Skip to content Skip to navigation

Confidentiality alternatives for exchanging electronic medical records take shape

June 7, 2013
by Dennis Grantham, Editor-In-Chief
| Reprints

The Office of the National Coordinator has focused the nation’s Health Information Technology around the goal that “information follows the patient.” That’s “secure” information, available whenever and wherever a patient seeks care, explained Michael Lardiere, the National Council’s VP for Health Information Technology and Strategic Development.

Models of Health Information Exchange
Having a patient’s electronic health information available whenever and wherever it’s needed is still a vision rather than a reality, Lardiere continued, outlining three models of health information exchange to a gathering at the California Institute for Mental Health’s recent Behavioral Health Information Technology Conference:  the Direct or “push” model, the Query or “pull” model, and a Consumer-mediated exchange model.  In coming years, all will have a role to play.

Of the three models, the Direct model (based on the National Health Information Network or “NHIN Direct” protocol) is the only one that is readily available for use today. Providers who have a Direct account can use it to communicate, point-to-point with other providers that have a Direct account for a cost of about $15 per month. Lardiere added that providers pursuing Stage 2 Meaningful Use incentives will likely need Direct to meet the requirement to make 65% of care referrals electronically, with a minimum of 10% of care referrals made outside their “home” network.   

The second exchange model is the Query or “pull” model, which is built around the concept of health information organizations (HIOs). This exchange model is being piloted on a large scale by five major national health networks—Geisinger, Intermountain, Kaiser Permanente, Cleveland Clinic, and the Mayo Clinic. “The goal is, no matter where you go, your provider can search for your record, pull it down, and provide treatment for you,” Lardiere explained.  

The third model of exchange — Consumer-mediated —envisions a consumer who actively participates in using and sharing personal health information. Lardiere said that these patients can expect to interact with their health information in two ways — via a secure portal made available by the EHR vendor and the provider (another Stage 2 Meaningful Use requirement), or via a secure consumer e-mail account, similar to NHIN Direct.

The continuity of care document (CCD)
The vehicle used to carry personal health information is called a Continuity of Care Document (CCD). And, compared to earlier versions, the CCD specified for Stage 2 Meaningful Use is to receive a substantial upgrade in its capabilities, detailed in the “Consolidated” Clinical Document Architecture (C-CDA). C-CDA supersedes the Stage 1 CCD specifications and offers both developers and users a much more versatile platform for collecting, storing, and exchanging patient information.  

The new CCD can be likened to a digital spreadsheet that contains a series of digital sections or “tabs,” corresponding to the types of care being received and data being stored. In its present form, the CCD is a single document with many sections inside a common wrapper. So far, working groups have standardized the structure for eight sections of the C-CDA CCD, Lardiere said.

However, there is much more to do, said Lardiere. So far, more than 70 new sections are planned, dealing with everything from advance directives and allergies to social history and vital signs. These sections will contain dozens of structured patient data entries and accommodate the use of common medical, demographic, and other codes. Each section will also allow for the inclusion of free text notes or explanations. Elements of a behavioral health CCD section are now being defined with the help of workgroups in multiple states.

Update on confidentiality solutions
Through an initiative called “Data Segmentation for Privacy” (DS4P) an ONC workgroup and several software development firms are working to develop and pilot alternatives for secure transmittal of electronic patient records whose content requires confidentiality protections beyond those offered by the Health Information Protection and Portability Act (HIPAA). Such protections have been established by a series of federal and state laws to encourage individuals to seek treatment for certain health conditions that, without the protections, might lead to personal stigma or harm. Perhaps the best known of these laws is CFR 42, Part 2, the law that grants special protections to those who seek substance use treatment in federally-supported (Part 2) treatment programs.  

“42 CFR Part 2 and similarly designed privacy laws not only require covered providers to obtain patient consent for disclosure, but also to inform the individuals and organizations they are allowed to disclose to that the information is protected by law and cannot be re-disclosed without obtaining the patient’s permission to do so,” explains Scott Weinstein, an attorney working in the ONC Office of the Chief Privacy Officer on the DS4P project. “If a transaction with this specially protected information is to take place electronically, the sending entity must communicate this information to the receiving entity in a way that it can understand the restriction and adhere to it.”

Pages

Topics