Status Report 2002: Electronic Health Records C. Peter Waegemann Why EHRs? If you analyze the progress made of by human beings on this planet, you ll find an impressive record of inventing sophisticated machines and of progress in understanding the world around us. From airplanes to space travel, from scientific achievements to the management of infrastructures, humans have developed complex systems of knowledge management. However, when one looks at the management of health issues, there seem to be gaps. For instance, while we are used to having detailed records on buildings, cars, machines, household devices, etc., humans have very inadequate health maintenance records. They maintain adequate records for structures and devices around them, but they have not recognized the need for comprehensive maintenance records for their own bodies, records that are accessible to the human herself and to any healthcare practitioner. It has become customary to find it quite acceptable that in cases of body malfunctioning, there is no comprehensive record of previous diagnoses, including allergies, and genetic dispositions, of healthcare services provided, or of medications used. At the beginning of the 21 st century, it is common to have only skimpy provider-specific, often specialtyspecific medical notes, (sometimes scribbled on paper and partly illegible), and even these are not coordinated or complete. Naturally, this has negative results. In many cases, health professionals have to act blindly without any background data on the patient, tests have to be repeated, and other practitioners often do not know an individual s previously identified conditions and allergies. The vision of electronic health records is the solution to this dilemma. Understanding Various Concepts While EHR has become the most used generic term, other terms are sometimes used as surrogates. It is thought that they represent the same concept. This is not true. Each of the terms stands for a specific vision as shown below. CPR The Computer-based Patient Record was the term used in the report of the Institute of Medicine. The report recommended that an Institute be formed to promote and develop standards for the CPR. This Institute, the Computer-based Patient Record Institute (CPRI) played during its 10-year existence a major role in promoting the vision during its 10-year existence. "The electronic health record is a computer-stored collection of health information about one person linked by a person identifier." i This statement encompasses 1
the fundamental vision of the computer-based patient record. The vision for the CPR encompasses a mainly virtual computer-based medical record that includes all information (clinical and administrative) and covers all practitioners ever involved in a person s health care, independent of medical specialties. Therefore, it includes linked bits and pieces of a person s health history from the dentist to the psychiatrist. It also is longitudinal, ideally including prenatal and postmortem information. The CPR vision also had an important feature as it foresaw the CPR as a basis for and an integral part of decision support. In other words, it distinguished the CPR from the paper-based medical record, which was a passive recording tool. Objections The vision of a longitudinal health record has become controversial in regard to confidentiality. The notion that the computer-based patient record should include everything from pre-natal to post-mortem information has been rebuffed by privacy advocates. When I testified to a Senate committee in 1996, I was told by a very famous politician, I am 64 years old. I do not want my physician to know whether I had a mental breakdown at 16, or an abortion at 19. It does not affect my care now and I resent any plans for a lifelong health record. Privacy advocates have argued that in the majority of cases, the medical record should only contain information that is relevant to care regarding a specific encounter. Of course, in cases of chronic illness, there may be exceptions. The discussion of what is relevant has not come to any conclusion. Researchers, of course, would like to work with all information of lifetime records. Practitioners have mixed responses ( too much irrelevant information, would never look at it, might be useful ), but privacy advocates have been rejecting the idea, except when there is a special medical reason to link such information. The vision of an interoperable patient record that is provider independent is unrealistic. There is neither incentive, nor technical possibility in the foreseeable future, for a medical record that is interoperable between unlimited provider entities. There was no benefits justification. The CPR was to bring better care and/or make the system more efficient. The latter has not been demonstrated yet. It is widely accepted that using the computer means slower data entry for the practitioner. Why should providers spend money for such systems? Outside of a few medical centers, where installations were driven by individuals, the CPR never got into the mainstream of healthcare provider implementations. Practitioners could not be convinced to use computers in the exam room when there were difficulties in justifying costs, essential training resources, and necessary system changes. This should not be mistaken for some of the products labeled CPR Systems. Many systems do not comply with the criteria for a CPR and are just good marketing. Many vendors identified their products as CPR systems, although none satisfied the requirements for a longitudinal, completely paperless, interoperable, multi- 2
provider-, and multi-discipline-based computer-based medical record. The benefits of CPR systems were generally accepted to be better quality of care and higher efficiency. In summary, the CPR vision is diminished by the following issues: Privacy issues resulting from the vision of a lifetime record that will follow the patient Unrealistic expectations for interoperability Lack of benefits and incentives By 1995 most people recognized the discrepancy between the vision and the reality. Standards, workflow, and user habits, as well as technologies weren t ready for the grand vision originally put forward. Most of all, the business case for CPRs was difficult to achieve. Hopes for many of the hyped new technologies, such as speech recognition and community health information networks, fizzled while traditional information systems grew enormously. Transcription, for example grew during the last decade to an estimated $15- billion to $20 billion industry, involving 300,000 to 400,000 medical transcriptionists. The term CPR continues to be used by many of the individuals involved in the CPRI as well as in circles of the American Medical Informatics Association and their international affiliates. Patient-carried Medical Record During the mid 1980s, long before the CPR became fashionable, the vision of patients being in charge of their health information became a leading force. The vision was based on a patient being the connecting entity for all health information. If one would give the patient his health information on a device, he could then bring it with him to providers, thus guaranteeing continuity of care. The practical solution was a patient card in the form of a smart card (with a computer chip) or a card using another technology such as optical stripes, magnetic high density stripes, 3-dimensinal bar codes, etc. Some of these cards can have a capacity of several megabytes, enabling them to become health passports. The concept actually is in use with many providers such as the Veterans Administration Health System, where patients carry their own health records (but not cards, of course). By the late 1980s this vision failed because of technical card problems, issues with capacities, difficulties with interoperability concerning content and terminology, but most of all due to lack of an infrastructure that allows every provider to record and read cards, even if they were motivated to spend extra time and resources for this exercise. This failed vision did cost an estimated $500 million to the healthcare industry. Today, there are some related approaches by some healthcare providers. For instance, some European providers give upon discharge their private patients a CD ROM with all their patient information. 3
Computerized Medical Record (CMR) Most of the versions of electronic health records require a change in practitioners documentation habits from easy handwriting or dictation to computer input. Even more, they require standards in interoperability as well as in the areas of security and authentication. While a consensus on such standards is still lacking, many providers are looking for alternatives. Document imaging represents the computerized medical record (CMR). Document imaging involves prepping, scanning/digitizing, indexing, and performing quality control of traditionally recorded paper documents into a computer system. Analog paper documents, either created through handwriting or transcription can be transferred into digital form with image scanning, optical character recognition (OCR) scanning, or hybrid systems of these. This has the advantage that patient information even when created in paper format is shareable within an organization. It also has the benefit of guaranteeing a higher level of document integrity than found in many current computer systems in regard to signature, persistence in storage, and other integrity features. Document imaging allows the reader to view the information only as a complete image. Optical character recognition, in which the text is scanned/digitized line by line, has recognition and authentication problems, so it is very rarely used and is costly. CMR is a passive computer recording. More than 1,500 installations have been reported during the last 14 years, many with mixed success. In general CMR applications can be viewed as successful in specialized settings where workflow is altered, and the benefits of having an electronic image of documents outweighs the disadvantages. The CMR is not a natural stepping stone to other EHR applications. Electronic Patient Record (EPR) The electronic patient record concept grew out of the CPR concept and, for a while, was the dominant term used. Some observers considered this term synonymous to the CPR term; however, an increasing number of individuals stated that the EPR vision differs from the CPR vision in the following: EPR is a collective vision of many systems and components which that are part of this overall concept. EPR is derived of all relevant patient information. As the relevancy differs from case to case, it is mainly driven by software. For instance, normal results may not be stored. However, those data that influence the care process will be part of the EPR. It is recognized that a patient-centered electronic patient record has the same requirements regarding interoperability that are difficult to satisfy. In general, the term EPR is a term that is less used than others, particularly the term EHR. 4
Electronic Medical Record (EMR) When one looks at the interoperability requirements of both the CPR and the EPR as they would be expressed in complete interoperability between information systems in varying locations, challenging provider settings, and different infrastructures, a realistic approach seems to be more reasonable. This is the electronic medical record, an electronic healthcare information system regarding one patient within an enterprise. Clearly, the goal for many providers is to create complete interoperability among the departmental systems. An enterprise may be a clinic, hospital, health plan, or (in Europe, for instance) a health authority. It seems to be a reasonable goal to harmonize incompatible, disparate systems into a comprehensive electronic medical record that includes all documentation of care given to a specific patient within the enterprise. The EMR can be used as a natural steppingstone stone toward an EPR, DMR, or EHR. Digital Medical Record (DMR) The digital medical record is a less-known term that represents a vision of webbased medical records that are not based on push technology but on pull technology. Its vision is based on an XML-based generic standard that allows communication as well as data management based on this one standard. The vision calls for patient information to be posted on the website site of a provider or health plan. Information is accessed by practitioners rather than sent as messages. The DMR can have the functionality of the EMR, EPR, or EHR. Patient Medical Record Information (PMRI) The term PMRI became popular because it is used in HIPAA legislation. It is being used by the National Committee for Vital and Health Statistics (NCVHS). The term was put forward as a synonym for the EHR and does not define an entity (such as record) in a central or virtual location. Rather, it addresses the current state, i.e.; bits and pieces of a patient s health information form various records. Personal Health Record (PHR) The e-health movement of 1999-2001 brought patient empowerment. Through the Internet, patients can look up health information on as many as 40,000 web sites worldwide. One principle of the information society is the recognition that any person should have an interest in his health, rather than leaving matters of health to the medical profession. This means that a responsible individual should Have a copy of all of health information ever created about her by all her providers Understand at least in general terms the content of her health history Use any resource to learn more about health matters that may affect her Be a partner to the caregiver giver (rather than having an child/parent relationship with the caregiver) 5
This should not only be for an adult s own health, but for her his children or his elderly relatives for whom he is responsible. The Five Types of Personal Health Records There are different flavors and types of personal health records. 1. Off-line Personal Health Records The idea of a personal health record is not new. For decades, public health services in many countries have been giving parents of newborn infants a booklet to record early health data. Millions of parents routinely start a paperbased patient record for their children. Of course, the vast majority of individuals do not keep the information up to date. Also, as adults, some people are interested in their own health records and ask their providers for copies, which they keep in file folders. And since 1995, commercial software has been available for individuals who want to record their health information on their personal computer. Of course, these off-line applications are only used by a limited number of people, except the Children s Health Booklets, which are issued in large numbers, although many are not kept up-to-date or are not continued after the child grows out of infancy. 2. Web-based Commercial/Organizational Personal Health Records The Internet makes it possible to store one s health information on a (more or less) secure web page. This means that accessibility is almost unlimited geographically. Wherever there is telephone access through a wired or wireless telephone connection, a person can access the information or authorize a practitioner or pharmacist to access certain information from the website of choice. There are four types of providers of this service: Commercial organizations that derive revenue from sponsors or from data mining Commercial organizations that charge the person a fee for maintaining the information Professional organizations that provide this service to their members or other affiliates (for a fee or as a service bundled with other charges and benefits) Local, regional, or national health organizations that provide this service to specified population groups. Because this is an immature industry, there is much fluctuation within it. A number of companies have gone under, and new ones continue to start. Of interest is the regional trend. From 1997 to 1999, most of the companies were based in the United States. In 2001, most providers of this service report that the growth is larger outside of the US, particularly in Europe and Asia. 6
3. Functional/Purpose-based Personal Health Records These are web-based personal health record systems that are offered in connection with a related service. The service may be an interpretation of a health record and/or the legal advice regarding a person s care situation. The most common function is that of providing emergency or health services to business people outside the geographic boundaries of their primary healthcare provider. A typical service may maintain the health record for the purpose of being able to arrange health care in any country in the world, or in order to arrange emergency health care (including helicopter transportation to the nearest provider facility) for a client. 4. Provider-based Personal Health Records Increasingly, providers, i.e., hospitals, clinics, and health plans make some of a patient s health information available on irthe website. This service is usually part of the care provided, and there is no charge. Such information typically includes Appointment information In most cases, appointments are posted on the website for patients to look up. Some providers offer an automated system by which patients can make appointments. However, in many cases this requires blocks of time reserved for emergency cases and other practitioner needs. Medication information Patients can see a listing of their medication(s) with potential links to web information regarding how to use it. They can check on potential side effects and related information. Allergies It is very helpful to patients to have a listing of their allergies, which can be shared with practitioners. In a number of cases, when patients see the list of allergies derived from their medical record, corrections can be made, or, allergies can be added that were not obvious beforehand. Beyond this basic information, providers experiment with posting additional parts of the medical record on a patient-specific and patient-secure website that ultimately can contain most of the medical record information. 5. Partial Personal Health Records Some 40,000 web sites have detailed health information for consumers. Most of the sites get their revenue from data mining and advertising. In many 7
cases, an individual has provided not only identification but also detailed health information in order to access the information or to benefit from the website. For instance, a diabetes patient may have to provide detailed health information in order to participate in a website. This way, patients create a mostly disease-specific partial health record that is usually available to them at the website but may also be used by the website provider for other purposes, such as marketing. Each of these personal health records is very different from the official providerbased health record. Except for the records described in (4) above, it is not created by the caregiver or healthcare provider but by the patient herself, or by another organization that is often not related to the care process. The practitioner community has not always welcomed personal health records. Some of the more traditional practitioners have indicated some resentment and distrust of these personal health records. Electronic Health Record (EHR) The term electronic health record now has dual meaning. For one, it is used by the majority of people as a generic term for an electronic version of the medical record and/or any of the concepts described above. In addition, the term EHR stands for a particular concept, - one that is different from all others. The EHR is different from the CPR, as it does not necessarily containing all information from pre-natal to postmortem information but focuses on relevant information for current or future care. It also consists of components that are implemented according to measurable, realistic benefits. Finally, its vision includes wellness, alternative healthcare documentation as well as information of the personal health record. CMR as it is not an image but a digital record that can be used in decision support applications as well as for interactive recording. EMR, as it is not limited to a healthcare enterprise. DMR, as it is integrating legacy systems and traditional database and messaging systems. PHR, as it primarily created and managed by providers and practitioners. Its unique roles are: It represents a provider-based view of that patient's health history. It provides a method for clinical communication and care planning among the individual healthcare practitioners serving the patient. The decisionmaking process related to care given provided (or not provided) and care actions delayed for insurance or organizational reasons are part of this medical record. It is important in documenting the specific services received by the patient for reimbursement purposes. 8
It serves as the legal document describing the healthcare services provided It is a source of data for clinical, health services, outcomes research, and public health. It serves as a major resource for healthcare practitioner education. It is easily shareable among authorized practitioners. It encourages interactive recording at the Point-of-Care. It is the basis for decision support. Hurdles Considering the time and effort spent on concepts of EHRs, one always ends up asking why they did not succeed. There must be substantial hurdles to prevent the great breakthrough of EHRs. And, indeed, there are substantial hurdles: 1. Information Capture The main hurdle is get practitioners to use the computer for direct input. This involves several changes; one from free text to structured and interactive recording, the other change is from handwriting and/or dictation to point-of-care computer input. It must be recognized that the majority of EHR systems are more cumbersome and take longer to record. 1 It has become a tradition in the medical informatics community to blame physicians and other practitioners for not being ready for the change to the computer. However, one needs to look at the motivation. Why should a practitioner (who is pressured in time) abandon the easy short handwritten note for a complex way of recording on a computer? Or, why giving up easy dictation for fiddling with small, hard-to-read screens on mobile healthcare computing devices? It will take some time to overcome the hurdle of information capture. New and better devices need to be developed, and incentives for their use should be obvious to users and/or have financial implications. 2 2. Lack of Benefits It is not easy to prove measurable benefits of electronic health record systems. Benefits are in the areas of (a) return on investment, (b) reduction of medical errors, (c) improved patient satisfaction, (d) improved practitioner and/or employee satisfaction, 1 A documentation challenge is annually conducted at the TEPR conference. A dozen vendors are given 10 minutes to record a mock encounter. The video of the 2002 event is available from the Medical Records Institute at www.tepr.com. 2 The Report on Information Capture and Report Generation recommends incentives for practitioners who abandon handwriting for computer entry. See Chapter 3 of the Report http://www.medrecinst.com/resources/document/summary.shtml. 9
and (e) overall efficiency. An inventory of benefits of components of EHRs is currently created by the Medical Records Institute. 3. Lack of technical Interoperability For the EMR, this means interoperability within an enterprise. This means, for example, that all systems within a hospital are interoperable; a patient s demographics are only captured once. Every authorized practitioner should have full access to a patient s health information stored within an enterprise. For higher versions (EHR, EPR, PMRI, etc.) this means technical interoperability independent of provider, medical specialty, geographic location, country systems, and legislation, etc. Currently, six different approaches are competing for being a platform for interoperability. They are OSI, CORBA, GEHR, HL7 CDA, OpenEHR, and the generic XML/Ontology approach. 4. Lack of interoperability for information representation The second part of interoperability is in regard to having the same meaning in codes, vocabulary, terminology, context, and other means of information representation. 5. Lack of direct motivations Why should providers spend substantial resources for EHRs? The need for sharing information is the main benefit of many EHR systems. Other benefits have only been realized in part (see the section on the MRI Survey below). The Survey on EHR Trends and Usage This year the Medical Records Institute has conducted its Fourth Annual Survey of EHR Trends and Usage. A total of 1131 individuals responded to the survey. The Survey focuses on the experience and the attitudes of healthcare providers. After removing responses from payers, vendors and consultants, the total number of provider respondents was determined to be 761. The Survey includes responses from April 15 th through May 16 th, 2002. EHR TRENDS One of the interesting observations from this years Survey is that the data reveals that provider motivations to implement EHRs has have shown a steady increase over the last four years. Question 6 from the Comprehensive Version of the EHR Survey shows these trends. (See the Table below) What are the major clinical factors that are driving the need for EHR Systems? (Respondents were asked to select all that apply.) TRENDS 2002 2001 2000 1999 10
Improve the ability to share patient record information among healthcare practitioners and professionals within the enterprise 90.0% 83.0% 85.0% 73.0% Improve quality of care 85.3% 83.0% 80.0% 72.0% Improve clinical processes or workflow efficiency 83.6% 83.0% 81.0% 67.0% Improve clinical data capture 82.4% 78.0% 68.0% 61.0% Reduce medical errors (improve patient safety) Provide access to patient records at remote locations 81.7% n/a n/a n/a 70.7% 73.0% 71.0% 59.0% Facilitate clinical decision support 70.0% 69.0% 66.0% 58.0% Improve employee/physician satisfaction 63.0% n/a n/a n/a Improve patient satisfaction 60.4% 59.0% 54.0% 40.0% Improve efficiency via pre-visit health assessments and post-visit patient education Support and integrate patient healthcare information from Webbased personal health records 40.2% 38.0% 36.0% n/a 30.4% 28.0% 29.0% n/a Retain health plan membership 9.3% 9.0% 7.0% n/a OTHER 0.3% 4.0% 1.0% 3.0% Responses to this Questions 729 293 296 358 EHR COMPONENTS AND FUNCTIONS The MRI Survey of EHR Trends and Usage recognizes the reality that there is no consensus in the industry regarding the definition of an EHR or which components or functions make up an EHR. The Survey addresses this problem by collecting data on all nine components/functions that broad definitions of an EHR have included. The nine components/functions include: Clinical Workstations Clinical Data Repositories Medical Record Document Imaging Systems Master Patient Index for a Single System or Site of Care Master Person Index or Enterprise Directory to Support Multiple Facilities Integration/Interface Engines Networks Data Warehouses Web-based Personal Health Records 11
The Survey continues to delineate specific functions or capabilities within each of these nine areas to reveal a comprehensive picture of the status of EHR implementations and near-term plans. The nine tables that follow come from Question 7 of the Overview Version of the Fourth Annual Survey of EHR Trends and Usage. What functions or components of an EHR system do you have in use or planned for implementation? (Respondents were asked to select all that apply.) Preface: The total number of respondents to the eleven sections within Question 7 is 717. The first row of results for each subsection is expressed as percentages of 717. The second row of results for each subsection is expressed as a percentage of the number of respondents that answered that subsection. 7-1. Clinical Workstations that support: Number of Respondents In Use Today 1 Year 2 Years 3 Years 4 or More Years Nurse or Staff Order Entry 717 25.0% 14.1% 6.7% 2.1% 1.0% [Based on all respondents selecting clinical workstations] 512 35.0% 19.7% 9.4% 2.9% 1.4% Physician Order Entry without clinical decision support 717 10.7% 9.2% 5.7% 2.2% 1.1% [Based on all respondents selecting clinical workstations] 512 15.0% 12.9% 8.0% 3.1% 1.6% Physician Order Entry with clinical decision support 717 7.4% 13.2% 12.1% 4.6% 2.9% [Based on all respondents selecting clinical workstations] 512 10.4% 18.6% 17.0% 6.4% 4.1% Results Reporting 717 32.1% 8.1% 5.2% 1.7% 1.0% [Based on all respondents selecting clinical workstations] 512 44.9% 11.3% 7.2% 2.3% 1.4% What functions or components of an EHR system do you have in use or planned for implementation? (Respondents were asked to select all that apply.) Note: The total number of respondents to the eleven sections within Question 7 was 717. 7-2. Clinical Data Repositories that support: Storage of EHR data, text and reimbursement codes (ICD and CPT codes) [Based on all respondents selecting clinical data repositories] Also storage of clinical codes (LOINC, MEDCIN, SNOMED, etc.) Number of Respondents In Use Today 1 Year 2 Years 3 Years 4 or More Years 717 21.6% 9.8% 6.3% 1.5% 1.5% 436 35.6% 16.1% 10.3% 2.5% 2.5% 717 10.9% 7.4% 4.6% 1.4% 2.8% [Based on all respondents selecting clinical data repositories] 436 17.9% 12.2% 7.6% 2.3% 4.6% If you plan to use SNOMED as a structured terminology, do you expect to use it for: Problem lists 717 0.8% 3.2% 2.9% 1.3% 0.4% [Based on all respondents selecting clinical data repositories] 436 1.4% 5.3% 4.8% 2.1% 0.7% 12
Lab results 717 3.1% 2.2% 1.8% 0.6% 0.3% [Based on all respondents selecting clinical data repositories] 436 5.0% 3.7% 3.0% 0.9% 0.5% Radiology results 717 1.4% 1.3% 2.1% 0.4% 0.4% [Based on all respondents selecting clinical data repositories] 436 2.3% 2.1% 3.4% 0.7% 0.7% Other uses for SNOMED 717 0.3% 1.3% 0.8% 0.1% 0.1% [Based on all respondents selecting clinical data repositories] 436 0.5% 2.1% 1.4% 0.2% 0.2% Also storage of voice or sound 717 2.8% 3.2% 3.2% 1.8% 2.5% [Based on all respondents selecting clinical data repositories] 436 4.6% 5.3% 5.3% 3.0% 4.1% Also storage of clinical images 717 9.9% 7.8% 7.0% 2.5% 2.8% [Based on all respondents selecting clinical data repositories] 436 16.3% 12.8% 11.5% 4.1% 4.6% 7-3. Medical Record Document Imaging Systems Interim to a clinical data repository 717 4.5% 3.6% 2.0% 0.6% 0.6% [Based on all respondents selecting Medical Record Document Imaging)] 358 8.9% 7.3% 3.9% 1.1% 1.1% Supplemental to a clinical data repository 717 8.8% 6.3% 3.5% 1.1% 0.3% [Based on all respondents selecting Medical Record Document Imaging)] 358 17.6% 12.6% 7.0% 2.2% 0.6% 7-4. Master Patient Index for a single system or site of care [Based on all respondents selecting Master Patient Index] 717 22.7% 4.6% 1.5% 0.8% 0.8% 209 74.4% 15.1% 5.0% 2.7% 2.7% 7-5. Master Person Index or Enterprise Directory to support multiple facilities [Based on all respondents selecting Master Person Index] 717 9.8% 2.8% 2.0% 0.3% 0.0% 106 66.0% 18.9% 13.2% 1.9% 0.0% 7-6. Integration/Interface Engine to connect the Data Repository to Clinical Workstations and departmental systems [Based on all respondents selecting Integration/Interface Engines] [Based on hospital respondents selecting Integration/Interface Engines] Number of Respondents In Use Today 1 Year 2 Years 3 Years 4 or More Years 717 22.2% 6.0% 2.0% 0.7% 0.4% 168 65.5% 22.6% 7.7% 2.4% 1.8% 114 75.4% 15.8% 5.3% 1.8% 1.8% 7-7. Network connecting the Data Repository to Clinical Workstations and departmental systems 717 20.9% 7.0% 3.3% 1.8% 1.3% [Based on all respondents selecting networks] 246 61.0% 20.3% 9.8% 5.3% 3.7% 13
7-8. A Data Warehouse or secondary database of patient information to support retrospective analysis of outcomes, utilization, and clinical processes [Based on all respondents selecting Data Warehouse or secondary database] 717 6.4% 3.8% 2.1% 1.5% 1.0% 106 43.4% 25.5% 14.2% 10.4% 6.6% 7-9. Web-based Personal Health Records 717 2.5% 2.4% 1.0% 0.8% 0.7% [Based on all respondents selecting Webbased Personal Health Records] 53 34.0% 32.1% 13.2% 11.3% 9.4% 7-10. Other 717 3.50% 7-11. We do not have any components installed, and do not have time frame for implementation 717 11.70% DATA SECURITY GUIDELINES, STANDARDS, AND FEATURES The MRI Survey of EHR Trends and Usage also reveals the status of provider data security implementations and plans. The following data is rexcepted from Question 16 of the Overview Version of the EHR Survey. What is the status of the data security guidelines, standards, or features within your organization? (Respondents were asked to select all that apply.) Preface: The total number of respondents for Question 16 is 550. Security Guidelines, Standards or Features Access Controls Percentage of Respondents Selecting this Option In Use Today 1 Year 2 Years 3 Years 4 or more Years Passwords 95.1% 90.4% 2.9% 0.7% 0.0% 1.1% User access by role/class/location 87.5% 77.3% 6.5% 1.8% 0.7% 1.1% Security Guidelines, Standards or Features Authentication of users Percentage of Respondents Selecting this Option In Use Today 1 Year 2 Years 3 Years 4 or more Years Electronic signatures 62.2% 34.2% 15.6% 8.0% 2.7% 1.6% Digital certificates 32.9% 10.0% 10.5% 6.5% 3.5% 2.4% Biometric Technologies 32.0% 2.4% 10.2% 10.0% 3.5% 6.0% Protection of data over networks Virus detection 90.7% 87.5% 2.0% 0.5% 0.0% 0.7% Firewalls 86.4% 82.7% 2.2% 0.7% 0.2% 0.5% Data Encryption 68.0% 53.6% 8.9% 3.8% 0.9% 0.7% 14
Protection of data within the enterprise Policies and practices 83.1% 76.2% 4.9% 1.3% 0.4% 0.4% Backup and recovery procedures 86.4% 82.7% 2.5% 0.2% 0.0% 0.9% Audit logs 74.0% 60.9% 9.5% 2.4% 0.7% 0.5% Other data security policies, practices, or techniques 4.4% 2.0% 0.9% 1.1% 0.2% 0.2% The Overview Version of the MRI Survey of EHR Trends and Usage is available for review or download on the MRI Website http://www.medrecinst.com/resources/survey2002/index.shtml at no cost. The Comprehensive Version of the Survey will be available for purchase at a modest cost in September 2002. Functions of the EHR A good part of the confusion is caused by different views of the EHR functions. It is important to remember the key functions of the EHR. The recording function is often considered the only main function. Traditionally, recording of healthcare documentation served as aide memoire to a physician and traditionally helped him to remember details about a patient and her health care. It also became the legal document causing much concern about data integrity and permanence of stored information. The functionality of sharing EHR information was added as health care became more complex and more practitioners became involved in the care of the same patient. In some countries, the concept of shared care is still controversial. In general terms, the sharing of patient information is necessary to reduce medical errors and ensure a more efficient continuity of care. Order entry is one of the key components of an EHR. Retrievability and accessing patient information is a key component of the functionality. Particularly in cases where lots of information is stored for one patient, this function pulls together all relevant information and displays it to the practitioner. Built-in functionality for the key elements of health documentation. It will not allow documentation or accessing information that does not comply with (1) unique identification of the patient, (2) accuracy, (3) completeness, and (4) timeliness. This means that the system has interactive recording in which the user is prompted for specific information elements. Authentication: The system should clearly identify the author through device access control and seal a document after an electronic or digital signature has been affixed. This authentication system must include data 15
integrity features that allow a provider to have a legal paperless patient information system. The system must have a built-in way to audit all activities. Overall security must be part of the EHR. Interaction with decision support must be provided. The system should be interoperable with the majority of other systems. Each of these functions above has gradations. However, they represent together the minimum set of functionality of an EHR. Dimensions As mentioned above, EHR systems are very complex. To understand the full range of options, it is best to think along 10 dimensions. The level of complexity achieved in each of the 10 dimensions defines the EHR concept. In each of the 10 areas, an EHR can take a very simple (somewhat unacceptable) or very complex position: 1 Data content: What is recorded, the scope of specialties, scope of information available for exchange. 10 Dimensions of the EHR Content : Scope of health information (limited to department or to one provider?), Scope of completeness of information. QA and Testing: Systems testing and operational quality assurance Interoperability: Common (inside systems) convergence EHR domain, (outside) disparate domain, data and functional mapping, translation rules, versioning, audit; Performance Performance standards, measures of performance. Information Capture Voice, handwriting, direct input, document imaging, etc. Compliance with Principles of Documentation. EHR Security/Confidentiality Information Representation: Terminology, Code sets, Languages, etc. Operational Dimension and Data Model: Actors, actions, process states/state transitions, work flows, allocation, deployment, staging, routing, conditionals, version control, audit levels, etc. Classes, relationships, attributes, states, identifiers, data types, version control, and audit control. Clinical Practice: Standards of care/practice, protocols (e.g., care plans, critical paths), problem management and resolutions. Decision Support: Standards for clinical decision making, algorithms, triggers, responses, logical support, etc. Privacy and security protections: information flow (chain of trust): end-to-end (point of origination to point of access security, stewardship, accountability, authentication, audit; trust, authentication, audit, access control, encryption, trusted data stores, trusted communications, data/function classifications, user/role clearances. Accountability, encompassing organizations, business units and individuals, user identification, encryption, data integrity, nonrepudiation, signature architecture. Backup/recovery, emergency mode operations, audit, etc. 2 Information capture: Integrating handwriting, transcription, speech recognition, interactive recording, point-and click post-encounter or in the 16
exam room, whether information is in free text, in structured text, or in interactive format; compliance with principles of documentation, etc. 3 Business operations process: actors, actions, process states/state transitions, work flows, allocation, deployment, staging, routing, conditionals, version control, audit levels, data model: business classes, relationships, attributes, states, identifiers, data types, version control, and audit control. 4 Vocabulary dimension: terminology, coding and classification, context and version control, audit; ontology issues, etc. 5 Clinical practice dimension: standards of care/practice, protocols (e.g., care plans, critical paths), problem management and resolutions, etc. 6 Decision support dimension: standards for clinical decision-making making, algorithms, triggers, responses, logical support, etc. 7 Security: Information flow (chain of trust): flow pathways, end-to-end (point of origination to point of access, use, or disclosure), stewardship, accountability, authentication, audit; etc. Trust, affording privacy and security protections: authentication, audit, access control, encryption, trusted data stores, trusted communications, data/function classifications, user/role clearances, etc. Accountability, encompassing organizations, business units and individuals, identification, encryption, data integrity, non-repudiation, signature architecture, etc. Backup/recovery dimension: emergency mode operations, audit; 8 Quality assurance: quality standards, measures of quality and outcomes; etc. Testing, evaluation, rollover model: version control, audit. 9 Performance: performance standards, measures of performance, etc. 10 Application interoperability: common (inside systems) convergence EHR domain, (outside) disparate domain, data and functional mapping, translation rules, versioning, audit; This shows how complex the issue of electronic health records is. Applications, Not Records It may be time to step back and consider why thousands of people have not been able to make more progress regarding standardizing the EHR. Is it possible that we got it all wrong? We should not focus on recording and documentation but on processes. In other words, it may be beneficial to standardize processes rather than the documented outcome of processes, - which is the electronic health record. Other industries have focused on processes more than on documenting that process. If we understand the processes of using technology in patient care better, then documentation is secondary. Documentation is a direct result of the process. Therefore, there is a need to focus the attention away from documentation to understand more the processes involved in health care. One should not hope 17
that modeling would get easier. There are approximately 10 major functions that are generic to an inpatient or outpatient encounter. They are Scheduling and other Pre-encounter Functions Capturing Patient Information before, during, and after the encounter Accessing related patient information, organizational information, and professional information Diagnosis Determination (Diagnostic Decision Support, Order Entry, Results Management, etc.) Guidelines and Protocol Consultation Careplan Management Interference Processes (Drug Management, e-prescribing, Scheduling for and Process of Surgery or other Procedures) Patient Education Quality Assurance Financial transactions/transfer/ Post-encounter activities Each of these processes has a multitude of sub-processes. Many of these subprocesses are more complex in a healthcare organization than in ambulatory care. The message to the modelers is that we need to start standardizing the information flow and management within the functionality rather than the outcome, i.e, the EHR. The following is a brief description of progress in each of the eleven areas: 1. Scope of Content The goal is to have each provider to record a minimum data set for a specific pathway of care. Standardization must come from the medical professions. 2. Information Capture and Report Generation Standardization efforts have to focus on the Essential Principles of Documentation. The goal is to have all practitioners to adhere to the principles of documentation (cited from the Report of the Health Information Capture and Report Generation Workgroup Group): For optimal information capture and report generation, it is important to establish a set of documentation principles to be implemented on a national/international basis. This Report recommends that all healthcare documentation must meet the following principles. 18
Essential Principles of Healthcare Documentation Unique identification of patient Systems, policies, and practices should o Provide unique identification of the patient at the time of recording or accessing the information. o Provide within and across organizations Simple and easy methods to identify individuals and correct duplicate identities of the same individual. Methods to distinguish among individuals, including those with similar names, birth dates, and other demographic information. Linkages between different identifications of the same individual. Accuracy Systems, policies, and practices should o Promote accuracy of information throughout the information capture and report generation processes as well as during its transfer among systems. o Require review to assure accuracy prior to integration in the patient s record. o Include a means to append a correction to an authenticated document, without altering the original. o Require the use of standard terminology so as to diminish misinterpretations. Completeness Systems, policies, and practices should o Identify the minimum set of information required to completely describe an incident, observation, or intent. o Provide means to ensure that the information recorded meets the legal, regulatory, institutional policy, or other requirements required for specific types of reports, e.g., history and physical, operative note. o Link amendments to the original document, i.e., one should not be able to retrieve an original document without related amendments (or vice versa) or notification that such amendments exist and how to access them. o Discourage duplication of information. o Discourage non-relevant and excessive documentation. 19
Timeliness Systems, policies, and practices should o Require and facilitate that healthcare documentation be done during or immediately following the event so that Memory is not diminished or distorted. The information is immediately available for subsequent care o and decision-making. Promote rapid system response time for entry as well as retrievability through Availability and accessibility of workstations. User-friendly systems and policies that allow for rapid user access. o Provide for automatic, unalterable time-, date-, and placestamp of each Documentation entry, such as dictation, uploading, scanning (original, edits, amendments). Access to the documentation. Transmittal of the documentation. Interoperability Systems, policies, and practices should o Provide the highest level of interoperability that is realistically achievable. o Enable authorized practitioners to capture, share, and report healthcare information from any system, whether paper- or electronic-based. o Support ways to document healthcare information so that it can be correctly read, integrated, and supplemented within any other system in the same or another organization. Retrievability (the capability of allowing information to be found efficiently) Systems, policies, and practices should o Support achievement of a worldwide consensus on the structure of information so that the practitioner can efficiently locate relevant information. This requires the use of standardized titles, formats, templates, and macros, and standardized terminology, abbreviations, and coding. o o Enable authorized data searches, indexing, and mining. Enable searches with incomplete information, e.g., wild card searches, fuzzy logic searches. 20
Authentication and accountability Systems, policies, and practices should o Uniquely identify persons, devices, or systems that create or generate the information and that take responsibility for its accuracy, timeliness, etc. o Require that all information be attributable to its source (i.e., a person or device). o Require that unsigned documents be readily recognizable as such. o Require review of documents prior to authentication. Signed without review and similar statements should be discouraged. Auditability Systems, policies, and practices should o Allow users to examine basic information elements, such as data fields. o Audit access and disclosure of protected health information. o Alert users of errors, inappropriate changes, and potential security breaches. o Promote use of performance metrics as part of the audit capacity. Confidentiality and Security Systems, policies, and practices should o Demonstrate adherence to related legislation, regulations, guidelines, and policies throughout the healthcare documentation process. o Alert the user to potential confidentially and security breaches. Further, this dimension addresses issues of integrating handwritten notes through scanning, document imaging, clinical imaging, issues of transcription, speech recognition, natural language processing, etc. 3. Operational Model and Data Model Needs Standards are needed here for interoperability purposes. One could argue that some of the current work of GEHR (formerly Good European Health Record and now Good Electronic Health Record) is modeling some of the archetypes that will help in this area. 4. Information Representation 21
To ensure that different practitioner have the same meaning attached to vocabulary, code sets, and other information representation will be a challenge of the future. This field also involves language understanding and language translation. 5. Clinical Practice This addresses standards of -basedevidence Based Medicine as well as Disease Management, practice protocols and guidelines. 6. Decision Support One of the most neglected fields in standardization, it this covers administrative decision support as well as clinical decision support. 7. Security and Confidentiality The largest area for international standardization covers data integrity, authentication (signatures), general systems security and auditability. In the US, EHRs have to comply with HIPAA legislation. 8. Performance An often-overlooked overlooked field is that of performance. A general user standard is needed. 9. Interoperability Technical and systems interoperability is the key to an EHR. 10. Testing and Quality Assurance Quality Assurance should be built into the EHR, so as should be system testing procedures. Small Steps Developments toward an EHR will be driven by two forces. The first is pressure on the healthcare system to reduce medical errors. The second concerns measurable benefits providers and practitioners can gain from the implementation of EHR components. In the end, it is believed, patient information will be stored on safe and secure websites of various providers that can be linked or aggregated. As MHCDs become easier to use and contain more functionality, it is likely that the MHCD interaction will dictate some of the EHR structure. Some of the work of disease pathways in currently done in isolated projects and companies. Three standards projects should be taken as components of EHRs. The first one is in regard to reducing medical errors. In response to the IOM Report on medical errors, the Leapfrog Group and others have suggested that providers should focus on the order entry function. A report from First Consulting on Computerized Physician Order Entry (CPOE) systems has been describing some of the applications and issues. As some states have responded with legislation and politicians have adopted the issue for possible legislation, one can expect substantial movement around standardization of order entry processes. In many ways, it will be Electronic Order Entry that will become the main component for implementing an EHR. Electronic Order Entry will be a wider vision than the CPOE that was limited to medical centers and focused on medication 22
management. Order Entry has four dimensions, i.e.; (1) entering information by the practitioner into a mobile healthcare computing device, (2) functionality (- what is ordered prescriptions, lab, radiology, chemotherapy, others), (3) decision support directly linked with the function (for instance, duplicate therapy checking, drug-drug interaction, drug-allergy interaction, formulary interaction, alerts, etc.), and (4) the integration of this function into the IS system. The second issue is in regard to continuity of care. As patients are becoming more empowered, they complain that one provider does not know what the other is doing. The standards organization ASTM E 31 is working on a standard for a Referral Care Plan Document. It is a dataset any provider should establish when a patient is discharged or referred to another organization. This concept has been mandated in Massachusetts for hospitals. A set of three forms need to be filled out every time a patient moves from one hospital to another. Tom Sullivan, MD, is the father of the idea to take this further. Why not create a data set that can be used by any provider at the next admission as it shows patient history including allergies, medication lists, etc., as well as a care plan. In other words, a provider would state at the end of an encounter a recommended care plan, which the new provider can take into consideration. Such a concept is in the interest of patients and the healthcare system at large. It only can be implemented only when mandated. If such a system would be implemented, the healthcare system will have substantial cost savings, less fewer medical errors, and better quality of care. The third component of EHRs that promises to have a major impact is standardization in the field of real-time financial transactions. It concerns a system that enables a provider to check eligibility, capture charges, submit claims, and receive payer approval electronically before the patient leaves the provider organization. Such a concept is technically feasible today using the Internet, electronic medical records software, document imaging, and handheld devices. The benefits of such a concept (consisting of several systems) are substantial. However, the concept can only work if standards are created that enable interoperability in this real-time claims processing concept. This may be the next revolution in health care. It brings benefits to all stakeholders involved, particularly to providers and payers. The technologies are here today. However, the standards are missing. The most exciting aspect is that its benefits would drive practitioners to point-of-care computing. Conclusion EHRs will transform medicine as we know it. The vision for EHRs is that new ways on information management in healthcare will benefit the medical system more than a cure for AIDS or cancer. While such lofty ideas will not be proven for some time, measurable benefits will move the medical field toward achievable components. 23
i Concept Model Group of the Computer-based Patient Record Institute, chaired by C. Peter Waegemann, 1993-1995. 24