Impact of healthcare policy on the Electronic Health Record
The Electronic Health Record (EHR) has a history that started in late 60s, when data entry moved from punch cards to keyboards. EHRs made possible the ‘problem-oriented medical record’ that transformed the way physicians document clinical encounters. It provided a means to communicate effectively while allowing accountability. Coordination of preventive care and health maintenance was also possible, considering the scope of this approach. This trend informed the development of EHRs. Lockheed Corporation created Eclipsys with features such as CPOE (computerized provider order entry), the University of Utah, 3M and Latter-day saint’s hospital developed the HELP (Health Evolution though logical processing system). Other notable EHR systems were the Regenstrief Medical Record system and the Veterans Health Information Systems and Technology Architecture. Despite these advances, EHR adoption was low and the market was fragmented. Hospitals didn’t demand standardized, interoperable, usable, affordable features and EHRs didn’t develop such features. Incentives for development were also misaligned. Insurers, patients and employers benefitted more from EHRs than clinicians and EHR companies who bore the cost of development. To compound these worries, the US was going through a great recession after the collapse of the housing market in 2008.
To stimulate the economy and create new jobs, President Obama, signed the American Recovery and Reinvestment Act of 2009. The idea was that investments in infrastructure, education, health and renewable energy would create new employment. The HITECH (Health Information Technology for Economic and Clinical Health) Act allocated $ 155.1 billion for healthcare spending, of which, $25.8 billion was earmarked for Health IT investments and incentive payments. [wiki] This was the moment that transformed the Health IT landscape in two ways. First, it brought in the money though Medicare and Medicaid payments. Second, meaningful use EHR incentives informed the development of features in EHRs. The CMS (Centers for Medicare and Medicaid) incentivized optimal provider performance via EHR adoption. Doing so created a coherent customer base for EHR companies to build products.
How does meaningful use inform the development of EHR features?
Meaningful use incentivizes EHR adoption by proposing the use of EHRs to engage patients and families, reduce healthcare disparities, improve care coordination, improve public health and population health, ensure adequate security. This is achieved in 3 stages:
Meaningful use Stage 1 : To have a certified EHR and demonstrate that it meets all objectives in the core set and at least 5 objectives in the menu set, one of which has to be a public health objective. The full list sourced from this link is as follows:
Core Requirements:
1. Use computerized order entry for medication orders.
2. Implement drug-drug, drug-allergy checks.
3. Generate and transmit permissible prescriptions electronically.
4. Record demographics.
5. Maintain an up-to-date problem list of current and active diagnoses.
6. Maintain active medication list.
7. Maintain active medication allergy list.
8. Record and chart changes in vital signs.
9. Record smoking status for patients 13 years old or older.
10. Implement one clinical decision support rule.
11. Report ambulatory quality measures to CMS or the States.
12. Provide patients with an electronic copy of their health information upon request.
13. Provide clinical summaries to patients for each office visit.
14. Capability to exchange key clinical information electronically among providers and patient authorized entities.
15. Protect electronic health information (privacy & security)
Menu Requirements:
1. Implement drug-formulary checks.
2. Incorporate clinical lab-test results into certified EHR as structured data.
3. Generate lists of patients by specific conditions to use for quality improvement, reduction of disparities, research, and outreach.
4. Send reminders to patients per patient preference for preventive/ follow-up care
5. Provide patients with timely electronic access to their health information (including lab results, problem list, medication lists, allergies)
6. Use certified EHR to identify patient-specific education resources and provide to patient if appropriate.
7. Perform medication reconciliation as relevant
8. Provide summary care record for transitions in care or referrals.
9. Capability to submit electronic data to immunization registries and actual submission.
10. Capability to provide electronic syndromic surveillance data to public health agencies and actual transmission.
Meaningful use stage 2 emphasizes care coordination and exchange of patient information while stage 3 improves healthcare outcomes. The following information was sourced from this link –
Stage 2: Advance clinical processes
o Electronically transmit patient care summaries across multiple settings
o Increase requirements for e-prescribing and incorporating lab results
o More rigorous health information exchange
o More patient-controlled data
Stage 3: Improved outcomes
o Access to comprehensive patient data through patient-centered health info. exchange
o Improve quality, safety, and efficiency, leading to improved health outcomes
o Decision support for national high priority conditions
o Patient access to self-management tools
o Improve population health
Meaningful use however outlasted its value since it was an incentive program primarily designed to improve adoption of EHRs. There was a need to improve interoperability and security via national data standards and information security strategies. Fewer regulations on telehealth and other digital technologies are the need of the hour. The sustainable growth rate introduced to adjust Medicare expenditures and provider reimbursements proved counterproductive and a value-based initiative was desired. The Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) was passed. CHIP stands for Children’s Health Insurance Program. Meaningful use was retired and MIPS (Merit based Incentive Payment System) was passed as a part of MACRA. According to Health IT.gov – “MIPS harmonizes existing CMS quality programs (including meaningful use), the Physician Quality Reporting System, and Value-Based Payment Modifiers. MIPS consolidates multiple, quality programs into a single program to improve quality care”
Under the MACRA, by December 31, 2018 the Government Accountability Office under the DHHS (Department of Health and Human Services) is set up to assist in the nationwide implementation of EHRs.
How will MACRA affect EHR evolution?
Under the MACRA, the Quality Payment Program requires that healthcare professional must participate in the MIP(Merit Based Incentive) or APM (Alternative Payment Models) to receive Medicare payment adjustments.
The MIPS performance categories chart sourced from this link :
Advancing care information sourced from this link :
Certified EHR Technology (CHERT) use is mandated by the QPS with both MIPS and APM. To ensure secondary and tertiary use of clinical data, the 2015 Edition Health IT certification focusses on APIs (Application Programming Interfaces). This will allow developers to customize apps around users and stakeholders, rather than build generic out of the box solutions. Population health management and analytics are made possible because of this approach. Exchange of health data thought health technologies require interoperability and EHR companies have taken notice.
At a recently organized industry organized event attended by the author, there was talk on how EPIC has embraced these APIs while Cerner is still behind. Custom APIs were built by developers to ensure interoperability between EHRs.
Although different organizations have expressed their concerns and praise for MACRA around the definition of alternative payment models, risk sharing, and short sited requirements for patient access, it is here to stay and a step in the right direction.
HIPAAs influence at the EHR roadmap
The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 to protect health insurance coverage for workers and families when they transition out of jobs or into other jobs. The act has five titles but the relevant piece of this legislation for EHR design is title two: ‘Preventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform’. The privacy rule under this title, has explicit requirements on the use and disclosure of protected health information (PHI). To be paid, providers have to file claims using HIPAA, after July 1, 2005. HIPAA covered health plans are now required to use HIPAA compliant electronic transaction standards
Administrative and physical safeguards are beyond the scope of this article.
The following are the technical standards for HIPAA compliance sourced from this link:
• Information systems housing PHI must be protected from intrusion. When information flows over open networks, some form of encryption must be utilized. If closed systems/networks are utilized, existing access controls are considered sufficient and encryption is optional.
• Each covered entity is responsible for ensuring that the data within its systems has not been changed or erased in an unauthorized manner.
• Data corroboration, including the use of check sum, double-keying, message authentication, and digital signature may be used to ensure data integrity.
• Covered entities must also authenticate entities with which they communicate. Authentication consists of corroborating that an entity is who it claims to be. Examples of corroboration include: password systems, two or three-way handshakes, telephone callback, and token systems.
• Covered entities must make documentation of their HIPAA practices available to the government to determine compliance.
• In addition to policies and procedures and access records, information technology documentation should also include a written record of all configuration settings on the components of the network because these components are complex, configurable, and always changing.
• Documented risk analysis and risk management programs are required. Covered entities must carefully consider the risks of their operations as they implement systems to comply with the act. (The requirement of risk analysis and risk management implies that the act's security requirements are a minimum standard and places responsibility on covered entities to take all reasonable precautions necessary to prevent PHI from being used for non-health purposes.)
In summary the reimbursement and policy landscape is always evolving to incentivize or discourage health technology use cases. As informaticians it is in our best interest to keep up with the evolution of policy and regulation.
Resources:
1. http://library.ahima.org/doc?oid=105689#.Wt56MS-ZNsZ
2. https://1qblb015q58ipcln51ov1m9g-wpengine.netdna-ssl.com/wp-content/uploads/2016/08/Net-Health-A-History-of-Electronic-Medical-Records-Infographic.pdf
3. https://www.analytics-academy.com/courses/how-healthcare-policy-drives-ehr-technology