Source: blog.himss.org

– Learn more at http://www.protecsolutions.net

New Look, New Postings for Health IT Buzz Blog Have you checked out the Health IT Buzz Blog lately? The Office of the National Coordinator for Health Information Technology (ONC) has just improved the look and functionality of its Health IT Buzz Blog. Redesigned to be more user-centric, the blog now features a category structure for posts based on hot topics in health information technology. The new categories will make it easier for you to navigate the blog and find posts of interest. Another addition, the “Share” button, allows you to share specific blog posts on Facebook, Twitter, e-mail, and more.   New Health IT Buzz Blog posts are added each week. The most recent blog post takes a personal look at how Meaningful Use measures can improve the quality, safety, and efficiency of health care. Don’t miss out on a new post – sign up today for notification e-mails and the RSS feed! Health IT Buzz Blog Distinctions The Health IT Buzz Blog recently received several distinctions from health bloggers. The ONC site was rated as one of the: Top 50 HIPAA Blogs, by Medicine/e-Learning 50 Best Healthcare Blogs You Aren’t Reading Yet, by Healthazoi Top 50 Helpful Government Websites for Nurses, by Healthy Blog, which noted: “Keep up with the latest news in health and technology. Increasingly, we rely on technology for health, and this site is a great news resource.” Questions? Contact Us STAY CONNECTED: SUBSCRIBER SERVICES: Manage Preferences | Unsubscribe | Help This service is provided to you by The Office of the National Coordinator for Health Information Technology.

Source: healthit.hhs.gov

– Learn more at http://www.protecsolutions.net/

Source: blog.himss.org

– Learn more at http://www.protecsolutions.net

Background

In September 2002, the Markle Foundation established Connecting for Health, a public-private collaborative whose purpose is to “bring greater visibility and coordination to the many government, provider, and industry efforts to speed up the adoption of electronically connected health information systems.”

Phase 1 of the project included a recommendation to engage the American public in this endeavor, with a more specific objective of developing PHRs.

Phase 2 of the collaborative project included the formation of the working group on policies for electronic information sharing between doctors and patients. The working group reported several findings, including:

• PHR development should be accelerated.
• PHRs will help increase consumer health awareness, activation, and safety.
• There is no single pathway to a universal PHR.
• A common data set is a vital starting point.

AHIMA Initiatives

In 1996, AHIMA’s Board of Directors charted the future course of the association and health information practice. As part of the Vision 2006 project, several task forces were established to clarify future roles and skills. One identified role was the patient information coordinator, a precursor to the role HIM may assume with the PHR. The duties of this role include:

• Ensuring the timely transfer of patient information among healthcare providers
• Showing patients how to manage their personal health histories
• Showing patients how to access computer-based information resources

MyPHR.com

In October 2003, AHIMA launched myPHR (www.myPHR.com), a guide to understanding and managing personal health information for the general public. The site defines a health record, provides instructions on accessing health information and compiling and keeping a PHR, and explains privacy rights. Since its inception, the site has broadened its consumer resources to include healthcare literacy, sample PHRs, and blogs. myPHR also features the most recent and relevant news on health information from a variety of industry sources so that consumers can stay informed on a variety of healthcare issues. The site continues to educate the public regarding PHRs, with 8,800 average visits a month, reaching as high as 11,000 visits in some months.

Consumer Education

In March 2005, AHIMA produced a public education presentation kit titled “Your Personal Health Information: How to Access, Manage, and Protect It.” The kit provides HIM leaders with complete materials for an hour-long presentation to the general public. It includes a video, a PowerPoint presentation, a handout, and fliers for advertising the event.

In January 2008, AHIMA launched a new campaign called “It’s HI Time, America!” and included national radio and television public service announcements. A documentary focusing on real-life stories aimed at assisting consumers in relating to the necessity of managing their PHRs also was developed. At the same time, AHIMA reorganized the myPHR Web site to offer a comprehensive menu of peer-reviewed PHR information and step-by-step guides for creating a PHR with forms in English and Spanish.

Definition of the PHR

The PHR is an electronic, universally available, lifelong resource of health information needed by individuals to make health decisions. Individuals own and manage the information in the PHR, which comes from healthcare providers and the individual. The PHR is maintained in a secure and private environment, with the individual determining rights of access. The PHR is separate from and does not replace the legal record of any provider.

Attributes of the PHR

An AHIMA 2005 work group developed the following PHR resources, all available online in the AHIMA Body of Knowledge:

• A complete description of attributes
• A list of common data elements in a PHR
• Emerging HIM roles and responsibilities with the PHR
• Presentation models for community education

Types of PHRs

The future PHR is an electronic application, as noted in the preceding definition. However, at this time, most individuals maintain their PHRs in one of the following formats.

Paper Based -. These are the files that most consumers have around their homes in folders filled with information from doctors, insurance companies, pharmacies, and hospitals. Some have created PHR forms and developed lists of emergency contacts, drug sensitivities, doctors, immunizations, and medications either in written form or on personal computers.

Personal Computer Based – Consumers also store health information on personal computers, typing or scanning information into generic software or specific applications. Desktop-based solutions in general lack the ability to exchange information easily between consumers and healthcare providers (e.g., they do not provide direct Internet access). Healthcare providers do not have direct access to the information contained in the desktop PHR nor the ability to update that information.

Web Based – Other services allow consumers to maintain their information in private online accounts, which they access by logging in with a unique user name and password. Web-based platforms do not require software other than a Web browser. They may include secure e-mail, document sharing, and videoconferencing for home consultations.

In most cases, Web-based solutions provide around-the-clock access to a person’s medical information from any Internet-connected device. For that reason, these solutions serve as excellent information sources in an emergency. Consumers or their caregivers have the option to fax information directly into the PHR repository. Examples of this type of PHR are My PersonalMD (www.personalmd.com).

Hybrid Desktop/Web Based – The typical hybrid solution allows individuals to maintain their PHRs on their personal computers and provides an upload facility to a secure Web server. The Web server provides around-the-clock access to the information. The access is primarily read-only, with the update capability restricted to the individual’s personal computer. In most cases, individuals are allowed to upload all or part of their medical information as they desire. An example of this type of PHR is SynChart (www.synchart.com).

Portable Devices – “The capabilities of portable devices are expanding rapidly and may lead to a whole new generation of PHR applications,” notes Connecting for Health. Consumers currently have the ability to store their health information on smart cards, personal digital assistants, mobile phones, and memory devices that plug into personal computers.

In most cases, portable devices are used as an add-on feature to a desktop-, Web-, or hybrid-based PHR application. For example, CapMed offers a proprietary “Personal HealthKey” device (www.capmedphr.com/choose_capmed.asp) that fits on a key chain. Information is downloaded to the device, which when connected to a PC’s universal serial bus port automatically launches a program contained in the device and displays the individual’s medical information.

2010 Environmental Scan

The PHR is different from an electronic health record (EHR). The PHR is intended to be an electronic lifelong individual record maintained by the consumer. The consumer owns, manages, and documents information within the PHR by obtaining it from multiple healthcare providers. It can include individual specific information such as allergies, family histories, and medications.

An April 2010 survey from the California HealthCare Foundation found that PHR use continues to be low; however, it noted that PHR use doubled in the past two years. The report found that one in 14 Americans say they have used a PHR. Even more important is that consumers with online access to their health information pay more attention to their health.

Widespread adoption, use, and integration of PHRs and EHRs is required in order for the two technologies to reach their fullest potential of positively affecting the healthcare industry. The industry can point to few success stories such as My HealtheVet (www.myhealth.va.gov).

My HealtheVet is the gateway to veterans’ health benefits and services deployed by the US Department of Veterans Affairs. Deployed at all VA medical centers across the United States, veterans have access to VA benefits, resources, a personal health journal, and prescription refills. In addition, access to online appointment viewing and limited health record information now is at the fingertips of hundreds of thousands of veterans.

To continue on the path of success, the healthcare industry must continue to support PHR and EHR integration at organizational, state, and federal levels. At these levels, much-needed funding for technology development specific to PHR models and integration can provide incentives for healthcare providers to merge patient information together. Advocating for the education of consumers, providers, and vendors on the short- and long-term goals of PHRs is also essential. Patients are no longer willing to be left out of medical decisions. Navigating the complex healthcare system of primary care providers; referrals to specialists; and the many hospitals, freestanding ambulatory surgery centers, and clinics requires a well-coordinated effort. PHRs can assist patients in being active and educated participants in their healthcare decisions.

Current Privacy Initiatives for PHRs

Personal health information companies such as Google and Microsoft have received plenty of attention in recent years for their Web-based PHRs. Both companies maintain that HIPAA privacy and security rules do not apply to them. In December 2008, the Office for Civil Rights provided guidance on PHRs and the HIPAA privacy rule. At that time, the Office for Civil Rights stated that the only PHRs subject to the privacy rule are those that a covered healthcare provider or health plan offers. PHRs that fall outside the scope of the privacy rule are those offered by an employer (separate from the employer’s group health plan) or those made available directly to an individual by a PHR vendor that is not a HIPAA covered entity. 

In February 2009, the American Recovery and Reinvestment Act (ARRA) was signed into law. Title IV of ARRA, the Health Information Technology for Economic and Clinical Health (HITECH) Act provided the industry with legislation that affects both personal health information platform companies and PHR companies. On July 14, 2010, the Centers for Medicare and Medicaid Services released a proposed rule that would modify the definition of a business associate. The proposed modifications suggest that the business associate term conform to the “statutory provisions of PSQIA, 42, U.S.C. 299b-21, et seq., and the HITECH Act. In addition, modifications are made for the purpose of clarifying circumstances when a business associate relationship exists and for general clarification of the definition.” These modifications, if finalized, will recognize PHR vendors as business associates.  

In cases in which the PHR vendor and the covered entity have a contractual arrangement primarily to facilitate the transmission of health information into or out of an individual PHR and in which the individual patient has sole control over the information, the PHR is considered to be independent. Furthermore, if the patient can move PHR information from one covered entity to another, the PHR is, again, considered to be independent; the vendor may not be considered a business associate under HIPAA and is thus exempt from the privacy and security rules.

In situations in which the PHR is offered to the patient as a part of the covered entity EHR, health plan’s EHR, or patient portal into the covered entity or health plan health record, the vendor may be considered a business associate and, therefore, responsible for meeting all HIPAA privacy and security rules. In this situation, the covered entity or health plan must treat the PHR as an extension of its own EHR, especially if the intent of the PHR is to assist and benefit the covered entity or plan. These relationships support industry conclusions that the PHR does not belong to the patient and, therefore, is not a stand-alone independent PHR. HIPAA recognizes that covered entities contract with outside companies to perform many healthcare-related functions on their behalf using identifiable information. Under the HITECH Act, business associates are now responsible for ensuring that privacy and security rules are followed, and they are subject to enforcement and civil and criminal penalties for noncompliance.  

There is no doubt that the next five years will shine a spotlight on the relationship between PHRs and EHRs. The consumer-driven movements in healthcare, such as PHR adoption, patient portals, and health literacy, will continue to drive EHR adoption. Concurrently, ARRA incentives for adopting health IT and the goal of providing every American with an EHR by 2015 will continue to spur the healthcare industry to adopt new technologies and functionalities designed to improve the state of healthcare delivery. The continued use and integration of PHRs will play a pivotal role in the transformation of healthcare.

Article source: AHIMA. “Role of the Personal Health Record in the EHR Updated. 11/2010

pts0z1

Source: blog.himss.org

– Learn more at http://www.protecsolutions.net

1. Covered entities are required to track medical record disclosures for payments, treatment and operations. The use of an EMR software solution is the basis for this regulation which became effective in 2009. All entities, no matter what type of EMR deployment, will need to comply by 2014.
2. New patient rights will influence the EMRs design and process flow as it will have to track the timeframe and media at the time the medical record is requested and produced.
3. Within the extended HIPAA regulations a patient may also restrict disclosure of certain medical records to insurance companies if the patient pays for the services out of pocket. Few entities and EMR software applications are able to comply with this mandate at the current time.

The ROI service, from a qualified vendor such as ProTec Solutions, is rendered at very little or sometimes without any costs to the health care Facility. The services provided by an ROI company can range from a full service model, which completely manages all communication and processing for the ROI function, to a shared or even partial model which would provide only those services focused on logging, obtaining the records, invoicing and delivery to the requestor.

Due to government mandates, the implementation of EMR systems does have an effect on the ROI process. The software provides features such as e-prescribing, work flow tasking, communication and messaging. The medical records are maintained within these databases. The Release of information outsourcing decision can be a by- product of implementing an Electronic Medical Record and document management system. The Electronic Medical Record solution can assure considerable degree of patient safety, accuracy, reduced patient costs, data quality, and increased patient care. Oddly enough, the ROI process itself could actually become more complex depending on how much data was converted from the prior EMR or from back-scanned hard copy records (paper files). The ROI process may now include additional steps for access to multiple EMRs and even hard records which have not been scanned into the EMR.

Release of information is not for the faint of heart. Correctly fulfilling medical records requests, as submitted by patients or third party requestors, such as Attorneys and Insurance companies, requires a highly skilled individual. Medical Information processors need to be dedicated to following process guidelines, be knowledgeable in data privacy and security and focus on the correctness and quality of the information that is released.

For over 23 years, ProTec Solutions has been a leading provider for Release of Information, Medical Record process consulting and Document Management Solutions for the Healthcare Industry. ProTec Solutions combines experience and leading technology to assist you in improving efficiency, reducing costs and complying with the complexities of HIPAA regulations all while improving patient care.

Once a request for a copy of a patient’s medical record is received, a series of steps are involved. The process continues to be labor intensive, requiring staff check for documents in multiple places for some requests.

Added to the regulatory nuances and the processing challenges is the request type. Different request types require different work efforts.

Managing release of information requires an advanced understanding of HIPAA and state privacy rules as they relate to authorizing the release of and logging the disclosure of patient information to the patient or another party. Determining whether a disclosure may or may not occur can be complicated by the legal status of the patient, the age of the patient, the reason the patient had healthcare services, whether the requestor is married or divorced, and whether the records pertain to a deceased patient.

Additionally, an organization’s internal policies may further complicate the release of information process. Working through the maze of regulations that often are not recorded in a single section of law challenges the most experienced ROI staff member. Increasingly, managing ROI optimally requires credentialed staff with a credentialed professional providing oversight. Finally, it is not uncommon for the organization’s legal counsel to be consulted for some unusual cases. Legislative changes that provide an added layer of protection for patient information also have added cost to the ROI function.

There continue to be costs involved to validate the authorization, retrieve the appropriate portions of the record, copy to media or print them, and forward the copies to the requestor.

Hybrid Systems Complicate the Process

Health IT is making its way into healthcare facilities; however, right now many healthcare organizations continue to maintain paper records or a hybrid combination of paper and electronic media that can encompass health records, microforms, photos, and lengthy continuous strips of graphic documentation. Healthcare organizations that continue to foster a paper medical record may have implemented a scanning function.

Further, healthcare organizations maintain multiple information systems. They may have a variety of secondary or feeder information systems that are integrated, but more often these systems are interfaced with the primary information system. Documentation for patient care thus is housed in many systems in many forms and may not be stored in, or under the auspices of, the HIM department.

Films or digital images may be stored in radiology or cardiology. Patient documentation stored on strips may be housed in cardiology or obstetrics. Outpatient testing such as respiratory therapy may be stored in that department. The same is true for wound care and various therapy services, which may be stored at the service location due to their recurring nature. Finally, space constraints may require that the organization purchase or lease its own storage facility or contract with a vendor to store materials.

Sample Request Scenarios

Some requests are relatively simple to fulfill; others require considerable effort. Patients may ask for a single radiology report and film to take to a physician, or an attorney or a payer may request “any and all” records and claims for a patient. In between those two extremes are a multitude of requests. Each request requires a different level of effort, as illustrated by the following scenarios.

A patient asks for a single radiology report and film of a recently conducted test. This request requires coordination between the HIM department and the radiology department. If the CT exam report has been dictated and transcribed, the report may be available online to print out. If transcribed documents are not stored online, pulling, copying, and returning the record must be done by hand.

An attorney requests “any and all records” on a patient. This request is the most difficult to address. Records for a patient who has had multiple encounters at the facility will be stored on a variety of media, possibly in a variety of departments, including off-site storage. Further, staff must assess requests for “any and all” records against HIPAA’s minimum necessary provision. Requests that exceed the minimum necessary must be sent back to the requestor or further validated.

An insurance company requests copies of physician orders, operative report, and discharge summary. The operative report and discharge summary are likely to be available online. However, finding all physician orders often is a hurdle. If the organization does not use computerized physician order entry (CPOE), the ROI specialist must retrieve the record and copy the orders. Even organizations with CPOE may not use it for all orders. The discharge summary presents another complication if the request arrives before the summary is complete (federal and state laws, and even organizational policies, set varying deadlines for completion). The ROI specialist may need to continually check for the document before being able to fulfill the request.

A state disability determination agency asks for copies of cardiology reports, labs, therapy reports, histories, and discharge summaries. If the records are paper, staff must copy the cardiology reports; print the laboratory reports from the laboratory information system; print the histories and discharge summaries from the transcription system; and copy records housed in the physical therapy department.

A spouse asks for the autopsy report for his deceased wife. The ROI challenge with this request is the time it takes to complete an autopsy report, often up to 90 days. The ROI specialist will be routinely checking the record or system for the report.

Proposed Changes to the HIPAA Privacy Rule

Each of these scenarios poses unique challenges; however, changes to the HIPAA privacy rule proposed by the Office for Civil Rights would add additional considerations. In July OCR published a notice of proposed rulemaking to enact modifications to HIPAA called for in the American Recovery and Reinvestment Act.1 Also included were changes OCR had been compiling over the years.

One change proposed would remove protected health information status from health records 50 years following the patient’s death. Another proposal would permit covered entities to disclose decedent records to family members and others involved in the patient’s care or payment of care unless doing so is inconsistent with any known preference of the patient. While both changes may add flexibility to ROI, both would also require changes to process, including a means to establish a requestor’s relationship to the deceased.

OCR also proposes modifications that would require documents electronically stored to be released or disclosed within 30 days. HIPAA currently permits extensions for certain purposes. In the case of an autopsy report or a discharge summary, meeting the new requirement may be difficult or impossible. At press time OCR had not indicated when it would publish a final rule.

Federal Initiatives Promote Electronic ROI

State and federal requestors have begun to request electronic transmission of copies of records. State disability determination agencies have asked that copies be electronically conveyed to the agencies rather than mailed. The Social Security Administration (SSA) is pursuing a similar requirement using health information exchange. It has awarded 15 contracts funded through the American Recovery and Reinvestment Act to access patient records.

The contract awards extend nationwide an application SSA began testing three years ago with Virginia-based HIE MedVirginia to electronically pull health records of disability applicants from local health practices, sort them through a state health information exchange, and get them rapidly into the hands of SSA adjudicators.2

CMS’s esMD (electronic submission of medical documentation) project will allow all records for audits (such as RACs and MACs) to be provided electronically through the developing Nationwide Health Information Network.3 Prior to the esMD phase 1 pilot, providers had three choices when responding to these documentation requests: mail paper copies, mail a CD containing a PDF or TIF image, or transmit a fax.

The voluntary meaningful use EHR incentive program also promotes the electronic release of information. To be eligible for the program’s incentive payments, participants must, if requested, provide patients with certain information in electronic form and within three to four business days.

While all of these endeavors have efficiency as a primary goal, healthcare facilities are not able to create fully electronic files without converting existing paper to a digital format such as a PDF. The efficiency for the governmental agencies will be the result of additional efforts by healthcare employees until such time that healthcare providers create all documentation electronically and have installed systems with health information exchange functionality.

What Costs Should Be Compensated?

Attorneys often argue that the fees healthcare providers charge to reproduce records are excessive compared to the fees charged at local copy stores. The argument overlooks differences that make the comparison unreasonable, including the following:

• When an individual takes a document to the local copy store, the effort of finding, retrieving, and transporting the copy has been incurred by the individual; there is no cost to the copy store.
• An individual who makes a copy without the use of the store’s labor may or may not comply with federal copyright regulations. Healthcare facilities must ensure their compliance with federal and state copyright regulations.
• When the individual returns to his or her home or office, the time spent again accrues to the individual, not the store. Additionally, the store or the individual is not required to re-file the original document, which a healthcare entity must do.

To protect the public from unreasonable charges, many states have regulated how much healthcare providers may charge for copies and retrieval fees to cover the labor costs associated with responding to a request. HIPAA prohibits charging retrieval fees for some requests, but not all. As noted, retrieval may be the most costly component of responding to a request for copies.

The new meaningful use program pays bonuses for the use of health IT, but it also adds costs to ROI with requirements to provide greater access to information within shorter periods of time than that allowed by HIPAA or state law.

Organizations that participate in the program may need to add staff and likely implement technology. Providing data in an electronic form may necessitate converting data to a new format, purchasing peripheral technologies to copy images to media such as DVDs, and providing the media.

Finally, there are other costs that must be factored into making a copy. These include:

• Systems and hardware (such as additional workstations) to accommodate the ROI function
• Applications such as ROI tracking systems
• Peripherals such as copiers, printers, and fax machines
• Forms such as ROI release forms and fax cover sheets
• Routine supplies including staples, pens, paper, envelopes, toner, etc.
• Postage Fees for off-site storage and retrieval
• Overhead such as utilities, space, furnishings, maintenance, housekeeping, human resources, payroll, etc.

A Possible Solution for Recovering Cost

Documents that are electronically available are less cumbersome to retrieve, and perhaps there should be a reduced fee structure when they are available.

Meanwhile, in this transitional state where release of information must navigate paper and multiple information systems, the following considerations could lead to fees that reflect true ROI costs and help effectively manage the overall ROI process:

• The electronic retrieval fee should be retitled electronic registration fee and incorporate the initial receipt, logging, and review of the request for legitimacy and completeness.
• Added to the registration fee should be the retrieval fee, including labor time and associated costs, based on the minute timer of the computer screen from the point of identifying the patient in the system until the documents that are needed are printed or written to an alternative media. This would require that organizations develop a per-minute fee that is defensible and based on cost accounting principles.
• There should remain a per-page copy fee to cover the cost of the paper, toner, and maintenance on the printer or copier if the requestor asks for paper copies.
• If the electronic documents can be written to an alternative media such as DVD without first printing the documents and scanning them, then the posted cost of the DVD should be added. The timer component will apply in terms of covering the labor and associated costs to do this step.
• For security concerns, including the spread of computer viruses, media supplied by requestors should not be used.
• Finally, if the items are to be mailed, the cost of postage and a reasonable labor fee for handling should be accommodated to offset the cost of providing and addressing an envelope, calculating and applying postage, and delivering the envelope to the designated postal pick-up location.

For all other request types that may include electronic, paper, microform or any combination of documents, the traditional fee-for-service charges permitted by state law should prevail until such time that the healthcare industry’s use of a fully electronic health record is commonplace.

Notes

1. Department of Health and Human Services. “Modifications to the HIPAA Privacy, Security, and Enforcement Rules Under the Health Information Technology for Economic and Clinical Health Act; Proposed Rule.” July 2010. Available at http://edocket.access.gpo.gov/2010/pdf/2010-16718.pdf.

2. Mosquera, Mary. “SSA Awards 15 Contracts to Expand HIE Nationwide.” Government Health IT, Feb. 1, 2010. Available at www.govhealthit.com/newsitem.aspx?nid=73073.

3. Nationwide Health Information Network. “Electronic Submission of Medical Documentation. Profile Definition-V 1.0.0. 5/26/10.” Available at www.cms.gov/ESMD.

Rose T. Dunn is chief operating officer of First Class Solutions, Inc., St. Louis, MO.

Article Source: Journal of AHIMA, November–December 2010

pts0z1

Source: blog.himss.org

– Learn more at http://www.protecsolutions.net