How To Fix An Electronic Medical Record



Similar documents
HIPAA Considerations for Small Non-Profits. Jill M. Girardeau July 20, 2011

The Meaningful Use Stage 2 Final Rule: Overview and Outlook

NOTICE OF PRIVACY PRACTICES

The Health and Benefit Trust Fund of the International Union of Operating Engineers Local Union No A-94B, AFL-CIO. Notice of Privacy Practices

CMS AND ONC FINAL REGULATIONS DEFINE MEANINGFUL USE AND SET STANDARDS FOR ELECTRONIC HEALTH RECORD INCENTIVE PROGRAM

Vision: Those in need of a transplant receive donated organs or tissues in a timely manner in order to end deaths on the waiting list.

Northwest Cardiology Associates 400 W. Northwest Hwy Barrington, IL Fax HIPAA Notice of Privacy Practices ( Notice )

Stage 2 Meaningful Use What the Future Holds. Lindsey Wiley, MHA HIT Manager Oklahoma Foundation for Medical Quality

Achieving HIPAA and HITECH Compliance. with Enterprise Single Sign-On

Guilford Medical Associates, P.A.

Meaningful Use: Stage 1 and 2 Hospitals (EH) and Providers (EP) Lindsey Mongold, MHA HIT Practice Advisor Oklahoma Foundation for Medical Quality

DETAILED NOTICE OF PRIVACY AND SECURITY PRACTICES OF THE Trustees of the Stevens Institute of Technology Health & Welfare Plan

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Eye Clinic of Bellevue, LTD. P.S. Privacy Policy EYE CLINIC OF BELLEVUE LTD PS NOTICE OF INFORMATION PRACTICES

HIPAA: AN OVERVIEW September 2013

Health Record Banking Alliance

Joe Dylewski President, ATMP Solutions

REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY.

REMOTE ACCESS TO A HEALTHCARE FACILITY AND THE IT PROFESSIONAL S OBLIGATIONS UNDER HIPAA AND THE HITECH ACT

Remote Access to a Healthcare Facility and the IT professional s obligations under HIPAA and the HITECH Act

Data Breach, Electronic Health Records and Healthcare Reform

HIPAA NOTICE OF PRIVACY PRACTICES

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, :15pm 3:30pm

Indiana Healthcare Physician Services Privacy Standards Notice of Health Information Practices

HIPAA Notice of Patient Privacy Practices

HIPAA POLICIES & PROCEDURES AND ADMINISTRATIVE FORMS TABLE OF CONTENTS

NORTHSTAR DERMATOLOGY, PA NOTICE OF PRIVACY PRACTICES

May 18, Georgina Verdugo Director Office for Civil Rights United States Department of Health and Human Services

December Federal Employees Health Benefits (FEHB) Program Report on Health Information Technology (HIT) and Transparency

Health Information Privacy Refresher Training. March 2013

Population Health Management Program Notice of Privacy Practices from Piedmont WellStar HealthPlans, Inc.

NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA)

Objectives 5/5/2015. Quality Health Associates (QHA) of ND

PARTICIPATION AGREEMENT For ELECTRONIC HEALTH RECORD TECHNICAL ASSISTANCE

The HIPAA Audit Program

FLORIDA MEDICAL CLINIC, P.A. NOTICE OF PRIVACY PRACTICES

Health Information Technology (HIT) and the Public Mental Health System

Definitions: Policy: Duties and Responsibilities: The Privacy Officer will have the following responsibilities and duties:

Salt Lake Community College Employee Health Care Benefits Plan Notice of Privacy Practices

Notice of Privacy Practices

Notice of Privacy Practices

PRIVACY HIPAA NOTICE OF PRACTICE

Agenda. Government s Role in Promoting EMR Technology. EMR Trends in Health Care. What We Hear as Reasons to Not Implement and EMR

REGULATORY CHANGES DEMAND AN ENTERPRISE-WIDE APPROACH TO DISCLOSURE MANAGEMENT OF PHI

GONZABA MEDICAL GROUP PATIENT REGISTRATION FORM

SOUTHLAKE DERMATOLOGY 1170 N. Carroll Ave. Southlake, TX Main Fax

APPLETREE PEDIATRICS, PA NOTICE OF PRIVACY PRACTICES

Information Protection Framework: Data Security Compliance and Today s Healthcare Industry

Sarasota Personal Medicine 1250 S. Tamiami Trail, Suite 202 Sarasota, FL Phone Fax

To: From: Date: Subject: Proposed Rule on Meaningful Use Requirements Stage 2 Measures, Payment Penalties, Hardship Exceptions and Appeals

Somansa Data Security and Regulatory Compliance for Healthcare

May 18, Dear Director Verdugo,

IF YOU HAVE ANY QUESTIONS ABOUT THIS NOTICE OR IF YOU NEED MORE INFORMATION, PLEASE CONTACT OUR PRIVACY OFFICER:

UNITED CEREBRAL PALSY OF NORTHWEST MISSOURI NOTICE OF PRIVACY PRACTICES EFFECTIVE DATE: OCTOBER 22, 2014

Population Health Management Program Notice of Privacy Practices

Chapter 15 The Electronic Medical Record

CROSSROADS HOSPICE HIPAA PRIVACY NOTICE

Meaningful Use, ICD-10 and HIPAA 5010 Overview, talking points and FAQs

Authorized. User Agreement

ELECTRONIC HEALTH RECORDS. Nonfederal Efforts to Help Achieve Health Information Interoperability

BUSINESS ASSOCIATE AGREEMENT. Recitals

NOTICE OF PRIVACY PRACTICES FOR ONSLOW AMBULATORY SERVICES, INC.

15 questions to ask before signing an electronic medical record or electronic health record agreement

ACKNOWLEDGMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable:

Direct Secure Messaging: Improving the Secure and Interoperable Exchange of Health Information

Sunday March 30, 2014, 9am noon HCCA Conference, San Diego

Allergic Disease Associates, PC / The Asthma Center and Allergy & Asthma Research of New Jersey

NOTICE OF PRIVACY PRACTICES FOR ORTHOPAEDIC SURGERY & REHAB. ASSOCIATES, P.C.

Strategies for Electronic Exchange of Substance Abuse Treatment Records

University of Colorado Hospital Policy and Procedure Transplant and Implant Tissue Storage and Issuance

Best Practices for DLP Implementation in Healthcare Organizations

HIPAA Notice of Privacy Practices

CARING HOSPICE SERVICES NOTICE OF PRIVACY PRACTICES

COMPLIANCE ALERT 10-12

Connecticut Pipe Trades Health Fund Privacy Notice Restatement

UPDATE ON THE ADOPTION OF HEALTH INFORMATION TECHNOLOGY AND RELATED EFFORTS TO FACILITATE THE ELECTRONIC USE AND EXCHANGE OF HEALTH INFORMATION

Practices. Effective Date: 4/2003.Revised.11/2014

DERMATOLOGY ASSOCIATES, LLC 50 Sewall Street Portland, Maine (207) NOTICE OF PRIVACY PRACTICES

Pulmonary Associates of Richmond, Inc. Notice of Privacy Practices Page 1 of 6

DALLAS ALLERGY & ASTHMA CENTER

SDC-League Health Fund

NOTICE OF PRIVACY PRACTICES ILLINOIS EYE CENTER

MEANINGFUL USE STAGE FOR ELIGIBLE PROVIDERS USING CERTIFIED EMR TECHNOLOGY

Greater Dallas Orthopaedics, PLLC. Notice of Privacy Practices

What Every Organization Needs to Know about Basic HIPAA Compliance and Technology. April 21, 2015

HIPAA NOTICE OF PRIVACY PRACTICES

Notice of Privacy Practices

Notice of Privacy Practices

MarketsandMarkets.

BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information

NOTICE OF PRIVACY PRACTICES FOR KU MEDICAL CENTER

Notice of Privacy Practices

Compliance Document for Holland Public Schools, G-768

Detailed Notice of Privacy Practices Effective Date: September 20, 2013

TABLE OF CONTENTS. University of Northern Colorado

HIPAA HITECH PA Physician Practices

HIPAA PRIVACY NOTICE PLEASE REVIEW IT CAREFULLY

Agenda. OCR Audits of HIPAA Privacy, Security and Breach Notification, Phase 2. Linda Sanches, MPH Senior Advisor, Health Information Privacy 4/1/2014

Transcription:

PROBLEMS FOR ORGAN PROCUREMENT ORGANIZATIONS CAUSED BY THE IMPLEMENTATION OF ELECTRONIC MEDICAL RECORDS The nationwide adoption of Electronic Medical Records (EMRs) should provide Organ Procurement Organizations (OPOs) and hospitals with a powerful tool to improve their coordination and performance for the benefit of patients waiting for a lifesaving organ transplant; thus far, however, the adoption of EMRs has created problems and new barriers for the OPOs. These problems require immediate attention and early resolution. Executive Summary This white paper has been prepared by the Association of Organ Procurement Organizations (AOPO) to bring to the attention of Congress, federal regulators, hospitals and EMR system vendors, a problem with EMRs that is adversely affecting OPO operations and responsibilities and with that, the performance of the nation s organ donation and transplantation process. AOPO requests assistance in finding and implementing, in the shortest possible time, solutions to the problems described in this paper. As a result of the Health Information Technology for Economic and Clinical Health (HITECH) Act and the American Recovery and Reinvestment Act of 2009 (ARRA), EMRs are being adopted in healthcare settings across the country. The US Department of Health and Human Services (HHS) has established standards and priorities for the adoption of EMRs in the hospitals with which OPOs work. These standards and priorities do not adequately incorporate the requirements of OPOs to efficiently and effectively coordinate donation and support the nation s long-standing commitment to eliminating the waiting list for transplantable organs. OPOs require immediate and full access to medical records in order to perform their federally mandated task of identifying potential donors, determining medical suitability for donation, recovering organs and making those organs available to recipients. EMR systems are designed to protect the security and privacy of the records by, among other things, limiting who has access. EMRs are not designed to be shared with, or used by, OPO personnel. As currently implemented, EMRs are placing significant obstacles in the path of OPOs when time is of the essence. Information about the donor needs to be reviewed and shared rapidly within the national organ distribution system serving 127,484 (as of March 1, 2013) people currently on the national waiting list. AOPO requests HHS to take the lead in solving this problem by establishing OPO access to EMRs as a national priority that must be addressed immediately. What is AOPO? The Association of Organ Procurement Organizations (AOPO) is the non-profit organization recognized as the national representative of all of the fifty-eight federally-designated organ procurement organizations (OPOs). As a professional organization, AOPO is dedicated to the special concerns of OPOs, providing education, information sharing, research and technical assistance and collaboration with other healthcare organizations and federal agencies. Member organizations bring their collective voices to the national conversation about organ

and tissue donation to provide hope within reach to the men, women, and children across the country waiting for a life-saving organ transplant. What is an OPO? OPOs are the charitable non-profit organizations designated under the National Organ Transplant Act, 42 USC 273 et seq., to be responsible for promoting organ donation, for identifying potential organ donors, and for recovering and distributing the recovered organs for transplantation. OPOs are the stewards of the nation s organ donation and transplantation process. Each OPO is designated by CMS to serve a defined geographic area or donation service area (DSA) and is required by law to have an agreement with each of the hospitals in its DSA to coordinate donation and organ recovery and transplantation. Collectively, OPOs work with each one of the nation s nearly 5200 acute care hospitals. Each OPO works with multiple hospitals, with numbers ranging from 12 to approximately 220 acute care hospitals in a single DSA. The OPOs function as the foundation level of a national system of organ donation and allocation that is coordinated through the Organ Procurement and Transplantation Network (OPTN). The OPTN operates a computerized record system (UNET) that is used by hospitals and OPOs nationwide to maintain the list of potential organ recipients and to safely match recipients with donors. Much of the information in UNET is obtained by OPOs from the donor s hospital medical record. OPOs (and anyone else who accesses the UNET system) are required by law to protect the confidentiality of donor records. OPOs and Medical Records Whenever a person dies in hospital, or death is imminent, the hospital is required by federal regulation to notify the OPO. This referral sets in motion a process by which the OPO, in accordance with federal and state law, identifies and medically evaluates potential organ donors; manages the deceased donor pending organ recovery; coordinates the surgical organ recovery teams; oversees the recovery and the subsequent transportation and placement of the donated organ. At each point in the donation process, the OPO requires access to the potential donor/donor s medical record. The law mandates that the OPO should have access and should create its own record using information from, among other places, the hospital record. The federal regulations require that there be an agreement in place between the OPO and hospital that generally lays out the details of how the OPO will have access to the medical record. Increasingly, the record that the OPO needs to access is an EMR. OPOs and the Health Insurance Portability and Accountability Act (HIPAA) Hospitals have adopted EMR systems that are required to comply with HIPAA security and privacy regulations, 45 CFR Parts 160, 162, and 164, which restrict how, and to whom a person s protected health information (PHI) may be disclosed and the purposes for which it may be disclosed or used. Covered entities, such as hospitals and physicians and their business associates, are required to comply with these rules. OPOs, however, are not healthcare providers, nor are OPOs business associates of the hospitals with which they work. The HIPAA regulations appropriately recognize that privacy restrictions should not be an obstacle to organ donation and transplantation as the sharing of medical information is a critical part of a safe and efficient organ donation system. The HIPAA privacy rule permits hospitals and health care providers to disclose protected health information to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of cadaveric organs, eyes, or tissue for the purpose of facilitating organ, eye 2

or tissue donation and transplantation. 45 CFR 164.512 (h). Once hospitals and staff were educated about the exception under HIPAA for organ and tissue donation, this system of access has functioned reasonably well for non-electronic medical records. Unfortunately, as hospitals have adopted EMR systems, many of these HIPAA compliance measures have been implemented in ways that thwart the OPO s ability to easily obtain secure, and non-burdensome access commensurate with the OPO s significant responsibility to the organ donation and transplant process. The problem occurs to a greater or lesser extent in every one of the multiple hospitals in the OPOs service area, depending on where the hospital is in the process of EMR implementation. Moreover, the hospitals use different EMR vendors. 1 The OPO, thus, is confronted with different EMR systems, including different user names and passwords, different password management systems, different security, access and training requirements, and different requirements for the OPO to write orders for the medications and fluids used to maintain the donor pending surgical recovery. One single OPO may be confronted with dozens of different EMR systems on which staff must be trained, credentialed and manage passwords. Each OPO has struggled with different band aid workarounds. The problem, however, is beyond the ability of OPOs to solve on their own. The EMR Problem Illustrated Each OPO is open 24/7 to receive calls from its hospitals concerning deaths or imminent deaths in the hospital. After receiving this call, the OPO has the legal right, and the responsibility, to review the patient s medical record to determine the medical suitability of the potential donor. This is a critical step to ensuring the safety of organs for transplantation. There could be a direct impact on the organ transplant recipient s health if the OPO does not have complete and timely access to the donor s medical information. Currently, hospitals provide EMR access in several unsatisfactory ways. Some hospitals may authorize their own staff to assist the OPO a nurse or other healthcare professional uses his or her user ID and password to give the OPO representative access to the hospital EMR and to enter information. There are several issues with this work-around. A task that should take one person, now takes two. The hospital s audit trail is misleading; the OPO may not be able to control the accuracy or completeness of the audit trail record; and the OPO s time sensitive work has to wait on the availability of hospital staff in an emergency room or 1 TOP VENDORS OF ENTERPRISE EMR SYSTEMS October 2011 - October 2012 Vendor # of hospitals % Meditech Westwood. 1,155 23.3 Epic Systems Corp... 678 13.7 Cerner Corp.. 634 12.8 McKesson Provider Technologies.. 471 9.5 CPSI. 393 7.9 Healthcare Management Systems 352 7.1 Siemens Healthcare.. 310 6.3 Self-developed. 260 4.6 Allscripts.. 178 3.6 Source: Modern Healthcare, November 19, 2012 3

intensive care unit where hospital staff members are frequently inundated by the demands of caring for other patients. The hospital may give access by issuing OPO staff with a user ID and password on the hospital s EMR system. While this is useful, it creates a serious management problem for both the OPO and its staff and the hospital. OPO personnel generally serve multiple hospitals and in some regions it could be well over a hundred. As a result, OPO staff members have multiple user names and passwords, multiple password creation rules and multiple password renewal cycles. They may also have multiple privacy training requirements as a pre-condition to being given a user ID and password, as well as training on the hospitals unique system security requirements. OPO staff members have the task of securely managing all these passwords while they are out of the office and away from the management resources that OPOs use to secure their own computer networks. Because the passwords are administered by the hospital, the OPO is unable to control, as it does with its own computer system, the way in which employees use the passwords and it has no audit trail for its employee s activities. If the OPO employee takes another position that does not require access to hospital records, the OPO has the management task of ensuring that the change is transmitted to multiple hospitals in a timely manner and hospitals, in turn, have the task of ensuring that it acts in a timely manner to remove the employee s access. These notifications are not automatic. They depend on people to perform tasks that should be automated. As a result, there are potential gaps in security and accountability, making system administration more time and labor intensive than before. The OPO also needs to enter information in the hospital EMR, print, download, and share information such as blood work, test results, x-rays and scans. The OPO is required by law to include in its own donor record information that is created in, or derived from, the hospital EMR, and to provide this information to UNET for donor recipient matching purposes. The OPO staff thus need read and write permission on the hospital system. They may also need to be able to transmit records over the internet and to access records remotely. In general, EMR systems have not been designed to permit OPOs to perform these basic functions. The OPO is responsible for medically maintaining the donor until the surgical recovery is performed. The OPO endeavors to ensure the continued viability of the organs by administering fluids and other medications e.g. vasopressors. To administer these treatments, or to request procedures such as X-rays, echocardiograms etc., the OPO must be able to write orders in the hospital system, which is now electronic and subject to restrictions that did not previously hamper OPO operations. Hospital EMR systems generally require orders to be entered into the EMR by a physician who is credentialed to practice at the hospital. In this way, hospitals protect their patients, track prescriptions and ensure staff accountability. While accountability of this type is necessary to protect living patients, applying this same standard to deceased organ donors is inefficient, counterproductive, and is causing delays and unnecessary administrative burdens. It also is at cross-purposes with federal law. OPOs are required by federal law to have a medical director who is a physician licensed in one of the states or jurisdictions in which the OPO operates and who is responsible for implementation of the OPO's protocols for donor evaluation and management and organ recovery and placement. The medical director is responsible for oversight of the clinical management of potential donors, including providing assistance in managing a donor case. 4

42 CFR 486.326 (d). The OPO is further responsible for selecting staff members who are qualified to carry out OPO functions. 42 CFR 486.326 (a) (1). Hospital EMR systems are being implemented in a way that prevents the medical director from functioning as intended and makes ineffective federal law with respect to organ donation and procurement. To meet EMR standards for writing orders, OPOs are now frequently required to have, at every hospital, the services of a physician who is privileged at that hospital. This is entirely contrary to CMS - 482.45(a)(1) Condition of Participation: Organ, Tissue and Eye Procurement Interpretive Guidelines which states,.that the hospital is not required to perform credentialing reviews for, or grant privileges to, members of organ recovery teams as long as the OPO sends only qualified, trained individuals to perform organ recovery. This is the classic tail-wagging-the-dog response. There is no legal requirement mandating this approach. Previously, the hospital and OPO could agree on a procedure for writing orders that did not overburden either party, and that worked flexibly to ensure that donor viability was maintained. However, given how EMR systems are developed, this approach is no longer practically effective. OPOs have now experienced delays when a privileged physician was unavailable, and reluctance from hospitals whose physicians are asked to perform order writing duties for donors, in addition to their other full time duties. All OPOs have medical directors who are qualified to write orders; it is not, however, practical nor necessary to ask the medical director to be privileged at every hospital, under the standards currently applied by EMR systems to obtaining and keeping privileges at a hospital e.g. training, meeting attendance, and submission of reports to the hospital. The problems outlined above all result in delay, confusion and unnecessary complexity in an organ recovery and transplantation system that it already complex and that depends for its effectiveness on speed, fluent information sharing and on close coordination and teamwork. In addition, short-term solutions themselves provide increased opportunities for security breaches. The EMRs that are in the process of being implemented in the nation s hospitals are erecting obstacles for OPOs that have the unintended effect of sowing the seeds of dysfunction. Opportunities Lost and Heightened Risks or Patient Safety Since passage of the National Organ Transplant Act in 1984, national health policy has directed considerable time, effort and money toward the goal of reducing if not eliminating the national list of people waiting for an organ transplant. That goal remains a pressing and unmet priority. OPO experience with EMR systems implementation shows that an opportunity to improve the operation of the organ donation and transplantation system is in the process of being missed or delayed. EMRs offer the prospect of faster referral of potential donors to the OPO, more complete and more accurate records that are made available more quickly to UNET and transplant hospitals. They also offer the prospect of more efficient use of OPO and hospital resources, and faster and easier access to data on OPO and hospital performance in meeting national organ donation and transplantation goals. Perhaps most important is the relationship between EMRs and patient safety. The sharing of clinical information between donor hospitals and OPOs is a vital component of the organ, tissue, and eye donation process. A clear and accurate assessment of donor risk can only be determined when all available medical and social information is available, and shared logically between all interested parties. The inability of the OPO to have timely and unfettered access to the EMR can contribute to increased risk of disease transmission (infectious disease testing and/or other lab data), or incomplete communication of 5

medical/social history contained in the donor s medical record. Complete and timely access to the donor EMR is paramount to ensuring patient safety in the donation process. Paths to Possible Solutions AOPO recognizes that the EMR problems being experienced by OPOs will be resolved only by sustained effort over an extended period. OPOs cannot fix this issue on their own as they involve multiple parties and varied systems. OPOs need and request official support and direction in making resolution a priority. Following are several courses of action that AOPO believes would go a considerable distance towards alleviating the problem over the long term. 1. By regulation or regulatory guidance prioritize the need for effective mechanisms for OPO access to hospital EMR systems that include, among other things: The OPO has real time access to the hospital s EMR, both on-site at the hospital and remotely; The OPO is responsible for organizational user ID and password issuance and stafflevel administration; OPOs can audit its employees online activities; Requirements for writing orders under the auspices of the OPO medical director are appropriate to deceased donor maintenance and circumstance of deceased organ donation; Clarify further that OPO physicians do not need to be credentialed by (or seek privileges at) the hospitals within which they work on behalf of the OPO; OPOs can print, download, or transmit over the internet, all potential donor and donor medical records (including laboratory tests, scans, x-rays, staff notes); OPOs can incorporate information from hospital EMRs into the OPO s electronic record system and transfer the information to UNET. 2. CMS should encourage hospitals to apply Stage 1 and Stage 2 Meaningful Use goals to the hospital s work with OPOs under both the CAH and Medicare and Medicaid incentive programs. 3. CMS should include effective incorporation of organ donation and transplantation as a mandatory element in Stage 3 Meaningful Use goals for the purpose of CMS incentive programs. 4. The Office of the National Coordinator for Health Information Technology (ONC) should develop standards, implementation specifications and certification criteria for organ donation and transplantation to ensure timely OPO access, and interoperability between hospital EMR systems, OPO records and UNET. 5. Request HRSA to make a grant available to OPOs and hospitals to help develop the computer interface between the hospitals, OPOs and UNET. 6. Request EMR vendors to offer specific functionality for organ donation and OPO access in meeting with their hospital clients to evaluate the client s EMR needs and to develop a project scope and EMR system specifications. Enterprise EMR vendors are perhaps best placed to articulate and advocate appropriate technical solutions. 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information