Optimally, EHRs help to streamline the U.S. health care system. But in practice, the requirement has resulted in disruption in the health care system, altering everything from the partnerships within health care to the computerized records that each doctor must maintain. Massive amounts of sensitive data have resulted in severe management issues for health care systems.
Records management has long been health care's role
Health care providers acting as data stewards or controllers is nothing new. Medical records have long been stored either in traditional written patient treatment notes or as electronic files. Billing records, for instance, have been digitized for decades, and these records often contain at least some information about treatment that could be deemed confidential. The significant change that a push for the universal use of EHRs brings is the inherent risk of coordinating these records and patient portals. Now more than ever, health care providers have to incorporate IT into their records management – dealing with threats, planning for growth and ensuring proper access to data.
Data compromise is a threat to providers and patients
There are many threats posed to organizations that store and transfer large amounts of data. Some of these threats would affect written records all the same – such as natural disasters or power outages – while others come from bad actors seeking to compromise data for a variety of reasons. So the obvious question, then, is: are EHRs safe?
No data is completely impervious to hackers. For example, a 2016 data breach resulted in the encryption of all electronic records of a Los Angeles hospital. This ransomware cyberattack followed a common hacker protocol. The hacker accessed the data through a link or email attachment that someone on the network clicked, then locked the hospital out of the data. The key to the encryption was offered in exchange for a ransom. Unlike other, similar cyberattacks, where the hacker requested a nominal amount such as $500, the ransom for this breach was $3.6 million. The hospital resorted to handling all records the old-fashioned way, which considerably disrupted their care and operations.
To ensure that such potentially debilitating threats are mitigated, health care informatics must be supported by industry-leading network security that is adaptive and frequently updated. All transmitted patient data should be encrypted; while not required by HIPAA, it is recommended. Patient portals should have strong password protection, such as two-factor authentication, in order to protect patient data from falling into the wrong hands.
It is essential, too, to understand that risks are not limited to malicious threats. Security breaches can also occur within an organization. To prevent this, role-based access control measures should be instituted so that each staff member only has access to the data required to perform his or her role. Audit trails reduce not only the chances of patient data ending up in the wrong hands, but also the risk of being found noncompliant with HIPAA regulations.
Systems must be able to scale for the future
Health care providers need to be resilient to future change. Hospital systems must be able to adapt to new regulatory environments by either spinning off clinics and services or combining with others to create new value for patients.
For instance, the new patient-centered medical home program (PCMH) pays an incentive to primary physicians for them to closely manage and monitor patient care. The objective is to reduce the costs associated with hospital admissions and specialist referrals. This new initiative can provide more revenue opportunities for practices while increasing the quality of care, but it requires a scalable system for success.
Hospitals facing a dropoff in ACA patients in the coming year may want to plan ahead. They should determine what percentage of their patient population may drop out of ACA in 2018, then increase the budget for charity care for the next year accordingly. Alternatively, they may advertise enrollment in their waiting rooms; doing so will both benefit the patients who come to seek care and also the hospital’s bottom line.
Systems must be able to talk to each other
Another roadblock to EHR scalability is interoperability. Since the health care system requires many different types of EHRs, EHR products must be able to seamlessly communicate with each other. A system has little use if:
- Applications cannot interact with users
- Systems cannot communicate with each other
- Information cannot be processed and managed
- Consumer devices cannot integrate with other systems and applications
The lack of interoperability has plagued some systems – and while technology has advanced to facilitate data flow, the disparate systems still pose a risk for issues at data handoff. Interoperability will not be solved until policymakers, vendors and providers come together to create a comprehensive solution.
Systems must facilitate data access
Some hospitals hoard data, but as networks expand and more patients must travel, ready access to patient health information can save lives, improve patient care and boost the hospital network's image. One of the ACA's goals is to limit hospitalization when unnecessary, since hospitals are inefficient as providers of primary care. While this may, in theory, reduce hospital admissions and revenues, the increased number of people becoming insured may make up for those numbers. And the increased emphasis on a primary care physician as managing care brings the potential of increased revenues on their level.
ACA's changes to the health care system and its requirements or incentives for migration to increased electronic recordkeeping presents challenges for health care providers of all sizes. Solutions should be tailored for optimal recordkeeping, data flow, security and scalability. Through innovation in health care IT, patients can benefit from the changes, despite the hurdles for providers.