1. US Health Information Interoperability: Challenges and HIPAA Roy Rada, M.D., Ph.D. Univ. Maryland Baltimore County rada@umbc.edu

2. 2 Point Interoperability is the holy grail. However, problem is not primarily technical. In US, challenge is autonomous professional providers and disconnect between consumer and payer. Progress requires appreciation of complexity.

3. 3 Interoperable U.S. National Committee on Vital and Health Statistics: adequate computerized patient record requires that clinically specific data are captured once at the point of care and that all other legitimate data needs are derived from those data == interoperability What components need access?

4. 4 Components Major components in a hospital information system are: patient management, administration, and clinical support. Patient management includes medical records, registration, and order entry

5. 5 Medical Record Each data element has : patient identifier, attribute (for example, heart beat), value of the attribute (for example, 60 beats per minute), and time the value of the attribute was collected. Medical records department ‘owns’ record.

6. 6 Registration Checks with medical record when arriving patient in Master Patient Index. Mistakes frequently occur due to lack of unique identifier. However, in US politicians axed proposed unique patient identifier regulation due to privacy fears. At mundane level, registration needs to interoperate with other systems.

7. 7 Order Entry Interoperability challenge due to physician workflow changes. Impressive support of CPOE in US from www.leapfroggroup.org www.leapfroggroup.org Over 170 employers who pressure health plans to reward providers who implement CPOE

8. 8 Administration Patient accounting systems are most popular Scheduling systems tend to serve niche markets but should interoperate Financial management

9. 9 Clinical Support Clinical support departments: operating rooms, pathology, pharmacy, and radiology. Different departments get information systems from different vendors. Interoperability is challenge.

10. 10 Populations Middle-income: physicians in private practice financed by nongovernmental funds. Poor: emergency room of county hospital. Military: government comprehensive. These 3 systems should interoperate.

11. 11 Health Plan A health plan pays cost of medical care. Health plan determines premiums, enrolls members, checks eligibility, adjudicates claims, pays provider. Interoperability in US must involve health plans. If plans compete with proprietary features, what of interoperability?

12. 12 Standards From technical perspective, key to interoperability is technical standards. Stakeholders are: Providers and Payers Government Standards Development Organizations Vendors

13. 13 medical record laboratories billing payers radiology medical devices patient registration X12 HL7 & ASTM IEEE HL7 DICOM

14. 14 HIPAA Government intervenes for interoperability. Health Insurance Portability and Accountability Act (HIPAA). Administrative Simplification: standardization of ‘identifiers and code sets’ and ‘provider- payer transactions Politicians added privacy and security. Year 2000 - now

15. 15 Transactions Alphanumeric strings For example, the ‘Information Source Name’ might be transmitted as: PR*2*Blue Cross Blue Shield Illinois****PI*12345~ Transactions will include a claim attachment which is a medical record.

16. 16 Providers 270 eligibility inquiry → ←271 eligibility information Payers 837 claim submission→ ← 835 payment advice

17. 17 General Practice FieldsValues # Visits/Week260 Ave Claim Value$191 Staff cost/hr$14 Ave # Trans/Week400 Manual Min/Trans10 Electronic Min/Trans0.5 Manual Yearly Cost$49,000 Elect Yearly Cost$2,000 Bad debt.11 to.03$207,000

18. 18 Problems Compliance with the intent of the Transactions Rule difficult: Entities promulgate too many entity-specific requirements within a Companion Guide. Challenge to interoperability.

19. 19 Privacy Rule National framework for health privacy protection. Penalties: fine of $50,000 and one year in prison for basic offenses fine of $250,000 and ten years in prison for intent to use information for gain.

20. 20 Minimum Necessary Standard treatment-related exchange among providers is free; disclosures on a routine basis, such as insurance claims, require policies; and non-routine requests must be reviewed on a case-by-case basis to assure only minimum necessary information disclosed. Workflow management is way to get privacy and interoperability.

21. 21 De-identification Privacy Rule applies only to ‘individually identifiable health information’. Rule defines acceptable de-identification criteria. Opens certain path to interoperability.

22. 22 Administration Covered entities are required to: Designate a privacy officer; Document their policies and procedures; Train everyone on privacy; Provide a means for individuals to complain; and Have sanctions for employees who violate.

23. 23 Result Compliance with Privacy Rule has been at enormous cost to the health care system But creates a public perception of trust on which interoperability could build

24. 24 Security Rule Security Rule makes health information safe from people without authorization. Privacy Rule describes circumstances under which information may be used. Security supports Privacy.

25. 25 New Standard DHHS must adopt standards developed by accredited Standards Development Organizations when possible. No existing standard was technology-neutral and scaleable enough. So, DHHS developed a new standard. Standard supports interoperability

26. 26 More Flexible than Privacy Two types of Implementation Specifications: Required: Entity is required to implement the specification. Addressable: The entity may assess whether the specification is reasonable for the entity. If the entity determines that an addressable implementation specification is not a reasonable approach to its security needs, then the entity must only document why. This supports diffusion of the standard

27. 27 Administrative Safeguards Require: risk analysis and risk management sanction policy and activity reviews access policies and contingency plans This cost/benefit mentality is wise for system interoperability decisions too

28. 28 Safeguards Technical Safeguards: access control, audit, integrity, authentication, and transmission. Physical Safeguards: facility access controls, proper workstation use and physical security, and device and media controls.

29. 29 Security Result Annual maintenance costs are high. Takes time of every employee (e.g. security checks at doors). But again creates a foundation from which interoperability of EHR can grow.

30. 30 Diffusion: Politics The health care system is thousands of relatively autonomous units. Interoperability is political challenge. Standards are needed, and standardization is also essentially political.

31. 31 Diffusion: International Health care systems nationally: Entrepreneurial (US), Welfare-oriented (Canada), Comprehensive (Britain), and Socialist (Cuba). have differences that are challenge to trans- national interoperability

32. 32 Many National Efforts UK NHS is integrating local networks. Australia has National Health Information Model. US has Office of National Coordinator for Health Information Technology. Direction is toward national interoperability

33. 33 Conclusion Interoperability of EHR should be approached from multiple levels simultaneously Advantage may be taken of progress made in different countries