Whose data is it, anyway?

ByScott A. Edmonds, OD, FAAO

A large aspect of health care reform is related to transportable medical information for each citizen. In the days of paper charts, each doctor created a “database” of information based on tradition, style and practice specialty. Patients with chronic medical problems ended up with huge files and a hodgepodge of information scattered in a folder or envelope filled with staples, paper clips, letters and reports.

With the advent of electronic health records (EHR), medical charts are vastly improving. Letters and reports are organized and easily accessed; data points such as past visual acuity and IOPs can be reviewed with the click of a button. Optometry medical charts have become more organized, readable and, frankly, a joy to review.

I have multiple clinical offices and, prior to our EHR, each office had its own medical chart files and each was slightly different based on the location. Whenever a patient moved from one office to another, there was always confusion on where the chart was located, where the billing was located and how to do the charting to keep the file consistent. Since initiating our web-based EHR, the charts are totally transferable and accessible from any location in the world. Whenever a patient calls me with a problem, I am only a couple of clicks away from all of their health data, including photos, video clips and test results.

However, what if my patient wants to transfer to another doctor or is seeing a co-managing ophthalmologist or their primary care physician? How do I get my excellent database to these providers? This is the issue that triggered a comment on my previous blog, “The new team for optometry in health care reform.” My reader writes, “I am concerned personally and professionally about efforts to give more of our patients’ personal data to bureaucrats for questionable purposes.”

The answer to this reader’s concern is related to the doctor’s responsibility to protect each patient’s health information as required by a piece of health care reform legislation know as HIPAA: Health Insurance Portability and Accountability Act. This act specifically prohibits a provider from engaging in the process that concerns my reader.

The transfer of medical information across different software platforms is a major concern for the entire health care system. In 2004, President George W. Bush issued an executive order to create a health information technology infrastructure to assure that American citizens will have appropriate access to their health information. This effort spawned the development of RHIOs: regional health information organizations. These organizations are working to develop secure heath information exchanges to allow data to flow securely from one authorized caregiver to the next. I was involved in the start-up of the RHIO for Pennsylvania, and our state optometric association remains intimately involved with our state executive director sitting on the board. Every optometrist should know which RHIO affects their practice location and should be sure that optometry is involved in the process.

That being said, RHIOs are still a long way from having an operable system in place. In the meantime, optometrists must remain vigilant in the protection of protected health information. This information is much broader than might be expected and includes all of the following:

Names
All geographic identifiers smaller than a state, except for the initial three digits of a zip code if, according to the current publicly available data from the Bureau of the Census: the geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people and the initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to 000.
Dates (other than year) directly related to an individual
Phone numbers
Fax numbers
Email addresses
Social Security numbers
Medical record numbers
Health insurance beneficiary numbers
Account numbers
Certificate/license numbers
Vehicle identifiers and serial numbers, including license plate numbers;
Device identifiers and serial numbers;
Uniform resource locators (URLs)
Internet protocol (IP) address numbers
Biometric identifiers, including finger, retinal and voice prints
Full face photographic images and any comparable images
Any other unique identifying number, characteristic or code except the unique code assigned by the investigator to code the data

In the absence of a universal secure data transfer, optometrists must create a secure data file and transfer this via secure e-mail or reduce the EHR to paper and mail or send via a secure fax to the patient-designated provider. The use of a secure electronic file assumes that the receiving provider has the technology to de-code the transmission and convert it to usable data. I have found this to be a significant barrier to this option. So, in spite of great technology on my end, I end up printing a letter or report from my EHR and mailing this to my comanagement providers.

Your patient’s health data belongs to you and your patient. You must be extremely careful in how you use and transmit this data. As health care reform evolves, this may become a better process, but, for now, you may need to use traditional forms of communication. Follow the progress of your local RHIO and help keep optometry in the loop. Don’t become a cul-de-sac on the information super highway.