Health Record Banking Alliance White Paper



Similar documents
Health Record Banking Alliance

Health Record Banking Alliance

Use Cases for Argonaut Project. Version 1.1

Data Provenance. Functional Requirements Document: Developed in Response to the Data Provenance Task Force Recommendations. Version 1.

HIE Services & Pricing

Patient-Centric Secure-and-Privacy-Preserving Service-Oriented Architecture for Health Information Integration and Exchange

New York ehealth Collaborative. Health Information Exchange and Interoperability April 2012

HIE Services & Pricing

Recommendation for Complete Electronic Health Records and Patient Privacy Protection in the Stimulus Bill. January 15, 2009

INTRODUCTION. The HIPAA Privacy Rule and Electronic Health Information Exchange in a Networked Environment

- Procedures for Administrative Access

Arizona Health Information Exchange Marketplace. Requirements and Specifications Health Information Service Provider (HISP)

HIPAA for HIT and EHRs. Latest on Meaningful Use and EHR Certification: For Privacy and Security Professionals

Interoperability: White Paper. Introduction. PointClickCare Interoperability January 2014

Harmonized Use Case for Electronic Health Records (Laboratory Result Reporting) March 19, 2006

Authorized. User Agreement

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

IHE-XDS und Co. Erfahrungen im Projekt

Expanded Support for Medicaid Health Information Exchanges

Record Locator Service on Trusted, Secure Nationwide Network Can Improve Care Coordination and Enable Meaningful Interoperability

Health Information Technology

RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS

May 7, Dear Dr. Mostashari:

BEYOND THE EHR MEANINGFUL USE, CONTENT MANAGEMENT AND BUSINESS INTELLIGENCE

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

May 18, Dear Director Verdugo,

Identity Management: Securing Information in the HIPAA Environment

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

Health Information Technology

Clinical Document Exchange Integration Guide - Outbound

Version 1.0. HEAL NY Phase 5 Health IT & Public Health Team. Version Released 1.0. HEAL NY Phase 5 Health

HEAL NY Phase 5 Health IT RGA Section 7.1: HEAL NY Phase 5 Health IT Candidate Use Cases Interoperable EHR Use Case for Medicaid

What is Covered by HIPAA at VCU?

RE: RIN 0991 AB58. Dear Dr. Blumenthal:

Response to Revisions to the Permanent Certification Program for Health Information Technology NPRM (RIN 0991-AB82)

Open Platform. Clinical Portal. Provider Mobile. Orion Health. Rhapsody Integration Engine. RAD LAB PAYER Rx

The HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.

RE: Comments on Discussion Draft Ensuring Interoperability of Qualified Electronic Health Records.

How To Connect Patient Summary Content To A Patient Summary On An Ehr System

Request for Proposal. Integration System

Identity: The Key to the Future of Healthcare

OpenHRE Security Architecture. (DRAFT v0.5)

Direct Secure Messaging: Improving the Secure and Interoperable Exchange of Health Information

AT&T Healthcare Community Online - Enabling Greater Access with Stronger Security

There has to be more: iconnect Blends XDS and Image Exchange. A Merge White Paper

How To Help Your Health Care Provider With A Health Care Information Technology Bill

Overview of MU Stage 2 Joel White, Health IT Now

Florida HIE Gateway of Gateway Partners Readiness Questionnaire

End-to-End Security for Personal Telehealth

WISHIN Pulse Statement on Privacy, Security and HIPAA Compliance

THE 2009 HEALTH INFORMATION TECHNOLOGY FOR ECONOMIC AND CLINICAL HEALTH ACT

HIPAA/HITECH Act Implementation Guidance for Microsoft Office 365 and Microsoft Dynamics CRM Online

Data Breach, Electronic Health Records and Healthcare Reform

ELECTRONIC HEALTH RECORDS. Nonfederal Efforts to Help Achieve Health Information Interoperability

Request for Proposal (RFP) Supporting Efficient Care Coordination for New Yorkers: Bulk Purchase of EHR Interfaces for Health Information

LSF HEALTH SYSTEMS Information Technology Plan

Building Regional and National Health Information Systems. Mike LaRocca


HIPAA and HITECH Compliance for Cloud Applications

Certification Guidance for EHR Technology Developers Serving Health Care Providers Ineligible for Medicare and Medicaid EHR Incentive Payments

HIPAA COMPLIANCE AND

U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC)

March 15, Dear Dr. Blumenthal:

ehealth and Health Information Exchange in Minnesota

Frequently Asked Questions

SUMMARY OF HEALTH IT AND HEALTH DATA PROVISIONS OF H.R. 2, THE MEDICARE ACCESS AND CHIP REAUTHORIZATION ACT (MACRA)

Role of Health Plans It s Time to Get out of the Sandbox Health Record Enablement

POLICIES AND PROCEDURES. TOPIC: Patient Accounting of Disclosures DOCUMENT NUMBER: 900. EFFECTIVE DATE: January 30, 2014 I. BACKGROUND AND PURPOSE

ARRA HITECH Meaningful Use Objectives & Implications to Public Health Lab

Health IT Policy Committee September 18, Models for Data Storage & Exchange, Aggregate Data, De identification/ Re identification

State of New Hampshire. Phase 3 Converging on Solutions discussion deck Business and Technical Operations Workgroup. July 20, 2010

Securing Patient Portals. What You Need to Know to Comply With HIPAA Omnibus and Meaningful Use

Consumer Engagement with Health Information Technology Summary of NeHC Survey Results

ConnectVirginia EXCHANGE Onboarding and Certification Guide. Version 1.4

Core services and the path to the future of the ILHIE

HIPAA regulation: The challenge of integrating compliance and patient care

UPDATE ON THE ADOPTION OF HEALTH INFORMATION TECHNOLOGY AND RELATED EFFORTS TO FACILITATE THE ELECTRONIC USE AND EXCHANGE OF HEALTH INFORMATION

REMOTE ACCESS TO A HEALTHCARE FACILITY AND THE IT PROFESSIONAL S OBLIGATIONS UNDER HIPAA AND THE HITECH ACT

GAO ELECTRONIC HEALTH RECORDS. First Year of CMS s Incentive Programs Shows Opportunities to Improve Processes to Verify Providers Met Requirements

Signature Requirements for the etmf

Access Control patient centric selective sharing Emergency Access Information Exchange

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16

2/9/ HIPAA Privacy and Security Audit Readiness. Table of contents

Business On Line File Gateway Guide for Customers

Personally Controlled Electronic Health Record System: Legislation Issues Paper

Chapter 15 The Electronic Medical Record

HIPAA Considerations for Small Non-Profits. Jill M. Girardeau July 20, 2011

Electronic approvals for forms FAQs

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

Evaluating Options for the Integration of Electronic Medical Records With the Vermont Prescription Monitoring System

CMS-0033-P; Medicare & Medicaid Programs; Electronic Health Record Incentive Program Proposed Rule

ehealth Pod Pilot Program Challenges I. Identifying Challenges for Providers Not Participating in the Pilot

Remote Access to a Healthcare Facility and the IT professional s obligations under HIPAA and the HITECH Act

Health Information Technology The Texas Landscape Presentation to TASSCC Nora Belcher Texas e-health Alliance August 3, 2010

Health Information Exchange Language - Bostaik

uently Asked NextGen Questions Share Frequently Asked uently Asked Questions Frequently Asked FAQ Pre-General Release (April-June 2014)

Health Informatics Standardization: Relevance and Indian Initiatives

Eligible Professionals please see the document: MEDITECH Prepares You for Stage 2 of Meaningful Use: Eligible Professionals.

Delivery date: 18 October 2014

The Human Experiment- Electronic Medical/Health Records

Transcription:

Health Record Banking Alliance White Paper A Proposed National Infrastructure for HIE Using Personally Controlled Records January 4, 2013

Table of Contents Executive Summary...3 I. Overview...5 II. Architectural Elements and Functional Capabilities...5 A. Administrative functions...5 B. Deposits...6 C. Communication...6 D. Access to records with permission...6 E. Searching records with patient permission...6 III. Key Advantages of Health Record Banks Compared to the HIE scattered Approach...7 IV. Financial Sustainability...7 V. Conclusion...8 REFERENCES...9 2

Executive Summary Under the HITECH legislation of 2009, the U.S. committed billions of dollars for health information infrastructure (HII), with the goal of ensuring the availability of comprehensive electronic patient records when and where needed. There are two important aspects of this initiative: 1) all providers need to adopt electronic health record systems (EHRs); and 2) systems must be implemented to aggregate the records for each patient into a comprehensive whole. To accomplish the latter, efforts are currently underway to build health information exchanges (HIEs) in communities across the nation. Most communities have chosen an institution- centric architecture for these systems, leaving patient records wherever they are created (Figure 1). Figure 1. Institution-centric Community HII Architecture. 1. The clinician EHR requests prior patient records from the HIE; this clinician s EHR is added to the index for future queries for this patient (if not already present) 2. Queries are sent to EHRs at all sites of prior care recorded in the HIE Index; patient consent is verified at each other EHR prior to release of information 3. EHRs at each prior site of care return records for that patient to the HIE; the HIE must wait for all responses 4. The returned records are assembled and sent to the clinician EHR; any inconsistencies or incompatibilities between records must be resolved in real time 5. After the care episode, the new information is stored in the clinician EHR only This choice of architecture has serious drawbacks that make it unsuitable for meeting the stated goals. It is complex, expensive, and unreliable (Lapsia et al, 2012). It also imposes substantial processing burdens on provider EHRs to be available to respond to queries around the clock. The most recent comprehensive survey of HIEs (Adler- Milstein, 2011) found that of the 179 systems reporting, only 13 could meet the requirements of Meaningful Use Stage 1, and only 6 of those systems were reported to be financially sustainable. Even worse, none of the 179 HIEs met the authors definition of a comprehensive HIE, leading them to conclude in the abstract that, These findings call into question whether RHIOs [Regional Health 3

Information Organizations] in their current form can be self-sustaining and effective in helping U.S. physicians and hospitals engage in robust HIE to improve the quality and efficiency of care. Similarly, in 2010, the President s Council of Advisors on Science and Technology (PCAST) observed that HIEs have drawbacks that make them illsuited as the basis for a national health information architecture (PCAST, 2010). Among the drawbacks mentioned were administrative burdens (data sharing agreements to ensure stakeholder cooperation), financial sustainability, interoperability, and an architecture that cannot be scaled effectively. In this white paper, we present an alternative patient- centric HII architecture (Figure 2), known as health record banking, and show how this approach can address the challenges and obstacles communities are currently facing in building successful, sustainable HIEs. A health record bank (HRB) or trust is an independent organization that provides a secure electronic repository for storing and maintaining an individual's lifetime health and medical records from multiple sources while assuring that the individual always has control over who accesses the information (to the maximum extent allowed by law). Figure 2. Patient-centric Community HII Architecture. 1. The clinician EHR requests prior patient records from the HRB 2. The prior patient records are immediately sent to the clinician EHR 3. After the care episode, the new information is stored in the clinician EHR and sent to the HRB; any inconsistencies or incompatibilities with prior records in the HRB need to be resolved before that patient s records are requested again (but not in real time) (Note: This process is repeated whenever care is provided, resulting in the accumulation of each patient s records from all sources in the HRB) We then go on to describe how a national system of health record banks can provide a fully capable health information infrastructure for the nation that is simpler, less expensive, more secure, and can provide lifetime patient records. An infrastructure comprised of health record banks can meet the key requirements of comprehensive electronic patient information when and where needed, protection of privacy with dynamic patient access control, and financial sustainability. Since a separate HRBA white paper (HRBA, 2012) deals in detail with the issues around financial sustainability, only a brief overview of that issue will be provided here. 4

I. Overview Each health record bank would provide individual accounts containing copies of medical records and additional information that optionally may be added by the consumer. The consumer explicitly controls who may access which parts of the information in the account. Health record banks may be local, regional, or national, and multiple competing banks are anticipated. Each health record bank provides a secure internet- based interface for viewing and or downloading records. Also, each bank accepts deposits in one or more of a small range of standardized forms, for example, Clinical Document Architecture (CDA) via the Direct protocol. The source of each data item deposited is recorded, may not be changed, and is accessible to users. A system of health record banks allows each person's comprehensive record to be in a single account in a single bank. Access permissions for the information in the account are stored so consumers do not have to be contacted to authorize each access. Furthermore, consumers can change their access permissions anytime in a single location, i.e., their health record bank account. Health record banks can provide a superset of anticipated health information exchange (HIE) functions including access to individual records, aggregation of records into reports (with consumer permission for use of data), quality reporting, and reporting to public health, all while protecting individual privacy by allowing each person to dynamically establish and maintain their own customized privacy policy. II. Architectural Elements and Functional Capabilities A. Administrative functions 1. Authentication. Patients are authenticated by their own health record bank to access their own account. This could be done, for example using a third- party open standard for authorization (e.g., OAuth). Providers must also authenticate using a standard procedure, which ideally would involve at least two factors. 2. Authorization. Authorization for viewing records is given by the consumer by logging into their health record bank account and setting or changing permissions. Authorization credentials would be sent electronically to providers that are allowed to access any portion of the patient's account. The level of granularity of information subject to patient permission is determined by each health record bank, but at a minimum allows differentiations of classes of information (e.g., medications, labs, problems). Provider directories are available to assist patients in transmitting authorizations. In an emergency, a provider could find a patient health record bank account with an account locator service (ALS), which could be operated by a neutral party such as the Health Record Banking Alliance. The provider could then connect to that patient s health record bank account using a secure Web connection and either an authorization token from the patient or from the ALS in an emergency (assuming prior patient authorization for emergency access). 3. Certification. It is anticipated that health record banks will regularly have their operations reviewed by independent third parties and receive both privacy 5

and security certification. Ultimately, this certification process would be subject to government oversight. B. Deposits Provider deposits are made securely to the health record bank (for example, using CDA via Direct protocols). The health record bank can function as the patient's Direct protocol secure e- mail provider, thereby receiving Direct messages on the patient's behalf and storing any attached information automatically in the patient's account. Patients may enter information through an interactive web interface or the health record bank may arrange for submission of documents via a file upload or other methods. Patients may also arrange for direct deposits of information from medical devices they are using, such as pedometers. For data integrity, all deposits are marked with the source of the data. C. Communication Health record banks would support patient- provider messaging through Direct. The patient would login and compose a message, which may include information from the record or permission to access information, and send the message to the provider. Since the health record bank would be the source of the patient's direct e- mail box, the bank would then transmit this message to the provider via Direct protocols. Any responses from the provider would be accessible to the patient, and providers may originate messages including attachments with information that would be deposited automatically in the patient's account. Both patients and providers may choose to be notified when messages are available via other non- secure channels, such as e- mail or text message (without any message content). D. Access to records with permission Providers or other authorized users can access patient information via credentials supplied by the patient or from the ALS, which is used to find patient health record bank accounts if the patient does not have or is unable to present information about their account (e.g., in an emergency). Exports or downloads of information from a health record bank account may be done by a provider or other authorized user. This can be accomplished using an XML payload with Web portal protocols so that the information can be incorporated in the provider s EHR system. All access to health record bank accounts is recorded in an audit trail that is accessible in an easily understandable form to the account holder. E. Searching records with patient permission Health record banks can be used to find subjects for clinical trials (search with notification). A neutral organization, such as the Health Record Banking Alliance, could distribute clinical trial subject request queries to multiple health record banks. Patients with the desired characteristics would receive notification that they are qualified for the trial, including contact information for the researchers. The organization requesting the search would only be notified of the number of eligible subjects that received such notifications. 6

Health record banks can also be used to generate anonymized reports for researchers and public health (search with reporting). A neutral organization, such as the Health Record Banking Alliance, could aggregate query results from multiple health record banks. These results would represent summary counts of patient characteristics and would be subject to statistical disclosure control to minimize the possibility of re- identification of individual patients. III. Key Advantages of Health Record Banks Compared to the HIE scattered Approach A. Patient permissions are more easily set or changed based on available stored data. B. Stakeholder cooperation is assured because patients request their records, invoking the HIPAA requirement for all providers to supply them in electronic form (U.S. 45 CFR 164.524(c)(2)). C. Retrieval of an individual s comprehensive record is simple/fast because information is immediately available (no need for repeated queries to every source of patient data each time information is needed). D. Real- time patient matching not necessary; matching deposits to patient accounts occurs as information is received, not when it is immediately needed (avoids need for universal identifier). E. Record retrieval only requires each provider to have a single connection to HRB (vs. connection to every potential source of patient data). F. Searching is feasible as data for each patient is available in one place. G. Each patient s longitudinal records are available (regardless of whether underlying records are retained). H. Decision support and filtering of data are facilitated by availability of comprehensive information. I. Scales infinitely with economies of scale (i.e., cost per account decreases as the number of accounts increase). IV. Financial Sustainability Each health record bank may be established and operated much more cost- effectively than an institution- centric HIE - - the estimated cost of an HRB is less than $8/year/account (at scale). The low cost enables a number of potential business models for sustainability (HRBA, 2012). Holders of medical information only need to establish a single interface to a health record bank or to clearinghouse connected to the various health record banks serving that community, eliminating the cost of multiple interfaces. The health record bank approach avoids the costly real- time assembly of records from multiple sources since the comprehensive record for each patient is stored and immediately available for use. Queries (with patient permission) are easily accomplished and may provide an additional, potentially significant, source of revenue. Thus, a system of health record banks can provide health information exchange capabilities for the nation. 7

V. Conclusion Our existing internet, telecommunications, and banking infrastructure can be used to facilitate health record bank development and operation. Health record banks meet the requirements for making comprehensive electronic patient information available when and where needed while fully protecting individual privacy and making information available for public health and research. 8

REFERENCES Adler- Milstein J, Bates DW, and Jha AK. [2011] A survey of health information exchange organizations in the United States: Implications for meaningful use. Ann Intern Med 154:666-671. Health Record Banking Alliance. [2012] Health Record Banking: A Foundation for Myriad Health Information Sharing Models. Available at http://www.healthbanking.org/docs/hrba Business Model White Paper Dec 2012.pdf (Accessed 17 December 2012) Lapsia V, Lamb K, Yasnoff WA. [2012] Where should electronic records for patients be stored? Int J Med Informatics 81(12):821-7. President s Council of Advisors on Science and Technology. [2010] Realizing the Full Potential of Health Information Technology to Improve Healthcare for Americans: The Path Forward. Washington, DC: Executive Office of the President. Available at http://www.whitehouse.gov/sites/default/files/microsites/ostp/pcast- health- it- report.pdf (accessed 17 December 2012), p. 40. 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information