The concept of “meaningful use” dominated Sunday's preconference physician information technology symposium at the Healthcare Information and Management Systems Society convention in Atlanta, just as it will at many of the trade show's scheduled activities throughout the week.
Privacy challenges brewing: informaticist
The theme of the symposium was “What it Means to be a Meaningful User,” referring to the requirement in the American Recovery and Reinvestment Act of 2009, also known as the stimulus law, that healthcare providers use electronic health-record systems in a “meaningful manner” to qualify for federal information technology subsidies.
Physician informaticist Eric Liederman, director of medical informatics for Kaiser Permanente of Northern California, spoke about “Meaningfully Protecting Privacy Without Harming Patients.” The stimulus law has a number of more-stringent privacy protections, including increased penalties for privacy violations under amendments to the Health Insurance Portability and Accountability Act of 1996, public reporting of breaches and a requirement that providers be able to segregate data of patients.
Patients also were given the right to block the flow of such encounter information to their insurance carriers if they paid for the treatment out of pocket.
“This whole privacy thing is going to start spinning,” Liederman said. Compliance with HIPAA privacy and security rules is required for all covered entities, regardless of whether or not they qualify for federal IT subsidies, Liederman said. The CMS, which will administer the bulk of the EHR subsidy program through Medicare and Medicaid, said in a proposed rule on how the programs will operate that meaningful use is not “the appropriate regulatory tool to ensure such compliance with the HIPAA privacy and security rules,” he said.
Liederman recommended that providers be proactive in monitoring for privacy breaches using audit trails and “break the glass” alerts.
Liederman said he wasn't sure how providers were going to be able to configure their EHR systems to comply with the stimulus law provision requiring data segregation for patient control of those portions of the medical record documenting care paid for by the patient out of pocket. “I don't know how anybody is going to operationalize that,” he said.
Healthcare lawyer Howard Burde, Wayne, Pa., talked about how the “inexorable progress of American jurisprudence” reflected in case law will require physicians to be aware of and react to patient information residing in a personal health record or in an EHR. “What a PHR should do is start a conversation,” Burde said. “If that information is wrong or inadequate, then the patient bears some responsibility for the treatment that he or she receives.”
With an EHR, however, the physician has even less of an out. “All of that information is not relevant and the doctor's job is that much more difficult,” Burde said. “Because part of your job now is to read through all of it and determine what is valuable.”
Send us a letter
Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.