Thursday, April 01, 2010

Electronic Health Records - pick your regulator

How can I grow my sphere of influence, and therefore my budget? Is that what some government agencies are thinking when it comes to electronic health records (sometimes referred to as EHR) in the US? I agree that it is important that there is oversight to ensure that individual health information is protected -- without it, we could end up in a free-for-all of litigation and hurried legislation. Though as an over-simplification, its not like the storage of a person's health data is not already electronic in major hospitals, or that they can't share information between them, electronic or otherwise. The e-health records debate seems to think it is blazing new ground, when really it seems there is a large foundation to start with.

Anthony Guerra on InformationWeek Healthcare discusses some of the issues and the challenges around bringing in an agency such as the FDA. I should avoid the politics, and instead focus at the key issues that need to be covered:

  • Setting standards for privacy and security of health information
  • Providing a control framework around the different transactions and business processes related to health data
  • Setting standards for availability of data (including disaster recovery, business continuity and even escrow scenarios), to ensure 100,000 health records don't just go 'offline'
  • Identifying and enforcing the quality of information, and highlighting substandard information for future clean-up, or at least careful scrutiny at the time of use
  • Providing a way to identify the experience and expertise of doctors adding information to a file, to enable the validity of data to be easily identified
  • Developing a framework for better sharing of only relevant information with different consumers
  • Enabling anonymous data mining by researchers
  • Setting boundaries for insurer access to information, especially in organizations where insurance and delivery of health services fall under a single corporate umbrella
  • Managing the certification of systems
  • Handling issues and failures in controls and security

The reality of the situation is that there is much more to electronic health records than just privacy and security. Once records are available, the many transactions and processes associated with them, some old (create a new patient, add an event to the history) and some new (handle a request for access to information, transfer custody of records to another organization), will start to fall under the same banner. It is a times like this that the FDA, with its history of managing the processes and controls of drug approvals, can offer some good background. There are times when other organizations are more used to working in the actual environment of health care providers.

There are challenges around formalizing the new 21st century approach to health records, but I wonder how long we should see the Office of the National Coordinator for Health IT (ONC), FDA Centers for Medicare and Medicaid Services (CMS) and others getting dragged in and out of the frame for being the 'regulator'. What is needed is someone who can coordinate the formulation of best practices from inside and outside the industry into a meaningful and less than 600 page definition that can be followed by software vendors, systems integrators and health information consumers alike. Then we can decide who should police it.

A post from the Improving It blog

Let us help you improve your business today. Visit

No comments: