEE
HL7
medical
devices
13
patient
registration
X12
HIPAA





14
Government intervenes for interoperability.
Health Insurance Portability and
Accountability Act (HIPAA).
Administrative Simplification: standardization
of ‘identifiers and code sets’ and ‘providerpayer transactions
Politicians added privacy and security.
Year 2000 - now
Transactions
Alphanumeric strings
For example, the ‘Information Source Name’
might be transmitted as:
PR*2*Blue Cross Blue Shield
Illinois****PI*12345~
Transactions will include a claim attachment
which is a medical record.
15
270 eligibility
inquiry →
←271 eligibility
information
Providers
Payers
837 claim
submission→
← 835 payment
advice
16
General Practice Fields
# Visits/Week
Ave Claim Value
260
$191
Staff cost/hr
$14
Ave # Trans/Week
400
Manual Min/Trans
10
Electronic Min/Trans
0.5
Manual Yearly Cost
Elect Yearly Cost
Bad debt .11 to .03
17
Values
$49,000
$2,000
$207,000
Problems
Compliance with the intent of the Transactions
Rule difficult:
 Entities promulgate too many entity-specific
requirements within a Companion Guide.
 Challenge to interoperability.
18
Privacy Rule
National framework for health privacy
protection.
Penalties:
 fine of $50,000 and one year in prison for
basic offenses
 fine of $250,000 and ten years in prison for
intent to use information for gain.
19
Minimum Necessary Standard
treatment-related exchange among providers
is free;
 disclosures on a routine basis, such as
insurance claims, require policies; and
 non-routine requests must be reviewed on a
case-by-case basis to assure only minimum
necessary information disclosed.
Workflow management is way to get privacy
and interoperability.

20
De-identification


Privacy Rule applies only to ‘individually
identifiable health information’.
Rule defines acceptable de-identification
criteria.
Opens certain path to interoperability.
21
Administration
Covered entities are required to:
 Designate a privacy officer;
 Document their policies and procedures;
 Train everyone on privacy;
 Provide a means for individuals to complain;
and
 Have sanctions for employees who violate.
22
Result
Compliance with Privacy Rule has been at
enormous cost to the health care system
But creates a public perception of trust on
which interoperability could build
23
Security Rule



24
Security Rule makes health information safe
from people without authorization.
Privacy Rule describes circumstances under
which information may be used.
Security supports Privacy.
New Standard



25
DHHS must adopt standards developed by
accredited Standards Development
Organizations when possible.
No existing standard was technology-neutral
and scaleable enough. So, DHHS developed
a new standard.
Standard supports interoperability
More Flexible than Privacy
Two types of Implementation Specifications:
 Required: Entity is required to implement the
specification.
 Addressable: The entity may assess whether the
specification is reasonable for the entity.
If the entity determines that an addressable
implementation specification is not a reasonable
approach to its security needs, then the entity must
only document why.
This supports diffusion of the standard
26
Administrative Safeguards
Require:
 risk analysis and risk management
 sanction policy and activity reviews
 access policies and contingency plans
This cost/benefit mentality is wise for system
interoperability decisions too
27
Safeguards
Technical Safeguards:
 access control, audit, integrity,
authentication, and transmission.
Physical Safeguards:
 facility access controls, proper workstation
use and physical security, and device and
media controls.
28
Security Result
Annual maintenance costs are high. Takes time
of every employee (e.g. security checks at
doors).
But again creates a foundation from which
interoperability of EHR can grow.
29
Diffusion: Politics



30
The health care system is thousands of
relatively autonomous units.
Interoperability is political challenge.
Standards are needed, and standardization
is also essentially political.
Diffusion: International
Health care systems nationally:
 Entrepreneurial (US),
 Welfare-oriented (Canada),
 Comprehensive (Britain), and
 Socialist (Cuba).
have differences that are challenge to transnational interoperability
31
Many National Efforts




32
UK NHS is integrating local networks.
Australia has National Health Information
Model.
US has Office of National Coordinator for
Health Information Technology.
Direction is toward national interoperability
Conclusion


33
Interoperability of EHR should be
approached from multiple levels
simultaneously
Advantage may be taken of progress made
in different countries