Altova Technology Primer: Electronic Health Records Technology Overview
According to an Accenture study, the international market for electronic health records (EHRs) is growing and by 2013 is expected to be a $19.7 billion industry.
Accenture also reported that 71% of study respondents saw government as a major driver in the widespread use of electronic health records.1 That is certainly the case in the United States, which has essentially legislated the adoption of EHRs through the use of Medicare and Medicaid incentives and penalities.
The American Recovery and Reinvestment Act of 2009 (ARRA) included an earmark of $19.2 billion to encourage widespread use of health information technology. A centerpiece of this legislation is the Health IT for Economic and Clinical Health (HITECH) Act, which establishes a series of financial incentives aimed at getting Eligible Professionals (EPs) as well as hospitals to adopt electronic healthcare records. The Centers for Medicare and Medicaid Services (CMS) will reimburse individual Medicare providers up to $48,400 (with a 10% bonus payment for EPs in a Health Professional Shortage Area) and Medicaid providers up to $65,000 for successfully implementing and using EHRs.
In 2015 the Medicare reimbursement incentives will morph into disincentives that become increasingly punitive, culminating in a 3% reduction in Medicare payments in 2017 and beyond (there are no financial disincentives for Medicaid participants).
CMS will only reimburse Eligible Professionals and hospitals for implementing a certified EHR. Organizations with the authority to certify EHRs are selected by the Office of the National Coordinator (ONC) for Healthcare Information Technology and are required to use the measures and standards from the Standards and Certification Criteria Final Rule in assessing EHRs. At present, the certification process is temporary and is expected to expire on December 31, 2011 when a permanent program is scheduled to begin.
In addition to establishing that they have installed an ONC-certified electronic health record, EPs seeking reimbursements must prove that they are engaged in the “meaningful use” of the technology. Specifically, the Final Rule for the Electronic Health Record Incentive Program outlines 25 “meaningful use objectives” for Eligible Professionals, of which 20 must be met (15 core requirements and 5 electives), and 24 objectives for hospitals, 19 of which must be met (14 core requirements and 5 electives).
Note that these objectives apply only to Phase 1 of Meaningful Use, which is scheduled to run through 2012. After that the number and scope of the objectives will increase.
The meaningful use objectives include the recording and parsing of clinical data (e.g., vital signs, drug interactions), security (e.g., automatic log off, audit logs, encryption – please see Electronic Health Record Security below for more information), clinical data exchange within and among healthcare providers and regulatory agencies (e.g., electronic prescriptions, population of immunization registries, incorporation of lab results), and more technologically and clinically complex operations (e.g., calculation and submission of clinical quality measures, public health surveillance, clinical decision support).
The measures and standards used by an ONC-Authorized Testing and Certification Body (ONC-ATCB) for assessing EHRs are based on technical capabilities – a certified EHR system or module is one that has been deemed technically capable of addressing one or more meaningful use objectives.
EPs and eligible hospitals attempting to demonstrate compliance with meaningful use objectives must prove that they are actually using the capabilities of a certified EHR or module to meet these objectives. In other words, they must actually use the technology. A hospital that exchanges electronic clinical data with an affiliate using a vendor-specific messaging system would not meet the “exchange clinical information and patient summary record” objective, for example, because that data could not be exchanged with an organization using a module or system from a different vendor. In order to meet this objective, data exchange must be achieved via an established electronic submission standard (e.g., SMTP, FTP, REST, SOAP, etc.).
XMLSpy's SOAP debugger – XMLSpy has comprehensive SOAP capabilities
In that it provides a way to digitally exchange clinical information between disassociated organizations or providers, HL7 is a cornerstone of the electronic health record system that the HITECH Act was designed to establish.
Rather implementing a single, enterprise-wide system that meets all of the meaningful use objectives, Eligible Professionals and hospitals can string together certified modules that meet individual objectives (e.g., a Computerized Provider Order Entry (CPOE) module for the electronic distribution of treatment instructions).
In order to overcome interoperability issues among different vendors, as well as with external agencies, systems and modules from virtually all vendors use HL7 messaging for clinical data exchange. HL7 is a set of standards that dictate the format in which electronic information is exchanged between otherwise disassociated healthcare systems. (For more information about HL7 please see the HL7 Technology Primer from our library of technology overviews.)
HL7 message structure
Meaningful use standards include a series of security requirements designed to safeguard information contained in the EHR. These include:
- Audit trails for all EHR activity (e.g., adding, deleting, editing)
- Ability to capture disclosure events (e.g., treatment, payment, operations)
- Access limited to authorized individuals (typically role-based)
- Protocols for access by others in the event of an emergency
In order to comply with meaningful use standards, organizations will also be required to evaluate electronic security based on section 45CFR164.308(a)(1) of the meaningful use final rule and implement corrective action where appropriate.
Section 164.308 outlines a list of “administrative safeguards,” or “policies and procedures to prevent, detect, contain and correct security violations.” Specifically, EPs or hospitals seeking reimbursement must:
- Perform a risk analysis
- Put into place effective measures to minimize risk of exposing Protected Health Information (PHI)
- Establish sanctions for security violations
- Implement an “ Information System Activity Review” process to monitor access and other activities
Apart from meaningful use security requirements, all healthcare providers are required to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which includes legal protection for the electronic health information of individual consumers. HIPAA’s Security Rule and its Privacy Rule detail the rights and responsibilities of consumers and healthcare providers alike.
ANSI X12 mapping in MapForce – MapForce supports all HIPAA-X12 transaction sets in version 5010
Although often used interchangeably, the electronic health record differs from the electronic medical record (EMR).
EHRs include capabilities that drive interoperability and data exchange (e.g., HL7-compliant). The EHR is therefore accessible to healthcare providers outside of the organization in which it originated. Although most EMRs are in fact HL7 compliant and used to exchange data with different departments within an organization, they are designed to be used within an individual organization or group of affiliated organizations.
Typically however the EMR populates the EHR.
Altova supports EHR functionality with MapForce for mapping and converting HL7 messages and XMLSpy for HL7 editing, analyzing, and validating. (Please see our HL7 Solutions page for additional information.) Altova MapForce also supports ANSI X12 mapping for HIPAA compliance.