Abstract: A method is described for quickly establishing clinical data repositories and clinical data exchange while putting the control of patient privacy into the hands of patients. Based upon the use of personal health records (PHRs) and continuity of care documents (CCD), this approach would result in providing patients, providers, third party payers, and public health agencies with major benefits without the requiring certification beyond a system’s ability to create outgoing and parse incoming CCDs. It would eliminate the need for a complex consent management infrastructure and reduce health information exchange and national health information network capabilities via SSL based email.
What do we know?
In support of President Bush’s April, 2004 promise that most Americans would have electronic medical records by 2014, a number of organizations have been created. These include the Office of the National Coordinator for Health Information Technology (ONC), the Health Information Technology Standards Panel (HITSP), the Certification Commission on Health Information Technology (CCHIT), the Federal Health Architecture working group (FHA), and the American Health Information Community (AHIC). Pre-existing organizations including Health Level 7 (HL7), X12 Committee, the Health Information Management Systems Society (HIMSS), the American Health Information Management Association (AHIMA), and the National Alliance for Health Information Technology (NAHIT) have been mobilized to assist in this endeavor. Anyone following this saga, especially its Herculean volunteer efforts and endless conference calls, knows several things with certainty:
1. There are enormous benefits to providers, patients, insurers, and public health that flow from having up-to-date clinical information available immediately before a provider next sees a patient. Electronic medical records, in combination with electronic prescribing and laboratory results reporting, would drive the quality of healthcare up and the possibilities of injurious drug interactions, the need for redundant testing, and the time spent on all sorts of administrivia down.
2. For all the effort and resources so far expended, the rate of electronic health records (EHR) adoption is abysmally slow.
3. The cost estimates often cited for EHR implementation — $30,000 to $60,000 per provider plussome $1500 per month maintenance fees — are absurdly high.
4. For all of the apparent appeal of regional health information organizations, they have no business justification and are closing almost faster than new ones are organized.
5. No matter what form healthcare reform may take, clinical information management must become:
a. Convenient for patients, providers, and payers;
b. Inexpensive to implement, maintain, and use;
c. Secure and private, guaranteeing patients the same legal privilege as verbal exchanges with their physicians;
d. Sufficiently standardized such that clinical data moved from one system to another remains “computable” and “interoperable.”
What might be done?
To achieve widespread, inexpensive, interoperable clinical data management that guarantees patient privacy, consider promoting patient-controlled personal health record systems (PcPHRs) capable of communicating with other systems (primarily providers’ EHRs) by exchanging HL7 standard continuity-of-care documents (CCD).2 A continuity-of-care document system, combined with a system for computerized physician order entry (CPOE) and a means of receiving clinical laboratory results on-line, comprises the basic data and functional capabilities of a very useful electronic clinical records management system.
How might that look?
What would such a system look like? How might it work? and What would be the necessary preconditions? A CCD-like3 document would contain a summary of a clinical encounter or clinical encounters during a specified time frame. In addition to basic identification information (name, address, phone number, etc.), it provides a convenient and consistent way of sending employment status, insurance information, location of advanced directives, and a host of clinical information including diagnoses, treatments, prescriptions, lab tests results, allergies, and vaccinations. All are encoded using standardized terminologies such as LOINC and SNOMED. Generated by a PHR system and edited by the patient before transmittal, a CCD could contain all these clinical data for the most recent two years and then be sent securely via email or other means to one’s physician prior to the next appointment. Other modes of transmission include downloading to a smartcard or thumb drive. A paper record could be generated, as well, but that would be less useful to a provider. Combining these features with public key encryption, digital signatures, and the Internet’s secure sockets layer would eliminate the need to create a dedicated National Health Information Network (NHIN). From the provider’s perspective, an incoming CCD-type document would likely be parsed and incorporated into the patient’s EHR entries and reviewed immediately before the next patient contact. Following the appointment and upon receipt of any laboratory results, the provider’s EHR would generate a CCD-type record containing only new information to be sent via secure email to the patient for eventual incorporation into his/her personal health record. An almost-identical CCD-type record, again containing only information developed through the last patient encounter, would be connected to a claim record as a clinical attachment for submission to the patient’s insurer.3 The Center for Medicare and Medicaid Services (CMS) published a proposal suggesting something very similar for Medicare claims in the fall of 2003. It seems to have remained dormant until referenced in CMS’s recent announcement regarding switching from ICD-9 to ICD-10 coding for Medicare and Medicaid claims.5
The basic data flows are shown in the following diagram:
Patient Centered Clinical Data Management
Via a Patient-Controlled Personal Health Record System
The preconditions to such an approach are fairly simple:
1. Distribution of clinical data regarding an identified patient must become the responsibility of the patient or patient guardian: the patient must distribute the data, or explicitly consent to its transmittal, for any particular encounter, episode, or condition.
2. Providers must be prohibited from sending any clinical information that they did not generate or cause to be generated (e.g. laboratory results) about any particular patient.
3. The CCD must be expanded a bit – several months’ work by the standards development organizations – to include authorship information for each basic set of data transmitted.6 Otherwise, the same standard format (XML schema) would not work as a composite summary of clinical information about the patient.
4. The PcPHRs needs to be able to store public key infrastructure (PKI) encryption keys for the patient as well as the public PKI key for each of their providers.
5. Both the PcPHRs’ holdings and the CCD-like documents exchanged between patient and provider should enjoy the same legal privilege status as other patient-physician communications.
How to use federal purchasing power?
An often-heard strategy for getting more of healthcare to adopt modern information technology is to use the Federal Government’s immense purchasing power. Regrettably, this argument always devolves into assertions about unfunded mandates or other peripheral matters and/or offends some interest group or other (the reason Medicare Part D does not involve CMS’s negotiating best prices for pharmaceuticals). It would seem that the most direct way to use the government’s purchasing power to influence the health information technology market would be to follow up with the essence of former CMS Administrator McClelland’s September, 2005 proposal: As of a particular date, any claim for healthcare services submitted to Medicare or Medicaid must include a clinical attachment in the form of a CCD. This amounts to asserting that unless the relevant clinical data is attached, a claim will not be paid. Perhaps with some gentle persuasion, similar clinical summary data could be routinely obtained from the Department of Defense, Tricare, the Veterans Health Administration, and the Indian Health Service.
This approach would both facilitate claims adjudication and create a quickly accumulating store of clinical data. This data store could then be stripped of identifying information, replaced by a hash code, and organized into medical episodes. This would become the basis for immensely powerful data analyses to inform policymaking. These analyses would quickly replace adverse event reporting, the post-marketing surveillance program, FDA’s Sentinel Initiative, and most public health surveillance for numerous conditions. It would, at last, bring practice-based evidence to bear on outcomes research and policymaking.
Implementing this kind of clinical data accumulation could begin independently of implementing a patient controlled personal health record system.
By using the internet in conjunction with public key encryption, digital signatures, and the net’s secure sockets layer, three benefits could be realized almost immediately:
1. The need for a national health information network (NHIN) and all its attendant governance requirements would be eliminated.
2. A very high level of security, without new infrastructure investment, for clinical data in transit would be provided.
3. The smallest practice would enjoy the same magnitude economy of scale experienced by large clinics. What this means is that EHR functionality could be provided for the cost of a microcomputer, internet access, and something less than $50 per month for services. A legal or regulatory requirement would be needed to protect this data, to include replacing identifying information with a hashed value so that longitudinal patient data could be accumulated without compromising patient anonymity.
The approach described above — that the patient decides what information is moved from personal health records to provider — merits at least three brief comments:
1. Decisions about what is embarrassing or damaging information are put into the hands of the patient, where they clearly belong.
2. Some argue that a patient might somehow sully clinical data if material received from earlier providers is not forwarded to later providers in guaranteed pristine condition. Consistent with point 1, above, this transfer would become the responsibility of the patient, even at the risk of potential endangerment. 7 In addition, much of what might be reported by earlier providers in any case may well have come from a history based solely upon the patient’s recall and willingness to disclose.
3. In discussions at HL7 standards meetings, one frequently hears clinicians opine that they do not want clinical summaries but rather complete medical records. Upon discussion, the matter always becomes a cost/benefit analysis of how much summarization and by whom on the one hand, and how much liability does the next provider wish to accept on the other.
What was that?
Available technology — a standard way to exchange clinical data, the CCD; internet access; off the shelf security components such as public key encryption; and secure sockets layer data exchange — combined with several straightforward legal or regulatory changes could make for quick and inexpensive implementation of interoperable clinical data management for patients, providers, and policymakers.
By James Kretz, CMHS Project Manager and BehavioralHealthCentral.com Contributing Writer
James Kretz is a Project Manager with the Surveys, Analysis & Financing Branch of the Division of State and Community Systems Development for the Center for Mental Health Services (CMHS), which is the Federal agency within the U.S. Substance Abuse and Mental Health Services Administration (SAMHSA). The CMHS values your feedback. Please visit http://cmhssurvey.samhsa.gov to complete a brief survey. Start speaking your mind on BehavioralHealthCentral! If you’re an expert in mental health or substance abuse treatment and have something to say about what’s going on in this industry, write to managingeditor@ behavioralhealthcentral.com to find out how you can become a BehavioralHealthCentral.com contributing writer.