2. Outline
What is Electronic Health Records
Effects of the new technology considerations
Adopting EHRs privacy and security implications
HIPPA Privacy and Security Rules description
Explain if HIPPA applies to the new technology
3. Health Care Information System
Implementing EHR
Health care data & info = health care information system
Electronic Health Record- records relating to health information that can be
created, managed, and consulted by authorized health providers across more than one
healthcare organization
Benefits
improve quality, outcomes, and safety
Improve efficiency, productivity, and cost reduction
Improve service and satisfaction
Core functions
Medical & nursing health info & data transferable electronic
Manage all types of results ( ex. lab tests)
Order entry & support primarily for ordering medications (CPOE)
Decision support provides guidance for decisions (CDSS or ADSS)
4. Effect of technology on Health Care
Decision support system (CDSS or ADSS) computerized intelligence systems
that provide guidance and decisions as a clinical computer assistant
diagnosing.
Information Systems- Computerized Provider Order Entry (CPOE), Electronic
Medical Record (EMR), Electronic Health Record (EHR), Personal Health Record
(PHI).
Electronic communication and connectivity (Email, web messaging, and
telemedicine) facilitates communicating effectively with other care givers
and the patient.
Telehealth – patient support that includes patient education, materials, and
home monitoring
Health Information Exchange (HIE)- future of EHR SYSTEM is the
administration process and the management of reporting population health.
5. Privacy and Security implications on EHRs
Protected health information
Staff members, employees and volunteers must follow federal and state laws to
protect the patients privacy
How to use PHI- treatment, payment, healthcare operations, special uses
Disclosing PHI to Others- required or permitted by law
Privacy Rights- Under the federal laws requirement, privacy programs the patients have specific
rights
Privacy Duties- Federal health information privacy rules requires to provide a notice to the
patient of privacy practices.
Other Information or Complains- are handled by the Health and Human Services
6. HIPPA Privacy and Security Rules
Health Insurance Portability and Accountability Act of 1996 (HIPPA) establish rules for
access, authentication, storage, editing, and transmitting electronic medical records.
Standards are more strict on electronic records than paper records
Protects health information
Covered entities
Privacy Policies and Procedures. A covered entity must develop and implement written privacy policies and
procedures that are consistent with the Privacy Rule
Protects health information
Privacy Rule preempted by the federal requirements if States are contrary
reports diseases or injury, child abuse, birth, or death
Reports public health surveillance, investigation, or intervention
requires certain health plans for management or financial audits
And more…
"individually identifiable health information that is held or transmitted by a covered entity or its business
associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information
protected health information”(12 45 C.F.R. § 160.103).
7. Conclusion
With the technology of EHR, health care organizations can improve
quality, outcomes, safety, efficiency, productivity, service, satisfaction and lower BUDGET.
With the large consumer demands EHR allows health care organizations to treat and care for a
patient faster with any health provider.
Personal health records are private and should remain private! with the appropriate privacy
rules of HIPPA and implementing those rules can reduce legal issues.
In conclusion
YES, HIPPA does apply to EHR.
8.
9. References
U.S. Department of Health and Human Services: OCR Privacy brief; summary of the HIPPA
Privacy Rules. Retrieved on October 30, 2012 from http://hhs.gov/hippa
UHS: Protecting your Privacy; Protecting your Health Information. Retrieved on October
31, 2012 from http://www.hhs.gov/ocr/phi
Wager, K. A., Lee, F. W., & Glaser, J. P. (2009). Health care information systems: A
practical approach for health care management (2nd ed.). San Francisco, CA: Jossey-Bass.
Hinweis der Redaktion
<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/AbD4dHtR6-Y?rel=0" frameborder="0" allowfullscreen></iframe>An electronic record of health-related information on an individual that conforms to nationally recognized interoperability standards and that can be created, managed, and consulted by authorized clinicians and staff across more than one healthcare organizationWithout health care data and informationthere would be no need for health careinformation systems. Health care informationis a valuable benefit in health careorganizations, and it must be managedlike other effects. To manage informationeffectively, the focus has to be on the information collected, which is unique to health care organizations. Understandingthe sources anduses of health care data and information is the key element. These benefits include (1) improvedquality, outcomes, and safety; (2) improvedefficiency, productivity, and costreduction; and (3) improved service andsatisfaction.
Core Fuctions of ehr system includes medical and nursing diagnosis, medication list, lab tests, allergies, demographics, and clinical narratives CPOE- computerized provider usually used to order medications. It manages all types of results such as lab tests electronically. The advance technology allows computerized clinical decision support to be diagnosed. Capabilities of decision support include reminders, alerts, and computer assistant.EHR other functions effected by technology allow electronic communication and connectivity to be more easy. Allowing everyone involved in the patient care to communicate effectively with each other and the patient. The technology includes email, web messaging, and telemedicine. Telehealth- patient support- includes everything from patient education, materials, and home monitoring.Information exchange across boundaries – is the central component of U.S. health care information technology strategy has been to further the adoption of interoperable EHR systems to further the exchange of health information across organizations. A health information exchange (HIE) consists of the technology, standards, and governance that enable the exchange of data between the information systems of various health care stakeholders. There are diverse types of HIEs. A HIE can be dedicated to moving medication-related transactions (new prescription requests, renewals, and refills) between EHRs and pharmacies. A HIE can be used to exchange a patient’s health data between two or more providersA regional health information organization (RHIO) is an organization that providesan HIE to health care stakeholders in a specific region providers, healthplans, and diagnostic centers“significant work has occurred nationally in terms of standards development in recentyears. The Healthcare Information Technology Standards Panel (HITSP), establishedin 2005, has brought together experts from across the health care community—fromconsumers to physicians, nurses, and hospitals; from those who develop health care ITproducts to those who use them; and from the governmental agencies that monitor theU.S. health care system to those organizations that actually write the standards (HITSP,2008). Although widespread interoperability remains a goal, all the right players seemto be working together toward its achievement.” chapter 5
Protected health information Staff members, employees and volunteers of this hospital/facility must follow legal regulations with respect to• How We Use Your PHI• Disclosing Your PHI to Others• Your Privacy Rights• Our Privacy Duties• Hospital Contacts for MoreInformation or, if necessary, a ComplaintRequired or PermittedUses and Disclosures• If you do not verbally object, we mayinclude information identifying you in avisitors’ directory of patients while youare an inpatient in our hospital. Thisinformation may include your name,general condition and religiousaffiliation, if any.Your Right to Request Limited Use or DisclosureYou have the right to request that we do not use or disclose your PHIin a particular way. However, we are not required to abide by yourrequest. If we do agree to your request, we must abide bythe agreement.Your Right toConfidential CommunicationYou have the right to receive confidential communication from thehospital at a location that you provide. Your request must be inwriting, provide us with the other address and explain if the requestwill interfere with your method of payment.Your Right to Revoke Your AuthorizationYou may revoke, in writing, the authorization you granted us for use ordisclosure of your PHI. However, if we have relied on your consent orauthorization, we may use or disclose your PHI up to the time yourevoke your consent.Your Right to Inspect and CopyYou have the right to inspect and copy your PHI. We may refuse togive you access to your PHI if we think it may cause you harm, but wemust explain why and provide you with someone to contact for a reviewof our refusal.Your Right to Amend Your PHIIf you disagree with your PHI within our records, you have the rightto request, in writing, that we amend your PHI when it is a recordthat we created or have maintained for us. We may refuse to make theamendment and you have a right to disagree in writing. If we stilldisagree, we may prepare a counter-statement. Your statement and ourcounter-statement must be made part of our record about you.Your Right to Know Who ElseSees Your PHIYou have the right to request an accounting of certaindisclosures we have made of your PHI over the past six years,but not before April 14, 2003. We are not required to accountfor all disclosures, including those made to you, authorized byyou or those involving treatment, payment and healthcareoperations as described above. There is no charge for an annualaccounting, but there may be charges for additionalaccountings. We will inform you if there is a charge and youhave the right to withdraw your request, or pay to proceed.
A major goal of the Privacy Rule is to assure that individuals’ health information isproperly protected while allowing the flow of health information needed to provideand promote high quality health care and to protect the public's health and well being.Administration- Privacy Policies and Procedures. A covered entity must develop and implementwritten privacy policies and procedures that are consistent with the Privacy Rule.The Privacy Rule covers a health careprovider whether it electronically transmits these transactions directly or uses abilling service or other third party to do so on its behalf. Health care providersinclude all “providers of services” (e.g., institutional providers such as hospitals) and“providers of medical or health services” (e.g., non-institutional providers such asphysicians, dentists and other practitioners) as defined by Medicare, and any otherPerson or organization that furnishes, bills, or is paid for health care.Basic Principle. A major purpose of the Privacy Rule is to define and limit thecircumstances in which an individual’s protected heath information may be used ordisclosed by covered entities. A covered entity may not use or disclose protectedhealth information, except either: (1) as the Privacy Rule permits or requires; or (2) asthe individual who is the subject of the information (or the individual’s personalrepresentative) authorizes in writing.16Required Disclosures. A covered entity must disclose protected health informationin only two situations: (a) to individuals (or their personal representatives)specifically when they request access to, or an accounting of disclosures of, theirprotected health information; and (b) to HHS when it is undertaking a complianceinvestigation or review or enforcement action.17 See OCR “Government Access”Guidance.Protected Health Information. The Privacy Rule protects all "individuallyidentifiable health information" held or transmitted by a covered entity or its businessassociate, in any form or media, whether electronic, paper, or oral. The Privacy Rulecalls this information "protected health information (PHI)."12 45 C.F.R. § 160.103.In general, State laws that are contrary to the Privacy Rule arepreempted by the federal requirements, which means that the federal requirementswill apply.85 “Contrary” means that it would be impossible for a covered entity tocomply with both the State and federal requirements, or that the provision of Statelaw is an obstacle to accomplishing the full purposes and objectives of theAdministrative Simplification provisions of HIPAA.86 The Privacy Rule providesexceptions to the general rule of federal preemption for contrary State laws that (1)relate to the privacy of individually identifiable health information and providegreater privacy protections or privacy rights with respect to such information, (2)provide for the reporting of disease or injury, child abuse, birth, or death, or forpublic health surveillance, investigation, or intervention, or (3) require certain healthplan reporting, such as for management or financial audits.information, including demographicdata, that relates to:• the individual’s past, present or future physical or mental health orcondition,• the provision of health care to the individual, or• the past, present, or future payment for the provision of health care to theindividual,and that identifies the individual or for which there is a reasonable basis to believecan be used to identify the individual.13 Individually identifiable health informationincludes many common identifiers (e.g., name, address, birth date, Social SecurityNumber).The Privacy Rule excludes from protected health information employment recordsthat a covered entity maintains in its capacity as an employer and education andcertain other records subject to, or defined in, the Family Educational Rights andPrivacy Act, 20 U.S.C. §1232g.
Consumers, public and private sector organizations are in demand, with the appropriate policy changes, andstrong leaders, the boundaries expect that interoperable EHRs are achievable in the years tocome