Issue Brief: Electronic Health Records Seeler 1Background President George Bush signed an executive order in April 2004 directing the Secretary ofHealth and Human Services (HHS) to establish the position of National Health InformationTechnology Coordinator. This individual was tasked with overseeing the development anationwide interoperable health information technology infrastructure that, among other things: • improves health care quality, • reduces medical errors, • decreases health care costs resulting from inefficiency, medical errors, inappropriate care, and incomplete information, • while ensuring the security of personally identifiable health information.1 The Office of the National Coordinator for Health Information Technology (ONC), as thedepartment is now called, is focusing on electronic medical records to achieve its mission of“improv[ing] health and health care for all Americans through use of information andtechnology.”2What is an Electronic Health Record (EHR)? Also known as electronic medical records or personal health records, EHRs can looselybe seen as “a set of computer-based tools that allow people to access and coordinate theirlifelong health information and make appropriate parts of it available to those who need it.”3More particularly, HHS defines an EHR as: 1 President, Executive Order, “Incentives for the Use of Health Information Technology andEstablishing the Position of the National Health Information Technology Coordinator,” Federal Register 69, no. 84:(April 2004).2 Office of the National Coordinator for Health Information Technology, FY 2012 Congressional BudgetJustification (Washington DC, 2011).3 Kaelber, David C., Ashish K. Jha, Douglas Johnston, Blackford Middleton, and David W. Bates, "A ResearchAgenda for Personal Health Records (PHRs)," Journal of the American Medical Informatics Association 15, no. 6(2008): 729-736.
Issue Brief: Electronic Health Records Seeler 2 A real-time patient health record with access to evidence-based decision support tools that can be used to aid clinicians in decision making. The EHR can automate and streamline a clinicians workflow, ensuring that all clinical information is communicated. It can also prevent delays in response that result in gaps in care. The EHR can also support the collection of data for uses other than clinical care, such as billing, quality management, outcome reporting, and public health disease surveillance and reporting.4What Types of Legislation are Related to EHRs? There are two main pieces of legislation that greatly impact the nature and use of EHRs:the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the HealthInformation Technology for Economic and Clinical Health Act (HITECH), which was passed aspart of the American Recovery and Reinvestment Act (ARRA) of 2009.HIPAA The main objective of HIPAA when originally enacted was to “improve portability andcontinuity of health insurance coverage in the group and individual markets.”5 Sections 261through 264 of HIPAA, referred to as “Administrative Simplification” rules, require theSecretary of HHS to publicize national standards for the electronic exchange, privacy andsecurity of health information. The Centers for Medicare & Medicaid Services (CMS)administer and enforce the following Administrative Simplification rules: Transactions and CodeSets Standards, Employer Identifier Standard, and National Provider Identifier Standard.6 The act also mandated that the Secretary issue privacy regulations governing personallyidentifiable health information, if Congress did not enact privacy legislation within three years.Because Congress did not reach a consensus, HHS developed a proposed rule and released it for 4 Department of Health and Human Services, “HealthIT.hhs.gov:Glossary,” Glossary of Selected Terms Related toHealth IT, last modified December 4, 2009,http://healthit.hhs.gov/portal/server.pt/community/health_it_hhs_gov__glossary/12565 Health Insurance Portability and Accountability Act of 1996, H.R. 3103, 104th Cong., 2nd sess. 6 Department of Health and Human Services, “HIPAA Administrative Simplification Statute and Rules,” HIPAAAdministrative Simplification Statute and Rules, http://www.hhs.gov/ocr/privacy/hipaa/administrative/index.html
Issue Brief: Electronic Health Records Seeler 3public comment in November 1999. The final regulation, known as the Privacy Rule, waspublished December 2000. It was later amended in August 2002.7 The Privacy Rule applies to all health plans, health care clearinghouses, and any healthcare provider who transmits health information in any format. It seeks to protect individuallyidentifiable health information, such as a person’s past, present, or future physical condition bydefining and limiting circumstances in which someone’s protected health information may beused or disclosed by covered entities. Some measures include requiring covered entities toprovide notice of their privacy practices to patients, the ability of patients to authorize access totheir medical records, and the right of people to view and obtain a copy of their own records.8 HHS proposed rule protecting the integrity, confidentiality, and availability of electronicpersonally identifiable health information held or transmitted by covered entities and released itfor public comment in August 1998. The final regulation, known as the Security Rule, waspublished in February 2003. The Security Rule applies to covered entities that transmit health information in anelectronic format. It specifies a series of administrative, technical, and physical securityprocedures for covered entities to use to assure the confidentiality, integrity, and availability ofpersonally identifiable health information. Covered entities are also expected to protect againstreasonably anticipated and impermissible uses or disclosures, guard against anticipated threats tosecurity or integrity of information, and ensure compliance by their workforce.9 Neither the Security Rule or Privacy Rule dictate how covered entities should achievethese objectives, understanding that providers vary greatly in size and needs. 7 Department of Health and Human Services, “Summary of the HIPAA Privacy Rule,” Summary of the HIPAAPrivacy Rule, http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html8 Ibid.9 Department of Health and Human Services, “Summary of the HIPAA Security Rule,” Summary of the HIPAASecurity Rule, http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html
Issue Brief: Electronic Health Records Seeler 4HITECH President Barack Obama signed the American Recovery and Reinvestment Act (ARRA)in February 2009, which the Health Information Technology for Economic and Clinical HealthAct (HITECH) was part of. The act widens the scope of privacy and security protections offeredunder HIPAA, increases potential liability for non-compliance, and provides more enforcement.HITECH also amends Title XXX of the Public Health Service Act by adding variousopportunities to advance health information technology. One example of this is the grant, loan, and demonstration programs. The Secretary ofHHS is required to allocate funds among various agencies, such as ONC, CMS, Agency forHealthcare Research and Quality, and Indian Health Service with the intent to support healthinformation technology, development and adoption of appropriate certified EHRs, and trainingon and dissemination of information on best practices to integrate health information technologyinto providers’ delivery of care among others.10 HITECH also provides specifications for regional assistance centers, state grants, and toIndian tribes. The act allocates funding for demonstration projects to develop academic curriculaintegrating certified EHR technology in the clinical education of health professionals.11 Duringthe 2009-2010 fiscal year, HHS allocated $235 million to the Beacon Community CooperativeAgreement Program for communities to build and strengthen their health information technologyinfrastructure. The Strategic Health IT Advanced Research Projects (SHARP) Program wasgiven $60 million to fund research focused on finding solutions to address well-documentedproblems that have impeded adoption of EHRs: security of health information technology, 10 Health Information Technology for Economic and Clinical Health (HITECH) Act, Title XIII of Division A andTitle IV of Division B of the American Recovery and Reinvestment Act of 2009 (ARRA), Pub. L. No. 111-5 (Feb.17, 2009)11 Ibid.
Issue Brief: Electronic Health Records Seeler 5patient-centered cognitive support, healthcare application and network platform architectures,and secondary use of EHR data.12 A key component included in the HITECH Act is the provision of financial incentives toprofessionals, eligible hospitals and critical access hospitals for certified EHR adoption underMedicare and Medicaid. CMS coordinates this aspect of the legislation. Eligible providers canregister as early as 2011, but must participate by February 29, 2012 in order to receive themaximum incentive payment. Starting in 2015, eligible parties that do not successfullydemonstrate meaningful use will have a payment adjustment to their Medicare reimbursement,although this will not apply under the Medicaid EHR Incentive Program.13What is “Meaningful Use”? Providers are expected to demonstrate their use of certified EHR technology in ways thatbe measured significantly in quality and in quantity. More particularly, ARRA outlines threeelements of Meaningful Use: • The use of a certified EHR in a meaningful manner, such as e-prescribing. • The use of certified EHR technology for electronic exchange of health information to improve quality of health care. • The use of certified EHR technology to submit clinical quality and other measures.14 Meaningful Use criteria will by laid out in three stages from 2011 to 2015. Stage 1 (2011and 2012) sets a baseline for electronic data capture and information sharing. Stages 2 and 3 12 Office of the National Coordinator for Health Information Technology, Celebrating the First Anniversary of theHITECH Act and Looking to the Future, Health Information Technology for Economic and Clinical Health(Washington DC, 2010).13 Centers for Medicaid and Medicare Services, “Overview EHR Incentive Programs,” Overview, last modifiedApril 18, 2011, http://www.cms.gov/EHRIncentivePrograms/14 Centers for Medicaid and Medicare Services, “CMS EHR Meaningful Use Overview EHR Incentive Programs,”CMS EHR Meaningful Use Overview, last modified April 20, 2011,http://www.cms.gov/EHRIncentivePrograms/30_Meaningful_Use.asp#TopOfPage
Issue Brief: Electronic Health Records Seeler 6(2013 and 2015 respectively) will continue to expand on the established baseline. Currentcriteria for Meaningful Use includes both a core set and menu set of objectives specific toeligible professionals or eligible hospitals and critical access hospitals.15What is a Certified EHR? Legislators and HHS want health care providers and their patients to be confident that theelectronic health information technology products and systems they use are secure, can maintaindata confidentially, can work with other systems to share information, and can perform a set ofwell-defined functions. A Final Rule on an initial set of standards, implementationspecifications, and certification criteria was issued July 2010. According to HHS, thecertification criteria adopted in this initial set establish the required capabilities and relatedstandards and implementation specifications that certified EHR technology will need to includein order to support the achievement of meaningful use Stage 1 by eligible professionals andeligible hospitals under the Medicare and Medicaid EHR Incentive Programs.16 Severalexamples of certification criteria include drug-drug and drug-allergy interaction checks,encryption, audit logs, and access control.17 CMS will only reimburse eligible entities under its Medicare and Medicaid IncentivePrograms for EHR technology that has been tested and certified by an Office of the NationalCoordinator Authorized Testing and Certification Body (ATCB).Who Provides Certified EHRs? 15 Ibid.16 Department of Health and Human Services, “HealthIT.hhs.gov:Standards IFR,” Standards & CriteriaCertification Final Rule, last modified March 31, 2011,http://healthit.hhs.gov/portal/server.pt?open=512&objID=1195&parentname=CommunityPage&parentid=97&mode=2&in_hi_userid=11673&cached=true17 Department of Health and Human Services, “HealthIT.hhs.gov:Reference Grids,” Reference Grids for MeaningfulUse and Standards and Certification Criteria Final Rules, last modified March 31, 2011,http://healthit.hhs.gov/portal/server.pt?open=512&mode=2&objID=3584
Issue Brief: Electronic Health Records Seeler 7 Many commercial vendors offer EHR systems that have been certified by the ATCB.Users can go to the Certified HIT Product List website maintained by HHS to locate and select aprovider based on practice type (ambulatory or inpatient). The 600 plus products are designatedas “Complete EHR,” which means that it meets all of the certification criteria, or “ModularEHR," meaning that it meets at least one certification criteria.What Information is Included in EHRs? This varies widely and depends on the particular data fields included by the vendor.Information in an EHR may include: • personal identification, such as name and birth date • emergency contacts • health insurance information • living wills, advance directives, or medical power of attorney • a list and dates of significant illnesses and surgical procedures • current medications and dosages • immunizations and their dates • allergies or sensitivities to drugs or materials • important events, dates, and hereditary conditions in the family history • test resultsHow can Consumers Use EHRs to Obtain Information? A joint task force consisting of individuals from the Medical Library Association andNational Library of Medicine investigated the characteristics of personal health records in 2008and 2009. They also looked at how librarians could help consumers locate reliable andauthoritative health information since many users might be consulting questionable sources such
Issue Brief: Electronic Health Records Seeler 8as wikis, blogs, and social networking sites. The task force created a statement that could beinserted in EHRs to alert users that they can obtain information from authoritative resources suchas NLM’s MedlinePlus, MLA’s Consumer and Patient Health Information Section website, andthrough direct contact with medical librarians.18 Medical librarians, including those found in public libraries, can assist patrons in manycapacities such as: • assisting patients with registering for EHRs • training employees in the use of EHRs • educating staff on how use of EHRs might reduce costs, inform consumers, and benefit the institution • incorporating information about EHRs into academic courses • helping implement patient portals that include EHRs • selecting and evaluating consumer health content to be included in personal health records • coordinating with health information management professionals responsible for EHRs • assisting health care providers in adopting the use of EHRs • providing EHR vendors with information regarding the UMLS and how it can be integrated into EHRs • promoting the use of EHRs through consumer • outreach efforts to build trust and acceptance 18 Dixie A. Jones, Jean P. Shipman, Daphne A. Plaut, and Catherine R. Selden, “Characteristics of personal healthrecords: findings of the Medical Library Association/National Library of Medicine Joint Electronic Personal HealthRecord Task Force,” Journal of the Medical Library Association 98, no.3 (2010): 247.