Free Hospital EMR and EHR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to Hospital EMR and EHR for FREE!

The Disconnect Between Patient Experience and Records Requests – HIM Scene

Posted on April 19, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

This post is part of the HIM Series of blog posts. If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.

This week I met with one of the digital marketing team at a children’s hospital. We had a great conversation about the hospital website and the way the hospital’s website represented the organization to the patient. Plus, we talked about how patients choose to interact with the hospital through their website. There are a wide variety of patient requests through the website, but one of those requests was a request for their patient record.

It wasn’t really a surprise that this digital marketer didn’t really know the details of what’s required for a patient to make an appropriate medical record request from his hospital. In his defense, he didn’t usually answer the questions, but just created the website that collected the questions. However, it was quite clear that the workflow for any medical records request was to send it to their HIM department and let them figure it out.

Most organization then have their HIM staff play phone tag with the patient to explain how to make a proper records request which will allow them to release the information to the patient. The progressive organizations might send the patient an email. However, many of them will then ask the patient to mail, drop off or fax in the official records request. If this sounds painful, I can assure you that it’s as painful as it sounds.

This illustrates the massive disconnect between creating a great patient experience and most organization’s current records request process. Please note that I’m not blaming the digital team at hospitals for the issue and I’m not blaming the HIM people for this problem. I’m blaming the disconnect between the two organizations because the only way to solve this problem is to have both organizations involved.

The best patient experience would actually be for the patient to go to their patient portal and download their whole record. Maybe we’ll get their one day, but there are hundreds of systems in a hospital where a patient’s data is stored. So, it’s going to take a while for us to reach the point where a patient can self-service their data requests.

Since I’m not holding my breath on this amount of data sharing happening between disparate systems, I’m more interested in making the current processes so it’s a seamless experience for the patient. If you can model a medical records request on paper, then you can do it digitally. To their credit, I’ve seen a few organizations working on this. In fact, their system is part education about records requests and part getting the information that’s needed to fulfill a records request.

It’s time that HIM and a hospital’s digital and tech teams come together to make the process for requesting records a seamless patient experience. And if you think using a fax machine is a seamless experience for patients, then you’re part of the problem.

If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.

An Approach For Privacy – Protecting Big Data

Posted on February 6, 2017 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

There’s little doubt that the healthcare industry is zeroing in on some important discoveries as providers and researchers mine collections of clinical and research data. Big data does come with some risks, however, with some observers fearing that aggregated and shared information may breach patient privacy. However, at least one study suggests that patients can be protected without interrupting data collection.

In what it calls a first, a new study appearing in the Journal of the American Medical Informatics Association has demonstrated that protecting the privacy of patients can be done without too much fuss, even when the patient data is pulled into big data stores used for research.

According to the study, a single patient anonymization algorithm can offer a standard level of privacy protection across multiple institutions, even when they are sharing clinical data back and forth. Researchers say that larger clinical datasets can protect patient anonymity without generalizing or suppressing data in a manner which would undermine its use.

To conduct the study, researchers set a privacy adversary out to beat the system. This adversary, who had collected patient diagnoses from a single unspecified clinic visit, was asked to match them to a record in a de-identified research dataset known to include the patient. To conduct the study, researchers used data from Vanderbilt University Medical Center, Northwestern Memorial Hospital in Chicago and Marshfield Clinic.

The researchers knew that according to prior studies, the more data associated with each de-identified record, and the more complex and diverse the patient’s problems, the more likely it was that their information would stick out from the crowd. And that would typically force managers to generalize or suppress data to protect patient anonymity.

In this case, the team hoped to find out how much generalization and suppression would be necessary to protect identities found within the three institutions’ data, and after, whether the protected data would ultimately be of any use to future researchers.

The team processed relatively small datasets from each institution representing patients in a multi-site genotype-disease association study; larger datasets to represent patients in the three institutions’ bank of de-identified DNA samples; and large sets which stood in for each’s EMR population.

Using the algorithm they developed, the team found that most of the data’s value was preserved despite the occasional need for generalization and suppression. On average, 12.8% of diagnosis codes needed generalization; the medium-sized biobank models saw only 4% of codes needing generalization; and among the large databases representing EMR populations, only 0.4% needed generalization and no codes required suppression.

More work like this is clearly needed as the demand for large-scale clinical, genomic and transactional datasets grows. But in the meantime, this seems to be good news for budding big data research efforts.

Are Security Certifications Needed to Simplify the Acquisition Process?

Posted on January 20, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’m generally someone who hates certifications. However, I hate them because they’re often implemented poorly and easily gamed. When they’re implemented effectively, they can be extremely helpful. Think about all the safety certifications that electronics have you go through. I’m sure they’ve saved our lives and saved our houses getting burnt down many times over.

I’ve wondered if a security certification would be useful for healthcare IT applications. Certainly it wouldn’t be perfect (security never is), but it could serve as a baseline security check that would help healthcare organizations with their acquisition process.

The reality is that many organizations don’t properly vet the healthcare IT applications they purchase for security. They aren’t consistent and they have limited resources. A security certification in theory would spread the costs of certifying a healthcare application’s security across a large number of organizations and thus save everyone money.

The key to this certification is not to have it as a kind of pass/fail certification. Sure, you want to say that it meets a certain standard of security, but more importantly it would also create a report on what type of security was implemented for that software.

Take encryption for example. Every healthcare organization looks for encryption. A security certification could ensure that the software system has implemented certification appropriately and also describe how the encryption was implemented. Is it end to end security encryption. Do they encrypt the data at rest? What about encryption of the data being stored on the customer’s device? etc etc etc

One challenge with this idea is that CIOs, health IT companies, and other technology professionals can become over reliant on certifications. It would have to be clear that the security certification was just a baseline and not a 100% foolproof way to secure your IT software. This is a challenge since health IT sales reps are going to position a security certification as such. It would take some effective marketing for people to know that the security certification could save them time in their security analysis of a new health IT software purchase, but wasn’t the end all be all.

I imagine some people would argue that this type of certification and details about how an organization or software company implements their security would be a treasure trove for hackers. Certainly you’d have to be careful with what you share and how you share it. However, most of the details are things that a good hacker could figure out anyway.

As it is today, health IT companies just say they’re HIPAA compliant (whatever that means) and many healthcare CIOs are floundering with limited resources for evaluating the security of the applications they buy. A security certification could help them make some headway on this I think.

Done the right way, a security certification could help set a new bar for how vendors approach security. That could be a very good thing. Of course, if not updated regularly and effectively, it could also require a bunch of hoop jumping that doesn’t provide real value. It’s a tricky challenge.

HIM’s Role in Healthcare Security and Privacy – HIM Scene

Posted on November 30, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

This post is part of the HIM Series of blog posts. If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.

One of my go-to experts on healthcare privacy and security is Mac McMillan, CEO and Co-Founder of CynergisTek. He’s built a really great company that focuses on privacy and security in healthcare and he’s a true expert.

While at AHIMA 2016, I talked with Mac about the role that HIM plays in healthcare privacy and security. We also talk about where healthcare privacy is heading and which part of healthcare privacy and security doesn’t get enough attention. I also asked Mac to make a big 20 year prediction on what will happen with privacy and security in healthcare.

Check out our interview with Mac McMillan, CEO and Co-Founder of CynergisTek:

We shot a number of other videos at AHIMA 2016 which we’ll be posting shortly. If you enjoyed this video, be sure to Subscribe to Healthcare Scene on YouTube and watch our full archive of Healthcare Scene interviews.

If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.

E-Patient Update: Hospitals Should Share Ransomware Updates

Posted on October 14, 2016 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

A few weeks ago, a California hospital quietly fended off a ransomware attack without paying a ransom to the attackers. According to Health Leaders Media, Keck Medical Center of USC was hit with a ransomware assault on servers at two hospitals, but managed to fix the problem and retrieve its data.

Employees at Keck Hospital of USC and Norris Comprehensive Cancer Care found ransomware on two servers on August 1, said Keck Hospitals CEO Rod Hanners in a statement on the matter. The attack encrypted files on the servers, which made their data unavailable to hospital employees. However, Hanners reported, the hospitals had no evidence of a breach of patient information.

Still, given that some sensitive information was contained in folders encrypted by the malware, USC notified patients about the breach, Health Leaders reports. Data that could (at least theoretically) have been accessed by the attackers included names and dates of birth, health information such as treatment and diagnosis information and some Social Security numbers.

If what I’ve read is accurate, the crew at Keck did a great job. They got things under control very quickly, and chose to do the right thing in notifying patients about the breach. (And in all truth, the attack might not have been much of a big deal — perhaps one launched by a script kiddie using Ransomware as a Service tools — which could explain why the hospitals seem to be relatively unruffled.) Still, my feeling is that they could have communicated more.

A patient’s perspective

As I ponder the events above, I do wonder whether the professionals managing this particular ransomware attack understand what it’s like to be on the receiving end of a ransomware episode. So here’s a few things to consider from a patient’s perspective:

  • Ransomware is scary: While I’m healthcare technology writer and somewhat familiar with ransomware attacks, they are still new to most of the public. They may turn out to be just another infection vector for your network, but they come across as a dark force to consumers. Be prepared to educate and calm us.
  • People don’t know what to expect: I was due to have a cardiac procedure done by a doctor affiliated with Washington, D.C.-based MedStar Health a couple of weeks after it suffered a ransomware attack. While the news media made it clear that the hospital chain was paralyzed for a time, nobody bothered to tell me what the impact of this paralysis would be. It would have been better if MedStar facilities and doctors reached out to patients in immediate and near-term need of care to clarify.
  • We need progress reports: Clearly, the Keck attack didn’t amount to much, but other ransomware attacks, such as the MedStar incident, can’t be resolved overnight. As patients, we need to know roughly how long our providers may be at less than full capacity. Keep us updated or you’ll lose our trust.

With any luck, healthcare organizations will continue to improve their ability to fight back ransomware attacks, and in time, be prepared to treat them as little more than road bumps in their security efforts. But until then, it makes sense to pull out all the stops and keep patients extra well-informed.

Hospitals Face Security Risks In Expanding Mobile Footprint

Posted on October 3, 2016 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

A new study suggests that hospitals are deeply concerned about their ability to protect patient data and their technology infrastructure from the growing threat of mobile cyberattacks.

The study, by Spyglass Consulting Group, found that 71% of hospitals consider mobile communications to be an increasingly important investment, in part due to the growth of value-based reimbursement and emerging patient- centered care models.

Thirty-eight percent of hospitals surveyed by Spyglass reported having invested in a smartphone-based platform to support these communications, with the deployments averaging 624 devices. Meanwhile, 52% have expanded their deployments beyond clinical messaging support other mobile hospital workers, researchers found.

That being said, 82% of hospitals weren’t sure they could protect these assets, particularly against mobile-focused attacks. Respondents worry that both smartphones and tablets could introduce vulnerabilities into the hospitals network infrastructure through malware, blastware and ransomware attacks. (These concerns are backed up by other Spyglass research, which concludes that 25% of data breaches originate from mobile devices.)

The surveyed hospitals said they were especially concerned about personally-owned mobile devices used by advanced practice nurses and physicians, noting that such devices may lack adequate password protection and may not have security software in place to block attacks.

Also, respondents said, APNs and doctors typically rely on unsecured SMS messaging for clinical communications, which may include protected patient health information. What’s more, respondents noted that these clinicians make heavy use of public Wi-Fi and cellular networks which can be compromised easily, exposing not only their device but also their data and communications to view.

But the hospitals’ fears aren’t limited to clinicians’ personal devices, Spyglass noted. Despite making increased investments in mobile security, hospital respondents said they were also concerned about hospital-owned and managed mobile devices, including those used by nurses, ancillary professionals and nonclinical mobile hospital workers.

“Cybercriminals have become more sophisticated and knowledgeable about the capabilities and vulnerabilities of existing security products, and the strategies and tools used by hospital IT detect potential intrusion,” said Gregg Malkary of Spyglass in a prepared statement.

Still, hospitals have a number of reasons to soldier on and solve these problems. For example, a HIMSS study released in March notes that hospitals feel mobile implementations positively impact their ability to communicate with patients and their ability to deliver a higher standard of care. Not only that, 69% of respondents whose hospitals use mobile-optimized patient portals said that this expanded their capability to send and receive data securely.

The HIMSS study found that 52% of survey respondents used three or more mobile and/or connected health technologies, with 58% mobile-optimized patient portals, 48% apps for patient education and engagement, 37% remote patient monitoring, 34% telehealth, 33% SMS texting, 32% patient-generated health data and 26% concierge telehealth.

In addition, 47% of HIMSS respondents said that their hospitals were looking to expand the number of connected health technologies they used, with another 5% of respondents expecting to become first-time users of at least one of these technologies.

HHS OIG Says Unplanned Hospital EMR Outages Are Fairly Common

Posted on August 24, 2016 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

More than half of U.S. hospitals responding to a new survey reported having unplanned EMR outages, according to a new report issued by the HHS Office of the Inspector General, due to a variety of common but difficult-to-predict technical problems. Some of these outages have merely been inconveniences, but some resulted in patient care problems, the OIG report said.

The agency said that it conducted this study as a follow up to its prior research, which found that both natural disasters and cyberattacks were having a major impact on EMR availability. For example, it noted, hospitals faced substantial health IT availability challenges in the wake of Superstorm Sandy, include damage to HIT systems and problems with access to patient records.

According to the survey, 59% of the hospitals reported having unplanned EMR outages. One-quarter said that the outages created delays in patient care and 15% said that the outage lead to rerouted patient care. Only 1 percent of outages were caused by hacking or breaches.

The most common causes, in order, were topped by hardware malfunctions, followed by Internet connectivity problems, power failures and natural disasters. (For more detail on the root causes of outages, see this great post by my colleague John Lynn.)

It’s worth noting that these hospitals were selected for having their act together to some degree. To conduct the study, researchers spoke with 400 hospitals which were getting Meaningful Use incentive payments for using a certified EMR system in place as of September 2014.

Nearly all of these hospitals reported having a HIPAA-required EMR contingency plan in place. Also, two thirds of the hospitals addressed the four HIPAA requirements reviewed by OIG researchers. Eighty-three percent of surveyed hospitals reported having a data backup plan, 95% had an emergency mode operations mode plan, 95% said they had a disaster recovery plan and 73% said they had testing and revision procedures in place.

Not only that, most of the hospitals contacted by the study were implementing many ONC and NIST-recommended practices for creating EMR contingency plans. Nearly all had implemented practices such as using paper records for backup and putting alternative power sources like generators in place.

Also, most hospitals said that they reviewed their EMR contingency plans regularly to stay current with system or organizational changes, and 88% said they’d reviewed such plans within the previous two years. Most responding hospitals said they regularly trained their staff on EMR outage contingency plans, though just 45% reported training staff through recommended drills on how to address EMR system downtime. And 40% of hospitals that activated contingency plans in the wake of an outage reported that they saw no disruption to patient care or adverse events.

Still, the OIG’s take on this data is that it’s time to better monitor hospitals’ ability to address EMR outages. Now more than ever, the agency would like to see the HHS Office for Civil Rights fully implement a permanent HIPAA compliance program, particularly given the mounting level of cyberattacks endured by the industry. The OIG admitted that HIPAA standards aren’t crafted specifically to address these types of outages, so it’s not clear such monitoring can solve the problem, but the agency would prefer to forge ahead with existing standards given the risks that are emerging.

Managing Health Information to Ensure Patient Safety

Posted on August 17, 2016 I Written By

Erin Head is the Director of Health Information Management (HIM) and Quality for an acute care hospital in Titusville, FL. She is a renowned speaker on a variety of healthcare and social media topics and currently serves as CCHIIM Commissioner for AHIMA. She is heavily involved in many HIM and HIT initiatives such as information governance, health data analytics, and ICD-10 advocacy. She is active on social media on Twitter @ErinHead_HIM and LinkedIn. Subscribe to Erin's latest HIM Scene posts here.

This post is part of the HIM Series of blog posts. If you’d like to receive future HIM posts by Erin in your inbox, you can subscribe to future HIM Scene posts here.

Electronic Medical Records (EMRs) have been a great addition to healthcare organizations and I know many would agree that some tasks have been significantly improved from paper to electronic. Others may still be cautious with EMRs due to the potential patient safety concerns that EMRs bring to light.

The Joint Commission expects healthcare organizations to engage in the latest health information technologies but we must do so safely and appropriately. In 2008, The Joint Commission released Sentinel Event Alert Issue 42 which advised organizations to be mindful of the patient safety risks that can result from “converging technologies”.

The electronic technologies we use to gather patient data could pose potential threats and adverse events. Some of these threats include the use of computerized physician order entry (CPOE), information security, incorrect documentation, and clinical decision support (CDS).  Sentinel Event Alert Issue 54 in 2015 again addressed the safety risks of EMRs and the expectation that healthcare organizations will safely implement health information technology.

Having incorrect data in the EMR poses serious patient safety risks that are preventable which is why The Joint Commission has put this emphasis on safely using the technology. We will not be able to blame patient safety errors on the EMR when questioned by surveyors, especially when they could have been prevented.

Ensuring medical record integrity has always been the objective of HIM departments. HIM professionals’ role in preventing errors and adverse events has been apparent from the start of EMR implementations. HIM professionals should monitor and develop methods to prevent issues in the following areas, to name a few:

Copy and paste

Ensure policies are in place to address copy and paste. Records can contain repeated documentation from day to day which could have been documented in error or is no longer current. Preventing and governing the use of copy and paste will prevent many adverse issues with conflicting or erroneous documentation.

Dictation/Transcription errors

Dictation software tools are becoming more intelligent and many organizations are utilizing front end speech recognition to complete EMR documentation. With traditional transcription, we have seen anomalies remaining in the record due to poor dictation quality and uncorrected errors. With front end speech recognition, providers are expected to review and correct their own dictations which presents similar issues if incorrect documentation is left in the record.

Information Security

The data that is captured in the EMR must be kept secure and available when needed. We must ensure the data remains functional and accessible to the correct users and not accessible by those without the need to know. Cybersecurity breaches are a serious threat to electronic data including those within the EMR and surrounding applications.

Downtime

Organizations must be ready to function if there is a planned or unexpected downtime of systems. Proper planning includes maintaining a master list of forms and order-sets that will be called upon in the case of a downtime to ensure documentation is captured appropriately. Historical information should be maintained in a format that will allow access during a downtime making sure users are able to provide uninterrupted care for patients.

Ongoing EMR maintenance

As we continue to enhance and optimize EMRs, we must take into consideration all of the potential downstream effects of each change and how these changes will affect the integrity of the record. HIM professionals need prior notification of upcoming changes and adequate time to test the new functionality. No changes should be made to an EMR without all of the key stakeholders reviewing and approving the changes downstream implications. The Joint Commission claims, “as health IT adoption becomes more widespread, the potential for health IT-related patient harm may increase.”

If you’d like to receive future HIM posts by Erin in your inbox, you can subscribe to future HIM Scene posts here.

The Cost of Encouraging Patient Engagement

Posted on June 15, 2016 I Written By

Erin Head is the Director of Health Information Management (HIM) and Quality for an acute care hospital in Titusville, FL. She is a renowned speaker on a variety of healthcare and social media topics and currently serves as CCHIIM Commissioner for AHIMA. She is heavily involved in many HIM and HIT initiatives such as information governance, health data analytics, and ICD-10 advocacy. She is active on social media on Twitter @ErinHead_HIM and LinkedIn. Subscribe to Erin's latest HIM Scene posts here.

We all know that healthcare providers want to encourage patient engagement to ensure patients have the information they need to manage conditions and share information with other providers. There has been a longstanding push for the adoption and maintenance of personal health records for many years to give patients the power to share and disseminate information wherever it is needed. We have seen a remarkable new interest in this with Meaningful Use and population health initiatives. Since HIM professionals are charged with maintaining and producing legal copies of records, we are aware that the tasks surrounding these processes can be very expensive. This is especially true if any of the tasks are not handled properly and breaches of protected information occur.

My concern is that lately I have heard many discussions that are pushing for more access yet with fewer costs to patients to encourage patient engagement. Some are even pushing for patients to have “free” access to records- paper or electronic. Don’t get me wrong, I am a huge proponent for patients having copies of their records and I personally keep copies of my own records. The Office of Civil Rights (OCR) recently published further guidance on charging for records. In a nutshell, the OCR says: “copying fees should be reasonable. They may include the cost of labor for creating and delivering electronic or paper copies; the cost of supplies, including paper and portable media such as CDs or USB drives; and the cost of postage when copies of records are mailed to patients at their request.” The OCR actually has the authority to audit the costs of producing records if they feel your organization is violating this patient right and overcharging for release of information.

Living in a state such as Florida where the state law has allowed facilities to charge up to $1 per page means most facilities have charged $1 per page without blinking an eye. The latest OCR guidance has led to questioning if that amount is actually “reasonable” or true to cost. Afterall, HIM professionals must use expensive systems, supplies, and labor costs to produce these records. Many organizations have outsourced release of information functions (another cost) but it is still the responsibility of the custodian of records to oversee the processes for compliance.

That being said, it is beneficial for HIM departments to evaluate the expenses and methods used to produce records as technologies and laws change. Dr. Karen Desalvo of the Office of the National Coordinator (ONC) strives to lead the EMR interoperability movement. At the top of the ONC’s list of commitments is consumer access to records. HIM professionals should continue to assist in the quest for interoperability and electronic data sharing at the notion of patient engagement. We must lead patients to use EMR patient portals and facilitate the efficient electronic data sharing among healthcare providers. We must be creative in lowering overhead costs to produce and maintain the records in order to ensure costs are affordable for healthcare consumers. There will always be costs associated with this important task, whether on the provider’s end or the patient’s end, just as costs are incurred with most services or products in every industry.

If you’d like to receive future HIM posts by Erin in your inbox, you can subscribe to future HIM Scene posts here.

Making the Case for a Unique Patient Identifier – #MyHealthID

Posted on April 13, 2016 I Written By

Erin Head is the Director of Health Information Management (HIM) and Quality for an acute care hospital in Titusville, FL. She is a renowned speaker on a variety of healthcare and social media topics and currently serves as CCHIIM Commissioner for AHIMA. She is heavily involved in many HIM and HIT initiatives such as information governance, health data analytics, and ICD-10 advocacy. She is active on social media on Twitter @ErinHead_HIM and LinkedIn. Subscribe to Erin's latest HIM Scene posts here.

Healthcare is a high priority for the US Government and as HIM professionals, we know the importance of keeping our fingers on the pulse of issues facing our nation. We must stay current with proposed regulatory changes and those that address the needs of the US healthcare system as they relate to HIM, privacy and security, and Health IT. One issue our nation has struggled with is secure universal identification for citizens. Social security numbers were not originally meant to be secure identifiers yet they have controversially been used as unique identifiers by Centers for Medicare and Medicaid Services (CMS) for many years.

In our line of work, we see all of the potential negative implications and the important role that patient identification plays in patient safety, HIPAA compliance, and health record accuracy. When patients are not appropriately identified throughout the continuum of care, many issues arise that can lead to misdiagnosing, incomplete information, unnecessary testing, and fraud to name a few. Duplicates and overlays are far too common due to issues matching patient names and dates of birth versus using a universal secure identifier. Sharing information through health information exchange is nearly impossible when patients are registered in multiple systems with different spellings or misidentification.

The HITECH act of 2009 laid the ground work for the Department of Health and Human Services (HHS) to standardize unique health identifiers among other tasks but we have yet to see any real progress on this subject due to federal budget barriers. In response to this, AHIMA sees this as a critical need and has started a petition to the White House to:

“Remove the federal budget ban that prohibits the U.S. Department of Health and Human Services (HHS) from participating in efforts to find a patient identification solution. We support a voluntary patient safety identifier. Accurate patient identification is critical in providing safe care, but the sharing of electronic health information is being compromised because of patient identification issues. Let’s start the conversation and find a solution.”

The campaign is called MyHealthID and looks to have 100,000 signatures on the petition to garner the attention of the US Government. HIM professionals recently took to Washington, DC to visit with Congressmen and Senators from each state to advocate for MyHealthID. The message that “there’s only one you,” hopes to resonate with politicians and make the case that a unique patient identifier is necessary and important to healthcare.

I encourage all healthcare professionals to sign this petition and assist the advocacy efforts toward a unique patient identifier. MyHealthID will not only help with HIM and Health IT initiatives; it will be in the best interest of healthcare consumers nationwide.

If you’d like to receive future HIM posts by Erin in your inbox, you can subscribe to future HIM Scene posts here.