Federal push for electronic medical records gaining some momentum

In this first installment of a series on EMRs, ophthalmic regulatory and legal experts discuss how a strategy for defining and integrating privacy protections is still lacking.

Three years after a federal call for most Americans to have electronic medical records within a decade, progress is being made. The most recent efforts involve the certification of electronic medical records systems.

In 2004, President Bush accepted the findings of the President’s Information Technology Advisory Committee (PITAC), which showed that electronic medical records could make health care more effective, cost-efficient and accessible to consumers. This led to establishing the Office of the National Coordinator for Health Information Technology (ONCHIT), which oversees a variety of initiatives designed to develop an electronic medical record network.

One of the first initiatives launched by ONCHIT was a plan to improve the confidence of physicians by which medical records systems in the marketplace would interoperate effectively with other systems and with future data-interchange facilities still on the drawing board.

The Certification Commission for Healthcare Information Technology (CCHIT), a private, nonprofit initiative, was entrusted with the task of certifying electronic medical record systems. CCHIT certified the first 37 ambulatory, or office-based, electronic medical record systems in 2006; to date, CCHIT has certified more than 57 such systems. Electronic medical record platforms certified so far include GE Healthcare’s Centricity 6.0 and NextGen’s EMR 5.3, according to a CCHIT news release.

This year, CCHIT plans to begin certifying hospital inpatient electronic medical record products, according to a Department of Health and Human Services report.

Jonathan C. Javitt

CCHIT certification represents the gold standard for electronic medical records — and a welcome relief for physicians who are contemplating an investment in medical records technology.

Jonathan C. Javitt, MD, MPH, who was appointed by President Bush to chair the PITAC Health IT initiative, is an ophthalmologist who has been involved in electronic medical records technology for more than 20 years.

“The CCHIT certification is an extremely positive step,” Dr. Javitt told Ocular Surgery News. “Ophthalmologists, in particular, have long been the victims of medical records companies that portray themselves as ophthalmology-friendly but are built on shaky platforms. Many of those companies have come and gone, much to the detriment of those who have invested in their products. In part, this phenomenon has resulted from the failure of many mainstream [electronic medical records] companies to address the unique aspects of the ophthalmology medical record and the types of images and clinical tests that are integral to that record.”

Interoperability

Allison Weber Shuren

Electronic medical record implementation depends on interoperability, or the capacity of different electronic medical record systems to “talk” to one another. Although CCHIT is preparing to test systems’ interoperability, definitions and standards of interoperability are lacking, said Allison Weber Shuren, MSN, JD, OSN Regulatory/Legislative Section Member.

“While we have the interest growing in electronic medical records, the standards have got to be in place in order for people to feel like the investments they are making are worthwhile,” Ms. Shuren said.

Interoperability depends on universal definitions of clinical terms, so that different systems “speak the same language,” said Lloyd Hildebrand, MD, chairman of the American Academy of Ophthalmology’s Medical Information Technology Committee. For ophthalmologists, the standardization of imaging and image-related information is particularly crucial.

Electronic medical record system developers also need to focus on “best practices” and the standardization of care quality, which affect patient safety, he said.

Federal agencies have taken some action to enhance the availability and interoperability of electronic medical record systems. For example, in August, the Centers for Medicare and Medicaid Services and Office of the Inspector General issued exceptions to the federal Self-Referral Law and Anti-Kickback Statute. The exceptions allow certain types of health entities to donate software and training for electronic records to physicians without violating federal anti-kickback and self-referral laws.

The exceptions were intended to make electronic record technology more available to physicians, Ms. Shuren said.

“What these rulings do is allow certain health care entities to provide the software to physicians at a small percentage of the donor’s cost for the technology,” Ms. Shuren said. “The hope is that the donors will have the financial wherewithal to purchase the software, as well as the incentive, to do so. Physicians, particularly smaller practices, just aren’t going to have the discretionary funds to invest in expensive software and training. So the hope is that if they can obtain the [technology] at a discounted price, they will move toward electronic medical records more quickly.”

Privacy and security

In 2003, in compliance with the Health Insurance Portability and Accountability Act (HIPAA) of 1996, HHS issued a rule pertaining to procedures designed to ensure the confidentiality of protected electronic health information, according to an HHS news release.

Since 2005, the ONCHIT, as well as advisory committees and private contractors, have been working to devise electronic medical record security and privacy strategies.

Despite the efforts of ONCHIT, strategies to ensure that privacy protections would be built into a national electronic medical record system are lacking, according to a Government Accountability Office report released Feb. 1.

“While these activities are intended to address aspects of key principles for protecting the privacy of health information, HHS is in the early stages of its efforts and has therefore not yet defined an overall approach for integrating its various privacy-related initiatives and addressing key principals, nor has it defined milestones for integrating the results of these activities,” the report said.

Dr. Javitt, Ms. Shuren and Dr. Hildebrand echoed these concerns about privacy and security.

“Privacy and security are obviously protected by multiple layers of passwords and security systems,” Dr. Javitt said. “The critical issue is how do you know that a doctor has permission to access a particular person’s record?”

Under HIPAA, the electronic record, like the paper record, is the property of the patient and may only be used for the patient’s benefit with the patient’s permission, Dr. Javitt noted.

Ms. Shuren pointed out the vulnerability of having a large amount of patient information on computers. Protecting electronic medical records is easier than protecting paper records, but a breach of an electronic system would be “far more devastating” than the theft of paper records, in terms of potential liability, she said.

HIPAA privacy protections are adequate, but the operational security of electronic medical record systems is an area of concern, Dr. Hildebrand said. He called for criminal penalties for breaching electronic medical record systems, such as those in place for hacking into banking systems, he said.

“The same security issues that you have today are still present in an electronic world,” he said.

For more information:

• Lloyd Hildebrand, MD, can be reached at 1000 Stanton L. Young Blvd, Suite 390, Oklahoma City, OK 73104; 405-271-1096; fax: 405-271-1226; e-mail: lloyd-hildebrand@ouhsc.edu.
• Jonathan C. Javitt, MD, MPH, can be reached at 1700 Pennsylvania Ave., Suite 400, Washington, DC 20006; e-mail: jjavitt@healthdirections.net.
• Allison Weber Shuren, MSN, JD, can be reached at 1050 Connecticut Ave. NW, Washington, DC 20036; 202-775-5712; fax: 202-857-6395; e-mail: shuren.allison@arentfox.com.

References:

• CCHIT Certified Product List, testing instructions and other documents can be read at www.cchit.org.
• Centers for Medicare and Medicaid Services. Physician self-referral exceptions for electronic prescribing and electronic health records technology; www.cms.hhs.gov.
• Government Accountability Office. Health information technology: Early efforts initiated but comprehensive privacy approach needed for national strategy; www.gao.gov.
• HIPAA Security Educational Paper Series can be read at www.cms.hhs.gov.
• President’s Information Technology Advisory Committee. Revolutionizing healthcare through information technology: A report to the president; http://www.nitrd.gov/pitac/reports/20040721_hit_report.pdf.
• U.S. Department of Health and Human Services. Health information technology initiative, major accomplishments: 2004-2006; www.os.hhs.gov/healthit/news/Accomplishments2006.html#background.

• Matt Hasson is an OSN Staff Writer who covers all aspects of ophthalmology. He focuses on regulatory, legislative and practice management topics.
• Gina Brockenbrough, a staff writer for Orthopedics Today, a SLACK Incorporated publication, contributed to this article.