By Leah A. Grebner, PhD, RHIA, CCS, FAHIMA, Assistant Professor Director, Health Information Technology, Midstate College
An electronic health record (EHR) is more than just an electronic version of patient records. It is a valuable communicaton tool between health care providers, patients, insurers, and researchers. It not only speeds communication among these entities, but it also has potential to improve health care outcomes and reduce health care spending. Some patients have concerns about the use of the EHR, but this article should provide some information to eliminate some of the fear of the unknown associated with this new technology.
History of Electronic Health Records
Public Law 111-5, which is more commonly known as the American Recovery and Reinvestment Act (ARRA), was signed into law by President Barack Obama on February 17th, 2009. Title XIII of ARRA is known as the Health Information Technology for Economic and Clinical Health Act (HITECH). The HITECH Act involved $19.2 billion in stimulus funding dedicated to facilitating EHR adoption by health care providers. The decision to provide this funding as part of ARRA was in response to Executive Order 13335, which was signed by President Bush on April 27th, 2004. Executive Order 13335 called for all health care providers to implement EHRs by the year 2014.
Although HITECH and ARRA provide funding for health care providers to implement the EHR, there are some strings attached. In 2011, the Center for Medicare and Medicaid Services (CMS) established requirements that must be met by providers in order to receive funding.
These requirements are referred to as “Meaningful Use.” The simple explanation of Meaningful Use is that a health care provider can’t just implement an EHR for the sake of having it to be considered “compliant.” Rather, the provider must also use the EHR in a meaningful manner to the greatest capacity possible in order to justify receiving Federal funding through ARRA and HITECH.
- Stage 1 of Meaningful Use involved requirements for health care providers to make health information available to patients through a variety of electronic methods. This means that patients can request copies of their records on electronic media, such as copied onto a flash drive.
- Stage 2 of Meaningful Use took things further, requiring providers to arrange for patients to have access to their health information online, as well as download and transmit their health information within four business days of when the provider has the information available. This is the stage that promoted the development of the patient portal, which is an area on a provider’s website that provides secure access to personal health information. In order to access their information, patients must first get an access code from their provider.
Benefits of Electronic Health Records
Provision of patient access to electronic health information promotes patient engagement in managing personal health maintenance and decision-making. Physician access to electronic health records through health information exchange (HIE) with other providers allows for improved coordination of care, reduction in duplication of diagnostic tests, and improved quality of care. The Central Illinois Health Information Exchange (CIHIE) has been established for the purpose of improving accessibility to health care providers regionally. CIHIE bridges communication among providers, reduces duplication of testing, reduces medical errors, and helps improve Health care outcomes.
Security of Electronic Health Records
A common concern of the general public regarding electronic health records is security, especially in response to information breeches that have been in the news for organizations both locally and nationally. State and federal regulations have strict requirements that protect the security of patient information in the EHR. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was followed by introduction of a HIPAA Privacy Rule in 2003 and the HIPAA Security Rule in 2005. The main goal of the HIPAA Security Rule is protection of patient privacy with providers using electronic health records. It applies to any health care provider who transmits electronic health information and their business associates.
The HIPAA Security Rule addresses safeguards for administrative, physical, and technical aspects of the EHR. Administrative safeguards include training, documented processes, and designation of a security officer for the provider. Physical safeguards address the physical access to the facility and workstations. This includes safeguards, such as keeping the areas with computers locked and having workstations positioned so that only the user can see the display.
Technical safeguards provide regulations for access control, security of electronic data transmission, and protection of the integrity of the electronic health records. This requires password protection and encryption for data that is transmitted. Another aspect of technical safeguard requires potection of the records from tampering or alteration of information.
For additional information, please contact Dr. Leah Grebner. Looking to change your career? Visit Midstate College, www.midstate.edu or call 309-692-4092. Midstate College is located at 411 West Northmoor Road, Peoria, IL 61614.
Photo credit: CEFutcher/iStock