As a former computer science major, turned psychologist, I have found myself frequently troubled by misunderstandings regarding the realities, capabilities, and actual limitations of computer technology. These misunderstandings seem to undergird at least some of our community conversations regarding Electronic Health Records.
The complete text is rather long. I have put in bold some of what I think are the highlights of my points of clarification. Please do not interpret the bold as “speaking loudly” and rather as hoping to create the Cliff notes (oh my, I think I might have dated myself)
- Nothing is stored on the Internet. The Internet is simply a collection of electronic highways that allow communication between virtual addresses (aka electronic addresses). Similarly, our highway system provides access to a broad range of physical addresses (e.g., houses, business).
There are totally public addresses on the Internet – www.cpwmn.com – for example. Here at CPW, we want people to find us, learn about us, and come to us when they need help. As such we make our address accessible to a broad audience.There are also password-protected addresses – bank accounts for example. If one has an online bank account, wherever one can access the Internet he or she can locate the public address for the bank. After locating the public address, one enters the password-protected aspect that contains her or his personal bank account information.
The same is true for electronic health records. They are not stored on the Internet. They are stored on a server with a particular address. That address might be unique to your computer and therefore accessible only when you are physically able to log on to your computer. Or the address might be accessible from the Internet – which means you can access it from a broad range of locations (like with on-line banking) however it is password protected. As such, given secure passwords, others are not able to access this information.
- We all work with data that is consistent with the concept of interoperability. Interoperability simply means information that is coded and transmitted in a specific format that allows another computer system to easily read and understand it. Any of us that file claims using an electronic filing service use interoperable data. In particular, if you want your claim paid, you must submit your diagnosis code using ICD 9 (soon to be ICD 10). You also must use certain CPT codes.
The use of this standardized (or interoperable) data eliminates the possibility of insurance companies receiving all of the following data points for the same actual diagnosis – BPD, Borderline, Borderline Personality Disorder. Certainly any or all of us might, or have, used these common abbreviations for this same diagnosis in our handwritten notes. The advent of computers has meant that to reliably interpret data, consistent data must be inputted. This is fundamentally the notion of interoperability.
The technology and reality of interoperability is not new, the new question is what, if anything within an electronic health record for mental health should be deemed interoperable.
- We also already “push” electronic data. Again if you use an electronic billing service you “push” information about your claim (mostly through a clearinghouse) to the insurance company. This information is standardized and in a particular format (interoperable) and then you receive payment. If it is not standardized, you do not receive payment. Again, the technology and reality of “pushing” data is not new, the question is whether or not there is data that we want to be able to easily push to other providers. This is related to the question of interoperable in that we cannot easily push data that is not readable by other systems. The submission of electronic claims is again an excellent case in point that illustrates the reality of “pushing” data. For now, I won’t stray into the conversation about pulling.
- HIPAA already allows the broad exchange of information within healthcare systems to support treatment and referral. When my brother was receiving care for his diabetes within a large health care system here in Minnesota, he was often referred between different providers and specialists within that system. There were never any releases of information signed for records that were transmitted (and by transmitted I mean carried by hand) within the system. I know this for a fact because I was his health care agent and power of attorney. As such, I was intimately involved with the day-to-day details of his health care. Within the same health care system, HIPPAA allows, supports, and encourages the sharing of health information among providers. The advent of EHR’s simply alters the format in which this information is stored and the process for sharing the information. In other words instead of me having to carry the referral paperwork by hand, it would be accessible (transmitted) electronically.
Even with HIPAA, health care treatment that is outside of a particular system must still be exchanged only with the permission of the client/patient. So when my brother went to the local podiatrist because the podiatrist who worked for the system he was in practiced in the clinic in the neighboring town he (or I) had to sign a release of information for those records to be released to his primary care provider. However, once that release was signed, and the records were sent via US mail, they became part of his record within his primary system and could be shared with other providers within the system.The use of an EHR does not increase the sharing of information. This increased accessibility of information within treatment systems arrived with HIPAA. An EHR simply changes the format in which the information is stored and potentially transmitted.
- Privacy issues are not new. Any of us who have managed or owned a clinic have no doubt dealt with a breach in client confidentiality – a file left out, a fax machine in an unsecure location, a computer left on. For sure electronic health records have their own set of risks. Some perceive these risks as “riskier” than paper records and some do not. As providers, it is incumbent upon us to take the steps necessary to maintain client confidentiality – lock file cabinets, secure faxes, password protect computers with strong passwords, etc. However, I believe it is inaccurate to suggest that electronic health records are insecure and paper records are secure – there are risks for each format in which we store our clients’ personal information.
I hope that this helps to clarify some issues related to the technology regarding EHR so that we can all make choices based on the real challenges, opportunities, risks, and rewards of technology.
Jean Chagnon, Ph.D., L.P., is in private practice at Counseling Psychologists of Woodbury (http://www.cpwmn.com).