Electronic health records in the United States

Last updated

EHR adoption of all physicians in the US. Source: DesRoches et al. (2008).[ needs update ]

Contents

  Fully functional EHR system (4%)
  Basic EHR system (13%)
  Bought but not implemented yet (13%)
  EHR purchase planned in 2 years (22%)
  No EHR system (48%)

Federal and state governments, insurance companies and other large medical institutions are heavily promoting the adoption of electronic health records. The US Congress included a formula of both incentives (up to $44,000 per physician under Medicare, or up to $65,000 over six years under Medicaid) and penalties (i.e. decreased Medicare and Medicaid reimbursements to doctors who fail to use EMRs by 2015, for covered patients) for EMR/EHR adoption versus continued use of paper records as part of the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the, American Recovery and Reinvestment Act of 2009. [1]

The 21st Century Cures Act, passed in 2016, prohibited information blocking, which had slowed interoperability. [2] In 2018, the Trump administration announced the MyHealthEData initiative to further allow for patients to receive their health records. [3] The federal Office of the National Coordinator for Health Information Technology leads these efforts. [4]

One VA study estimates its electronic medical record system may improve overall efficiency by 6% per year, and the monthly cost of an EMR may (depending on the cost of the EMR) be offset by the cost of only a few "unnecessary" tests or admissions. [5] [6] Jerome Groopman disputed these results, publicly asking "how such dramatic claims of cost-saving and quality improvement could be true". [7] A 2014 survey of the American College of Physicians member sample, however, found that family practice physicians spent 48 minutes more per day when using EMRs. 90% reported that at least 1 data management function was slower after EMRs were adopted, and 64% reported that note writing took longer. A third (34%) reported that it took longer to find and review medical record data, and 32% reported that it was slower to read other clinicians' notes. [8]

Coverage

In a 2008 survey by DesRoches et al. of 4484 physicians (62% response rate), 83% of all physicians, 80% of primary care physicians, and 86% of non-primary care physicians had no EHRs. "Among the 83% of respondents who did not have electronic health records, 16%" had bought, but not implemented an EHR system yet. [9] The 2009 National Ambulatory Medical Care Survey of 5200 physicians (70% response rate) by the National Center for Health Statistics showed that 51.7% of office-based physicians did not use any EMR/EHR system. [10]

In the United States, the CDC reported that the EMR adoption rate had steadily risen to 48.3 percent at the end of 2009. [11] This is an increase over 2008 when only 38.4% of office-based physicians reported using fully or partially electronic medical record systems (EMR) in 2008. [12] However, the same study found that only 20.4% of all physicians reported using a system described as minimally functional and including the following features: orders for prescriptions, orders for tests, viewing laboratory or imaging results, and clinical progress notes. As of 2013, 78 percent of office physicians are using basic electronic medical records. [13] As of 2014, more than 80 percent of hospitals in the U.S.have adopted some type of EHR. Though within a hospital, the type of EHR data and mix varies significantly. Types of EHR data used in hospitals include structured data (e.g., medication information) and unstructured data (e.g., clinical notes). [14]

The healthcare industry spends only 2% of gross revenues on Health Information Technology (HIT), which is low compared to other information intensive industries such as finance, which spend upwards of 10%. [15] [16]

The usage of electronic medical records can vary depending on who the user is and how they are using it. Electronic medical records can help improve the quality of medical care given to patients. Many doctors and office-based physicians refuse to get rid of traditional paper records. Harvard University has conducted an experiment in which they tested how doctors and nurses use electronic medical records to keep their patients' information up to date. The studies found that electronic medical records were very useful; a doctor or a nurse was able to find a patient's information fast and easy just by typing their name; even if it was misspelled. The usage of electronic medical records increases in some workplaces due to the ease of use of the system; whereas the president of the Canadian Family Practice Nurses Association says that using electronic medical records can be time-consuming, and it isn't very helpful due to the complexity of the system. [17] Beth Israel Deaconess Medical Center reported that doctors and nurses prefer to use a much more friendly user software due to the difficulty and time it takes for medical staff to input the information as well as to find a patient's information. A study was done and the amount of information that was recorded in the EMRs was recorded; about 44% of the patient's information was recorded in the EMRs. This shows that EMRs are not very efficient most of the time. [18]

The cost of implementing an EMR system for smaller practices has also been criticized; data produced by the Robert Wood Johnson Foundation demonstrates that the first-year investment for an average five-person practice is $162,000 followed by about $85,000 in maintenance fees. [19] Despite this, tighter regulations regarding meaningful use criteria and national laws (Health Information Technology for Economic and Clinical Health Act and the Affordable Care Act) [20] have resulted in more physicians and facilities adopting EMR systems:

Beyond financial concerns there are a number of legal and ethical dilemmas created by increasing EMR use, including the risk of medical malpractice due to user error, server glitches that result in the EMR not being accessible, and increased vulnerability to hackers. [22] [23]

Electronic medical records, like other medical records, must be kept in unaltered form and authenticated by the creator. [24] Under data protection legislation, the responsibility for patient records (irrespective of the form they are kept in) is always on the creator and custodian of the record, usually a health care practice or facility. This role has been said[ by whom? ] to require changes such that the sole medico-legal record should be held elsewhere. [25] The physical medical records are the property of the medical provider (or facility) that prepares them. This includes films and tracings from diagnostic imaging procedures such as X-ray, CT, PET, MRI, ultrasound, etc. The patient, however, according to HIPAA, has a right to view the originals, and to obtain copies under law. [26]

The Health Information Technology for Economic and Clinical Health Act (HITECH) ( Pub. L. Tooltip Public Law (United States)  111–5 (text) (PDF),§2.A.III & B.4) (a part of the 2009 stimulus package) set meaningful use of interoperable EHR adoption in the health care system as a critical national goal and incentivized EHR adoption. [27] [28] The "goal is not adoption alone but 'meaningful use' of EHRs—that is, their use by providers to achieve significant improvements in care." [29]

Title IV of the act promises maximum incentive payments for Medicaid to those who adopt and use "certified EHRs" of $63,750 over 6 years beginning in 2011. Eligible professionals must begin receiving payments by 2016 to qualify for the program. For Medicare the maximum payments are $44,000 over 5 years. Doctors who do not adopt an EHR by 2015 will be penalized 1% of Medicare payments, increasing to 3% over 3 years. In order to receive the EHR stimulus money, the HITECH Act requires doctors to show "meaningful use" of an EHR system. As of June 2010, there were no penalty provisions for Medicaid.

In 2017 the government announced its first False Claims Act settlement with an electronic health records vendor for misrepresenting its ability to meet “meaningful use” standards and therefore receive incentive payments. eClinicalWorks paid $155 million to settle charges that it had failed to meet all government requirements, failed to adequately test its software, failed to fix certain bugs, failed to ensure data portability, and failed to reliably record laboratory and diagnostic imaging orders. [30] The government also alleged that eClinicalWorks paid kickbacks to influential customers who recommended its products. The case marks the first time the government applied the federal Anti-Kickback Statute law to the promotion and sale of an electronic health records system. [31] The False Claims Act lawsuit was brought by a whistleblower who was a New York City employee implementing eClinicalWorks’ system at Rikers Island Correctional Facility when he became aware of the software flaws. His “qui tam” case was later joined by the government. [30] Notably, CMS has said it will not punish eClinicalWorks clients that "in good faith" attested to using the software. [32]

Health information exchange (HIE) has emerged as a core capability for hospitals and physicians to achieve "meaningful use" and receive stimulus funding. Healthcare vendors are pushing HIE as a way to allow EHR systems to pull disparate data and function on a more interoperable level.[ citation needed ]

Starting in 2015, hospitals and doctors will be subject to financial penalties under Medicare if they are not using electronic health records. [33]

Goals and objectives

Quality and safety measurement
Clinical decision support (automated advice) for providers
Patient registries (e.g., "a directory of patients with diabetes")
Electronic laboratory reporting for reportable conditions (hospitals)
Immunization reporting to immunization registries
Syndromic surveillance (health event awareness)

Quality

Studies call into question whether, in real life, EMRs improve the quality of care. [35] 2009 produced several articles raising doubts about EMR benefits. [36] A major concern is the reduction of physician-patient interaction due to formatting constraints. For example, some doctors have reported that the use of check-boxes has led to fewer open-ended questions. [37]

Meaningful use

The main components of meaningful use are:

In other words, providers need to show they're using certified EHR technology in ways that can be measured significantly in quality and in quantity. [38]

The meaningful use of EHRs intended by the US government incentives is categorized as follows:

The Obama Administration's Health IT program intends to use federal investments to stimulate the market of electronic health records:

The detailed definition of "meaningful use" is to be rolled out in 3 stages over a period of time until 2017. Details of each stage are hotly debated by various groups. [41]

Meaningful use Stage 1

The first steps in achieving meaningful use are to have a certified electronic health record (EHR) and to be able to demonstrate that it is being used to meet the requirements. Stage 1 contains 25 objectives/measures for Eligible Providers (EPs) and 24 objectives/measures for eligible hospitals. The objectives/measures have been divided into a core set and menu set. EPs and eligible hospitals must meet all objectives/measures in the core set (15 for EPs and 14 for eligible hospitals). EPs must meet 5 of the 10 menu-set items during Stage 1, one of which must be a public health objective. [42]

Full list of the Core Requirements and a full list of the Menu Requirements.

Core Requirements:

  1. Use computerized order entry for medication orders.
  2. Implement drug-drug, drug-allergy checks.
  3. Generate and transmit permissible prescriptions electronically.
  4. Record demographics.
  5. Maintain an up-to-date problem list of current and active diagnoses.
  6. Maintain active medication list.
  7. Maintain active medication allergy list.
  8. Record and chart changes in vital signs.
  9. Record smoking status for patients 13 years old or older.
  10. Implement one clinical decision support rule.
  11. Report ambulatory quality measures to CMS or the States.
  12. Provide patients with an electronic copy of their health information upon request.
  13. Provide clinical summaries to patients for each office visit.
  14. Capability to exchange key clinical information electronically among providers and patient authorized entities.
  15. Protect electronic health information (privacy & security)

Menu Requirements:

  1. Implement drug-formulary checks.
  2. Incorporate clinical lab-test results into certified EHR as structured data.
  3. Generate lists of patients by specific conditions to use for quality improvement, reduction of disparities, research, and outreach.
  4. Send reminders to patients per patient preference for preventive/ follow-up care
  5. Provide patients with timely electronic access to their health information (including lab results, problem list, medication lists, allergies)
  6. Use certified EHR to identify patient-specific education resources and provide to the patient if appropriate.
  7. Perform medication reconciliation as relevant
  8. Provide a summary care record for transitions in care or referrals.
  9. Capability to submit electronic data to immunization registries and actual submission.
  10. Capability to provide electronic syndromic surveillance data to public health agencies and actual transmission.

To receive federal incentive money, CMS requires participants in the Medicare EHR Incentive Program to "attest" that during a 90-day reporting period, they used a certified EHR and met Stage 1 criteria for meaningful use objectives and clinical quality measures. For the Medicaid EHR Incentive Program, providers follow a similar process using their state's attestation system. [43]

Meaningful use Stage 2

The government released its final ruling on achieving Stage 2 of meaningful use in August 2012. Eligible providers will need to meet 17 of 20 core objectives in Stage 2, and fulfill three out of six menu objectives. The required percentage of patient encounters that meet each objective has generally increased over the Stage 1 objectives.

While Stage 2 focuses more on information exchange and patient engagement, many large EHR systems have this type of functionality built into their software, making it easier to achieve compliance. Also, for those eligible providers who have successfully attested to Stage 1, meeting Stage 2 should not be as difficult, as it builds incrementally on the requirements for the first stage. [44] [45]

Meaningful use Stage 3

On March 20, 2015 CMS released its proposed rule for Stage 3 meaningful use. [46] These new rules focus on some of the tougher aspects of Stage 2 and require healthcare providers to vastly improve their EHR adoption and care delivery by 2018. [47]

Barriers to adoption

Costs

The price of EMR and provider uncertainty regarding the value they will derive from adoption in the form of return on investment have a significant influence on EMR adoption. In a project initiated by the Office of the National Coordinator for Health Information, surveyors found that hospital administrators and physicians who had adopted EMR noted that any gains in efficiency were offset by reduced productivity as the technology was implemented, as well as the need to increase information technology staff to maintain the system.

The U.S. Congressional Budget Office concluded that the cost savings may occur only in large integrated institutions like Kaiser Permanente, and not in small physician offices. They challenged the Rand Corporation's estimates of savings.

Office-based physicians in particular may see no benefit if they purchase such a product—and may even suffer financial harm. Even though the use of health IT could generate cost savings for the health system at large that might offset the EMR's cost, many physicians might not be able to reduce their office expenses or increase their revenue sufficiently to pay for it. For example. the use of health IT could reduce the number of duplicated diagnostic tests. However, that improvement in efficiency would be unlikely to increase the income of many physicians. ...Given the ease at which information can be exchanged between health IT systems, patients whose physicians use them may feel that their privacy is more at risk than if paper records were used. [48]

Doubts have been raised about cost saving from EMRs by researchers at Harvard University, the Wharton School of the University of Pennsylvania, Stanford University, and others.

Start-up costs

In a survey by DesRoches et al. (2008), 66% of physicians without EHRs cited capital costs as a barrier to adoption, while 50% were uncertain about the investment. Around 56% of physicians without EHRs stated that financial incentives to purchase and/or use EHRs would facilitate adoption. [9] In 2002, initial costs were estimated to be $50,000–70,000 per physician in a 3-physician practice. Since then, costs have decreased with increasing adoption. [49] A 2011 survey estimated a cost of $32,000 per physician in a 5-physician practice during the first 60 days of implementation. [50]

One case study by Miller et al. (2005) of 14 small primary-care practices found that the average practice paid for the initial and ongoing costs within 2.5 years. [51] A 2003 cost-benefit analysis found that using EMRs for 5 years created a net benefit of $86,000 per provider. [52]

Some physicians are skeptical of the positive claims and believe the data is skewed by vendors and others with an interest in EHR implementation.[ citation needed ]

Brigham and Women's Hospital in Boston, Massachusetts, estimated it achieved net savings of $5 million to $10 million per year following installation[ when? ] of a computerized physician order entry system that reduced serious medication errors by 55 percent. Another large hospital generated about $8.6 million in annual savings by replacing paper medical charts with EHRs for outpatients and about $2.8 million annually by establishing electronic access to laboratory results and reports. [53]

Maintenance costs

Maintenance costs can be high. [49] Miller et al. found the average estimated maintenance cost was $8500 per FTE health-care provider per year. [51]

Furthermore, software technology advances at a rapid pace. Most software systems require frequent updates, sometimes even server upgrades, and often at a significant ongoing cost. Some types of software and operating systems require full-scale re-implementation periodically, which disrupts not only the budget but also workflow. Costs for upgrades and associated regression testing can be particularly high where the applications are governed by FDA regulations (e.g. Clinical Laboratory systems). Physicians desire modular upgrades and ability to continually customize, without large-scale reimplementation.[ citation needed ]

Training costs

Training of employees to use an EHR system is costly, just as for training in the use of any other hospital system. New employees, permanent or temporary, will also require training as they are hired. [54]

In the United States, a substantial majority of healthcare providers train at a VA facility sometime during their career. With the widespread adoption of the Veterans Health Information Systems and Technology Architecture (VistA) electronic health record system at all VA facilities, fewer recently-trained medical professionals will be inexperienced in electronic health record systems. [55] Older practitioners who are less experienced in the use of electronic health record systems will retire over time.

Software quality and usability deficiencies

The Healthcare Information and Management Systems Society, a very large U.S. health care IT industry trade group, observed that EMR adoption rates "have been slower than expected in the United States, especially in comparison to other industry sectors and other developed countries. A key reason, aside from initial costs and lost productivity during EMR implementation, is lack of efficiency and usability of EMRs currently available." [56] The U.S. National Institute of Standards and Technology of the Department of Commerce studied usability in 2011 and lists a number of specific issues that have been reported by health care workers. The U.S. military's EMR "AHLTA" was reported to have significant usability issues. [57]

Lack of semantic interoperability

In the United States, there are no standards for semantic interoperability of health care data; there are only syntactic standards. This means that while data may be packaged in a standard format (using the pipe notation of HL7, or the bracket notation of XML), it lacks definition, or linkage to a common shared dictionary. The addition of layers of complex information models (such as the HL7 v3 RIM) does not resolve this fundamental issue.

As of 2018, Fast Healthcare Interoperability Resources was a leading interoperability standard, and the Argonaut Project is a privately sponsored interoperability initiative. [58]

In 2017, Epic Systems announced Share Everywhere, which lets providers access medical information through a portal; their platform was described as "closed" in 2014, [59] with competitors sponsoring the CommonWell Health Alliance. [60]

The economics of sharing have been blamed for the lack of interoperability, as limited data sharing can help providers retain customers. [61]

Implementations

In the United States, the Department of Veterans Affairs (VA) has the largest enterprise-wide health information system that includes an electronic medical record, known as the Veterans Health Information Systems and Technology Architecture (VistA). A key component in VistA is their VistA imaging System which provides a comprehensive multimedia data from many specialties, including cardiology, radiology, and orthopedics. A graphical user interface known as the Computerized Patient Record System (CPRS) allows health care providers to review and update a patient's electronic medical record at any of the VA's over 1,000 healthcare facilities. CPRS includes the ability for Licensed Practitioners to place orders, including medications, special procedures, X-rays, patient care nursing orders, diets, and laboratory tests.[ citation needed ]

The 2003 National Defense Authorization Act (NDAA) ensured that the VA and DoD would work together to establish a bidirectional exchange of reference quality medical images. Initially, demonstrations were only worked in El Paso, Texas, but capabilities have been expanded to six different locations of VA and DoD facilities. These facilities include VA polytrauma centers in Tampa and Richmond, Denver, North Chicago, Biloxi, and the National Capitol Area medical facilities. Radiological images such as CT scans, MRIs, and x-rays are being shared using the BHIE. Goals of the VA and DoD in the near future are to use several image sharing solutions (VistA Imaging and DoD Picture Archiving & Communications System (PACS) solutions). [62]

Electronic health records flow chart Electronic Health Records flow chart.jpg
Electronic health records flow chart

Clinical Data Repository/Health Data Repository (CDHR) is a database that allows for the sharing of patient records, especially allergy and pharmaceutical information, between the Department of Veteran Affairs (VA) and the Department of Defense (DoD) in the United States. The program shares data by translating the various vocabularies of the information being transmitted, allowing all of the VA facilities to access and interpret the patient records. [63] The Laboratory Data Sharing and Interoperability (LDSI) application is a new program being implemented to allow sharing at certain sites between the VA and DoD of "chemistry and hematology laboratory tests". Unlike the CHDR, the LDSI is currently limited in its scope. [64]

One attribute for the start of implementing EHRs in the States is the development of the Nationwide Health Information Network which is a work in progress and still being developed. This started with the North Carolina Healthcare Information and Communication Alliance founded in 1994 and who received funding from Department of Health and Human Services. [65]

The Department of Veterans Affairs and Kaiser Permanente has a pilot program to share health records between their systems VistA and HealthConnect, respectively. [66] This software called 'CONNECT' uses Nationwide Health Information Network standards and governance to make sure that health information exchanges are compatible with other exchanges being set up throughout the country. CONNECT is an open-source software solution that supports electronic health information exchange. [67] The CONNECT initiative is a Federal Health Architecture project that was conceived in 2007 and initially built by 20 various federal agencies and now comprises more than 500 organizations including federal agencies, states, healthcare providers, insurers, and health IT vendors. [68]

The US Indian Health Service uses an EHR similar to Vista called RPMS. VistA Imaging is also being used to integrate images and co-ordinate PACS into the EHR system. In Alaska, use of the EHR by the Kodiak Area Native Association has improved screening services and helped the organization reach all 21 clinical performance measures defined by the Indian Health Service as required by the Government Performance and Results Act. [69]

Privacy and confidentiality

In the United States in 2011 there were 380 major data breaches involving 500 or more patients' records listed on the website kept by the United States Department of Health and Human Services (HHS) Office for Civil Rights. [70] So far, from the first wall postings in September 2009 through the latest on 8 December 2012, there have been 18,059,831 "individuals affected," and even that massive number is an undercount of the breach problem. The civil rights office has not released all of the records of tens of thousands of breaches in the United States, it has received under a federal reporting mandate on breaches affecting fewer than 500 patients per incident. [71]

Privacy concerns in healthcare apply to both paper and electronic records. According to the Los Angeles Times, roughly 150 people (from doctors and nurses to technicians and billing clerks) have access to at least part of a patient's records during a hospitalization, and 600,000 payers, providers and other entities that handle providers' billing data have some access also. [72] Recent revelations of "secure" data breaches at centralized data repositories, in banking and other financial institutions, in the retail industry, and from government databases, have caused concern about storing electronic medical records in a central location. [73] Records that are exchanged over the Internet are subject to the same security concerns as any other type of data transaction over the Internet.

The Health Insurance Portability and Accountability Act (HIPAA) was passed in the US in 1996 to establish rules for access, authentications, storage and auditing, and transmittal of electronic medical records. This standard made restrictions for electronic records more stringent than those for paper records. However, there are concerns as to the adequacy of these standards. [74]

In the United States, information in electronic medical records is referred to as Protected Health Information (PHI) and its management is addressed under the Health Insurance Portability and Accountability Act (HIPAA) as well as many local laws. [75] The HIPAA protects a patient's information; the information that is protected under this act are: information doctors and nurses input into the electronic medical record, conversations between a doctor and a patient that may have been recorded, as well as billing information. Under this act there is a limit as to how much information can be disclosed, and as well as who can see a patient's information. Patients also get to have a copy of their records if they desire, and get notified if their information is ever to be shared with third parties. [76] Covered entities may disclose protected health information to law enforcement officials for law enforcement purposes as required by law (including court orders, court-ordered warrants, subpoenas) and administrative requests; or to identify or locate a suspect, fugitive, material witness, or missing person. [77]

Medical and health care providers experienced 767 security breaches resulting in the compromised confidential health information of 23,625,933 patients during the period of 2006–2012. [78]

One major issue that has risen on the privacy of the US network for electronic health records is the strategy to secure the privacy of patients. Former US president George W. Bush called for the creation of networks, but federal investigators report that there is no clear strategy to protect the privacy of patients as the promotions of the electronic medical records expands throughout the United States. In 2007, the Government Accountability Office reports that there is a "jumble of studies and vague policy statements but no overall strategy to ensure that privacy protections would be built into computer networks linking insurers, doctors, hospitals and other health care providers." [79]

The privacy threat posed by the interoperability of a national network is a key concern. One of the most vocal critics of EMRs, New York University Professor Jacob M. Appel, has claimed that the number of people who will need to have access to such a truly interoperable national system, which he estimates to be 12 million, will inevitably lead to breaches of privacy on a massive scale. Appel has written that while "hospitals keep careful tabs on who accesses the charts of VIP patients," they are powerless to act against "a meddlesome pharmacist in Alaska" who "looks up the urine toxicology on his daughter's fiance in Florida, to check if the fellow has a cocaine habit." [80] This is a significant barrier for the adoption of an EHR. Accountability among all the parties that are involved in the processing of electronic transactions including the patient, physician office staff, and insurance companies, is the key to successful advancement of the EHR in the US Supporters of EHRs have argued that there needs to be a fundamental shift in "attitudes, awareness, habits, and capabilities in the areas of privacy and security" of individual's health records if adoption of an EHR is to occur. [81]

According to The Wall Street Journal, the DHHS takes no action on complaints under HIPAA, and medical records are disclosed under court orders in legal actions such as claims arising from automobile accidents. HIPAA has special restrictions on psychotherapy records, but psychotherapy records can also be disclosed without the client's knowledge or permission, according to the Journal. For example, Patricia Galvin, a lawyer in San Francisco, saw a psychologist at Stanford Hospital & Clinics after her fiance committed suicide. Her therapist had assured her that her records would be confidential. But after she applied for disability benefits, Stanford gave the insurer her therapy notes, and the insurer denied her benefits based on what Galvin claims was a misinterpretation of the notes. [82] [83]

Within the private sector, many companies are moving forward in the development, establishment, and implementation of medical record banks and health information exchange. By law, companies are required to follow all HIPAA standards and adopt the same information-handling practices that have been in effect for the federal government for years. This includes two ideas, standardized formatting of data electronically exchanged and federalization of security and privacy practices among the private sector. [81] Private companies have promised to have "stringent privacy policies and procedures." If protection and security are not part of the systems developed, people will not trust the technology nor will they participate in it. [79] There is also debate over ownership of data, where private companies tend to value and protect data rights, but the patients referenced in these records may not have knowledge that their information is being used for commercial purposes.

In 2013, reports based on documents released by Edward Snowden revealed that the NSA had succeeded in breaking the encryption codes protecting electronic health records, among other databases. [84]

In 2015, 4.5 million health records were hacked at UCLA Medical Center. [85]

In 2018, Social Indicators Research published the scientific evidence of 173,398,820 (over 173 million) individuals affected in USA from October 2008 (when the data were collected) to September 2017 (when the data was uploaded for the statistical analysis). [86]

Regulatory compliance

In the United States, reimbursement for many healthcare services is based upon the extent to which specific work by healthcare providers is documented in the patient's medical record. Enforcement authorities in the United States have become concerned that functionality available in many electronic health records, especially copy-and-paste, may enable fraudulent claims for reimbursement. The authorities are concerned that healthcare providers may easily use these systems to create documentation of medical care that did not actually occur. These concerns came to the forefront in 2012, in a joint letter from the U.S. Departments of Justice and Health and Human Services to the American hospital community. [87] The American Hospital Association responded, focusing on the need for clear guidance from the government regarding permissible and prohibited conduct using electronic health records. [88] In a December 2013 audit report, the U.S. HHS Office of the Inspector General (OIG) issued an audit report reiterating that vulnerabilities continue to exist in the operation of electronic health records. [89] The OIG's 2014 Workplan indicates an enhanced focus on providers' use of electronic health records. [90]

Medical data breach

The Security Rule, according to Health and Human Services (HHS), establishes a security framework for small practices as well as large institutions. All covered entities must have a written security plan. The HHS identifies three components as necessary for the security plan: administrative safeguards, physical safeguards, and technical safeguards.

However, medical and healthcare providers have experienced 767 security breaches resulting in the compromised confidential health information of 23,625,933 patients during the period of 2006–2012. [91]

The Health Insurance Portability and Accessibility Act requires safeguards to limit the number of people who have access to personal information. However, given the number of people who may have access to your information as part of the operations and business of the health care provider or plan, there is no realistic way to estimate the number of people who may come across your records. [92] Additionally, law enforcement access is authorized under the act. In some cases, medical information may be disclosed without a warrant or court order.

Breach notification

The Security Rule that was adopted in 2005 did not require breach notification. However, notice might be required by state laws that apply to a variety of industries, including health care providers. In California, a law has been in place since 2003 requiring that a HIPAA covered organization's breach could have triggered a notice even though notice was not required by the HIPAA Security Rule. [93] Since 1 January 2009, California residents are required to receive notice of a health information breach.

Federal law and regulations now provide rights to notice of a breach of health information. The Health Information Technology for Economic and Clinical Health (HITECH) Act requires HHS and the Federal Trade Commission (FTC) to jointly study and report on privacy and data security of personal health information. HITECH also requires the agencies to issue breach notification rules that apply to HIPAA covered entities and Web-based vendors that store health information electronically. The FTC has adopted rules regarding breach notification for internet-based vendors. [94]

Vendors

Vendors often focus on software for specific healthcare providers, including acute hospitals or ambulatory care.

In the hospital market, Epic, Cerner, MEDITECH, and CSPI (Evident Thrive) had the top market share at 28%, 26%, 9%, and 6% in 2018. [95] For large hospitals with over 500 beds, Epic and Cerner had over 85% market share in 2019. [96] In ambulatory care, Practice Fusion had the highest satisfaction, while in acute hospital care Epic scored relatively well. [97]

Interoperability is a focus for systems; in 2018, Epic and athenahealth were rated highly for interoperability. [98] Interoperability has been lacking, but is enhanced by certain compatibility features (e.g., Epic interoperates with itself via CareEverywhere) or in some cases regional or national networks, such as EHealth Exchange, CommonWell Health Alliance, [99] and Carequality. [99]

Vendors may use anonymized data for their own business or research purposes; for example, as of 2019 Cerner and AWS partnered using data for a machine learning tool. [100]

History

As of 2006, systems with a computerized provider order entry (CPOE) had existed for more than 30 years, but by 2006 only 10% of hospitals had a fully integrated system. [101]

See also

Related Research Articles

Medical privacy, or health privacy, is the practice of maintaining the security and confidentiality of patient records. It involves both the conversational discretion of health care providers and the security of medical records. The terms can also refer to the physical privacy of patients from other patients and providers while in a medical facility, and to modesty in medical settings. Modern concerns include the degree of disclosure to insurance companies, employers, and other third parties. The advent of electronic medical records (EMR) and patient care management systems (PCMS) have raised new concerns about privacy, balanced with efforts to reduce duplication of services and medical errors.

<span class="mw-page-title-main">Health Insurance Portability and Accountability Act</span> United States federal law concerning health information

The Health Insurance Portability and Accountability Act of 1996 is a United States Act of Congress enacted by the 104th United States Congress and signed into law by President Bill Clinton on August 21, 1996. It aimed to alter the transfer of healthcare information, stipulated the guidelines by which personally identifiable information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and addressed some limitations on healthcare insurance coverage. It generally prohibits healthcare providers and businesses called covered entities from disclosing protected information to anyone other than a patient and the patient's authorized representatives without their consent. The bill does not restrict patients from receiving information about themselves. Furthermore, it does not prohibit patients from voluntarily sharing their health information however they choose, nor does it require confidentiality where a patient discloses medical information to family members, friends or other individuals not employees of a covered entity.

<span class="mw-page-title-main">Medical record</span> Medical term

The terms medical record, health record and medical chart are used somewhat interchangeably to describe the systematic documentation of a single patient's medical history and care across time within one particular health care provider's jurisdiction. A medical record includes a variety of types of "notes" entered over time by healthcare professionals, recording observations and administration of drugs and therapies, orders for the administration of drugs and therapies, test results, X-rays, reports, etc. The maintenance of complete and accurate medical records is a requirement of health care providers and is generally enforced as a licensing or certification prerequisite.

<span class="mw-page-title-main">Electronic health record</span> Digital collection of patient and population electronically stored health information

An electronic health record (EHR) is the systematized collection of patient and population electronically stored health information in a digital format. These records can be shared across different health care settings. Records are shared through network-connected, enterprise-wide information systems or other information networks and exchanges. EHRs may include a range of data, including demographics, medical history, medication and allergies, immunization status, laboratory test results, radiology images, vital signs, personal statistics like age and weight, and billing information.

A clinical decision support system (CDSS) is a health information technology that provides clinicians, staff, patients, and other individuals with knowledge and person-specific information to help health and health care. CDSS encompasses a variety of tools to enhance decision-making in the clinical workflow. These tools include computerized alerts and reminders to care providers and patients, clinical guidelines, condition-specific order sets, focused patient data reports and summaries, documentation templates, diagnostic support, and contextually relevant reference information, among other tools. CDSSs constitute a major topic in artificial intelligence in medicine.

A personal health record (PHR) is a health record where health data and other information related to the care of a patient is maintained by the patient. This stands in contrast to the more widely used electronic medical record, which is operated by institutions and contains data entered by clinicians to support insurance claims. The intention of a PHR is to provide a complete and accurate summary of an individual's medical history which is accessible online. The health data on a PHR might include patient-reported outcome data, lab results, and data from devices such as wireless electronic weighing scales or from a smartphone.

Health technology is defined by the World Health Organization as the "application of organized knowledge and skills in the form of devices, medicines, vaccines, procedures, and systems developed to solve a health problem and improve quality of lives". This includes pharmaceuticals, devices, procedures, and organizational systems used in the healthcare industry, as well as computer-supported information systems. In the United States, these technologies involve standardized physical objects, as well as traditional and designed social means and methods to treat or care for patients.

A National Provider Identifier (NPI) is a unique 10-digit identification number issued to health care providers in the United States by the Centers for Medicare and Medicaid Services (CMS). The NPI has replaced the Unique Physician Identification Number (UPIN) as the required identifier for Medicare services, and is used by other payers, including commercial healthcare insurers. The transition to the NPI was mandated as part of the Administrative Simplifications portion of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Protected health information (PHI) under U.S. law is any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity, and can be linked to a specific individual. This is interpreted rather broadly and includes any part of a patient's medical record or payment history.

Patient portals are healthcare-related online applications that allow patients to interact and communicate with their healthcare providers, such as physicians and hospitals. Typically, portal services are available on the Internet at all hours of the day and night. Some patient portal applications exist as stand-alone web sites and sell their services to healthcare providers. Other portal applications are integrated into the existing web site of a healthcare provider. Still others are modules added onto an existing electronic medical record (EMR) system. What all of these services share is the ability of patients to interact with their medical information via the Internet. Currently, the lines between an EMR, a personal health record, and a patient portal are blurring. For example, Intuit Health and Microsoft HealthVault describe themselves as personal health records (PHRs), but they can interface with EMRs and communicate through the Continuity of Care Record standard, displaying patient data on the Internet so it can be viewed through a patient portal.

Health information technology (HIT) is health technology, particularly information technology, applied to health and health care. It supports health information management across computerized systems and the secure exchange of health information between consumers, providers, payers, and quality monitors. Based on a 2008 report on a small series of studies conducted at four sites that provide ambulatory care – three U.S. medical centers and one in the Netherlands, the use of electronic health records (EHRs) was viewed as the most promising tool for improving the overall quality, safety and efficiency of the health delivery system.

The Office of the National Coordinator for Health Information Technology (ONC) is a staff division of the Office of the Secretary, within the U.S. Department of Health and Human Services. ONC leads national health IT efforts. It is charged as the principal federal entity to coordinate nationwide efforts to implement the use of advanced health information technology and the electronic exchange of health information.

popHealth is an open-source reference implementation software tool that automates population health reporting.

The Health Information Technology for Economic and Clinical Health Act, abbreviated the HITECH Act, was enacted under Title XIII of the American Recovery and Reinvestment Act of 2009. Under the HITECH Act, the United States Department of Health and Human Services resolved to spend $25.9 billion to promote and expand the adoption of health information technology. The Washington Post reported the inclusion of "as much as $36.5 billion in spending to create a nationwide network of electronic health records." At the time it was enacted, it was considered "the most important piece of health care legislation to be passed in the last 20 to 30 years" and the "foundation for health care reform."

The Fast Healthcare Interoperability Resources standard is a set of rules and specifications for exchanging electronic health care data. It is designed to be flexible and adaptable, so that it can be used in a wide range of settings and with different health care information systems. The goal of FHIR is to enable the seamless and secure exchange of health care information, so that patients can receive the best possible care. The standard describes data formats and elements and an application programming interface (API) for exchanging electronic health records (EHR). The standard was created by the Health Level Seven International (HL7) health-care standards organization.

Digital health is a discipline that includes digital care programs, technologies with health, healthcare, living, and society to enhance the efficiency of healthcare delivery and to make medicine more personalized and precise. It uses information and communication technologies to facilitate understanding of health problems and challenges faced by people receiving medical treatment and social prescribing in more personalised and precise ways. The definitions of digital health and its remits overlap in many ways with those of health and medical informatics.

<span class="mw-page-title-main">Adoption of electronic medical records in U.S. hospitals</span>

The adoption of electronic medical records refers to the recent shift from paper-based medical records to electronic health records (EHRs) in hospitals. The move to electronic medical records is becoming increasingly prevalent in health care delivery systems in the United States, with more than 80% of hospitals adopting some form of EHR system by November 2017.

<span class="mw-page-title-main">Medical image sharing</span> Electronic exchange of medical images

Medical image sharing is the electronic exchange of medical images between hospitals, physicians and patients. Rather than using traditional media, such as a CD or DVD, and either shipping it out or having patients carry it with them, technology now allows for the sharing of these images using the cloud. The primary format for images is DICOM. Typically, non-image data such as reports may be attached in standard formats like PDF during the sending process. Additionally, there are standards in the industry, such as IHE Cross Enterprise Document Sharing for Imaging (XDS-I), for managing the sharing of documents between healthcare enterprises. A typical architecture involved in setup is a locally installed server, which sits behind the firewall, allowing secure transmissions with outside facilities. In 2009, the Radiological Society of North America launched the "Image Share" project, with the goal of giving patients control of their imaging histories by allowing them to manage these records as they would online banking or shopping.

Health care analytics is the health care analysis activities that can be undertaken as a result of data collected from four areas within healthcare; claims and cost data, pharmaceutical and research and development (R&D) data, clinical data, and patient behavior and sentiment data (patient behaviors and preferences,. Health care analytics is a growing industry in the United States, expected to grow to more than $31 billion by 2022. The industry focuses on the areas of clinical analysis, financial analysis, supply chain analysis, as well as marketing, fraud and HR analysis.

Health data is any data "related to health conditions, reproductive outcomes, causes of death, and quality of life" for an individual or population. Health data includes clinical metrics along with environmental, socioeconomic, and behavioral information pertinent to health and wellness. A plurality of health data are collected and used when individuals interact with health care systems. This data, collected by health care providers, typically includes a record of services received, conditions of those services, and clinical outcomes or information concerning those services. Historically, most health data has been sourced from this framework. The advent of eHealth and advances in health information technology, however, have expanded the collection and use of health data—but have also engendered new security, privacy, and ethical concerns. The increasing collection and use of health data by patients is a major component of digital health.

References

  1. U.S. Department of Health and Human Services Centers for Medicare & Medicaid Services 42 CFR Parts 412, 413, 422 et al. Medicare and Medicaid Programs; Electronic Health Record Incentive Program; Final Rule
  2. Black JR, Hulkower RL, Ramanathan T (2018-08-22). "Health Information Blocking: Responses Under the 21st Century Cures Act". Public Health Reports. 133 (5): 610–613. doi:10.1177/0033354918791544. PMC   6134556 . PMID   30134128.
  3. "Trump Administration Announces MyHealthEData Initiative at HIMSS18 | CMS". www.cms.gov. Retrieved 2018-11-25.
  4. "Achieving the Interoperability Promise of 21st Century Cures - Health IT Buzz". Health IT Buzz. 2018-06-19. Retrieved 2018-11-25.
  5. Evans DC, Nichol WP, Perlin JB (April 2006). "Effect of the implementation of an enterprise-wide Electronic Health Record on productivity in the Veterans Health Administration". Health Economics, Policy and Law. 1 (Pt 2): 163–9. doi:10.1017/S1744133105001210. PMID   18634688. S2CID   10084450.
  6. "VistA:Winner of the 2006 Innovations in American Government Award" (PDF). The Ash Institute for Democratic Governance and Innovation at Harvard University's John F. Kennedy School of Government. Archived from the original (PDF) on 14 January 2009.
  7. Groopman J, Hartzband P (12 March 2009). "Obama's $80 Billion Exaggeration". Wall Street Journal. Retrieved 3 March 2010.
  8. McDonald CJ, Callaghan FM, Weissman A, Goodwin RM, Mundkur M, Kuhn T (November 2014). "Use of internist's free time by ambulatory care Electronic Medical Record systems". JAMA Internal Medicine. 174 (11): 1860–3. doi: 10.1001/jamainternmed.2014.4506 . PMID   25200944.(subscription required)
  9. 1 2 DesRoches CM, Campbell EG, Rao SR, Donelan K, Ferris TG, Jha A, Kaushal R, Levy DE, Rosenbaum S, Shields AE, Blumenthal D (July 2008). "Electronic health records in ambulatory care—a national survey of physicians". The New England Journal of Medicine. 359 (1): 50–60. doi: 10.1056/NEJMsa0802005 . PMID   18565855.
  10. Hsiao CJ, et al. (Dec 8, 2010). "Electronic Medical Record/Electronic Health Record Systems of Office-based Physicians: United States, 2009 and Preliminary 2010 State Estimates". NCHS Health E-Stat. CDC/National Center for Health Statistics. Retrieved 31 October 2011.
  11. Are More Doctors Adopting EHRs? Retrieved 31 March 2011.
  12. National Center for Health : United States, 2008]. Retrieved 15 December 2009.
  13. "Office-based Physician Electronic Health Record Adoption". dashboard.healthit.gov. Retrieved 2017-01-18.
  14. "Big Data in Health Care". The National Law Review. 17 September 2014. Retrieved 27 September 2014.
  15. Simon SR, Kaushal R, Cleary PD, Jenter CA, Volk LA, Poon EG, Orav EJ, Lo HG, Williams DH, Bates DW (2007). "Correlates of electronic health record adoption in office practices: a statewide survey". Journal of the American Medical Informatics Association. 14 (1): 110–7. doi:10.1197/jamia.M2187. PMC   2215070 . PMID   17068351.
  16. Menachemi N, Perkins RM, van Durme DJ, Brooks RG (2006). "Examining the adoption of electronic health records and personal digital assistants by family physicians in Florida". Informatics in Primary Care. 14 (1): 1–9. doi: 10.14236/jhi.v14i1.609 . PMID   16848961.
  17. Bleich HL, Slack WV (January 2010). "Reflections on electronic medical records: when doctors will use them and when they will not". International Journal of Medical Informatics. 79 (1): 1–4. doi:10.1016/j.ijmedinf.2009.10.002. PMID   19939731.
  18. Roukema J, Los RK, Bleeker SE, van Ginneken AM, van der Lei J, Moll HA (January 2006). "Paper versus computer: feasibility of an electronic medical record in general pediatrics". Pediatrics. 117 (1): 15–21. doi:10.1542/peds.2004-2741. PMID   16396855. S2CID   25853906.
  19. Millman J. "Electronic health records were supposed to be everywhere this year. They're not—but it's okay". The Washington Post. Retrieved 8 August 2014.
  20. "The Future of Nursing". Norwich University. Retrieved 25 September 2014.
  21. "EMR – Electronic Medical Records Solutions". Dell. Archived from the original on 3 April 2012. Retrieved 31 March 2012.
  22. Sittig DF, Singh H (April 2011). "Legal, ethical, and financial dilemmas in electronic health record adoption and use". Pediatrics. 127 (4): e1042–7. doi:10.1542/peds.2010-2184. PMC   3065078 . PMID   21422090.
  23. Gamble M. "5 Legal Issues Surrounding Electronic Medical Records". Becker's Hospital Review. Becker's Healthcare.
  24. National Archives and Records Administration (NARA): Long-Term Usability of Optical Media. Retrieved 30 July 2006.
  25. Shabo, Amnon (2014): "It's Time for Health Record Banking!" editorial to special issue of Methods of Information in Medicine, Vol. 53, No. 2, pp. 63–65 "change in current legislation so that the copy of a legally-authenticated medical record stored in an IHRB [Independent Health Record Bank] is the sole medico-legal record and healthcare providers are no longer required by the law to hold archives of medical records." page 65,
  26. Medical Board of California: Medical Records – Frequently Asked Questions Archived 2011-08-09 at the Wayback Machine . Retrieved 30 July 2006.
  27. CDC (Jun 3, 2011). "Introduction". Meaningful Use. CDC. Retrieved 31 October 2011.
  28. Blumenthal D (February 2010). "Launching HITECH". The New England Journal of Medicine. 362 (5): 382–5. doi:10.1056/NEJMp0912825. PMID   20042745. S2CID   205106139.
  29. Blumenthal D, Tavenner M (August 2010). "The "meaningful use" regulation for electronic health records". The New England Journal of Medicine. 363 (6): 501–4. doi:10.1056/NEJMp1006114. PMID   20647183. S2CID   205106642.
  30. 1 2 "Electronic Health Records Vendor to Pay $155 Million to Settle False Claims Act Allegations". U.S. Department of Justice. 31 May 2017. Retrieved 16 October 2017.
  31. "EHR vendor eClinicalWorks reaches ground-breaking $155 million whistleblower settlement", Phillips & Cohen LLP Press Release, May 31, 2017
  32. Sullivan T (July 6, 2017). "CMS won't punish eClinicalWorks customers for meaningful use EHR attestations". Healthcare IT News.
  33. Pear R (13 July 2010). "U.S. Issues Rules on Electronic Health Records". The New York Times.
  34. Li, Qian; Yang, Xi; Xu, Jie; Guo, Yi; He, Xing; Hu, Hui; Lyu, Tianchen; Marra, David; Miller, Amber; Smith, Glenn; DeKosky, Steven; Boyce, Richard D.; Schliep, Karen; Shenkman, Elizabeth; Maraganore, Demetrius (2023-02-23). "Early prediction of Alzheimer's disease and related dementias using real-world electronic health records". Alzheimer's & Dementia. 19 (8): 3506–3518. doi: 10.1002/alz.12967 . ISSN   1552-5260. PMC   10976442 . PMID   36815661.
  35. Gabriel B (2008). "Do EMRs Make You a Better Doctor?". Physicians Practice. Archived from the original on 8 June 2010. Retrieved 23 August 2009.
  36. Greenhalgh T, Potts HW, Wong G, Bark P, Swinglehurst D (December 2009). "Tensions and paradoxes in electronic patient record research: a systematic literature review using the meta-narrative method". The Milbank Quarterly. 87 (4): 729–88. doi:10.1111/j.1468-0009.2009.00578.x. PMC   2888022 . PMID   20021585. Archived from the original on 15 May 2016.
  37. Cohen GR, Grossman JM, O'Malley AS (2010). "Electronic Medical Records and Communication with Patients and Other Clinicians: Are We Talking Less?". Center for Studying Health System Change, Issue Brief No. 131 (full text)
  38. Centers for Medicare & Medicaid Services (Oct 12, 2011). "CMS EHR Meaningful Use Overview". EHR Incentive Programs. Center for Medicare & Medicaid Services. Retrieved 31 October 2011.
  39. Zhai H, Iyer S, Ni Y (2014). "Mining a large-scale EHR with machine learning methods to predict all-cause 30-day unplanned readmissions". ASE@360 Open Scientific Digital Library. Archived from the original on 2016-01-09. Retrieved 2018-10-14.
  40. Zhai H, Brady P, Li Q, Lingren T, Ni Y, Wheeler DS, Solti I (August 2014). "Developing and evaluating a machine learning based algorithm to predict the need of pediatric intensive care unit transfer for newly hospitalized children". Resuscitation. 85 (8): 1065–71. doi:10.1016/j.resuscitation.2014.04.009. PMC   4087062 . PMID   24813568.
  41. "What is Meaningful Use? | Policy Researchers & Implementers | HealthIT.gov". Healthit.hhs.gov. Archived from the original on 26 February 2012. Retrieved 4 September 2013.
  42. "HealthIT.gov | the official site for Health IT information". Healthit.hhs.gov. Archived from the original on 11 March 2012. Retrieved 4 September 2013.
  43. Torrieri, Marisa "Dealing with Meaningful Use Attestation Aggravation" Archived 8 January 2012 at the Wayback Machine . Physicians Practice. January 2012.
  44. "Meaningful Use: Stage 2 Regulations Overview" Archived 2012-09-29 at the Wayback Machine Robert Anthony, CMS, 30 August 2012.
  45. "EHR Incentive Program: A Progress Report" Marisa Torrieri, Physicians Practice, September 2012.
  46. Centers for Medicare & Medicaid Services (30 March 2015). "Medicare and Medicaid Programs; Electronic Health Record Incentive Program-Stage 3". The Federal Register.
  47. Bresnick J (23 March 2015). "Breaking Down the Health IT Impacts of Stage 3 Meaningful Use". EHR Intelligence.
  48. Evidence on the costs and benefits of health information technology.
  49. 1 2 Menachemi N, Collum TH (2011). "Benefits and drawbacks of electronic health record systems". Risk Management and Healthcare Policy. 4: 47–55. doi: 10.2147/RMHP.S12985 . PMC   3270933 . PMID   22312227.
  50. Fleming NS, Culler SD, McCorkle R, Becker ER, Ballard DJ (March 2011). "The financial and nonfinancial costs of implementing electronic health records in primary care practices". Health Affairs. 30 (3): 481–9. doi: 10.1377/hlthaff.2010.0768 . PMID   21383367.
  51. 1 2 Miller RH, West C, Brown TM, Sim I, Ganchoff C (2005). "The value of electronic health records in solo or small group practices". Health Affairs. 24 (5): 1127–37. doi: 10.1377/hlthaff.24.5.1127 . PMID   16162555.
  52. Wang SJ, Middleton B, Prosser LA, Bardon CG, Spurr CD, Carchidi PJ, Kittler AF, Goldszer RC, Fairchild DG, Sussman AJ, Kuperman GJ, Bates DW (April 2003). "A cost-benefit analysis of electronic medical records in primary care". The American Journal of Medicine. 114 (5): 397–403. CiteSeerX   10.1.1.649.8226 . doi:10.1016/S0002-9343(03)00057-3. PMID   12714130.
  53. "A State Policy Approach: Promoting Health Information Technology in California". California Legislative Analyst Office. February 2007.
  54. Parish C (2006). "Edging towards a brave new IT world". Nursing Standard. 20 (27): 15–6. doi:10.7748/ns.20.27.15.s22. PMID   16566331.
  55. "What is EHR or EMR? | EHR VS EMR | Explained Everything". www.curemd.com. Retrieved 2023-05-17.
  56. Defining and Testing EMR Usability. Healthcare Information and Management Systems Society, June 2009. Archived 2012-03-22 at the Wayback Machine
  57. "U.S. Medicine – The Voice of Federal Medicine, May 2009.". Archived from the original on 2011-10-07. Retrieved 2018-10-14.
  58. "Interoperability in EHR: the medical mine". Medical Economics.
  59. Kobb E, Sauser K (2014). Electronic Health Records (PDF). RAND. Archived (PDF) from the original on March 22, 2016. Retrieved March 7, 2016.
  60. Caldwell, Patrick (October 2015). "EPIC FAIL. Digitizing America's medical records was supposed to help patients and save money. Why hasn't that happened?". Mother Jones. Archived from the original on September 7, 2017. Retrieved September 6, 2017.
  61. "Moving Past the EHR Interoperability Blame Game - NEJM Catalyst". NEJM Catalyst. 2017-07-18. Retrieved 2018-11-25.
  62. "NDAA Image Exchange". United States Department of Veterans Affairs. 3 March 2009. Archived from the original on 24 October 2009. Retrieved 4 March 2010.
  63. "CHDR". United States Department of Veterans Affairs. 3 March 2009. Archived from the original on 24 October 2009. Retrieved 4 March 2010.
  64. "LDSI". United States Department of Veterans Affairs. 3 March 2009. Archived from the original on 24 October 2009. Retrieved 4 March 2010.
  65. Traynor K (November 2008). "National health information network passes live test". American Journal of Health-System Pharmacy. 65 (22): 2086–7. doi:10.2146/news080090. PMID   18997131.
  66. Mearian L (6 January 2010). "VA, Kaiser Permanente launch e-health records exchange". Computerworld. ISSN   0010-4841 . Retrieved 31 October 2011.
  67. "What is CONNECT?". CONNECT Community Portal. U.S. Department of Health and Human Services. Retrieved 4 March 2010.
  68. "Federal Health Architecture" (PDF). Federal Health Architecture. healthit.gov. Retrieved June 27, 2016.
  69. "Rural Practice Redesigns Care Processes To Allow Multidisciplinary Teams To Leverage Electronic Health Record, Leading to Better Screening of Medically Underserved". Agency for Healthcare Research and Quality. 2013-05-22. Retrieved 22 May 2013.
  70. "Breaches Affecting 500 or More Individuals". Hhs.gov. Archived from the original on 29 August 2013. Retrieved 4 September 2013.
  71. "Year closes on a note of breach shame | IT Everything, the healthcare IT blog by Modern Healthcare's Joe Conn". Modernhealthcare.com. 2011-12-22. Retrieved 4 September 2013.
  72. Health & Medicine (26 June 2006). "At risk of exposure: In the push for electronic medical records, concern is growing about how well privacy can be safeguarded". Los Angeles Times. Archived from the original on 16 May 2008. Retrieved 8 August 2006.
  73. "FBI seeks stolen personal data on 26 million vets". CNN.com. 23 May 2006. Retrieved 30 July 2006.
  74. Wafa T (2010). "How the Lack of Prescriptive Technical Granularity in HIPAA Has Compromised Patient Privacy". Northern Illinois University Law Review. 30 (3). SSRN   1547425.
  75. US Code of Federal Regulations, Title45, Volume 1 (Revised 1 October 2005): of Individually Identifiable Health Information (45CFR164.501). Retrieved 30 July 2006.
  76. "Health Information Privacy". U.S. Department of Health & Human Services. 2008-05-07. Retrieved 28 March 2013.
  77. Summary of the HIPAA Privacy Rule
  78. "Privacy Rights Clearinghouse's Chronology of Data Security Breaches". Archived from the original on 2016-09-13. Retrieved 2018-10-14.
  79. 1 2 Pear R (18 February 2007). "Warnings Over Privacy of U.S. Health Network". The New York Times .
  80. Appel JM (30 December 2008). "Why shared medical database is wrong prescription". Orlando Sentinel .
  81. 1 2 Nulan C (2001). "HIPAA—a real world perspective". Radiology Management. 23 (2): 29–37, quiz 38–40. PMID   11302064.
  82. Francis T (28 December 2006). "Spread of records stirs fears of privacy erosion". The Wall Street Journal.
  83. "Pittsburgh Post-Gazette". Post-gazette.com. 1969-12-31. Archived from the original on 19 January 2012. Retrieved 4 September 2013.
  84. Holmes A (6 September 2013). "NSA Code Cracking Puts Google, Yahoo Security Under Fire" . Retrieved 14 May 2014.
  85. "UCLA Health Says 4.5M May Be Affected In Data Breach". npr.
  86. Koczkodaj WW, Mazurek M, Strzałka D, Wolny-Dominiak A, Woodbury-Smith M (2018). "Electronic Health Record Breaches as Social Indicators". Social Indicators Research. 141 (2): 861–871. doi:10.1007/s11205-018-1837-z. S2CID   148750993.
  87. U.S.Department of Health & Human Services and U.S. Departments of Justice Letter
  88. Umbdenstock R. "Letter addressed to Secretary Sebelius and Attorney General Holder" (PDF). American Hospital Association. Archived from the original (PDF) on 12 March 2016.
  89. Levinson DR (December 2013). "Not all Recommended Fraud Safeguards have been Implemented in Hospital EHR Technology" (PDF).
  90. Hirsch, Marla Durben (1 February 2014). "OIG's 2014 work plan steps up scrutiny of EHRs". Fierce Health Care.
  91. "Privacy Rights Clearinghouse's Chronology of Data Security Breaches involving Medical Information". Archived from the original on 2016-09-13. Retrieved 2018-10-14.
  92. "HIPAA Basics: Medical Privacy in the Electronic Age from the Privacy Rights Clearinghouse www.privacyrights.org". Archived from the original on 2012-10-27. Retrieved 2018-10-14.
  93. Stevens G (2012). "Data Security Breach Notification Laws" (PDF). Federation of American Scientists. p. 3. Retrieved 30 September 2014.
  94. Department of Health and Human Services Breach Notification for Unsecured Protected Health Information
  95. "In EMR Market Share Wars, Epic and Cerner Triumph Yet Again | HealthLeaders Media". www.healthleadersmedia.com. Retrieved 2019-08-06.
  96. "Epic, Cerner Continue to Dominate U.S. Hospital EHR Market, KLAS Finds". Healthcare Innovation. May 2019. Retrieved 2019-08-06.
  97. "Acute care physicians happiest with Epic EHR, but eClinicalWorks and athenahealth score big in ambulatory settings". Healthcare IT News. 2018-01-09. Retrieved 2019-08-06.
  98. EHRIntelligence (2018-03-02). "Epic, athenahealth Most Effectively Enable EHR Interoperability". EHRIntelligence. Retrieved 2019-08-06.
  99. 1 2 "KLAS report shows a lot is riding on upcoming Carequality, CommonWell partnership". FierceHealthcare. Retrieved 2019-08-06.
  100. "Amazon, Cerner team up on AI, machine learning". Healthcare Dive. Retrieved 2019-08-06.
  101. Smaltz, Detlev and Eta Berner. The Executive's Guide to Electronic Health Records. (2007, Health Administration Press) p.03
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.