Patient Access To Electronic Medical Records Strengthened By New HHS Rules 53
dstates writes "The Department of Health and Human Services has released newly revised rules for the Health Information Privacy and Accountability Act (HIPAA) to ensure patient access to electronic copies of their electronic medical records. Several years ago, there was a great deal of excitement about personalized health information management (e.g. Microsoft HealthVault and Google Health). Unfortunately, patients found it difficult to obtain their medical records from providers in formats that could easily be imported. Personalized health records were time consuming and difficult to maintain, so these initiatives have not lived up to their expectations (e.g. Google Health has been discontinued). The new rules should address this directly and hopefully will revitalize interest in personal health information management. The new HIPAA rules also greatly strengthen patient privacy, the ability of patients to control who sees their medical information, and increases the penalties for leaking medical records information. 'Much has changed in health care since HIPAA was enacted over fifteen years ago,' said HHS Secretary Kathleen Sebelius. 'The new rule will help protect patient privacy and safeguard patients' health information in an ever expanding digital age.'"
About time but is it enough (Score:5, Interesting)
A family member had been hospitalized and surgery was indicated. However, the current CT image showed something that may contraindicate surgery if it was new, but would not do so if it was an artifact of a previous surgery many years before. The only way they could tell was to compare the current image with an image several years old, but after the prior surgery. There was such imaging done at a different hospital about 20 miles away about eight years prior and the doctor learned that they did have the image archived. However, the only way to get the image to him was for someone to drive to the hospital and bring a copy of it back on a CD. I made that trip and the CD showed that the suspicious object on the CT scan was an artifact from a surgery over a decade prior.
This made me realize how important having one's own copy of complete medical records could be. It would be so easy to have them on even a small thumb drive and they could be encrypted for security. The real problem is getting the medical community to give the patient those records in electronic format, and that format should be an open and published format and not in any way proprietary.
Re:About time but is it enough (Score:4, Insightful)
As someone who develops medical records, let me tell you "good luck with that".
As a newcomer to the field (with hundreds of competitors) fighting to carve a space for ourselves we're all for it, after all if you don't like your current system, an open record format makes it easy to import it into our system.
Obviously, the established players aren't so happy with it, but there's one more party who's against it too: the doctors themselves. They don't realize it, but their own actions are fighting this tooth and nail. "Why can't I just dictate everything in a box?" "Why can't i just write it down and scan it in" "I don't want my chart to say Weight can't it just say W"?
TL;DR: the format already exists, it's called PDF.
Re:About time but is it enough (Score:5, Informative)
As a physician involved in this mess (and it's a mess), let me chime in and say that you're partially right and partially wrong (TL;DR - it's complicated).
Yes, lots of health care providers (doctors, nurses and ancillary personell) absolutely hate change. There are doctors who are perfectly happy scribbling down a paragraph of acronyms and abbreviations and calling it a day. Then they get mad at the nurse because she can't figure out just what the hell the doc meant.
Those people need to get put in a closet and only used in emergencies (fat chance). Then there are EHR providers that can't program anything harder than "hello world" without six months of testing. It should be fairly easy, for example, to input weights in pounds and convert it on the fly to kg (or stones or troy ounces for that matter). Instead you have input fields that are rigidly structured, and worse, fail in unspecified ways requiring you to re input the data. Those programmers need to be put in a closet an left there.
The problem with patient data is that you don't know the level of understanding that you are shooting for. Do you dump everything out in Doctor Babble? Do you try to make it read at a 5th grade level? Do both? Something else?
PDF is fine for data output that would be static - not so good if the patient wants the new provider to input it into another system. That's a difficult problem to solve. HL7 was supposed to be the standard that offered a solution to that, but, like most standards, it suffers from implementation problems.
And the new gem:
When individuals pay by cash they can instruct their provider not to share information about their treatment with their health plan.
is going to really jam things up. Now you have to sort data on a whole new metric - who can see it. I predict this isn't going to work out well, although I understand the rationale behind it. I also understand how this is going to be abused - your doctor / healthplan doesn't see the fact that you paid for a script for 150 Vicodan. You'd like some more.... Whatcouldpossiblygowrong.
Re: (Score:1)
GP again.
It should be fairly easy, for example, to input weights in pounds and convert it on the fly to kg (or stones or troy ounces for that matter).
It is easy. When they use our field to do that. When they want to dictate "21 year old 18 stone female presents in my office with a blistering rash on the upper right thigh" that's their problem (and they make it my problem).
HL7 was supposed to be the standard that offered a solution to that
Except that it really, really wasn't. Wasn't ever supposed to be.
Re: (Score:2)
Don't you love how a management task gets offloaded to the technology....again.
If you don't want your RNs to look at their records then tell them not to and have and run an audit report to see if they are or are not....then fire them for ignoring you and if you really don't like them, report them to the licensing board for breaking ethical and legal codes.
Re: (Score:2)
umm....Data is data...if you have access to the medical data then something other than simple ACLs needs to be used to stop a user who has access tot eh data from accessing a specific set of records....unless you expect the physician to go it and manually manage that....sorry...he has a practice to run.
Re: (Score:2)
and a physician who has a sole proprietorship practice... maybe a partner and 10 employees....
Just an FYI...we work with a large EMR in the hospital system I work for and we do not manually lock down the medical record from the users....our EMR is smart enough to look at your provider record, your user record and the patient's record and determine if you are opening your own record. It does not stop you but it pops up a warning that requires you to explain why you are opening it and it ends up on an audit r
Re: (Score:3)
Re: (Score:2)
Sorry it does not work like that.....the data is protected...a user of the system is not allowed to access their medical chart using the system.
Re: (Score:2)
You're trying to solve the problem of electronic patient journals, very good luck with that. But the grandparent is right in one thing - it'd be a helluva start to get "electronic paper journals" off the ground. Sure it *would* be nice if it existed in plain text or a structured format that could be parsed electronically as well, but currently a lot is done by printer/scanner/photocopier that didn't have to go via physical paper.
Re: (Score:3)
As a patient involved in this mess, first, let me say that you sure are putting a lot of people in the closet. :)
(And I heartily agree.)
As a patient, what drives me crazy is that each health care provider wants you to fill out forms with the same questions. Each form is just different enough that I can't make a standard form and just take it with me. "Yes, I have high blood pressure (and you people are part of the reason, heh), yes, I've had surgery, my father had heart trouble and both parents have had can
Re: (Score:2)
So it wold jam things up to treat some patient's information different than other's? I think that proves the deceptive fallacy in the patient opt out of the original HIPPA.
We have all seen the HIPPA privacy disclosure forms they give you in the doctors office. Part of that form says that you have the right to request changes with respect to how your data is handled. But as coldwetdog points out, if they say yes it could require new software, maybe even new sort fields in their databases (horrors!). So of
Re: (Score:2)
So it would jam things up to treat some patient's information different than other's? I think that proves the deceptive fallacy in the patient opt out of the original HIPPA.
We have all seen the HIPPA privacy disclosure forms they give you in the doctors office. Part of that form says that you have the right to request changes with respect to how your data is handled. But as coldwetdog points out, if they say agree to a change it could require new software, maybe even new sort fields in their databases (horr
Re: (Score:2)
"TL;DR: the format already exists, it's called PDF."
No, it isn't.
PDF is a proprietary format that can change at any time at the behest of Adobe. (And in fact has changed on a pretty regular basis, with no requirement for "public" input.) So far, they have decided to be user-friendly about making the format available to the public, but there is NOTHING saying that will be true tomorrow.
A standard medical record format has to be PUBLIC, not proprietary. The Open Document standards (Open Office, Libre Office) come a hell of a lot closer to a truly public
Re: (Score:2)
Wikipedia sayz:
Re: (Score:2)
"Wikipedia also sayz:"
Well, good for Wikipedia.
.pdf. Then see if you can open it with an older program that was made to read the .pdf specification as it was in 2008 or 2009.
Now create a nice graphic-and-fancy-text-filled web page in Adobe Illustrator CS5 (or 6 now, if you prefer), and save it as
And good luck with that.
Re: (Score:2)
"Adobe does, however, make use of the extension bits. So, don't use Adobe products and you won't have a problem."
Re: (Score:2)
The problem with your solution is that it requires patients to behave in a rational and appropriate fashion. Asking an individual to be responsible for their medical records just doesn't work on the whole. Too many people can't be arsed. Too many people would purposefully hide data. And there are many, many people who would simply find this to be impossible - my demented mother, for instance.
At present, there are many ways to keep track of important medical information. A piece of paper with your relev
Re: (Score:3)
I too was surprised that the image could not be transmitted electronically between the two hospitals. Some prior experienc
Re: (Score:1)
Kaiser is now much harder to work with.
They will not request medical records to be transferred from your old doctor. As far as I can tell, you must request them directly from your old doctor on paper (this generally means paying for copying costs at a jacked up per page rate) then the fun really begins.
You can't just take the copies of the records to Kaiser and ask them to put them in the system, you have to take them to the doctor (in that department) with an appointment and have the doctor designate what
Re: (Score:3)
There is some rational thinking behind parts of those policies:
- In general, having a patient directly give a doctor records makes tampering with the record a real possibility. No real way to ensure that the record hasn't been modified or simply trimmed of data that the patient didn't want anyone to know or just simply thought wasn't relevant.
- Some EHRs dump every cold and sniffle to the output. EHRs, especially on complex patients, suffer from a signal to noise problem. Unfortunately, the best way to d
Re: (Score:2)
it is a hospital....of course a committee of no nothing administrators made decisions based on stupid political BS with wrong assumptions because they fail to even know who the right people are to pull in and ask.
Re: (Score:2)
ugh...KNOW-nothing....this place needs an edit.
What's not in the article (Score:4, Informative)
One thing it misses - the "Final Rule" part of it implies that this is it. It's not.
The requirements from HITECH come in three stages - and this is the final rule for stage 2. There's an entire additional stage coming to further enhance what hospitals are doing to improve the quality of health care with technology.
Of note, too, hospitals who meet these requirements get additional reimbursement from Medicare (Beaucoup bucks). Those that don't get reduced reimbursement from Medicare. So a lot of these rules aren't entirely mandates, but close enough.
For what cost? (Score:4, Interesting)
A year or so ago our doctor switched over to electronic records. Now they want $75 per person for us to get a copy of our records as an administrative fee. All they need to do is print the records off of the computer. Minimal labor, minimal cost, not even very many pages. They're just using the fact that they're now electronic records as a means to collect more fees. It is greed on the doctor's part, plain and simple.
Re: (Score:3, Insightful)
I'm a doctor who is involved with the hospital's IT and EMR. The cost of switching over to electronic records is an already expensive proposition at the beginning and where the vendors get you is for maintaining the EMR on a yearly basis. Yes, it is minimal labor and not many pages but it is NOT minimal cost. Neither the private insurance nor medicare/medicaid reimburse the doctor for his or her use of the EMR and the patient is saddled with the cost.
Re: (Score:2)
Re: (Score:2)
That cost is your problem. Not mine. I did not ask my doctor to switch to electronic records. They shouldn't be charging an arm and a leg for me to get a copy of my own records. They don't do this for the paper records, only the last years that are in electronic form.
Re: (Score:2)
dump your doctor.
Not under these new rules (Score:1)
The cost has to be the actual cost of making the copy and delivering it to you(postage, for instance) They cannot charge for search, retrieve, or things like transportation from an offsite location. Basically, they can charge for the labor and materials to burn a CDROM or make photocopies.
Access rules in the UK - compare and contrast (Score:1)
Re: (Score:1)
Actually the fee isn't limited to 10GBP: they can charge reasonable costs and postage. For health record requests from the NHS, though, it's capped at 50GBP.
Also, it's not quite that simple. You have to work out who has the data, and they might have destroyed it. I've recently requested my medical records, and while my GP was able to supply me with everything they had (basically summary notes for my entire medical history) for 15GBP plus postage, the hospital where I had a battery of tests in 1990 destroyed
HIPPA isn't about patient rights to information (Score:2)
Re: (Score:2)
And the moon landings were a fake...and Obama signed executive orders to allow the UN to kick in my door and take my guns if they feel like it!!
[/ stupid conspiratorial nut]
Don't trust "the cloud" (Score:2)
"Google Health has been discontinued"
2012 was the Year of the Cloud Going Away. Several major service vendors bailed completely. GoDaddy dropped their cloud service last October [gigaom.com], Dell discontinued their Quest Cloud Automation Platform [quest.com] and Harris dropped theirs last February. [informationweek.com]
On the consumer side, where the contracts are heavily biased towards the vendor, it's worse. Apple dropped MobileMe, and Google dropped a long list of products. Windows Live Mesh shuts down February 13, 2013. [binlogs.com]
When cloud services die, they tend to die fast. A business
Re: (Score:1)
Re: (Score:2)
"Leveraged support model" does not mean what you think it means. [iu.edu]
Re: (Score:2)
To be honest, people who called themselves "the cloud" were the pets.com of the post-dot-bomb era. "The cloud" existed before it became a buzzword, and it will continue to exist afterwards for the use cases where it makes sense.
Get out! Get out now! This post is coming from inside The Cloud [tvtropes.org]!
Standards required (Score:2)
You want to make electronic health records easier for consumers?
1. Set up a standard XML format for records and mandate that all providers must give consumers access to the data in that standard format (other formats are allowed, but the standard format's required). That'd give services and software at least one format they can target for import/export that the patient's guaranteed to be able to get. Make sure the format inclues a "Notes" element that's free-form text, so providers can include stuff that wo
Re: (Score:2)
You're over-loading the problem. You do IT work, so stop and think a minute about how many problems you've stated here:
1. A format for holding the patient's complete medical record for permanent storage and transfer between systems.
2. Formats for sending various types of requests between systems, eg. sending a prescription from the doctor to the pharmacy.
3. Internal working storage that holds the data a particular system needs in a form that's easy for that system to handle.
Now, why would I use the same for
Re: (Score:2)
Can't even get it right? (Score:1)
You'd think /. would be able to get HIPAA right, given they also link to the description of the abbreviation. "Health Insurance Portability and Accountability Act", folks.
the sad thing is... (Score:2)