From Wikipedia, the free encyclopedia - View original article
An electronic health record (EHR) is an evolving concept defined as a systematic collection of electronic health information about individual patients or populations. It is a record in digital format that is theoretically capable of being shared across different health care settings. In some cases this sharing can occur by way of network-connected, enterprise-wide information systems and other information networks or exchanges. EHRs may include a range of data, including demographics, medical history, medication and allergies, immunization status, laboratory test results, radiology images, vital signs, personal statistics like age and weight, and billing information.
The system is designed to capture and re-present data that accurately capture the state of the patient at all times. It allows for an entire patient history to be viewed without the need to track down the patient’s previous medical record volume and assists in ensuring data is accurate, appropriate and legible. It reduces the chances of data replication as there is only one modifiable file, which means the file is constantly up to date when viewed at a later date and eliminates the issue of lost forms or paperwork. Due to all the information being in a single file, it makes it much more effective when extracting medical data for the examination of possible trends and long term changes in the patient.
The terms EHR, EPR (electronic patient record) and EMR (electronic medical record) are often used interchangeably, although differences between them can be defined. The EMR can, for example, be defined as the patient record created in hospitals and ambulatory environments, and which can serve as a data source for the EHR. It is important to note that an EHR is generated and maintained within an institution, such as a hospital, integrated delivery network, clinic, or physician office, to give patients, physicians and other health care providers, employers, and payers or insurers access to a patient's medical records across facilities.
A personal health record (PHR) is, in modern parlance, generally defined as an EHR that the individual patient controls.
Paper-based records require a significant amount of storage space compared to digital records. In the United States, most states require physical records be held for a minimum of seven years. The costs of storage media, such as paper and film, per unit of information differ dramatically from that of electronic storage media. When paper records are stored in different locations, collating them to a single location for review by a health care provider is time consuming and complicated, whereas the process can be simplified with electronic records. This is particularly true in the case of person-centered records, which are impractical to maintain if not electronic (thus difficult to centralize or federate). When paper-based records are required in multiple locations, copying, faxing, and transporting costs are significant compared to duplication and transfer of digital records. Because of these many "after-entry" benefits, federal and state governments, insurance companies and other large medical institutions are heavily promoting the adoption of electronic medical records. The US Congress included a formula of both incentives (up to $44,000 per physician under Medicare or up to $65,000 over six years, under Medicaid) and penalties (i.e. decreased Medicare and Medicaid reimbursements for covered patients to doctors who fail to use EMRs by 2015) for EMR/EHR adoption versus continued use of paper records as part of the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009.
One study estimates electronic medical records improve overall efficiency by 6% per year, and the monthly cost of an EMR may (depending on the cost of the EMR) be offset by the cost of only a few "unnecessary" tests or admissions. Jerome Groopman disputed these results, publicly asking "how such dramatic claims of cost-saving and quality improvement could be true".
However, the increased portability and accessibility of electronic medical records may also increase the ease with which they can be accessed and stolen by unauthorized persons or unscrupulous users versus paper medical records, as acknowledged by the increased security requirements for electronic medical records included in the Health Information and Accessibility Act and by large-scale breaches in confidential records reported by EMR users. Concerns about security contribute to the resistance shown to their widespread adoption.
Handwritten paper medical records can be associated with poor legibility, which can contribute to medical errors. Pre-printed forms, the standardization of abbreviations, and standards for penmanship were encouraged to improve reliability of paper medical records. Electronic records help with the standardization of forms, terminology and abbreviations, and data input. Digitization of forms facilitates the collection of data for epidemiology and clinical studies.
In contrast, EMRs can be continuously updated (within certain legal limitations – see below). The ability to exchange records between different EMR systems ("interoperability") would facilitate the co-ordination of health care delivery in non-affiliated health care facilities. In addition, data from an electronic system can be used anonymously for statistical reporting in matters such as quality improvement, resource management and public health communicable disease surveillance.
Ambulance services in Australia have introduced the use of EMR systems  The benefits of EMR in ambulances include the following: better training for paramedics, review of clinical standards, better research options for pre-hospital care and design of future treatment options 
Automated handwriting recognition of ambulance medical forms has also been successful. These systems allow paper-based medical documents to be converted to digital text with substantially less cost overhead. Patient identifying information would not be converted to comply with government privacy regulations. The data can then be efficiently used for epidemiological analysis.
Health Information Exchange
Using an EMR to read and write a patient's record is not only possible through a workstation but, depending on the type of system and health care settings, may also be possible through mobile devices that are handwriting capable. Electronic Medical Records may include access to Personal Health Records (PHR) which makes individual notes from an EMR readily visible and accessible for consumers.
Some EMR systems automatically monitor clinical events, by analyzing patient data from an electronic health record to predict, detect and potentially prevent adverse events. This can include discharge/transfer orders, pharmacy orders, radiology results, laboratory results and any other data from ancillary services or provider notes. This type of event monitoring has been implemented using the Louisiana Public health information exchange linking state wide public health with electronic medical records. This system alerted medical providers when a patient with HIV/AIDS had not received care in over twelve months. This system greatly reduced the number of missed critical opportunities.
Within a meta-narrative systematic review of research in the field, Prof. Trish Greenhalgh and colleagues defined a number of different philosophical approaches to the EHR. The health information systems literature has seen the EHR as a container holding information about the patient, and a tool for aggregating clinical data for secondary uses (billing, audit etc.). However, other research traditions see the EHR as a contextualised artifact within a socio-technical system. For example, actor-network theory would see the EHR as an actant in a network, while research in computer supported cooperative work (CSCW) sees the EHR as a tool supporting particular work.
Several possible advantages to EHRs over paper records have been proposed, but there is debate about the degree to which these are achieved in practice.
Several studies call into question whether EHRs improve the quality of care. However, a recent multi-provider study in diabetes care, published in the New England Journal of Medicine, found evidence that practices with EHR provided better quality care.
EHR do help improve care coordination. Since anyone with that EHR can view the patients chart it cuts down on guessing histories, seeing multiple specialists, smoothing transitions between care settings, and better care in emergency situations  EHRs may also improve prevention by providing doctors and patients better access to test results, identifying missing patient information, and offering evidence-based recommendations for preventive services.
The steep price of EHR and provider uncertainty regarding the value they will derive from adoption in the form of return on investment has a significant influence on EHR adoption. In a project initiated by the Office of the National Coordinator for Health Information (ONC), surveyors found that hospital administrators and physicians who had adopted EHR noted that any gains in efficiency were offset by reduced productivity as the technology was implemented, as well as the need to increase information technology staff to maintain the system.
The U.S. Congressional Budget Office concluded that the cost savings may occur only in large integrated institutions like Kaiser Permanente, and not in small physician offices. They challenged the Rand Corp. estimates of savings. "Office-based physicians in particular may see no benefit if they purchase such a product—and may even suffer financial harm. Even though the use of health IT could generate cost savings for the health system at large that might offset the EHR's cost, many physicians might not be able to reduce their office expenses or increase their revenue sufficiently to pay for it. For example. the use of health IT could reduce the number of duplicated diagnostic tests. However, that improvement in efficiency would be unlikely to increase the income of many physicians." One CEO of an EHR company has argued if a physician performs tests in the office, it might reduce his or her income.
The Healthcare Information and Management Systems Society (HIMSS), a very large U.S. healthcare IT industry trade group, observed that EHR adoption rates "have been slower than expected in the United States, especially in comparison to other industry sectors and other developed countries. A key reason, aside from initial costs and lost productivity during EMR implementation, is lack of efficiency and usability of EMRs currently available." The U.S. National Institute of Standards and Technology of the Department of Commerce studied usability in 2011 and lists a number of specific issues that have been reported by health care workers. The U.S. military's EHR, AHLTA, was reported to have significant usability issues.
However, physicians are embracing mobile technologies such as smartphones and tablets at a rapid pace. According to a 2012 survey by Physicians Practice, 62.6 percent of respondents (1,369 physicians, practice managers, and other healthcare providers) say they use mobile devices in the performance of their job. Mobile devices are increasingly able to synch up with electronic health record systems thus allowing physicians to access patient records from remote locations. Most devices are extensions of desk-top EHR systems, using a variety of software to communicate and access files remotely. The advantages of instant access to patient records at any time and any place are clear, but bring a host of security concerns. As mobile systems become more prevalent, practices will need comprehensive policies that govern security measures and patient privacy regulations.
A 2008 Sentinel Event Alert from the U.S. Joint Commission, the organization that accredits American hospitals to provide healthcare services, states that "As health information technology (HIT) and 'converging technologies'—the interrelationship between medical devices and HIT—are increasingly adopted by health care organizations, users must be mindful of the safety risks and preventable adverse events that these implementations can create or perpetuate. Technology-related adverse events can be associated with all components of a comprehensive technology system and may involve errors of either commission or omission. These unintended adverse events typically stem from human-machine interfaces or organization/system design." The Joint Commission cites as an example the United States Pharmacopeia MEDMARX database where of 176,409 medication error records for 2006, approximately 25 percent (43,372) involved some aspect of computer technology as at least one cause of the error.
The National Health Service (NHS) in the UK reports specific examples of potential and actual EHR-caused unintended consequences in their 2009 document on the management of clinical risk relating to the deployment and use of health software.
In a Feb. 2010 U.S. Food and Drug Administration (FDA) memorandum, FDA notes EHR unintended consequences include EHR-related medical errors due to (1) errors of commission (EOC), (2) errors of omission or transmission (EOT), (3) errors in data analysis (EDA), and (4) incompatibility between multi-vendor software applications or systems (ISMA) and cites examples. In the memo FDA also notes the "absence of mandatory reporting enforcement of H-IT safety issues limits the numbers of medical device reports (MDRs) and impedes a more comprehensive understanding of the actual problems and implications."
A 2010 Board Position Paper by the American Medical Informatics Association (AMIA) contains recommendations on EHR-related patient safety, transparency, ethics education for purchasers and users, adoption of best practices, and re-examination of regulation of electronic health applications. Beyond concrete issues such as conflicts of interest and privacy concerns, questions have been raised about the ways in which the physician-patient relationship would be affected by an electronic intermediary.
In the United States in 2011 there were 380 major data breaches involving 500 or more patients' records listed on the website kept by the United States Department of Health and Human Services (HHS) Office for Civil Rights. So far, from the first wall postings in September 2009 through the latest on December 8, 2012, there have been 18,059,831 "individuals affected," and even that massive number is an undercount of the breach problem. The civil rights office has not released the records of tens of thousands of breaches it has received under a federal reporting mandate on breaches affecting fewer than 500 patients per incident.
In the United States, Great Britain, and Germany, the concept of a national centralized server model of healthcare data has been poorly received. Issues of privacy and security in such a model have been of concern.
Privacy concerns in healthcare apply to both paper and electronic records. According to the Los Angeles Times, roughly 150 people (from doctors and nurses to technicians and billing clerks) have access to at least part of a patient's records during a hospitalization, and 600,000 payers, providers and other entities that handle providers' billing data have some access also. Recent revelations of "secure" data breaches at centralized data repositories, in banking and other financial institutions, in the retail industry, and from government databases, have caused concern about storing electronic medical records in a central location. Records that are exchanged over the Internet are subject to the same security concerns as any other type of data transaction over the Internet.
The Health Insurance Portability and Accountability Act (HIPAA) was passed in the US in 1996 to establish rules for access, authentications, storage and auditing, and transmittal of electronic medical records. This standard made restrictions for electronic records more stringent than those for paper records. However, there are concerns as to the adequacy of these standards.
In the United States, information in electronic medical records is referred to as Protected Health Information (PHI) and its management is addressed under the Health Insurance Portability and Accountability Act (HIPAA) as well as many local laws. The HIPAA protects a patient's information; the information that is protected under this act are: information doctors and nurses input into the electronic medical record, conversations between a doctor and a patient that may have been recorded, as well as billing information. Under this act there is a limit as to how much information can be disclosed, and as well as who can see a patients information. Patients also get to have a copy of their records if they desire, and get notified if their information is ever to be shared with third parties. Covered entities may disclose protected health information to law enforcement officials for law enforcement purposes as required by law (including court orders, court-ordered warrants, subpoenas) and administrative requests; or to identify or locate a suspect, fugitive, material witness, or missing person.
Medical and health care providers experienced 767 security breaches resulting in the compromised confidential health information of 23,625,933 patients during the period of 2006–2012.
Threats to health care information can be categorized under three headings:
These threats can either be internal, external, intentional and unintentional. Therefore, one will find health information systems professionals having these particular threats in mind when discussing ways to protect the health information of patients. The Health Insurance Portability and Accountability Act (HIPAA) has developed a framework to mitigate the harm of these threats that is comprehensive but not so specific as to limit the options of healthcare professionals who may have access to different technology.
Personal Information Protection and Electronic Documents Act (PIPEDA) was given Royal Assent in Canada on April 13, 2000 to establish rules on the use, disclosure and collection of personal information. The personal information includes both non-digital and electronic form. In 2002, PIPEDA extended to the health sector in Stage 2 of the law's implementation. There are four provinces where this law does not apply because its privacy law was considered similar to PIPEDA: Alberta, British Columbia, Ontario and Quebec.
One major issue that has risen on the privacy of the US network for electronic health records is the strategy to secure the privacy of patients. Former US president Bush called for the creation of networks, but federal investigators report that there is no clear strategy to protect the privacy of patients as the promotions of the electronic medical records expands throughout the United States. In 2007, the Government Accountability Office reports that there is a "jumble of studies and vague policy statements but no overall strategy to ensure that privacy protections would be built into computer networks linking insurers, doctors, hospitals and other health care providers."
The privacy threat posed by the interoperability of a national network is a key concern. One of the most vocal critics of EMRs, New York University Professor Jacob M. Appel, has claimed that the number of people who will need to have access to such a truly interoperable national system, which he estimates to be 12 million, will inevitable lead to breaches of privacy on a massive scale. Appel has written that while "hospitals keep careful tabs on who accesses the charts of VIP patients," they are powerless to act against "a meddlesome pharmacist in Alaska" who "looks up the urine toxicology on his daughter's fiance in Florida, to check if the fellow has a cocaine habit." This is a significant barrier for the adoption of an EHR. Accountability among all the parties that are involved in the processing of electronic transactions including the patient, physician office staff, and insurance companies, is the key to successful advancement of the EHR in the US Supporters of EHRs have argued that there needs to be a fundamental shift in "attitudes, awareness, habits, and capabilities in the areas of privacy and security" of individual's health records if adoption of an EHR is to occur.
According to the Wall Street Journal, the DHHS takes no action on complaints under HIPAA, and medical records are disclosed under court orders in legal actions such as claims arising from automobile accidents. HIPAA has special restrictions on psychotherapy records, but psychotherapy records can also be disclosed without the client's knowledge or permission, according to the Journal. For example, Patricia Galvin, a lawyer in San Francisco, saw a psychologist at Stanford Hospital & Clinics after her fiance committed suicide. Her therapist had assured her that her records would be confidential. But after she applied for disability benefits, Stanford gave the insurer her therapy notes, and the insurer denied her benefits based on what Galvin claims was a misinterpretation of the notes.
Within the private sector, many companies are moving forward in the development, establishment and implementation of medical record banks and health information exchange. By law, companies are required to follow all HIPAA standards and adopt the same information-handling practices that have been in effect for the federal government for years. This includes two ideas, standardized formatting of data electronically exchanged and federalization of security and privacy practices among the private sector. Private companies have promised to have "stringent privacy policies and procedures." If protection and security are not part of the systems developed, people will not trust the technology nor will they participate in it.
Legal liability in all aspects of healthcare was an increasing problem in the 1990s and 2000s. The surge in the per capita number of attorneys and changes in the tort system caused an increase in the cost of every aspect of healthcare, and healthcare technology was no exception.
Failure or damages caused during installation or utilization of an EHR system has been feared as a threat in lawsuits. Similarly, it's important to recognize that the implementation of electronic health records carries with it significant legal risks.
This liability concern was of special concern for small EHR system makers. Some smaller companies may be forced to abandon markets based on the regional liability climate.[unreliable source] Larger EHR providers (or government-sponsored providers of EHRs) are better able to withstand legal assaults.
While there is no argument that electronic documentation of patient visits and data brings improved patient care, there is increasing concern that such documentation could open physicians to an increased incidence of malpractice suits. Disabling physician alerts, selecting from dropdown menus, and the use of templates can encourage physicians to skip a complete review of past patient history and medications, and thus miss important data.
Another potential problem is electronic time stamps. Many physicians are unaware that EHR systems produce an electronic time stamp every time the patient record is updated. If a malpractice claim goes to court, through the process of discovery, the prosecution can request a detailed record of all entries made in a patient's electronic record. Waiting to chart patient notes until the end of the day and making addendums to records well after the patient visit can be problematic, in that this practice could result in less than accurate patient data or indicate possible intent to illegally alter the patient's record.
In some communities, hospitals attempt to standardize EHR systems by providing discounted versions of the hospital's software to local healthcare providers. A challenge to this practice has been raised as being a violation of Stark rules that prohibit hospitals from preferentially assisting community healthcare providers. In 2006, however, exceptions to the Stark rule were enacted to allow hospitals to furnish software and training to community providers, mostly removing this legal obstacle.[unreliable source][unreliable source]
In cross-border use cases of EHR implementations, the additional issue of legal interoperability arises. Different countries may have diverging legal requirements for the content or usage of electronic health records, which can require radical changes of the technical makeup of the EHR implementation in question. (especially when fundamental legal incompatibilities are involved) Exploring these issues is therefore often necessary when implementing cross-border EHR solutions.
|This section requires expansion. (April 2010)|
The United Nations World Health Organization (WHO) administration intentionally does not contribute to an internationally standardized view of medical records nor to personal health records. However, WHO contributes to minimum requirements definition for developing countries.
The United Nations accredited standardisation body International Organization for Standardization (ISO) however has settled thorough word[clarification needed] for standards in the scope of the HL7 platform for health care informatics. Respective standards are available with ISO/HL7 10781:2009 Electronic Health Record-System Functional Model, Release 1.1 and subsequent set of detailing standards.
The Security Rule, according to Health and Human Services (HHS), establishes a security framework for small practices as well as large institutions. All covered entities must have a written security plan. The HHS identifies three components as necessary for the security plan: administrative safeguards, physical safeguards, and technical safeguards.
However, medical and healthcare providers have experienced 767 security breaches resulting in the compromised confidential health information of 23,625,933 patients during the period of 2006-2012.
The majority of the counties in Europe have made a strategy for the development and implementation of the Electronic Health Record Systems. This would mean greater access to health records by numerous stakeholders, even from countries with lower levels of privacy protection. The forthcoming implementation of the Cross Border Health Directive and the EU Commission's plans to centralize all health records are of prime concern to the EU public who believe that the health care organizations and governments cannot be trusted to manage their data electronically and expose them to more threats.
The idea of a centralized electronic health record system has been poorly received by the public who are wary that the governments may extend the use of the system beyond its purpose. There is also the risk for privacy breaches that could allow sensitive health care information to fall into the wrong hands. Some countries have enacted laws requiring safeguards to be put in place to protect the security and confidentiality of medical information as it is shared electronically and to give patients some important rights to monitor their medical records and receive notification for loss and unauthorized acquisition of health information. The United States and the EU have imposed mandatory medical data breach notifications.
The Health Insurance Portability and Accessibility Act (HIPAA) requires safeguards to limit the number of people who have access to personal information. However, given the number of people who may have access to your information as part of the operations and business of the health care provider or plan, there is no realistic way to estimate the number of people who may come across your records.
Additionally, law enforcement access is authorized under HIPAA. In some cases, medical information may be disclosed without a warrant or court order.
The purpose of a personal data breach notification is to protect individuals so that they can take all the necessary actions to limit the undesirable effects of the breach and to motivate the organization to improve the security of the infrastructure to protect the confidentiality of the data. The US law requires the entities to inform the individuals in the event of breach while the EU Directive currently requires breach notification only when the breach is likely to adversely affect the privacy of the individual. Personal health data is valuable to individuals and is therefore difficult to make an assessment whether the breach will cause reputational or financial harm or cause adverse effects on one's privacy.
The Security Rule that was adopted in 2005 did not require breach notification. However, notice might be required by state laws that apply to a variety of industries, including health care providers. In California, a law has been in place since 2003 requiring that a HIPAA covered organization's breach could have triggered a notice even though notice was not required by the HIPAA Security Rule. Since January 1, 2009, California residents are required to receive notice of a health information breach.
Federal law and regulations now provide rights to notice of a breach of health information. The Health Information Technology for Economic and Clinical Health (HITECH) Act requires HHS and the Federal Trade Commission (FTC) to jointly study and report on privacy and data security of personal health information. HITECH also requires the agencies to issue breach notification rules that apply to HIPAA covered entities and Web-based vendors that store health information electronically. The FTC has adopted rules regarding breach notification for internet-based vendors.
The Breach notification law in the EU provides better privacy safeguards with fewer exemptions, unlike the US law which exempts unintentional acquisition, access, or use of protected health information and inadvertent disclosure under a good faith belief.
The U.S. federal government has issued new rules of electronic health records.
Each healthcare environment functions differently, often in significant ways. It is difficult to create a "one-size-fits-all" EHR system.
An ideal EHR system will have record standardization but interfaces that can be customized to each provider environment. Modularity in an EHR system facilitates this. Many EHR companies employ vendors to provide customization.
This customization can often be done so that a physician's input interface closely mimics previously utilized paper forms.
At the same time they reported negative effects in communication, increased overtime, and missing records when a non-customized EMR system was utilized. Customizing the software when it is released yields the highest benefits because it is adapted for the users and tailored to workflows specific to the institution.
Customization can have its disadvantages. There is, of course, higher costs involved to implementation of a customized system initially. More time must be spent by both the implementation team and the healthcare provider to understand the workflow needs.
An important consideration in the process of developing electronic health records is to plan for the long-term preservation and storage of these records. The field will need to come to consensus on the length of time to store EHRs, methods to ensure the future accessibility and compatibility of archived data with yet-to-be developed retrieval systems, and how to ensure the physical and virtual security of the archives.
Additionally, considerations about long-term storage of electronic health records are complicated by the possibility that the records might one day be used longitudinally and integrated across sites of care. Records have the potential to be created, used, edited, and viewed by multiple independent entities. These entities include, but are not limited to, primary care physicians, hospitals, insurance companies, and patients. Mandl et al. have noted that "choices about the structure and ownership of these records will have profound impact on the accessibility and privacy of patient information."
The required length of storage of an individual electronic health record will depend on national and state regulations, which are subject to change over time. Ruotsalainen and Manning have found that the typical preservation time of patient data varies between 20 and 100 years. In one example of how an EHR archive might function, their research "describes a co-operative trusted notary archive (TNA) which receives health data from different EHR-systems, stores data together with associated meta-information for long periods and distributes EHR-data objects. TNA can store objects in XML-format and prove the integrity of stored data with the help of event records, timestamps and archive e-signatures."
In addition to the TNA archive described by Ruotsalainen and Manning, other combinations of EHR systems and archive systems are possible. Again, overall requirements for the design and security of the system and its archive will vary and must function under ethical and legal principles specific to the time and place.
While it is currently unknown precisely how long EHRs will be preserved, it is certain that length of time will exceed the average shelf-life of paper records. The evolution of technology is such that the programs and systems used to input information will likely not be available to a user who desires to examine archived data. One proposed solution to the challenge of long-term accessibility and usability of data by future systems is to standardize information fields in a time-invariant way, such as with XML language. Olhede and Peterson report that "the basic XML-format has undergone preliminary testing in Europe by a Spri project and been found suitable for EU purposes. Spri has advised the Swedish National Board of Health and Welfare and the Swedish National Archive to issue directives concerning the use of XML as the archive-format for EHCR (Electronic Health Care Record) information."
When care is provided at two different facilities, it may be difficult to update records at both locations in a co-ordinated fashion.
Synchronization programs for distributed storage models, however, are only useful once record standardization has occurred.
Merging of already existing public healthcare databases is a common software challenge. The ability of electronic health record systems to provide this function is a key benefit and can improve healthcare delivery.
The sharing of patient information between health care organizations and IT systems is changing from a "point to point" model to a "many to many" one. The European Commission is supporting moves to facilitate cross-border interoperability of e-health systems and to remove potential legal hurdles, as in the project www.epsos.eu/. To allow for global shared workflow, studies will be locked when they are being read and then unlocked and updated once reading is complete. Radiologists will be able to serve multiple health care facilities and read and report across large geographical areas, thus balancing workloads. The biggest challenges will relate to interoperability and legal clarity. In some countries it is almost forbidden to practice teleradiology. The variety of languages spoken is a problem and multilingual reporting templates for all anatomical regions are not yet available. However, the market for e-health and teleradiology is evolving more rapidly than any laws or regulations.
The European Commission wants to boost the digital economy by enabling all Europeans to have access to online medical records anywhere in Europe by 2020. With the newly enacted Directive 2011/24/EU on patients' rights in cross-border healthcare due for implementation by 2013, it is inevitable that a centralised European health record system will become a reality even before 2020. However, the concept of a centralised supranational central server raises concern about storing electronic medical records in a central location. The privacy threat posed by a supranational network is a key concern. Cross-border and Interoperable electronic health record systems make confidential data more easily and rapidly accessible to a wider audience and increase the risk that personal data concerning health could be accidentally exposed or easily distributed to unauthorised parties by enabling greater access to a compilation of the personal data concerning health, from different sources, and throughout a lifetime.
|It has been suggested that portions of this article be moved into Health Information Technology for Economic and Clinical Health Act. (Discuss)|
In a 2008 survey by DesRoches et al. of 4484 physicians (62% response rate), 83% of all physicians, 80% of primary care physicians, and 86% of non-primary care physicians had no EHRs. "Among the 83% of respondents who did not have electronic health records, 16%" had bought, but not implemented an EHR system yet. The 2009 National Ambulatory Medical Care Survey of 5200 physicians (70% response rate) by the National Center for Health Statistics showed that 51.7% of office-based physicians did not use any EMR/EHR system.
In the United States, the CDC reported that the EMR adoption rate had steadily risen to 48.3 percent at the end of 2009. This is an increase over 2008, when only 38.4% of office-based physicians reported using fully or partially electronic medical record systems (EMR) in 2008. However, the same study found that only 20.4% of all physicians reported using a system described as minimally functional and including the following features: orders for prescriptions, orders for tests, viewing laboratory or imaging results, and clinical progress notes. As of 2012, 72 percent of office physicians are using basic electronic medical records.
The usage of electronic medical records can vary depending on who the user is and how they are using it. Electronic medical records can help improve the quality of medical care given to patients. Many doctors and office-based physicians refuse to get rid of the traditional paper records. Harvard University has conducted an experiment in which they tested how doctors and nurses use electronic medical records to keep their patients' information up to date. The studies found that electronic medical records were very useful; a doctor or a nurse was able to find a patient's information fast and easy just by typing their name; even if it was misspelled. The usage of electronic medical records increases in some work places due to the ease of use of the system; whereas the president of the Canadian Family Practice Nurses Association says that using electronic medical records can be time consuming, and it isn't very helpful due to the complexity of the system. Beth Israel Deaconess Medical Center reported that doctors and nurses prefer to use a much more friendly user software due to the difficulty and time it takes for a medical staff to input the information as well as to find a patients information. A study was done and the amount of information that was recorded in the EMRs was recorded; about 44% of the patients information was recorded in the EMRs. This shows that EMRs are not very efficient most of the time.
The cost of implementing an EMR system for smaller practices has also been criticized.[by whom?] Despite this, tighter regulations regarding meaningful use criteria have resulted in more physicians adopting EMR systems. Software, hardware and other services for EMR system implementation are provided for cost by various companies, including Dell. Open source EMR systems exist, but have not seen widespread adoption of open-source EMR system software. Beyond financial concerns there are a number of legal and ethical dilemmas created by increasing EMR use.
Electronic medical records, like other medical records, must be kept in unaltered form and authenticated by the creator. Under data protection legislation, responsibility for patient records (irrespective of the form they are kept in) is always on the creator and custodian of the record, usually a health care practice or facility. The physical medical records are the property of the medical provider (or facility) that prepares them. This includes films and tracings from diagnostic imaging procedures such as X-ray, CT, PET, MRI, ultrasound, etc. The patient, however, according to HIPAA, has a right to view the originals, and to obtain copies under law.
The Health Information Technology for Economic and Clinical Health Act (Pub.L. 111–5,§2.A.III & B.4) (a part of the 2009 stimulus package) set meaningful use of interoperable EHR adoption in the health care system as a critical national goal and incentivized EHR adoption. The "goal is not adoption alone but 'meaningful use' of EHRs — that is, their use by providers to achieve significant improvements in care."
Title IV of the act promises maximum incentive payments for Medicaid to those who adopt and use "certified EHRs" of $63,750 over 6 years beginning in 2011. Eligible professionals must begin receiving payments by 2016 to qualify for the program. For Medicare the maximum payments are $44,000 over 5 years. Doctors who do not adopt an EHR by 2015 will be penalized 1% of Medicare payments, increasing to 3% over 3 years. In order to receive the EHR stimulus money, the HITECH Act requires doctors to show "meaningful use" of an EHR system. As of June 2010, there are no penalty provisions for Medicaid.
Health information exchange (HIE) has emerged as a core capability for hospitals and physicians to achieve "meaningful use" and receive stimulus funding. Healthcare vendors are pushing HIE as a way to allow EHR systems to pull disparate data and function on a more interoperable level.
Starting in 2015, hospitals and doctors will be subject to financial penalties under Medicare if they are not using electronic health records.
Studies call into question whether, in real life, EMRs improve the quality of care. 2009 produced several articles raising doubts about EMR benefits. A major concern is the reduction of physician-patient interaction due to formatting constraints. For example, some doctors have reported that the use of check-boxes has led to fewer open-ended questions.
The main components of Meaningful Use are:
In other words, providers need to show they're using certified EHR technology in ways that can be measured significantly in quality and in quantity.
The meaningful use of EHRs intended by the US government incentives is categorized as follows:
The Obama Administration's Health IT program intends to use federal investments to stimulate the market of electronic health records:
The detailed definition of "meaningful use" is to be rolled out in 3 stages over a period of time until 2015. Details of each stage are hotly debated by various groups. Only stage 1 has been defined while the remaining stages will evolve over time.
Meaningful use Stage 1
The first steps in achieving meaningful use are to have a certified electronic health record (EHR) and to be able to demonstrate that it is being used to meet the requirements. Stage 1 contains 25 objectives/measures for Eligible Providers (EPs) and 24 objectives/measures for eligible hospitals. The objectives/measures have been divided into a core set and menu set. EPs and eligible hospitals must meet all objectives/measures in the core set (15 for EPs and 14 for eligible hospitals). EPs must meet 5 of the 10 menu-set items during Stage 1, one of which must be a public health objective.
Full list of the Core Requirements and a full list of the Menu Requirements.
To receive federal incentive money, CMS requires participants in the Medicare EHR Incentive Program to "attest" that during a 90-day reporting period, they used a certified EHR and met Stage 1 criteria for meaningful use objectives and clinical quality measures. For the Medicaid EHR Incentive Program, providers follow a similar process using their state's attestation system.
Meaningful use Stage 2
The government released its final ruling on achieving Stage 2 of meaningful use in August 2012. Eligible providers will need to meet 17 of 20 core objectives in Stage 2, and fulfill three out of six menu objectives. The required percentage of patient encounters that meet each objective has generally increased over the Stage 1 objectives.
While Stage 2 focuses more on information exchange and patient engagement, many large EHR systems have this type of functionality built into their software, making it easier to achieve compliance. Also, for those eligible providers who have successfully attested to Stage 1, meeting Stage 2 should not be as difficult, as it builds incrementally on the requirements for the first stage.
The steep[clarification needed] price of EMR and provider uncertainty regarding the value they will derive from adoption in the form of return on investment have a significant influence on EMR adoption. In a project initiated by the Office of the National Coordinator for Health Information (ONC), surveyors found that hospital administrators and physicians who had adopted EMR noted that any gains in efficiency were offset by reduced productivity as the technology was implemented, as well as the need to increase information technology staff to maintain the system.
The U.S. Congressional Budget Office concluded that the cost savings may occur only in large integrated institutions like Kaiser Permanente, and not in small physician offices. They challenged the Rand Corp. estimates of savings. "Office-based physicians in particular may see no benefit if they purchase such a product—and may even suffer financial harm. Even though the use of health IT could generate cost savings for the health system at large that might offset the EMR's cost, many physicians might not be able to reduce their office expenses or increase their revenue sufficiently to pay for it. For example. the use of health IT could reduce the number of duplicated diagnostic tests. However, that improvement in efficiency would be unlikely to increase the income of many physicians." "Given the ease at which information can be exchanged between health IT systems, patients whose physicians use them may feel that their privacy is more at risk than if paper records were used."
In a survey by DesRoches et al. (2008), 66% of physicians without EHRs cited capital costs as a barrier to adoption, while 50% were uncertain about the investment. Around 56% of physicians without EHRs stated that financial incentives to purchase and/or use EHRs would facilitate adoption. In 2002, initial costs were estimated to be $50,000–70,000 per physician in a 3-physician practice. Since then, costs have decreased with increasing adoption. A 2011 survey estimated a cost of $32,000 per physician in a 5-physician practice during the first 60 days of implementation.
One case study by Miller et al. (2005) of 14 small primary-care practices found that the average practice paid for the initial and ongoing costs within 2.5 years. A 2003 cost-benefit analysis found that using EMRs for 5 years created a net benefit of $86,000 per provider.
Some physicians are skeptical of the positive claims and believe the data is skewed by vendors and others with an interest in EHR implementation.
Brigham and Women's Hospital in Boston, Massachusetts, estimated it achieved net savings of $5 million to $10 million per year following installation of a computerized physician order entry system that reduced serious medication errors by 55 percent. Another large hospital generated about $8.6 million in annual savings by replacing paper medical charts with EHRs for outpatients and about $2.8 million annually by establishing electronic access to laboratory results and reports.
Furthermore, software technology advances at a rapid pace. Most software systems require frequent updates, often at a significant ongoing cost. Some types of software and operating systems require full-scale re-implementation periodically, which disrupts not only the budget but also workflow. Costs for upgrades and associated regression testing can be particularly high where the applications are governed by FDA regulations (e.g. Clinical Laboratory systems). Physicians desire modular upgrades and ability to continually customize, without large-scale reimplementation.
Training of employees to use an EHR system is costly, just as for training in the use of any other hospital system. New employees, permanent or temporary, will also require training as they are hired.
In the United States, a substantial majority of healthcare providers train at a VA facility sometime during their career. With the widespread adoption of the Veterans Health Information Systems and Technology Architecture (VistA) electronic health record system at all VA facilities, few recently-trained medical professionals will be inexperienced in electronic health record systems. Older practitioners who are less experienced in the use of electronic health record systems will retire over time.
The Healthcare Information and Management Systems Society (HIMSS), a very large U.S. health care IT industry trade group, observed that EMR adoption rates "have been slower than expected in the United States, especially in comparison to other industry sectors and other developed countries. A key reason, aside from initial costs and lost productivity during EMR implementation, is lack of efficiency and usability of EMRs currently available." The U.S. National Institute of Standards and Technology of the Department of Commerce studied usability in 2011 and lists a number of specific issues that have been reported by health care workers. The U.S. military's EMR "AHLTA" was reported to have significant usability issues.
In the United States, there are no standards for semantic interoperability of health care data; there are only syntactic standards. This means that while data may be packaged in a standard format (using the pipe notation of HL7, or the bracket notation of XML), it lacks definition, or linkage to a common shared dictionary. The addition of layers of complex information models (such as the HL7 v3 RIM) does not resolve this fundamental issue.
In the United States, the Department of Veterans Affairs (VA) has the largest enterprise-wide health information system that includes an electronic medical record, known as the Veterans Health Information Systems and Technology Architecture (VistA). A key component in VistA is their VistA imaging System which provides a comprehensive multimedia data from many specialties, including cardiology, radiology and orthopedics. A graphical user interface known as the Computerized Patient Record System (CPRS) allows health care providers to review and update a patient's electronic medical record at any of the VA's over 1,000 healthcare facilities. CPRS includes the ability to place orders, including medications, special procedures, X-rays, patient care nursing orders, diets, and laboratory tests.
The 2003 National Defense Authorization Act (NDAA) ensured that the VA and DoD would work together to establish a bidirectional exchange of reference quality medical images. Initially, demonstrations were only worked in El Paso, Texas, but capabilities have been expanded to six different locations of VA and DoD facilities. These facilities include VA polytrauma centers in Tampa and Richmond, Denver, North Chicago, Biloxi, and the National Capitol Area medical facilities. Radiological images such as CT scans, MRIs, and x-rays are being shared using the BHIE. Goals of the VA and DoD in the near future are to use several image sharing solutions (VistA Imaging and DoD Picture Archiving & Communications System (PACS) solutions).
Clinical Data Repository/Health Data Repository (CDHR)is a database that allows for sharing of patient records, especially allergy and pharmaceutical information, between the Department of Veteran Affairs (VA) and the Department of Defense (DoD) in the United States. The program shares data by translating the various vocabularies of the information being transmitted, allowing all of the VA facilities to access and interpret the patient records. The Laboratory Data Sharing and Interoperability (LDSI) application is a new program being implemented to allow sharing at certain sites between the VA and DoD of "chemistry and hematology laboratory tests." Unlike the CHDR, the LDSI is currently limited in its scope.
One attribute for the start of implementing EHRs in the States is the development of the Nationwide Health Information Network which is a work in progress and still being developed. This started with the North Carolina Healthcare Information and Communication Alliance founded in 1994 and who received funding from Department of Health and Human Services.
The Department of Veterans Affairs and Kaiser Permanente has a pilot program to share health records between their systems VistA and HealthConnect, respectively. This software called 'CONNECT' uses Nationwide Health Information Network standards and governance to make sure that health information exchanges are compatible with other exchanges being set up throughout the country. CONNECT is an open source software solution that supports electronic health information exchange. The CONNECT initiative is a Federal Health Architecture project that was conceived in 2007 and initially built by 20 various federal agencies and now comprises more than 500 organizations including federal agencies, states, healthcare providers, insurers, and health IT vendors.
The US Indian Health Service uses an EHR similar to Vista called RPMS. VistA Imaging is also being used to integrate images and co-ordinate PACS into the EHR system. In Alaska, use of the EHR by the Kodiak Area Native Association has improved screening services and helped the organization reach all 21 clinical performance measures defined by the Indian Health Service as required by the Government Performance and Results Act.
In 2005 the National Health Service (NHS) in the United Kingdom began deployment of EHR systems. The goal was to have all patients with a centralized electronic health record by 2010. While many hospitals acquired electronic patient records systems in this process, there was no national healthcare information exchange. Ultimately, the program was dismantled after a cost to the UK taxpayer was over $24 Billion (12 Billion GPB), and is considered one of the most expensive healthcare IT failures . The UK Government is now considering open-source healthcare platform from the United States Veterans Affairs following on the success of the VistA EHR deployment in Jordan.
GP2GP is an NHS Connecting for Health project in the United Kingdom. It enables GPs to transfer a patient's electronic medical record to another practice when the patient moves onto the list. In General Practice in the UK the medical record has been computerized for many years, in fact the UK is probably on of the world leaders in this field. There are very few General Practices in the UK which are not computerized. Unlike the USA GP's have not had to deal with billing and have been able to concentrate on clinical care. The GP record is separate from the national Care Record and contains far more data. Clinical IT suppliers are moving towards greater interoperability, already achieved with the GP2GP project allowing different systems to exchange complete medical records between practices. There are currently pilot projects allowing access between hospitals & GP practices.
Australia is dedicated to the development of a lifetime electronic health record for all its citizens. PCEHR - the Personally Controlled Electronic Health Record - is the major national EHR initiative in Australia, being delivered through territory, state, and federal governments. This electronic health record was initially deployed in July 2012, and is under active development and extension.
MediConnect is an earlier program that provides an electronic medication record to keep track of patient prescriptions and provide stakeholders with drug alerts to avoid errors in prescribing.
Within Australia, there is a not-for-profit organisation called Standards Australia, which has created a electronic health website relating to information not only about Australia and what is currently going on about EHRs but also globally. There is a large number of key stakeholders that contribute to the process of integrating EHRs within Australia,they range from each States Departments of Health to Universities around Australia and National E-Health Transition Authority to name a few.
In December 2012 Austria introduced an Electronic Health Records Act (EHR-Act). These provisions are the legal foundation for a national EHR system based upon a substantial public interest according to Art 8(4) of the Data Protection Directive 95/46/EC. In compliance to the Data Protection Directive (DPD) national electronic health records could be based upon explicit consent (Art 8(2)(a) DPD), the necessity for healthcare purposes (Art 8(3) DPD) or substantial public interests (Art 8(4) DPD).
The Austrian EHR-Act pursues an opt-out approach in order to harmonize the interests of public health and privacy in the best possible manner.
The 4th Part of the Austrian Health Telematics Act 2012 (HTA 2012) - these are the EHR provisions - are one of the most detailed data protection rules within Austrian legislation. Numerous safeguards according to Art 8(4) DPD guarantee a high level of data protection. For example:
The College of Dental Surgeons of British Columbia has compiled the Dental Records Management document which lays out the requirements, for records for their industry within the province of British Columbia.
In 2009, the Jordanian Government made a strategic decision to address quality and cost challenges in their healthcare system by investing in an effective, national e-health infrastructure. Following a period of detailed consultation and investigation, Jordan adopted the electronic health record system of the US Veterans Health Administration VistA EHR because it was a proven, national-scale enterprise system capable of scaling to hundreds of hospitals and millions of patients.  In 2010 three of the country's largest hospitals went live with VistA EHR. It is anticipated that all further hospital deployments based on this 'gold' version will require less than 20% effort and cost of the original hospitals, enabling rapid national coverage. The implementation of VistA EHR was estimated at 75% less cost than proprietary products, with the greatest savings related to reduced costs of configuration, customization, implementation and support. When completed, Jordan will be the largest country in the world with a single, comprehensive, national electronic health care delivery network to care for the country’s entire population in a single electronic network of over 850 hospitals and clinics.
Denmark does not have nationwide EHR. It is mandatory for primary care practices and hospitals to use EHRs. The Danish Health Data Network (Medcom) acts as a data integrator to ensure interoperability. Unfortunately, non-interoperability is an issue despite the high adoption rate. The The five regions are attempting to address this problem by each setting up their own electronic health record systems for public hospitals. However, all patient data will still be registered in the national e-journal.
Estonia is the first country in the world that has implemented a nationwide EHR system, registering virtually all residents' medical history from birth to death.
The vast majority of GP's  and all pharmacies and hospitals use EHR's. In hospitals, computerized order management and medical imaging systems (PACS) are widely accepted. Whereas healthcare institutions continue to upgrade their EHR's functionalities, the national infrastructure is still far from being generally accepted.
In 2012 the national EHR restarted under the joined ownership of GPs, pharmacies and hospitals. A major change is that, as of January 2013, patients have to give their explicit permission that their data may be exchanged over the national infrastructure. The national EHR is a virtual EHR and is a reference server which "knows" in which local EHR what kind of patient data is stored. EDIFACT still is the most common way to exchange patient information electronically between hospitals and GP's.
Abu Dhabi is leading the way in using national EHR data as a live longitudinal cohort in the assessment of risk of cardiovascular disease.
Arab Health Awards 2010 recognizes Saudi Arabia National Guard Health Affairs for greatest advancement in EHR development.
In UK veterinary practice, the replacement of paper recording systems with electronic methods of storing animal patient information escalated from the 1980s and the majority of clinics now use electronic medical records. In a sample of 129 veterinary practices, 89% used a Practice Management System (PMS) for data recording. There are more than ten PMS providers currently in the UK. Collecting data directly from PMSs for epidemiological analysis abolishes the need for veterinarians to manually submit individual reports per animal visit and therefore increases the reporting rate.
Veterinary electronic medical record data are being used to investigate antimicrobial efficacy; risk factors for canine cancer; and inherited diseases in dogs and cats, in the small animal disease surveillance project 'VetCOMPASS' (Veterinary Companion Animal Surveillance System) at the Royal Veterinary College, London, in collaboration with the University of Sydney and RxWorks (the VetCOMPASS project was formerly known as VEctAR).
A Personally Controlled Electronic Health Record (PCEHR) is a system that proposes to store admission or event summaries in an electronic format over a large network accessible by doctors, nurses, GPs and chemists without the need for written scripts or requesting medical files from another hospital. The system proposes to record and store any health information provided by a health care professional that has agreed to be a part of the system. This allows the storage and retrieval of a lifetimes worth of clinical and demographic information of a patient that can be viewed as event summaries and reports with the appropriate authorization