Hospital Impact: Don't forget EHR 'loose ends'

data
Remember the much-maligned proposed accounting for disclosures rule for EHRs?
Marla Hirsch
Marla Durben Hirsch

Front-burner issues—such as interoperability, EHR-related risks to patient safety, cybersecurity and other threats to privacy and security of patient data—receive the lion’s share of attention, as well they should.

But there are many moving parts to health information technology and electronic health records, and some of those that should be getting more attention as the industry evolves still need to be addressed so stakeholders can move forward.

For instance, does anyone remember the much-maligned proposed accounting for disclosures rule for EHRs?

Free Daily Newsletter

Like this story? Subscribe to FierceHealthcare!

The healthcare sector remains in flux as policy, regulation, technology and trends shape the market. FierceHealthcare subscribers rely on our suite of newsletters as their must-read source for the latest news, analysis and data impacting their world. Sign up today to get healthcare news and updates delivered to your inbox and read on the go.

Patient records disclosures, accounting: A regulatory mystery

The HITECH Act, enacted in 2009, expanded the patient right to an accounting for disclosures of their records when it came to electronic patient information. Normally, an accounting did not include disclosures for payment, treatment and operations.

But HITECH said that when it came to digital information, patients would be entitled to an accounting of all disclosures for the previous three years, including those pertaining to payment, treatment or operations. The theory was that it would be easier to provide this information in electronic form.

But the industry is still waiting for the government to guide them on this provision. The proposed rule, published in May 2011, was roundly criticized for being unduly burdensome considering how few patients had been asking for an accounting of disclosures. It was also criticized for overreaching beyond the requirements of the statute and for not being technologically feasible.

Some examples: The proposed rule would have created a new right to an “access report,” expanded what had to be reported to patients and required the identification of individual staff members who accessed EHRs, leaving them potentially at risk of privacy violation claims from patients. 

The controversial rule was reevaluated by ONC’s Health IT Policy Committee’s Tiger Team in 2013. Since then? It's fallen by the wayside.

But nothing has replaced it. That may not be a big deal if very few patients actually request an accounting for disclosures, which was the case just a few years ago. But since the Office for Civil Rights has been trying to get the word out to patients about their rights under HIPAA, and the industry is trying to increase patient engagement in their health, more patients will likely begin to ask for these accountings, and healthcare organizations need guidance about how to satisfy the requirement.

Unique patient identifier: A forgotten patient safety threat

Another issue that should no longer be ignored is the unique patient identifier. HIPAA, enacted in 1996, had required unique identification numbers for patients, employers, plans and providers to improve quality of care. 

The industry has already instituted or is working on the other identifiers. But Congress put a “temporary moratorium” on funding the patient identifier back in 2000, and since then has refused to let the Department of Health and Human Services (HHS) explore the possibility of using them, even though HHS officials have admitted that it’s on a lot of people’s “wish list.”

Joy Pritts back in 2013 expressed her frustration and suggested that the private sector might step in to help. 

But that was three years ago—and it hasn’t happened.

Now data exchange is of the highest priority, but matching patient records is exceedingly difficult.  Providers are routinely spending time mitigating the effects of patient matching problems, some of them weekly.

Not only is that a waste of resources, it’s also a huge risk to patient safety. At the least, HHS should be able to explore whether the patient identifier is a feasible concept.

The future of health IT and some of the rules affecting them are in an uncertain state. We don’t know what will happen to some of the laws that regulate them, the programs that require them and the priorities that impact them.

But these and other loose ends can’t be forgotten: They are part of the cogs in the wheel and must be addressed.

Marla Durben Hirsch is an attorney who has specialized in health law for more than 30 years and has written about the many facets of healthcare for almost 20 years—including as a contributor to FierceHealthcare. She has won a number of awards for her coverage of healthcare news, and has been quoted in several publications, including the New York Times.