Medical Informatics embodies two rather broad domains: “medical” and “informatics.” As described by the American Medical Informatics Association, “Medical informatics has to do with all aspects of understanding and promoting the effective organization, analysis, management, and use of information in health care. …A common thread through medical informatics has been the emphasis on technology as an integral tool to help organize, analyze, manage, and use information. …Today medical informatics also…(includes) activities focused on dimensions that include the administration and everyday collection and use of information in health care” (www.amia.org).
Given this broad focus and its importance in today's medical practice, I have chosen as “medical” topics the Computer-based Patient Record and Computerized Physician Order Entry and as “informatics” topics Hand-Held Mobile Computers and the Internet. I will also include a brief update on the Health Insurance Portability and Accountability Act (HIPAA).
The Computer-Based Patient Record
Early computer-based patient records (CPRs) consisted of computerized repositories containing clinical observations and results and applications to display them on a computer terminal (1–4). In 1991, the Institute of Medicine published studies and recommendations advocating the computer-based patient record (5). In spite of what appear to be obvious benefits (such as immediate access to the chart from any terminal, defined structure, the resulting ease of information retrieval, the decreased cost compared with the paper record, and use in administrative and medical tasks), few physicians in the United States today have given up paper and pen as the preferred means of clinical documentation.
Berg (6) suggests why and what we might do to hasten the adoption of CPRs. He suggests the classic notion that there is “something wrong” with a paper-based record – inability to decipher the handwriting, poor organization, incomplete records, imprecision – while perhaps correct, misses the point. He suggests, rather, that CPRs – highly structured and standardized so as to support orderly medical thought and decision-making – are not consonant with the way physicians actually think and work. Berg observes physicians “continually struggling to make a patient's case work: to keep a patient's trajectory ‘on track.’” Decision making, in Berg's view, consists of iterative and repeated construction of clinical observations and results, which is transient and undergoes a continual process of realignment, or even total rejection. “The medical record is a tool, and a crucial one at that, aiding memory, communication, and so forth – but it is not a mirror of that work. It does not “represent” the work, but feeds into it, it structures and transforms it in complex ways: it structures the communication between health care personnel, shapes medical decision making, and frames relations between personnel and patients.”
Berg makes four points regarding “the medical record” and their implications on CPR construction and implementation:
A “good” record is not necessary “complete.” The record does not so much reveal what went on: it presupposes that the reader already knows what usually goes on, and it furnishes details as to this specific occasion. “…In actual practice, nobody expects to fully grasp a patient's situation only by reading the record. The record is just one of the many resources for the ongoing work; not the one, penultimate, complex record of this work.” In fact, the paper chart adequately supports many of the needs of physicians whereas current CPRs do not.
Addressing the status of data, Berg suggests the notion that data in the CPR, “if only stored better, would benefit both medical practice and a wide range of researchers, government agencies, hospital administrators, third party payers, and so forth” is unrealistic. Quoting van der Lei's “first law of medical informatics” (7) – “Data shall be used only for the purpose for which they are collected. If no purpose was defined prior to the collection of the data, then the data should not be used.” Berg suggests, “The CPR should not be developed as a promise towards an Infinite Memory, a rich database for all health care's information needs. That can only fail. Rather, CPRs should be primarily designed as tools for the primary care process.”
“If medical work is essentially a social, interactive activity, designing CPRs that model medical work as a cognitive process is bound to lead to unduly restrictive design.”
“The paper record cannot simply be ‘replaced’: the implementation of a CPR is a process in which the whole practice is transformed.”
Ask not how to get doctors to use computers, but rather how to get computers to help doctors….
Computerized Physician Order Entry
Contemporary with early CPRs, automated order entry was found to reduce errors associated with orders (1), and in particular, medication orders (2). In 1999, the Institute of Medicine published To Err is Human: Building a Safer Health System (3), alerting the public with its proclamation that “44,000 to 98,000 Americans die each year from medical errors…. More people die from medical errors than from motor vehicle accidents, breast cancer, or AIDS.” In a companion study, Crossing the Quality Chasm (4), the Institute of Medicine observed we may have the knowledge and technology at hand to significantly improve patient safety.
Typically, orders are handwritten by physicians into the hospital chart on orders sheets. Orders are transcribed by ward or nursing personnel onto paper test request or medication prescription documents. These documents are sent to ancillary service areas (e.g. clinical laboratory, radiology) and to the pharmacy where they are retranscribed into the respective departmental systems. Today, many hospitals have automated ancillary departmental systems (e.g. Laboratory Information Systems, Radiology Information Systems) and Pharmacy systems. Fewer have automated order entry systems, enabling the electronic transmission of orders from the Hospital Information System directly to departmental systems. Even if the hospital and departmental systems are automated, in all but a few of the nation's hospitals physician orders continue to be handwritten and transcribed by hospital personnel into the order processing system. A majority of order and medication errors are associated with this order entry process. A number of industry and consumer groups, notably the Leapfrog Group, believe orders errors could be prevented by direct computer-based physician order entry (CPOE) (5).
CPOE Systems couple physician entry of orders at a computer terminal with knowledge-based rules engines that provide real-time alerts, reminders, and warnings (e.g. duplicate or incompatible orders, allergies, medication interactions, incorrect doses and the like) (6). While typically built within the institution over many years (e.g. Partners in Boston [7], The Veterans Health Administration [8]), Ohio State University demonstrated that CPOE can be accomplished using a widely deployed commercial hospital information system (INVISION, Siemens Medical Systems, formerly Shared Medical Systems, Malvern, PA) (9).
Culminating nearly 10 years of planning, design, development, and customization, Ahmad and his colleagues report that the Ohio State University Health System has implemented CPOE across three of their five inpatient facilities (9). At the time of this report (early 2002) about 80% of all orders were being entered electronically by physicians. The authors believe that “the availability of specialty-specific order sets, the engagement of physician leadership, and a large-scale system implementation were key strategic factors that enabled physician-users to accept a physician order entry system despite significant changes in workflow.”
America's hospitals and physicians will be challenged in the coming years to incorporate effective error detection and avoidance into what are now largely manual order entry systems. Our patients and those who pay the bills deserve nothing less.
Hand-held Mobile Computers (Personal Digital Assistants)
Elsewhere in this issue of the Journal (p. 104), Andrew Schechtman identifies adoption of hand-held computers as a means whereby physicians can more easily access and collect information during the course of their patient care activities. Most physicians access computers for email and reference information but few use computers while directly caring for patients. Perhaps the most important reason this is so relates to deficiencies in CPRs discussed above, but the inconvenience of desktop computers, which are seldom where physicians are, contribute to this lack of use. Easily transportable hand-held computers that communicate with the systems physicians use and that support how they think and work would seem to offer an attractive alternative.
Today's personal digital assistant (PDA) comes with four built-in applications: calendar, contact list, “to do” list, and “memo” pad. A glance into the contents of physicians' pockets suggests where hand-held computers may find utility. A cellular telephone, pager, pens and scraps of paper, perhaps a small voice recorder, rounding and consultation lists, a prescription pad, along with charge cards are to be found there. Notes collected while making rounds or seeing patients, telephone messages, “tickler,” or “to do” lists, along with a small address and calendar book may be there as well. If the hospital information system can produce a “rounds report,” or other printed summary information, these papers will be nestled next to lab and radiology reports. In short, a variety of communications and recording devices as well as information printed or transcribed from systems that support clinical practice.
Generally, without easy connection to other systems supporting physicians' practices, today's PDA is little more than an electronic Rolodex. Industry is working hard to change that. Tucker (1) says, “…next generation devices…give customers either new ways to do old things or new functions we didn't know we needed.” Tucker suggests there will be two primary mobile “gizmos,” one to support communications needs, a second to provide content. Voice, email, and instant messaging are combined in Handspring's new Treo and might represent the communications gizmo of the future. Perhaps Apple's iPod with 5-gigabyte hard drive and improved short-range wireless connectivity so as to grab content from the owner's desktop computer will enable mobile computing.
To be sure, computers do not yet adequately support the way we think and work, never mind on the go. Tucker concludes, “If those who propose a human-centered design approach are correct…we're about to see some quiet but life-changing successes – devices that give us what we need and that make our lives easier” (1).
For more PDA-based medical applications, see: www.swafo.com/kennethrong3/pdas.htm www.library.vcu.edu/tml/bibs/pda.html#1 www.unmc.edu/library/eresources/pda.html www.pdamd.com www.hshsl.umaryland.edu/resources/pda.html www.acutecare.com/palmlinks.htm
The Internet – Impact on Patient Care
The Internet is a huge complex of computers, their contents, and the circuits connecting them to a backbone circuit – the World Wide Web. We are enabled via a common communications protocol (“IP” or Internet Protocol), using browsers and powerful search engines, to move messages among and find content of interest on individual computers. The Internet enabled the creation of a large virtual community of physicians and patients, challenging both. The most important health care activities enabled by the Internet include messaging via e-mail, direct patient access to health care information, and the establishment of virtual support groups.
In a recent survey, the Pew Internet & American Life Project found 64 million Americans access the Internet (1). Of newcomers to the Internet, many look for health care information. E-mail is the dominant Internet activity with 92% of users sending an e-mail message at some time.
58% access the Internet very day
54% send an e-mail every day
26% get news information every day
5% look for health/medical information every day
Tom Ferguson, keynote speaker at the most recent American Medical Informatics Association meeting spoke about “The Rise of the Net-Savvy Medical End-User” (2). Dr. Ferguson reviewed findings gathered during the Pew Internet American Life Project surveys published in November 2000 (3). Major findings include:
A paradigm shift is underway from “the clueless, isolated, doctor-dependent patient” to “the net-savvy, well-connected, doctor-independent end-user”
More adults go to the Internet than do physicians (7 million vs. 2.5 million each day)
Patients consider the net more friendly and useful than their physicians
Although there is “junk” on the Internet, few people are hurt because e-patients are smart and are advised by family, friends, and online patient helpers
There are quality web sites, especially on-line patient helpers (e.g. www.lungcanceronline.org a site created by Karen Parles, a lung cancer survivor to assist others with the disease)
On-line support groups are helpful (e.g. www.acor.org, the site for the Association of Cancer Online Resources)
Patients may be very knowledgeable of their disease – one illness, lots of time
Before the Internet, physicians were the authorities. With online health, physicians must be tech savvy. “It's not just automated industrial age medicine.”
Eysenbach and Diepgen examined the quality of information available on the Internet and found it varied widely (4). Patients increasingly are supplementing information they receive from physicians from Internet sources. In addition, the authors suggest that email communication between physicians and patients raise many issues including reliability, authenticity, liability, licensing, and confidentiality. Fallis and Fricke (5) found three indicators correlated with accuracy of Internet information: displaying the HONcode (Health On the Net Foundation's Code of Conduct) logo, having an organization domain, and displaying a copyright.
Spielberg (6), examining e-mail in the context of the patient-physician relationship finds:
E-mail is a new communication technology analogous to use of the telephone
Patients (and physicians) have new expectations
Practice standards need to be established
There are significant potential liabilites
E-mail may be included in the patient's medical record
Physicians should discuss use of e-mail with patients and obtain their written informed consent to use it
Confidentiality requires precautions including encryption
E-mail sent over the public Internet is not secure, may be misdirected or intercepted, and may be read and used for non-medical purposes by the Internet service provider (ISP). An excellent summary, “eRisk for Providers” is required reading for physicians intending to use the Internet in their practices (7).
The Health Insurance Portability and Accountability Act of 1996
The Health Insurance Portability and Accountability Act (HIPAA), signed into Law August 21, 1996, by President Clinton, was then known for its insurance portability features. The law also included provisions for “Administrative Simplification,” mandating standardization of the electronic exchange of healthcare administrative and billing data and the protection of patient privacy and confidentiality through comprehensive security measures.
Transactions and Code Sets
On August 17, 2000, the Department of Health and Human Services issued final rules for the standardization of the form and content of a number of electronic healthcare transactions including:
Claims and encounter transactions
Coordination of benefits
Enrollment and disenrollment
Eligibility inquiries
Payment and remittance advice
Premium payments
Claims status inquiries
Referral authorizations
Retail pharmacy
In addition, the rules also addressed the code sets providers and payers will be required to use. These codes include the familiar clinical codes (e.g. ICD-9, CPT-4, HCPCS) but also less familiar “supporting codes” (e.g. marital status, gender). Of significance, nettlesome “local codes” – codes created to address specific payer or provider issues – are eliminated. The rule, which applies to most providers, payers, and clearinghouses, was to go into effect October 16, 2002.
What's New?
As providers, health plans, insurance companies, and other covered entities worked to become compliant, it became apparent that that effort would be substantial. In particular, little time is available to accomplish needed testing of the modified electronic transactions. Accordingly, on December 27, 2001, President Bush signed into Law the Administrative Simplification Compliance Act (H.R. 3323), which provides a mechanism for covered entities to apply for an extension of the compliance date from October 16, 2002, until October 16, 2003. The primary condition is the submission of a compliance plan by October of 2002. Among other things, testing is required to begin not later than April of 2003, effectively extending the deadline only 6 months. While the extension may be needed, prudent providers and payers will continue to strive for compliance by October 2002.
Patient Privacy and Confidentiality
On December 20, 2000, the Clinton administration released final patient privacy and health information confidentiality rules. Although the proposed rule applied only to electronic information, the final rule extended the scope to include all health information – electronic, paper, and oral communications. Provisions of the law include:
Business associate “chain of trust” provisions
Patients may inspect and copy their medical records
Written consent to share health information is required
Requirement to tell patients about how their information is being used and who it is shared with
Restriction to use or disclose only the “minimum necessary” information
Requirement to establish privacy-conscious business practices including staff education, designation of a “privacy officer,” and ensuring the protection of health information
Individuals who violate the privacy rules will face new criminal as well as civil penalties. The privacy rule, which has a compliance date of April 14, 2003, applies to health care providers, health plans and healthcare clearinghouses.
What's New?
In response to a very large number of concerns, the Department of Health and Human Services proposed modifications on March 21, 2002, allowing 30 days for comment. The proposed modifications include:
Provides model business associate provisions and permits more time to obtain them
Removes the written consent requirement, while strengthening notice provisions
Simplifies authorization for the use of health data
Removes the requirement to account for disclosures for which written authorization is obtained
Allows treatment-related conversations, while maintaining the “minimum necessary” rule
Assures appropriate parental access to their children's records
Prohibits use of records for marketing, while allowing treatment and other health-related communications
Requests further comment on the de-identification of shared research data
The compliance date of April 14, 2003 remains unchanged.
Security
Proposed regulations for security were published in The Federal Register in August 1998. HIPAA's security regulations are intended to safeguard confidentiality, data integrity, and availability and call for a number of administrative, physical, and technical measures. As of March 2003, the final rule has not yet been published and no compliance date has been set. Security measures beyond those currently in place will be necessary to ensure such safeguards.
Perhaps most necessary is a fail-safe means of identifying users of electronic systems. Biometric or physical tokens, such as “smart cards,” must replace user ID/password access controls. Most helpful would be transparent authentication and access (“single sign-on”) to the multitude of computer systems present in all health care environments.
For Further Information
(All Internet sites referenced in this paper were last accessed in March 2002.)
Conclusion
In summary, the Administrative Simplification provisions of HIPAA are intended to improve efficiency and effectiveness by standardizing electronic administrative and financial health care communications and to protect patient privacy and ensure the confidentiality of health care information. The nation's providers, health plans, and clearinghouses have made substantial progress towards compliance with the transaction and code set requirements. Recently proposed modifications of the privacy and confidentiality requirements would safeguard patient confidentiality while lessening access barriers to necessary patient care information
- Ochsner Clinic and Alton Ochsner Medical Foundation