HISPC Resources
For Consumers
Tutorial - Risks and benefits of Electronic Health Records (Video, 11 minutes) [http://www2.kumc.edu/healthinformatics/HISPC/Toolkit.htm]
Frequently Asked Questions (FAQ)
What is an Electronic Health Record (EHR)?
What is a Personal Health Record (PHR)?
What is a Personally Controlled Health Record (PCHR)?
What is a health information organization (HIO)?
What is a regional health information organization (RHIO)?
What is Health Information Exchange (HIE)?
What are patient preferences?
What is a "repository"?
What does "Public Health" mean?
What is "research"?
What is "de-identified" data used in research?
Is a patient portal the same as a PHR?
What is e-prescribing?
What are the benefits of electronic health records systems?
Why would an EHR/HIE lead to less medical testing and a more efficient system?
How would an EHR/HIE improve patient safety?
Who is allowed to view my electronic health information?
Will I know if my health information was misused?
How do I know that insurers won't use my information to deny me coverage?
Can I ask my doctor to change or delete information in my medical record?
What are the Benefits of HIE?
What are the Risks of HIE?
What is an Electronic Health Record (EHR)?
An electronic health record contains your health information. Only authorized doctors, nurses and staff can create, view and update these records. An electronic health record should meet the technical rules that ensure that it can be shared between, for example, hospitals, doctor’s offices and clinics.
The EHR is a secure, real-time medical record stored on a computer or over a network, and it helps providers make decisions by providing access to a patient’s health information and history at the time the doctor needs it.
What is a Personal Health Record (PHR)?
A personal health record contains your electronic health information. It is controlled and managed by you. You decide who you would like to share your health information with. A personal health record should meet the technical rules that ensure that it can be shared between, for example, hospitals, doctor’s offices and clinics.
A PHR is an electronic, available, lifelong resource of health information to help individuals to make healthcare decisions. Individuals can own and manage the information in the PHR, which comes from healthcare providers and the patient. The PHR is maintained in a secure place with the individual determining who can see the information. The PHR is separate from and does not replace the legal medical record of any provider.
What is a Personally Controlled Health Record (PCHR)?
A personally controlled health record system enables patients to own complete, secure copies of their medical records. It is an actual medical record, not a portal. Portals, often provided by healthcare institutions, are windows through which patients can view, but not own or control, a portion of their health data stored at that institution.
What is a health information organization (HIO)?
A health information organization is one that oversees and controls the exchange of health-related information among organizations according to nationally recognized standards.
What is a regional health information organization (RHIO)?
A regional health information organization that brings together health care providers and services within a defined geographic area and governs health information exchange among them for the purpose of improving health and care in that community.
What is Health Information Exchange (HIE)?
Health information exchange is when hospitals, doctor’s offices and others share health information electronically. The exchange of health information should be done securely, maintaining your privacy.
What are patient preferences?
“Patient Preferences” are requests made by the patient to the holder of the information (such as a doctor or hospital) regarding the use, sharing, sending or storage of the information that the holder may agree to, but are not required by law. A holder, like your doctor, might have his/her own rules about your preferences even if not required by law. If your doctor creates polices or rules about consent, he/she may have to obey them. If a holder of information follows a privacy policy stating that the holder must follow the patient’s wishes, and that policy is described to the general public (for example, in a privacy policy on a web site) the holder may have to follow that policy by law.
What is a "repository"?
A “repository” is the collection of information, also called a database. The purpose of a repository is to receive, store, and send health information. This repository can be used by a single person, organization or group of organizations. It has a set of rules that everyone follows.
What does "Public Health" mean?
“Public Health” activities are carried out by government agencies to prevent disease, prolong life, and promote health. They keep track of things like vaccinations or sanitation. Often, they watch out for threats to your health, like outbreaks of illnesses.
What is "research"?
“Research” is an organized way of gathering information and figuring out how to answer questions about disease.
What is "de-identified" data used in research?
Sometimes, researchers will collect patient health information from physicians, health plans, and other places that have your health information. “De-identified data” requires that all information that is uniquely related to you be removed. This information includes, for example,
name,
address,
date of birth,
zip code,
dates of receiving services, and
medical record numbers.
Unless you consent to your information to be used for a specific study, researchers can only collect portions of your health information, leaving out any data that could identify you. Using de-identified data allows researchers to study patterns of disease and other healthcare issues without risking the privacy of anyone.
Is a patient portal the same as a PHR?
A patient portal is not the same as a PHR, although it may have similar features.
A patient portal is typically owned by the patient’s healthcare entity or organization. It allows patients to view parts of their healthcare record as entered by their healthcare team, such as test results or medications. Some patient portals can be used to communicate with physicians or schedule appointments. A PHR may be owned and managed by the individual. Information in the PHR is typically entered in by the patient, although some information may also come from the patient’s healthcare provider, payer claims or payment statements. The healthcare information found in a PHR is used by and for the individual as a resource to make informed healthcare decisions.
What is e-prescribing?
Electronic prescribing (ePrescribing) uses computers to allow a healthcare provider to enter, modify, review, and communicate your prescription information. ePrescribing provides secure, 2-way electronic data interchange (EDI) between providers and pharmacies.
Information about medication history, allergy information, drug interaction alerts, and insurance benefits eligibility information may be available to the provider. ePrescribing is efficient and accurate because the system is entirely electronic. Prescription errors may result from miscommunication due to unreadable handwriting, unclear abbreviations, and dose designations, unclear telephone or verbal orders, or confusing orders and fax-related problems. E-prescribing helps to eliminate these errors. In addition, the pharmacist does not need to re-key the prescription information into his or her system.
What are the benefits of electronic health records systems?
Storing health records electronically allows for quicker retrieval of more complete patient information by doctors and other providers. Electronic health records also make searching, tracking and analyzing information easier. Unlike paper records, they are not bulky, they don't take up costly space and they don't require people to maintain, retrieve, and file them. Electronic health records also provide easier access at times of emergency and can be backed up easily to avoid loss during times of disaster, especially when they are linked into a health information exchange network.
Why would an EHR/HIE lead to less medical testing and a more efficient system?
When each doctor involved in a patient's care has all of that patient's information readily available, medical tests done do not have to be repeated unless there are new developments. This allows the doctor to determine treatment more quickly and correctly.
How would an EHR/HIE improve patient safety?
When a doctor who is treating a patient has access to all of the patient's records, the doctor can make more informed decisions based on complete information. Also, EHR/HIE systems can automatically tell health care professionals when there are conflicts between prescribed drugs. In addition, when medical information is stored electronically, there are no problems with unclear handwriting on paper records and prescriptions.
Who is allowed to view my electronic health information?
Many people are allowed to look at your health information. You should receive a “notice of privacy practices” upon a first visit to a provider or hospital. When you join a health plan you will be given this “notice of privacy practices” also. As directed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, these notices describe how your protected health information is to be collected, used, and sent. Also under the HIPAA Privacy Rule, your data may be looked at by law enforcement or national security officials if they present a warrant, subpoena, or summons. The HIPAA Privacy Rule gives special protections to psychotherapy notes kept by mental health providers. These notes may not be shared for any purpose unless you voluntarily provide a written permission to do so. In addition, some states have enacted privacy laws saying that some categories of health information are “sensitive” and require a second consent from you each time the information is sent. In Massachusetts, that would include sending HIV or genetic test results. HIPAA also keeps healthcare providers and health plans from sharing your health information to employers without your written authorization. Electronic healthcare processes in the future may give you greater control over the consent process and who sees your data, which in turn can help your doctors better manage your care. Efforts funded by the federal government, such as the Health Information Security and Privacy Collaboration (HISPC), are investigating privacy and security solutions to improve the effective adoption of health information technology and the electronic exchange of health information.
Will I know if my health information was misused?
Yes, but perhaps not always. Many people within a healthcare organization are responsible for maintaining the electronic health record system and making sure that records are kept private and secure. Under the HIPAA Privacy Rule, you have the right to receive a list of times that your health information was given out for certain purposes. The information is available for six years before the date that your request was made. This includes information given to or by the organization’s business associates but not information related to treatment, payment, or healthcare operations, or in cases where you gave authorization. If you believe that a person, agency or organization covered under the HIPAA Privacy Rule ("a covered entity") violated your (or someone else’s) health information privacy rights or committed another violation of the Privacy Rule, you may file a complaint with the Office for Civil Rights.
How do I know that insurers won't use my information to deny me coverage?
Under the HIPAA Privacy Rule’s notice of privacy practices, health plans generally have access to your medical information to decide whether a service is covered under your plan. Insurers would make this request to the provider treating you, regardless of whether your medical record was in paper or electronic form. However, you may have to give your consent or permission in order to allow health plans or insurers to access clinical information about you. If you don’t give your permission, the insurer may not pay the claim.
Can I ask my doctor to change or delete information in my medical record?
Yes, you may ask, but your doctor is required to maintain the truthfulness of your health information and, under HIPAA, has the final say over adjusting your medical record. You may request that your doctor adjust information in your record that is inaccurate.
- Available in Emergency: If you are in an accident and are unable to explain your health history to a health care provider, they can find the information about your medications, health issues, and tests and make informed decisions about your emergency care faster.
- Protected in Disasters: If you are in an area affected by a disaster, like Hurricane Katrina, your health information can be stored safely in electronic form.
- Improved Care/Reduced Medical Errors: Access to information about care you receive elsewhere gives your health care provider a better, more complete picture of your health. That means your health care provider can make sure the care he or she provides doesn’t interact badly with other treatment you may be receiving. For example, when you can’t remember what medications you are taking, health information exchange can make information about your conditions and medications available to your health care provider so that they will know the right things to do instead of doing something that might be harmful.
- Tracking for Protection: When your health information is shared electronically, information about access to your record is stored electronically. This can include the identity of those who accessed your record, the date of access, the types of information accessed and the reason your record was accessed. This makes it easier to enforce laws and regulations governing access when using electronic records than it is with paper records.
- Increased Safety/Reduced Duplication: Because health care providers can see what tests you have had and the results, they don’t always have to repeat them. Especially with x-rays and certain lab tests, this means you are at less risk from radiation and other side effects. It also means you pay less for your health care in copayments and deductibles when tests aren’t repeated.
- Identity Theft: Although health information benefits from all the security measures developed in other economic sectors such as defense and finance, it bears the same risks these other sectors have experienced. Identity theft occurs with both paper files and electronic files, but a breach of electronic files may affect more records than a breach of paper files.
- Errors: Health Information Exchange is a tool to improve care. Just like a paper health record, if the health care provider does not enter the correct information, that information remains in the health record until it is corrected. However, electronic information can provide checks and balances that paper health records cannot.
- Hackers: As long as information technology has existed, there have been efforts to try and break into records of all kinds. Electronic health care information benefits from the security measure developed by other industries, so anti-hacking security measures from other economic sectors are already used. However, hackers will continue to try to break security codes just like they do in other electronic systems.
Federal Activities
CCHIT - The Certification Commission for Healthcare Information Technology or CCHIT is a recognized certification body (RCB) for electronic health records and their networks, and an independent, voluntary, private-sector initiative. It is our mission to accelerate the adoption of health information technology by creating an efficient, credible and sustainable certification program. www.cchit.orgAHIC http://www.hhs.gov/healthit/ahic/confidentiality/ American Health Information Community (the Community)
HITSP http://www.ansi.org/standards_activities/standards_boards_panels/hisb/hitsp.aspx?menuid=3 The mission of the Healthcare Information Technology Standards Panel is to serve as a cooperative partnership between the public and private sectors for the purpose of achieving a widely accepted and useful set of standards specifically to enable and support widespread interoperability among healthcare software applications, as they will interact in a local, regional and national health information network for the United States.
NHIN http://www.hhs.gov/healthit/healthnetwork/ Nationwide Health Information Network - As a key element of the national health information technology strategy, the advancement of the Nationwide Health Information Network initiative will provide the foundation for interoperable, secure and standards-based health information exchange nationally.
ONC http://www.hhs.gov/healthit/onc/mission/ The Office of the National Coordinator for Health Information Technology (ONC) provides counsel to the Secretary of HHS and Departmental leadership for the development and nationwide implementation of an interoperable health information technology infrastructure.
AHRQ – HISPC http://healthit.ahrq.gov/privacyandsecurity Co-managed by HHS' Agency for Healthcare Research and Quality (AHRQ) and Office of the National Coordinator for Health IT (ONC), the Privacy and Security Solutions contract brings states and territories together to discuss the privacy and security challenges posed by HIE in their states.
State Activities
SLHIE www.slhie.org This website provides information and resources developed under the auspices of the State-level Health Information Exchange Consensus Project (Project). The Project began in 2006 under a contract from the Office of the National Coordinator for Health Information Technology (ONC).
NGA State Alliance for E-Health - www.nga.org/center/ehealth
