Systems
advertisement
http://www.ieeeusa.org/volunteers/committees/mtpc/documents/EMBC06-NYC-Panel.ppt MAINTAINING SECURITY AND PRIVACY OF PATIENT INFORMATION September 2, 2006 Frank E. Ferrante, MSEE, MSEPP President FEFGroup, LLC Past Chair, Medical Technology Policy Committee IEEE-USA, Washington, DC Presented at 28th IEEE EMBS Annual International Conference Aug 30-Sept. 3, 2006, New York City, New York, USA 1 Outline Why Electronic Medical Records? Software Sample/hardware samples Barriers/Standards for EHR HIPAA Security and Privacy Regulations Medical data transmission requirements Wireline and Wireless Telecommunications Services Security Security of Patient Medical Records References 2 Why Electronic Medical Records (EMRs) Time spent filing and pulling patient charts, searching for charts Time re-creating records if destroyed by natural disaster or accident Cost of supplies to maintain charts Cost of facility space for records (can better use of space be made?) Storage and Backup Cost Transcription services cost Cost of doing nothing today Better Security/Privacy Maintainable 3 Software/Hardware Supporting Digital Medical Records Electronic Medical Record (EMR)Software Soapware - check it out $300 Starting Price see: http://soapware.com/ e-MDs Electronic Medical Record Support Software http://www.emds.com a4Healthsystems EMR and Access systems http://www.a4healthsystems.com Companion Technologies http://www.companiontechnologies.com Security and Privacy - all EMRs must be protected Sample approach: indigenous authentication of digital information (US Patent 6,757,828 B1 of June 29, 2004) by Signa2 http://www.gjtdc.com Backup routinely onto remote servers or storage offerings 4 What are the Barriers to EHR and e-Health Implementation?* Lack of a Unique Personal Identifier Lack of HIPAA Compliant Middleware Lack of Incentives No Paradigm or “First Mover” for Some System Components Evolving Standards Disincentives Lack of an NHIN Architecture [Fear of Cost/Benefit] * [Corr 06] 5 Barriers and Solutions Identifiers and Middleware Lack of a Unique Personal Identifier: • Solutions: •Voluntary Personal Healthcare Identifier (IEEE-USA Voluntary Healthcare Identifier Position Statement, 17 June 2004) •Center for Certification of Health Information Technology Multiple ID Approach (Provider ID + Provider Unique Personal ID) •DOD Common Access Card Model Lack of HIPAA Compliant Middleware: •Solutions: •RHIO Contracts •Marketplace Solutions •Shortcomings: •Public Health and Research Interfaces may not be included HIPAA compliant Identification, Authentication, and Access * [Corr 2006] 6 EHR Standards Evolution* International Statistical Classification of Diseases and Related Health Problems (ICD) from ICD-9 to ICD-10 ASCI X12 Version 4010 to ASCI X12 Version 5010 (HIPAA Business Transactions) National Council for Prescription Drug Programs Telecommunication Standards from version 5.1 to version D.0 Conversion of all standards to XML * [Corr 06] 7 HIPAA Security and Privacy Regulations Health Insurance Portability Assurance Act (HIPAA) Security - Required stronger and more focused provision of security around medical information (supports maintaining of information privacy) Privacy - Enforces increase in privacy protections for medical information (Not just speaking privacyrequired under penalty if failure occurs) 8 Electronic Medical Record (EMR) Data Requirements Page of text for entering and storing non-image information Less than 64 Kbytes(large file) Image Data (Refer to estimate table) 9 Medical Images Data Transmission Requirements* Image Type Ultrasound Other (Angiography, Endoscopy, Nuclear Med., Cardio logy, Rad iology) Computed Tomography Magn etic Resonance Imaging Digi tized (Scanned) X-Ray Digi tal Radio logy “ “ (high quali ty) Mammograp hy Image Image resolution Size less Control & Spatial Size( bits/pixel) error bits 512x512 x8 256 Kbytes 512x512 512x512 1024x1024 1024x1280 2048x2048 2048x2048 4096x4096 x8 x12 x12 x12 x8 x12 x12 256 Kbytes 384 Kbytes 1.5 Mbytes 1.9 Mbytes 4 Mbytes 6 Mbytes 25 Mbytes *Source: Ferrante, F.E.,“Evolving Telemedicine/eHealth Technology,” Telemedicine and e-Health, Vol 11, Number 3, June 2005, Mary Ann Liebert, Inc Publisher, ISSN-1530-5627. 10 Wireless Telecommunications Services Broadband Services 802.11n WiMax Security PKI VPN Secure ID WEP/WPA/WPA2 (802.11i) 11 How New Technologies Stack Up Actual performance will vary depending on factors such as how the technology is deployed, the user’s distance from base stations, and interference. Data Rate (megabits per second) 1,000 WPAN WLAN WMAN WWAN Ultrawideband 100 Wi-Fi (802.11n) Wi-Fi (802.11a/g) 4G cellular WiMax mobile (802.16e) 10 3.5G cellular Wi-Fi (802.11b) Bluetooth 2.0 WiMax (802.16) 3G cellular 1 Bluetooth 1.2 2.5G cellular -1 2G cellular Established Emerging Source: Technology Review, October 2005 12 Security of Patient Records Wireline Communications/Computer Access Database Encryption Public Private Key access control Routine Password Control and Management Isolation of Database Server from outside access except via Virtual Private Network (VPN) and Secure ID handheld devices or Secure Private Key system Wireless Communications Wire Equivalent Privacy (WEP) Poorly designed, vulnerable Wireless Protocol Architecture (WPA)& WPA2 Improved Security Encoding Enterprise Security Offering(Both WPA and WPA2 now available for Wireless operations as alternate to WEP) 13 References [Corr 2006] Corrigan, Mike (Current Chair MTPC), “ConsumerCentered Electronic Health Records and e-Health - Roadblocks and Opportunities,” presented to GEIA Roundtable, June 29, 2006 -Available at: http://www.ieeeusa.org/volunteers/committees/mtpc/index.html [IEEE-USA]IEEE Medical Technology Policy Committee Web Site ttp://www.ieeeusa.org/volunteers/committees/mtpc/index.html 14 http://www.ahcccs.state.az.us/eHealth/Presentations/Endsley.ppt Electronic Health Record (EHR) Adoption in Arizona: A View from the Frontlines Scott Endsley MD MSc Medical Director, System Design Health Services Advisory Group 15 Health Services Advisory Group • Medicare Quality Improvement Organization (QIO) for Arizona • Founded in 1979 by Arizona doctors and nurses, HSAG is one of the most experienced QIO’s in the nation. • Dedicated to improving quality of care delivery and health outcomes through information, education, and assistance • Partner with physicians, health plans, nursing homes, hospitals 16 Most Healthcare Comes from Small Practices 1460 primary care practices 92% 1-3 physicians 98% less than 8 physicians 17 Health Information Technology Use in Arizona AzAFP/ACP/AOMA Survey (Jan-March 2005) Harris Survey (Maricopa County Medical Society) Summer 2004 18 Key Findings 87% have high-speed Internet access 13.5% currently using electronic health records 25% ready to purchase in next 2 years 29+ electronic health record vendors active in Arizona market 19 Office Practices are Saying…. Drug checking, reminders sound great, but can I afford this as a solo practitioner? Will I be able to connect with my hospital? Will the vendor be able to support my needs? Will my patient’s information stay private? Most of my colleagues still use paper, shouldn’t I wait till electronic medical records are the standard of care? I have been using paper for 20 years, how will I ever get them all into my electronic medical record? 20 The IT Adoption ‘Gap’ How do we get here We are here 21 PREDICTING THE FUTURE Tipping point in next 3 years Interpersonal effect 20x more potent than mass marketing effect Source: Ford et al. “Predicting the Adoption of Electronic Health Records” JAMIA, 2006, 13: 106 22 IT Market Failure: A Prisoner’s Dilemma $1.6 billion in health care Highly fragmented delivery and financing models Asymmetric risk assumption and benefit sharing 12% DECLINE in proportion of pay for performance programs with IT incentives IT incentives small = 4% of total incentive. Are you locked behind your medical loss ratio? 23 If HIT were a Gallon of Gas…. We spend 400X LESS than Great Britain 24 Per “Average” Provider Annual Cost Saving Projections $18,000 ADE Reductions $16,000 Laboratory $14,000 Radiology $12,000 $10,000 $8,000 $6,000 Medication Only 11% ($3080) accrues to physician $28K $12.3K $16.6K Int Rx Int Rx-Dx $4,000 $2,000 $2.2K $2.5K $0 Basic Rx Basic Rx-Dx Adv Rx-Dx 25 The Market Opportunity $200 Billion Market 26 Highly Costs variable (e.g. $3,000- $134,000) Components: o o o o o o Hardware Application (both primary and 3rd party) Training Support Maintenance Interfaces 27 Bridging the GAP Ten Key Strategies Demonstrate relative advantage Triability Observability Use multiple channels of communication Work with homophilous groups Stay tuned to changes Social networks Opinion leaders Compatibility Infrastructure Source: Cain and Mittman, Diffusion of Innovation in Health Care, Institute for the Future, May 2002 28 Barriers to Electronic Transformation Financial High up-front cost Underdeveloped business case High initial physician time costs Technical Inadequate technical support Lack of standards Security and privacy Behavioral Concerns about IT effect on office culture Organizational Change Patient-physician communication Workflow changes Technical competence Staff Training 29 Hard Dollar Benefits Hard Dollar Benefits Example Conditions Amount Capture lost charges IF charges are now being lost 1% - 5% revenue gain Reduce ‘defensive downcoding’ IF downcoding is prevalent 5% - 11% revenue gain Reduce claims denials & delays IF denials or delays are common 15 – 30 day A/R speedup Increase preventive and management services IF new services are profitable AND capacity exists 5% revenue gain Reduce transcription IF dictating AND willing to change $5k - $15k/yr costs cut ROI ~$33,000/provider starting at 2.5 years after investment, most of which accrues from better coding and charge capture 30 Doctors Office Quality Information Technology (DOQ-IT) Initiative 3-year initiative of Centers for Medicare & Medicaid Services (CMS) focused on small to medium sized primary care practices Aim: transformation of care through widespread adoption of electronic technologies in office practice State Quality Improvement Organizations have developed technical assistance services Expand the Adoption Rate by 5-6% 31 Roadmap Assessment Planning Vendor Selection Implementation Care Management ASSESSMENT – practice readiness, workflow analysis PLANNING – make business case, prioritize needs, set goals SELECTION – identify options, evaluate, decide, contract IMPLEMENTATION – prepare, build interfaces, go-live, problem solve CARE MANAGEMENT- chronic care redesign, report data, improve 32 DOQ-IT Services EHR University Onsite consultations Web resources – www.azdoqit.org Physician Champions Network IT Events/ Vendor Fairs 33 DOQ-IT Support 34 Our Website – www.azdoqit.org • Tools & Resources • Consulting Services • Arizona IT news & events • Register for EHR University • Complete Practice Readiness Assessment 35 Early Lessons from Frontlines Cost and loss of productivity concerns Huge disinterest on part of payers Second wave of adoption Free isn’t free enough Waiting for the government solution 36 University of Arizona implementing Allscripts systems across 22 site network Arizona Community Physicians implementing Allscripts across 89 providers Arizona State Physicians Association promoting Synamed to 900 practice network Arizona Medical Clinic implemented GE Centricity, uses as basis for pay for performance Canyonlands Community Health Centers rolling out NextGen across 5 clinics …..and many more clinics and organizations engaging in electronic transformation 37 Yuma Regional Center for Border Health Administer a discount care program – Community Access Program of Arizona (CAPAZ) 52 providers, 500 patients Exploring use of CCR-based technology to track patients (especially medications across Arizona/Sonora border) 38 Our Challenge Define electronic health care as the standard Close the technology gap-help small offices find ways to finance technology Assist practices accomplish the practice redesign to effectively use new technologies, including use of data for improvement Connect all parts of the healthcare system including consumers 39 THANK YOU! Scott Endsley 602.745.6342 sendsley@hsag.com Email: azdoqit@hsag.com Website: www.azdoqit.org 40 41 http://www.informatics-review.com/talks/TEPR-2003/max.ppt May 13, 2003 “Electrifying” th 1/7 of US Economy Presentation to TEPR Gary A. Christopherson, Senior Advisor to Under Secretary Veterans Health Administration, Department of Veterans Affairs 42 Maximize Health/Ability & Satisfaction US Health System National Health Policy Quality Assurance BP/ H&IT Ideal Clinical Care Health Surveillance Preventive Measures Education Evaluation/Diagnosis In-/Outpatient Treatment Community Treatment Rehabilitation Information Research & Development Status - Well, Acute Illness, Chronic Illness, Custodial Birth Population, Person/Enrollee, Episode Death “Occupational” Environment “Community” Environment Care Episode / Chronic Care BP/ H&IT Ideal Community Care (Home / Workplace) Health Surveillance Preventive Measures Education Evaluation/Treatment Rehabilitation Information Direct Care / Info/Prevention US Health – Goals, Strategic Principles, Outcomes, Leadership/Management, Benefits, Culture/Environment, Resources, Information, History Health Risks 43 Drivers for health • Maximize health/abilities • Maximize satisfaction • Maximize quality • Maximize accessibility/portability • Maximize affordability • Maximize patient safety (defects/errors to zero) • Minimize time between disability/illness & maximized function/health (time to zero) • Minimize inconvenience (inconvenience to zero) • Maximize security & privacy 44 Potential timetable to “paperless” Standards • Data • Communications --------------------- Health Info Systems • Electronic Health Records Systems (EHRs) • Personal Health Record Systems (PHRs) • Info Exchange Adoption by health organizations Adoption by persons Paperless (IOM) Affordable, high quality, standardsbased EHRs, PHRs & Info Exchange 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 45 Toward standards & high performance info systems • HealthePeople Strategy: •Move Federal & Nation to national standards & high performance health info systems – EHR, PHR, HIE – supporting ideal health systems • HealthePeople Concept: •Collaboratively develop by public & private sectors •Support by consumers, providers, payers & regulators •Meet consumer, provider, payer & regulator needs •Achieve info standards for data, communications, security, systems & technical •Build/buy & implement high performance systems •Public ownership/sharing of at least one high 46 performance system for special needs populations HealthePeople - High Performance Information Systems Components/Links/Standards My HealthePeople Outside health organizations [web site, virtual health record, trusted information, self-reported information, link to other health providers] S “e” communications/ transactions S S Registration, Enrollment & Eligibility System Database/ Standards S S Health Provider (including clinical Interface, e.g. CPRS, CHCSII, & RPMS) & Data System Database/ Standards Database/ Standards S S Provider Payment System S Management & Financial System Billing System Blood System Scheduling System Radiology System Pharmacy System Laboratory System Enrollment System S S 47 HealthePeople - High Performance Information Systems Components/Links/Standards My HealthePeople Outside health organizations [web site, virtual health record, trusted information, self-reported information, link to other health providers] S “e” communications/ transactions S S Registration, Enrollment & Eligibility System Database/ Standards S S Health Provider (including clinical Interface, e.g. CPRS, CHCSII, & RPMS) & Data System Database/ Standards Database/ Standards S S Provider Payment System S Management & Financial System Billing System Blood System Scheduling System Radiology System Pharmacy System Laboratory System Enrollment System S S 48 My HealtheVet / My HealthePeople Other health organizations Electronic Health Record System Software & Hardware My HealtheVet / HealthePeople [Personal Health Record System] Database/ Standards S S Person S S S Primary health provider “health in a box” on PC & web site via community, health, non-health, government S Electronic Health Record System (e.g. VistA) Software & Hardware Database/ Standards Health Record •Access to health records •Sharing health records •Self-entered health record Services •Checking/filling prescriptions •Checking/confirming/making appointments •Checking/paying co-payments •Participating in support groups •Health decision support •Health self-assessment •Messaging with health provider •Diagnostic/therapeutic tools •Reminders •“Checking in” •Safety services/tools •Links to other health sites Information •Trusted information 49 My HealtheVet Phasing • Phase 1 • Presentation framework • Health education content • VA developed content (e.g., seasonal health bulletins, health tip of the day, Veterans Health Initiatives, interactive chat) • Portal personalization features • Phase 2 • Rx Re-fill • Self Entered Data (excluding self entered metrics) • Phase 3 • View Co-pay balance • View Appointments • Self Entered Metrics • Phase 4 (Electronic Health Record) • • • • eVAult VistA extracts Delegate function User and system administration functions 50 My HealtheVet Timeline • Summer 2003 • Foundational online environment with VA-developed content, health education information, and self-assessment tools • Fall 2003 • Prescription refill and self-entered data* • Winter 2004 • View total co-payment balance, view next scheduled appointment** • Spring 2004 • Electronic patient record data and migration from pilot to national system*** * Requires proofing solution in place ** Requires Secure Web Transaction Architecture; otherwise, reduced-capability service still possible. 51 *** Requires Secure Web Transaction Architecture implementation Potential of “Best Practices” / Ideal Systems Veteran (and their families) not receiving care currently 20+ million veterans not receiving VHA care currently can benefit via My HealtheVet getting trusted info, keep a personal health log, store their non-VHA health record, do internet dialogue with health advisor, help family & friends get care, form peer-to-peer support groups, be notified of benefit & care site info, be notified of service-related illness information (e.g. SHAD, Gulf War Illness), register/apply for benefits & arrange for first appointment. Ideal – Via My HealtheVet, veterans entering VHA for care have already established/trusted relationship & VHA already has basic info on which to base care; veteran is strong partner in health. Family of veteran not yet receiving care Via My HealtheVet, can assist veteran with accessing care or benefits, get trusted info, do an internet dialogue with a health advisor with their veteran family member, form peer-to-peer support groups, be notified of benefit & care site info, be notified of service-related illness information (e.g. SHAD, Gulf War Illness), register/apply for benefits & arrange for first appointment for their veteran family member. Ideal – veterans families feel VHA cares 52 & can be trusted; family is strong partner in health. Potential of “Best Practices” / Ideal Systems Person (and their families) not receiving care currently People can benefit via My HealthePeople where they get trusted info, keep a personal health log, store their health records, do internet dialogue with health advisor, help family & friends get care, form peer-to-peer support groups, be notified of benefit & care site info, be notified of work-related illness information, register/apply for benefits & arrange for first appointment. Ideal – Via My HealthePeople, people entering for care have already established/trusted relationship & provider already has basic info on which to base care; person is strong partner in health. Family of person not yet receiving care Via My HealthePeople, can assist person with accessing care or benefits, get trusted info, do an internet dialogue with a health advisor with their family member, form peer-to-peer support groups, be notified of benefit & care site info, be notified of workrelated illness information, register/apply for benefits & arrange for first appointment for their family member. Ideal – persons’ families feel health provider cares & can be trusted; family is strong partner in health. 53 National standards & high performance systems Health Information Standards Systems VA, DoD, IHS individual/joint adoption Consolidated Health Informatics (CHI) HealthePeople(Fed) Public/Private •Individual (e.g. Kaiser Permanente) •Joint (Connect. Health, eHealth, NCVHS, SDOs, … HealthePeople DoD CHCS II VA HealtheVet-VistA IHS (upgraded RPMS) HealthePeople(Fed) Public/Private (CMS, VA, health providers/ payers/regulators, private sector vendors) 2001 HealthePeople Standards – Jointly develop/set/use. Systems – Develop/enhance/use high performance, interoperable. Exchange – Develop two way with computable data. National Health Information Standards Exchange/ Sharing High Performance Health Info Systems Personal Health Record Systems 2010 Standards – Nationally accepted. Systems – High performance, interoperable. 54 Exchange – Two way with computable data.
