In 1996 the Health Insurance
Portability and Accountability Act (HIPAA) was passed. It was intended to protect a patient’s
medical information and to give patients’ rights regarding their health
information. HIPAA included several
general rules, including the Security Rule which requires specific guidelines
to protect electronic health information.
HIPAA also included the guidelines for the creation and use of Electronic
Health Records (EHR).
What are Electronic Health Records (EHRs) and How are they Created?
The EHR is an automated system that
allows for immediate access to a patient’s medical record by providers and the
patient. It decreases the amount of work
required of providers and administrative staff as well as making records, lab
reports, and recommendations easily accessible by the patient themselves.
Which Providers are Required to Adopt An EHR?
All covered entities who provide
services for Medicaid or Medicare patients must adopt an EHR. Only certified software can be used to set up
an EHR Providers must also prove meaningful use based on a series of
criteria.
What is “Meaningful Use?”
Meaningful use is defined as using
certified electronic health record (EHR) technology and the information
gathered in order to accomplish a number of goals. These include
- Improving quality, safety, and efficiency of care
- Reducing health disparities
- Improving care coordination
- Improving population and public health
- Maintaining privacy and security of patient health information
How are Covered Providers Held Accountable for Compliance?
Covered providers must show proof
they have met the requirements related to EHR technology and provisions yearly
through an online attestation report.
Providers who do not comply are fined heavily. Incentive funds can be applied for by
providers if they have adopted an EHR and provide services for Medicaid or
Medicare patients. However, if they fail to submit a completed attestation
report or the report evidences incomplete compliance certain areas without
adequate remediation put into place, they will be required to pay a sizable
fund as well as pay back that year’s incentive money. Any additional incentive that have been
granted are terminated or revoked. The
provider is unlikely to receive further incentive funds in the future with a new
application.
What Information is Included in an EHR?
An EHR is an electronic version of an
individual’s medical records. It lists
all information relevant to the individual’s health care by a particular provider.
Information found in and Electronic Health Record includes demographic
information such as identifying information, gender, and insurance, appointment
and treatment notes, diagnoses and presenting problems, a history of
prescription medications and current prescriptions. The patient’s medical
history with that provider as well as any records that have been forwarded to
them, including an immunization record, and test results including laboratory
values, findings, and radiological data are also included.
What are the Benefits of an EHR?
There are several advantages to EHR’
s. These include:
- Allowing for better patient care through easily accessible, complete and legible medical histories, more reliable medications prescribing, provider decision support, clinical alerts regarding the patient and reminders about follow-up care.
- Information is easily transmitted to other health care providers involved with the patient allowing for better care coordination.
- Providing patient’s with direct access to their records at any time making information such as follow-up appointment information, additional educational information specific to their condition, a summary of treatment components and recommendations for improved quality of life readily available.
- Providing patients with the ability to contact their provider directly and securely through the EHR.
Are There Any Negatives to EHR’s?
While there are some disadvantages to
EHR’s they are generally for the provider not the patient. Disadvantages include:
- Initial set up and start up expenses are high
- Learning to use the technology is time consuming
- Lengthy time consuming and complex reporting requirements for attestation reports.
- Many providers are unfamiliarity with the technology involved in entering information in the EHR
- Time spent entering information can result in lost time with the patient and slower work flow
How is this Information Protected in the Case of Natural Disasters?
According to HIPAA there are required methods of protecting
EHR data during potential natural disasters.
They are mandatory and any loss of data due to failure to put any of the
steps into place will be fined heavily.
The regulations require that all EHR data is fully backed up, meaning
complete copies of every EHR must be backed up.
The data must be recoverable and able to be fully restored once the
disaster is over. Backup data must be
stored offsite. Data must be backed up
often. Security regulations must be kept up and running during and after a
disaster occurs to prevent a breach. A
written procedural document must be created to detail the data protection and
recovery plan for natural disasters.
Protection and recovery procedures must be tested on a regular basis.
Sources for Additional Reading
- HBMA, (2012). The Truth about HIPAA-HITECH and Data Backup. Retrieved from http://www.hbma.org/news/public-news/n_the-truth-about-hipaa-hitech-and-data-backup
- HHS.gov, (2015). Health Information Privacy. Department of Health and Human Services. Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html
- HHS.gov, (2015). Health Information Privacy. Department of Health and Human Services. Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html
- Julien, S. P. (2014). Electronic Health Records. In Public Health Informatics and Information Systems (pp. 173-189). Springer London.
- Simpson, K. R. (2015). Electronic health records. MCN: The American Journal of Maternal/Child Nursing, 40(1), 68.
No comments:
Post a Comment