The Policy – Technology Equilibrium
In a recent convention of Privacy and Security Tiger Team, it was advised to the HIT Policy Committee that pilot projects must be instated to scrutinize the pragmatism of technical ability of electronic health record (EHR) systems – to revise requirements for accounting of disclosures of protected health information (PHI) and to create the access reports for patients’ utility.
The Outlook of Pilot Testing
The Tiger Team is set to buttress the federal regulators of Healthcare IT Policy in an endeavor to assess the technical feasibility of EHR with requirements of accounting of disclosures. Furthermore, it aids scrutiny of prospective stages of HITECH Act’s EHR certification program.
To accomplish the HITECH incentives, eligible professionals (EPs), eligible hospitals (EHs) and critical access hospitals (CAHs) must perform “meaningful use” of certified EHRs. In that, patient engagement is a further mandatory requirement for the eligible entities. The pilot project envisages all these requirements’ harmony with the technological aspects.
A Lesson Learnt from the Mistakes
In May 2011, the Office for Civil Rights (OCR), proclaimed the proposed rulemaking for overhauling the accounting of disclosures requirements under HIPAA. This proposal was said to be wrongly pitched and it engendered copious grievances from many healthcare providers with a unified aim to protest the controversial new “access report” provision.
The new “Access Report” must encompass the following data:
- Date and time of access.
- Name of the person or practice evaluating the PHI.
- A note on the information.
- A description of the user action (Is information created, modified or deleted?).
- EHR disclosures for treatment, operations and payment.
Many of the suggestions posted on the walls of HHS on the access report proposal underscored that it would prove to be technically impracticable, intricate and expensive to execute.
The Roadmap to New Regulations
- The Pilots deem that they have formulated the final recommendations which will be presented to the HIT Policy Committee on 4th December 2013.
- Then, these suggestions would be analyzed by the Office of the National Coordinator for Health IT and the Department of Health and Human Services’ Office for ‘Civil Rights’.
- These two entities of the Department of Health and Human Services (HHS) would devise any new ultimate regulations.
Access Report – What to include and what not?
The tiger team throws a clear recommendation that patients must enjoy “high-level transparency” with respect to their data use and disclosures. Besides, it seems that it will narrow down the disclosure restrictions so that only the third parties outside the healthcare enterprise may be concerned.
In this milieu, Egerman emphasizes the philosophy “less is more” – as per which only the filtered, pertinent details must be passed on the patients so as to avert confusions and safety hazards of EHR users.
“Baker suggests that for the safety of healthcare workers, names of individuals accessing patients’ healthcare records could be sieved from the “access reports” issued to the patients, but accessible to the healthcare entity when inspecting allegations or suspicion of inappropriate access.”
Finally, Tiger team accentuates that the EHR system must be tuned in line with the final regulations of this pilot project.
Leave a Reply