The Interoperable Electronic Health Record Understanding and Addressing the Legal and Regulatory Risks

Transcription

1 The Interoperable Electronic Health Record Understanding and Addressing the Legal and Regulatory Risks HCCA Physician Immersion Session April 2006 Judy S. Ireland, Esq. Vice-President, Ethics and Compliance Services Chief Ethics and Compliance Officer Sutter Health Sacramento, California

2 What Category Are You In? Solo Small group practice Large group practice Privileges at one or more hospitals? Share patients with other solo or group practices?

3 Your Presenter s Category Sutter Health is a health care system in Northern California made up of Hospital Affiliates Medical Foundation Affiliates Home Health and Hospice Affiliates Approximately 42,000 employees across the system Approximately 8,000 physicians provide professional services to Medical Foundation patients pursuant to physician service agreements with medical foundations

4 Current Status of ehr within Sutter Health System-wide phased EPIC implementation in process, coordinating both clinical and financial pieces of puzzle Some Medical Foundation Affiliates have existing electronic health records, e.g., Palo Alto Medical Foundation No Hospital has implemented electronic health record entirely, but may have one or more pieces

5 In-System Interoperability Barriers: lack of uniformity and interoperability of IT systems in use at different affiliates Privacy and security concerns

6 Out-of-System Interoperability Regulatory limitations on hospital funding of IT hardware/software for community physicians Privacy and security concerns

7 Legal and Regulatory Considerations The Short List Defining the legal health record Privacy Security Stark and Anti-Kickback Federal Reimbursement (coding, billing regs.) Non-Profit Tax Antitrust Intellectual Property Medical Malpractice State Law Issues

8 Defining the Legal Health Record The legal health record is generated at or for a healthcare organization as its business record and is the record that will be disclosed upon request. Update: Guidelines for Defining the Legal Health Record for Disclosure Purposes. American Health Information Management Association (ahima.org) Purposes: Support decisions made in patient s care Support claims submitted to 3 rd party payers Document services provided

9 Considerations re Defining the Legal Health Record for Your Organization Community standards of care Federal regulations State law and regulations Accrediting agency standards Requirements of 3 rd party payers Always a good idea to seek legal advice before making decisions

10 Privacy Consideration Issues relating to patient privacy concerns the right of the patient to not have information disclosed to unauthorized parties. American Health Lawyers Association Member Briefing: The Quest for Interoperable Electronic Health Records A Guide to Legal Issues in Establishing Health Information Networks, July 2005.

11 Legal Sources Related to Privacy Considerations HIPAA Privacy Rule Federal Privacy Act Federal Substance Abuse Treatment Confidentiality Regulations State Laws for specified classes of information Medicare Conditions of Participation JCAHO and other accrediting agencies standards

12 Security Considerations HIPAA Security Rule requires covered entities to ensure the confidentiality, integrity and availability of electronic protected health information. Integrity: Is the system set up to ensure that EPHI has not been improperly altered or destroyed? (What controls are in place?) Availability: Is the system set up to ensure that EPHI is accessible to ensure continuity of care?

13 Barriers to Community-Wide Interoperability Federal physician self-referral prohibition (Stark law) Federal Prohibition against remuneration for referrals (Anti-Kickback Law) Antitrust Law

14 Considerations for Tax Exempt Organizations Of concern for Tax Exempt Organizations, including hospitals and health care systems, is whether providing funding, equipment, support to unrelated individuals, e.g., physicians on the medical staff, violates the private inurement and private benefit prohibitions of IRC 501 (3).

15 Intellectual Property and Ownership Who owns the data created by the ehr?

16 Medical Malpractice and Other Potential Liability Physicians have voiced concerns that using electronic medical records will increase medical malpractice liability Redefining standard of care to require that a physician consult prior records (not the standard generally today). With increased reliance on web-based accessibility to information, will a duty of care evolve on physicians to conduct web-based consultations with peers?

17 State Law Issues Medical Record Requirements State Pharmacy Laws and Regulations State Licensure Laws Impact of State Laws that Mimic Federal Laws

18 Questions and Discussion