US Health Information Interoperability: Challenges and HIPAA

1
US Health Information Interoperability
Challenges and HIPAA

• Roy Rada, M.D., Ph.D.
• Univ. Maryland Baltimore County
• rada_at_umbc.edu

2
Point

• Interoperability is the holy grail.
• However, problem is not primarily technical.
• In US, challenge is autonomous professional
  providers and disconnect between consumer and
  payer.
• Progress requires appreciation of complexity.

3
Interoperable

• U.S. National Committee on Vital and Health
  Statistics adequate computerized patient record
  requires that clinically specific data are
  captured once at the point of care and that all
  other legitimate data needs are derived from
  those data interoperability
• What components need access?

4
Components

• Major components in a hospital information system
  are
• patient management,
• administration, and
• clinical support.
• Patient management includes medical records,
  registration, and order entry

5
Medical Record

• Each data element has
• patient identifier,
• attribute (for example, heart beat),
• value of the attribute (for example, 60 beats per
  minute), and
• time the value of the attribute was collected.
• Medical records department owns record.

6
Registration

• Checks with medical record when arriving patient
  in Master Patient Index.
• Mistakes frequently occur due to lack of unique
  identifier.
• However, in US politicians axed proposed unique
  patient identifier regulation due to privacy
  fears.
• At mundane level, registration needs to
  interoperate with other systems.

7
Order Entry

• Interoperability challenge due to physician
  workflow changes.
• Impressive support of CPOE in US from
  www.leapfroggroup.org
• Over 170 employers who pressure health plans to
  reward providers who implement CPOE

8
Administration

• Patient accounting systems are most popular
• Scheduling systems tend to serve niche markets
  but should interoperate
• Financial management

9
Clinical Support

• Clinical support departments operating rooms,
  pathology, pharmacy, and radiology.
• Different departments get information systems
  from different vendors. Interoperability is
  challenge.

10
Populations

• Middle-income physicians in private practice
  financed by nongovernmental funds.
• Poor emergency room of county hospital.
• Military government comprehensive.
• These 3 systems should interoperate.

11
Health Plan

• A health plan pays cost of medical care.
• Health plan determines premiums, enrolls members,
  checks eligibility, adjudicates claims, pays
  provider.
• Interoperability in US must involve health plans.
  
• If plans compete with proprietary features, what
  of interoperability?

12
Standards

• From technical perspective, key to
  interoperability is technical standards.
• Stakeholders are
• Providers and Payers
• Government
• Standards Development Organizations
• Vendors

13
(No Transcript)
14
HIPAA

• Government intervenes for interoperability.
• Health Insurance Portability and Accountability
  Act (HIPAA).
• Administrative Simplification standardization of
  identifiers and code sets and provider-payer
  transactions
• Politicians added privacy and security.
• Year 2000 - now

15
Transactions

• Alphanumeric strings
• For example, the Information Source Name might
  be transmitted as
• PR2Blue Cross Blue Shield IllinoisPI12345
• Transactions will include a claim attachment
  which is a medical record.

16
Providers 270 eligibility inquiry ? ?271 eligibility information Payers
Providers 837 claim submission? ? 835 payment advice Payers
17
General Practice Fields Values
Visits/Week 260
Ave Claim Value 191
Staff cost/hr 14
Ave Trans/Week 400
Manual Min/Trans 10
Electronic Min/Trans 0.5
Manual Yearly Cost 49,000
Elect Yearly Cost 2,000
Bad debt .11 to .03 207,000
18
Problems

• Compliance with the intent of the Transactions
  Rule difficult
• Entities promulgate too many entity-specific
  requirements within a Companion Guide.
• Challenge to interoperability.

19
Privacy Rule

• National framework for health privacy protection.
• Penalties
• fine of 50,000 and one year in prison for basic
  offenses
• fine of 250,000 and ten years in prison for
  intent to use information for gain.

20
Minimum Necessary Standard

• treatment-related exchange among providers is
  free
• disclosures on a routine basis, such as insurance
  claims, require policies and
• non-routine requests must be reviewed on a
  case-by-case basis to assure only minimum
  necessary information disclosed.
• Workflow management is way to get privacy and
  interoperability.

21
De-identification

• Privacy Rule applies only to individually
  identifiable health information.
• Rule defines acceptable de-identification
  criteria.
• Opens certain path to interoperability.

22
Administration

• Covered entities are required to
• Designate a privacy officer
• Document their policies and procedures
• Train everyone on privacy
• Provide a means for individuals to complain and
• Have sanctions for employees who violate.

23
Result

• Compliance with Privacy Rule has been at enormous
  cost to the health care system
• But creates a public perception of trust on which
  interoperability could build

24
Security Rule

• Security Rule makes health information safe from
  people without authorization.
• Privacy Rule describes circumstances under which
  information may be used.
• Security supports Privacy.

25
New Standard

• DHHS must adopt standards developed by accredited
  Standards Development Organizations when
  possible.
• No existing standard was technology-neutral and
  scaleable enough. So, DHHS developed a new
  standard.
• Standard supports interoperability

26
More Flexible than Privacy

• Two types of Implementation Specifications
• Required Entity is required to implement the
  specification.
• Addressable The entity may assess whether the
  specification is reasonable for the entity.
• If the entity determines that an addressable
  implementation specification is not a reasonable
  approach to its security needs, then the entity
  must only document why.
• This supports diffusion of the standard

27
Administrative Safeguards

• Require
• risk analysis and risk management
• sanction policy and activity reviews
• access policies and contingency plans
• This cost/benefit mentality is wise for system
  interoperability decisions too

28
Safeguards

• Technical Safeguards
• access control, audit, integrity, authentication,
  and transmission.
• Physical Safeguards
• facility access controls, proper workstation use
  and physical security, and device and media
  controls.

29
Security Result

• Annual maintenance costs are high. Takes time of
  every employee (e.g. security checks at doors).
• But again creates a foundation from which
  interoperability of EHR can grow.

30
Diffusion Politics

• The health care system is thousands of relatively
  autonomous units.
• Interoperability is political challenge.
• Standards are needed, and standardization is
  also essentially political.

31
Diffusion International

• Health care systems nationally
• Entrepreneurial (US),
• Welfare-oriented (Canada),
• Comprehensive (Britain), and
• Socialist (Cuba).
• have differences that are challenge to
  trans-national interoperability

32
Many National Efforts

• UK NHS is integrating local networks.
• Australia has National Health Information Model.
  
• US has Office of National Coordinator for Health
  Information Technology.
• Direction is toward national interoperability

33
Conclusion

• Interoperability of EHR should be approached from
  multiple levels simultaneously
• Advantage may be taken of progress made in
  different countries