While the HIMSS EHRA's new Code of Conduct already has been heralded by the EHR vendor industry, I can't help but be a little cynical.
I read with great interest my colleague Greg Slabodkin's thought-provoking commentary this week about electronic health records and mobile technology. Slabodkin, the editor of FierceMobileHealthcare, noted both the "meteoritic" rise in demand for mobile device EHR applications by physicians and the fact that use of mobile technology could make users more satisfied with their EHRs.
A commenter quickly reacted to express concern that mobile EHR applications, while convenient, are particularly vulnerable to security breaches.
This is true. And that concept has not escaped the government.
I must admit, I was surprised when I read that Massachusetts's healthcare law, passed last summer, includes a provision that requires physicians to demonstrate a "proficiency" in the use of EHRs, electronic prescribing, computerized physician order entry and other forms of health IT as a condition of licensure. This law goes far beyond the federal HITECH Act and Meaningful Use program. HITECH will impose financial penalties on physicians who don't meaningfully use electronic health records by 2015. In Massachusetts, physicians who don't meaningful use their EHRs by then will lose their licenses to practice their livelihood.
That's a big difference.
One of the overarching themes of this year's annual health information data security conference, "Safeguarding Health Information: Building Assurance through HIPAA Security"--jointly hosted this week by the National Institutes of Standards and Technology and the U.S. Department of Health & Human Services Office for Civil Rights--was the issue of patient trust. Patients, however, have good reason to be skeptical about their information remaining secure.
True to its word, the Office of the National Coordinator for Health IT is moving at full steam to provide governance support to health information organizations (HIOs) to spur the industry to widespread electronic data exchange. ONC has formed a governance framework with business, trust and other principles to create a "common foundation" for all types of health information exchange governance models. Still, I wonder if this decision ultimately may come back to haunt the industry.
While several articles have been written about talking points made by healthcare industry speakers at last week's "listening session" hosted by the Centers for Medicare & Medicaid Services and the Office of the National Coordinator, what federal officials said appears to be flying under the radar.
I read with dismay last week's article by well known Washington Post business columnist Michelle Singletary, who questioned whether several hospital employees should have been fired by a hospital in New Zealand for inappropriately accessing the hospital's electronic health record to view the information of a patient with a "titillating" medical emergency, and then sharing the records with the public and media.
The Boston hospitals that have been treating the hundreds of victims of the horrific Boston marathon bombings this week have done a terrific job. They, in turn, have credited technology in helping them communicate to staff, volunteers and the public. I presume that these hospitals also have good electronic health record systems that they can rely on. But I can't help but wonder: wouldn't their work have been enhanced even further and their jobs made easier if the nation was further along in health IT and interoperability?
Many EHR vendors, as well as related software vendors, won't accept the fact that they meet the definition of "business associate" under the new HIPAA omnibus rule, according to nurse attorney Randi Kopf in Rockville, Md., who specializes in health IT law on behalf of providers, mainly physicians.