Electronic health record

An electronic health record (EHR), or electronic medical record (EMR), refers to the systematized collection of patient and population electronically-stored health information in a digital format.^[1] These records can be shared across different health care settings. Records are shared through network-connected, enterprise-wide information systems or other information networks and exchanges. EHRs may include a range of data, including demographics, medical history, medication and allergies, immunization status, laboratory test results, radiology images, vital signs, personal statistics like age and weight, and billing information.^[2]

EHS systems are designed to store data accurately and to capture the state of a patient across time. It eliminates the need to track down a patient's previous paper medical records and assists in ensuring data is accurate and legible. It can reduce risk of data replication as there is only one modifiable file, which means the file is more likely up to date, and decreases risk of lost paperwork. Due to the digital information being searchable and in a single file, EMR's are more effective when extracting medical data for the examination of possible trends and long term changes in a patient. Population-based studies of medical records may also be facilitated by the widespread adoption of EHR's and EMR's.

Terminology

The terms EHR, electronic patient record (EPR) and EMR have often been used interchangeably, although differences between the models are now being defined. The electronic health record (EHR) is an evolving concept defined as a more longitudinal collection of the electronic health information of individual patients or populations. (See reference 1.) The EMR is, in contrast, defined as the patient record created by providers for specific encounters in hospitals and ambulatory environments, and which can serve as a data source for an EHR.^[3][4] It is important to note that an "EHR" is generated and maintained within an institution, such as a hospital, integrated delivery network, clinic, or physician office, to give patients, physicians and other health care providers, employers, and payers or insurers access to a patient's medical records across facilities.^[5] (Please note that the term "EMR" would now be used for the preceding description, and that many EMR's now use cloud software maintenance and data storage rather than local networks.)

In contrast, a personal health record (PHR) is an electronic application for recording personal medical data that the individual patient controls and may make available to health providers.^[6]

Comparison with paper-based records

Federal and state governments, insurance companies and other large medical institutions are heavily promoting the adoption of electronic medical records. The US Congress included a formula of both incentives (up to $44,000 per physician under Medicare, or up to $65,000 over six years under Medicaid) and penalties (i.e. decreased Medicare and Medicaid reimbursements to doctors who fail to use EMRs by 2015, for covered patients) for EMR/EHR adoption versus continued use of paper records as part of the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009.^[7]

One VA study estimates its electronic medical record system may improve overall efficiency by 6% per year, and the monthly cost of an EMR may (depending on the cost of the EMR) be offset by the cost of only a few "unnecessary" tests or admissions.^[8][9] Jerome Groopman disputed these results, publicly asking "how such dramatic claims of cost-saving and quality improvement could be true".^[10] A 2014 survey of the American College of Physicians member sample, however, found that family practice physicians spent 48 minutes more per day when using EMRs. 90% reported that at least 1 data management function was slower after EMRs were adopted, and 64% reported that note writing took longer. A third (34%) reported that it took longer to find and review medical record data, and 32% reported that it was slower to read other clinicians' notes.^[11]

The increased portability and accessibility of electronic medical records may also increase the ease with which they can be accessed and stolen by unauthorized persons or unscrupulous users versus paper medical records, as acknowledged by the increased security requirements for electronic medical records included in the Health Information and Accessibility Act and by large-scale breaches in confidential records reported by EMR users.^[12][13] Concerns about security contribute to the resistance shown to their widespread adoption.^{[weasel words]}

Handwritten paper medical records may be poorly legible, which can contribute to medical errors.^[14] Pre-printed forms, standardization of abbreviations and standards for penmanship were encouraged to improve reliability of paper medical records. Electronic records may help with the standardization of forms, terminology and data input. Digitization of forms facilitates the collection of data for epidemiology and clinical studies.^[15][16]

EMRs can be continuously updated (within certain legal limitations – see below). If the ability to exchange records between different EMR systems were perfected("interoperability"^[17]) would facilitate the co-ordination of health care delivery in non-affiliated health care facilities. In addition, data from an electronic system can be used anonymously for statistical reporting in matters such as quality improvement, resource management and public health communicable disease surveillance.^[18]

In ambulances

Ambulance services in Australia have introduced the use of EMR systems ^[19] The benefits of EMR in ambulances include the following: better training for paramedics, review of clinical standards, better research options for pre-hospital care and design of future treatment options ^[20]

Automated handwriting recognition of ambulance medical forms has also been successful. These systems allow paper-based medical documents to be converted to digital text with substantially less cost overhead. Patient identifying information would not be converted to comply with government privacy regulations. The data can then be efficiently used for epidemiological analysis.^[21]

Technical features

• Digital formatting enables information to be used and shared over secure networks
• Track care (e.g. prescriptions) and outcomes (e.g. blood pressure)
• Trigger warnings and reminders
• Send and receive orders, reports, and results
• Decrease billing processing time and create more accurate billing system^[22]

Health Information Exchange^[23]

• Technical and social framework that enables information to move electronically between organizations
• Reporting to public health
• ePrescribing
• Sharing laboratory results with providers

Using an EMR to read and write a patient's record is not only possible through a workstation but, depending on the type of system and health care settings, may also be possible through mobile devices that are handwriting capable,^[24] tablets and smartphones. Electronic Medical Records may include access to Personal Health Records (PHR) which makes individual notes from an EMR readily visible and accessible for consumers.^{[citation needed]}

Some EMR systems automatically monitor clinical events, by analyzing patient data from an electronic health record to predict, detect and potentially prevent adverse events. This can include discharge/transfer orders, pharmacy orders, radiology results, laboratory results and any other data from ancillary services or provider notes.^[25] This type of event monitoring has been implemented using the Louisiana Public health information exchange linking state wide public health with electronic medical records. This system alerted medical providers when a patient with HIV/AIDS had not received care in over twelve months. This system greatly reduced the number of missed critical opportunities.^[26]

Philosophical views of the EHR

Within a meta-narrative systematic review of research in the field, there exist a number of different philosophical approaches to the EHR.^[27] The health information systems literature has seen the EHR as a container holding information about the patient, and a tool for aggregating clinical data for secondary uses (billing, audit etc.). However, other research traditions see the EHR as a contextualised artifact within a socio-technical system. For example, actor-network theory would see the EHR as an actant in a network,^[28] while research in computer supported cooperative work (CSCW) sees the EHR as a tool supporting particular work.

Several possible advantages to EHRs over paper records have been proposed, but there is debate about the degree to which these are achieved in practice.^[29]

Implementation, end user and patient considerations

Quality

Several studies call into question whether EHRs improve the quality of care.^{[27][30][31][32][33]} However, a recent multi-provider study in diabetes care, published in the New England Journal of Medicine, found evidence that practices with EHR provided better quality care.^[34]

EMR's may eventually help improve care coordination. An article in a trade journal suggests that since anyone using an EMR can view the patient's full chart, that it cuts down on guessing histories, seeing multiple specialists, smooths transitions between care settings, and may allow better care in emergency situations.^[35] EHRs may also improve prevention by providing doctors and patients better access to test results, identifying missing patient information, and offering evidence-based recommendations for preventive services.^[36]

Costs

The steep price of EHR and provider uncertainty regarding the value they will derive from adoption in the form of return on investment has a significant influence on EHR adoption.^[37] In a project initiated by the Office of the National Coordinator for Health Information (ONC), surveyors found that hospital administrators and physicians who had adopted EHR noted that any gains in efficiency were offset by reduced productivity as the technology was implemented, as well as the need to increase information technology staff to maintain the system.^[37]

The U.S. Congressional Budget Office concluded that the cost savings may occur only in large integrated institutions like Kaiser Permanente, and not in small physician offices. They challenged the Rand Corporation's estimates of savings. "Office-based physicians in particular may see no benefit if they purchase such a product—and may even suffer financial harm. Even though the use of health IT could generate cost savings for the health system at large that might offset the EHR's cost, many physicians might not be able to reduce their office expenses or increase their revenue sufficiently to pay for it. For example, the use of health IT could reduce the number of duplicated diagnostic tests. However, that improvement in efficiency would be unlikely to increase the income of many physicians."^[38] One CEO of an EHR company has argued if a physician performs tests in the office, it might reduce his or her income.^[39]

Doubts have been raised about cost saving from EHRs by researchers at Harvard University, the Wharton School of the University of Pennsylvania, Stanford University, and others.^[33][40][41]

Time

The implementation of EMR can potentially decrease identification time of patients upon hospital admission. A research from the Annals of Internal Medicine showed that since the adoption of EMR a relative decrease in time by 65% has been recorded (from 130 to 46 hours).^[42]

Software quality and usability deficiencies

The Healthcare Information and Management Systems Society (HIMSS), a very large U.S. healthcare IT industry trade group, observed that EHR adoption rates "have been slower than expected in the United States, especially in comparison to other industry sectors and other developed countries. A key reason, aside from initial costs and lost productivity during EMR implementation, is lack of efficiency and usability of EMRs currently available."^[43] The U.S. National Institute of Standards and Technology of the Department of Commerce studied usability in 2011 and lists a number of specific issues that have been reported by health care workers.^[44] The U.S. military's EHR, AHLTA, was reported to have significant usability issues.^[45] It was observed that the efforts to improve EHR usability should be placed in the context of physician-patient communication.^[46]

However, physicians are embracing mobile technologies such as smartphones and tablets at a rapid pace. According to a 2012 survey by Physicians Practice, 62.6 percent of respondents (1,369 physicians, practice managers, and other healthcare providers) say they use mobile devices in the performance of their job. Mobile devices are increasingly able to synch up with electronic health record systems thus allowing physicians to access patient records from remote locations. Most devices are extensions of desk-top EHR systems, using a variety of software to communicate and access files remotely. The advantages of instant access to patient records at any time and any place are clear, but bring a host of security concerns. As mobile systems become more prevalent, practices will need comprehensive policies that govern security measures and patient privacy regulations.^[47]

Eventually, EHR will be more secured because the cyber security professionals have never stopped pursuing better ways to protect data with an enhanced software and technology. At the same time, they need to beware that the system will be significantly complicated and not user-friendly anymore as the data is growing and technology is more advancing. While we have a better secured system, it could lead to an error-prone. Therefore, efficient and effective trainings are needed along with a well-designed user interface .^[22]

Unintended consequences

Per empirical research in social informatics, information and communications technology (ICT) use can lead to both intended and unintended consequences.^[48][49][50]

A 2008 Sentinel Event Alert from the U.S. Joint Commission, the organization that accredits American hospitals to provide healthcare services, states that "As health information technology (HIT) and 'converging technologies'—the interrelationship between medical devices and HIT—are increasingly adopted by health care organizations, users must be mindful of the safety risks and preventable adverse events that these implementations can create or perpetuate. Technology-related adverse events can be associated with all components of a comprehensive technology system and may involve errors of either commission or omission. These unintended adverse events typically stem from human-machine interfaces or organization/system design."^[51] The Joint Commission cites as an example the United States Pharmacopeia MEDMARX database^[52] where of 176,409 medication error records for 2006, approximately 25 percent (43,372) involved some aspect of computer technology as at least one cause of the error.

The National Health Service (NHS) in the UK reports specific examples of potential and actual EHR-caused unintended consequences in their 2009 document on the management of clinical risk relating to the deployment and use of health software.^[53]

In a Feb. 2010 U.S. Food and Drug Administration (FDA) memorandum, FDA notes EHR unintended consequences include EHR-related medical errors due to (1) errors of commission (EOC), (2) errors of omission or transmission (EOT), (3) errors in data analysis (EDA), and (4) incompatibility between multi-vendor software applications or systems (ISMA) and cites examples. In the memo FDA also notes the "absence of mandatory reporting enforcement of H-IT safety issues limits the numbers of medical device reports (MDRs) and impedes a more comprehensive understanding of the actual problems and implications."^[54]

A 2010 Board Position Paper by the American Medical Informatics Association (AMIA) contains recommendations on EHR-related patient safety, transparency, ethics education for purchasers and users, adoption of best practices, and re-examination of regulation of electronic health applications.^[55] Beyond concrete issues such as conflicts of interest and privacy concerns, questions have been raised about the ways in which the physician-patient relationship would be affected by an electronic intermediary.^[56][57]

During the implementation phase, cognitive workload for healthcare professionals may be significantly increased as they become familiar with a new system.^[58]

Privacy and confidentiality

In the United States in 2011 there were 380 major data breaches involving 500 or more patients' records listed on the website kept by the United States Department of Health and Human Services (HHS) Office for Civil Rights.^[59] So far, from the first wall postings in September 2009 through the latest on 8 December 2012, there have been 18,059,831 "individuals affected," and even that massive number is an undercount of the breach problem. The civil rights office has not released the records of tens of thousands of breaches it has received under a federal reporting mandate on breaches affecting fewer than 500 patients per incident.^[60]

Governance, privacy and legal issues

Privacy concerns

In the United States, Great Britain, and Germany, the concept of a national centralized server model of healthcare data has been poorly received. Issues of privacy and security in such a model have been of concern.^[61][62]

Privacy concerns in healthcare apply to both paper and electronic records. According to the Los Angeles Times, roughly 150 people (from doctors and nurses to technicians and billing clerks) have access to at least part of a patient's records during a hospitalization, and 600,000 payers, providers and other entities that handle providers' billing data have some access also.^[63] Recent revelations of "secure" data breaches at centralized data repositories, in banking and other financial institutions, in the retail industry, and from government databases, have caused concern about storing electronic medical records in a central location.^[64] Records that are exchanged over the Internet are subject to the same security concerns as any other type of data transaction over the Internet.

The Health Insurance Portability and Accountability Act (HIPAA) was passed in the US in 1996 to establish rules for access, authentications, storage and auditing, and transmittal of electronic medical records. This standard made restrictions for electronic records more stringent than those for paper records. However, there are concerns as to the adequacy of these standards.^[65]

In the United States, information in electronic medical records is referred to as Protected Health Information (PHI) and its management is addressed under the Health Insurance Portability and Accountability Act (HIPAA) as well as many local laws.^[66] The HIPAA protects a patient's information; the information that is protected under this act are: information doctors and nurses input into the electronic medical record, conversations between a doctor and a patient that may have been recorded, as well as billing information. Under this act there is a limit as to how much information can be disclosed, and as well as who can see a patient's information. Patients also get to have a copy of their records if they desire, and get notified if their information is ever to be shared with third parties.^[67] Covered entities may disclose protected health information to law enforcement officials for law enforcement purposes as required by law (including court orders, court-ordered warrants, subpoenas) and administrative requests; or to identify or locate a suspect, fugitive, material witness, or missing person.^[68]

Medical and health care providers experienced 767 security breaches resulting in the compromised confidential health information of 23,625,933 patients during the period of 2006–2012.^[69]

In the European Union (EU), several directives of the European Parliament and of the Council protect the processing and free movement of personal data, including for purposes of health care.^[70]

Threats to health care information can be categorized under three headings:

• Human threats, such as employees or hackers
• Natural and environmental threats, such as earthquakes, hurricanes and fires.
• Technology failures, such as a system crashing

These threats can either be internal, external, intentional and unintentional. Therefore, one will find health information systems professionals having these particular threats in mind when discussing ways to protect the health information of patients. The Health Insurance Portability and Accountability Act (HIPAA) has developed a framework to mitigate the harm of these threats that is comprehensive but not so specific as to limit the options of healthcare professionals who may have access to different technology.^[71]

Personal Information Protection and Electronic Documents Act (PIPEDA) was given Royal Assent in Canada on 13 April 2000 to establish rules on the use, disclosure and collection of personal information. The personal information includes both non-digital and electronic form. In 2002, PIPEDA extended to the health sector in Stage 2 of the law's implementation.^[72] There are four provinces where this law does not apply because its privacy law was considered similar to PIPEDA: Alberta, British Columbia, Ontario and Quebec.

One major issue that has risen on the privacy of the US network for electronic health records is the strategy to secure the privacy of patients. Former US president Bush called for the creation of networks, but federal investigators report that there is no clear strategy to protect the privacy of patients as the promotions of the electronic medical records expands throughout the United States. In 2007, the Government Accountability Office reports that there is a "jumble of studies and vague policy statements but no overall strategy to ensure that privacy protections would be built into computer networks linking insurers, doctors, hospitals and other health care providers."^[73]

The privacy threat posed by the interoperability of a national network is a key concern. One of the most vocal critics of EMRs, New York University Professor Jacob M. Appel, has claimed that the number of people who will need to have access to such a truly interoperable national system, which he estimates to be 12 million, will inevitable lead to breaches of privacy on a massive scale. Appel has written that while "hospitals keep careful tabs on who accesses the charts of VIP patients," they are powerless to act against "a meddlesome pharmacist in Alaska" who "looks up the urine toxicology on his daughter's fiance in Florida, to check if the fellow has a cocaine habit."^[74] This is a significant barrier for the adoption of an EHR. Accountability among all the parties that are involved in the processing of electronic transactions including the patient, physician office staff, and insurance companies, is the key to successful advancement of the EHR in the US Supporters of EHRs have argued that there needs to be a fundamental shift in "attitudes, awareness, habits, and capabilities in the areas of privacy and security" of individual's health records if adoption of an EHR is to occur.^[75]

According to the Wall Street Journal, the DHHS takes no action on complaints under HIPAA, and medical records are disclosed under court orders in legal actions such as claims arising from automobile accidents. HIPAA has special restrictions on psychotherapy records, but psychotherapy records can also be disclosed without the client's knowledge or permission, according to the Journal. For example, Patricia Galvin, a lawyer in San Francisco, saw a psychologist at Stanford Hospital & Clinics after her fiance committed suicide. Her therapist had assured her that her records would be confidential. But after she applied for disability benefits, Stanford gave the insurer her therapy notes, and the insurer denied her benefits based on what Galvin claims was a misinterpretation of the notes.^[76][77]

Within the private sector, many companies are moving forward in the development, establishment and implementation of medical record banks and health information exchange. By law, companies are required to follow all HIPAA standards and adopt the same information-handling practices that have been in effect for the federal government for years. This includes two ideas, standardized formatting of data electronically exchanged and federalization of security and privacy practices among the private sector.^[75] Private companies have promised to have "stringent privacy policies and procedures." If protection and security are not part of the systems developed, people will not trust the technology nor will they participate in it.^[73]

In 2013, reports based on documents released by Edward Snowden revealed that the NSA had succeeded in breaking the encryption codes protecting electronic health records, among other databases.^[78]

In 2015, 4.5 million health records were hacked at UCLA Medical Center.^[79]

Legal issues

Liability

Legal liability in all aspects of healthcare was an increasing problem in the 1990s and 2000s. The surge in the per capita number of attorneys^[80] and changes in the tort system caused an increase in the cost of every aspect of healthcare, and healthcare technology was no exception.^[81]

Failure or damages caused during installation or utilization of an EHR system has been feared as a threat in lawsuits.^[82] Similarly, it's important to recognize that the implementation of electronic health records carries with it significant legal risks.^[83]

This liability concern was of special concern for small EHR system makers. Some smaller companies may be forced to abandon markets based on the regional liability climate.^{[84][unreliable source?]} Larger EHR providers (or government-sponsored providers of EHRs) are better able to withstand legal assaults.

While there is no argument that electronic documentation of patient visits and data brings improved patient care, there is increasing concern that such documentation could open physicians to an increased incidence of malpractice suits. Disabling physician alerts, selecting from dropdown menus, and the use of templates can encourage physicians to skip a complete review of past patient history and medications, and thus miss important data.

Another potential problem is electronic time stamps. Many physicians are unaware that EHR systems produce an electronic time stamp every time the patient record is updated. If a malpractice claim goes to court, through the process of discovery, the prosecution can request a detailed record of all entries made in a patient's electronic record. Waiting to chart patient notes until the end of the day and making addendums to records well after the patient visit can be problematic, in that this practice could result in less than accurate patient data or indicate possible intent to illegally alter the patient's record.^[85]

In some communities, hospitals attempt to standardize EHR systems by providing discounted versions of the hospital's software to local healthcare providers. A challenge to this practice has been raised as being a violation of Stark rules that prohibit hospitals from preferentially assisting community healthcare providers.^[86] In 2006, however, exceptions to the Stark rule were enacted to allow hospitals to furnish software and training to community providers, mostly removing this legal obstacle.^{[87][unreliable source?][88][unreliable source?]}

Legal interoperability

In cross-border use cases of EHR implementations, the additional issue of legal interoperability arises. Different countries may have diverging legal requirements for the content or usage of electronic health records, which can require radical changes to the technical makeup of the EHR implementation in question. (especially when fundamental legal incompatibilities are involved) Exploring these issues is therefore often necessary when implementing cross-border EHR solutions.^[89]

Regulatory compliance

• Health Level 7

In the United States, reimbursement for many healthcare services is based upon the extent to which specific work by healthcare providers is documented in the patient's medical record. Enforcement authorities in the United States have become concerned that functionality available in many electronic health records, especially copy-and-paste, may enable fraudulent claims for reimbursement. The authorities are concerned that healthcare providers may easily use these systems to create documentation of medical care that did not actually occur. These concerns came to the forefront in 2012, in a joint letter from the U.S. Departments of Justice and Health and Human Services to the American hospital community.^[90] The American Hospital Association responded, focusing on the need for clear guidance from the government regarding permissible and prohibited conduct using electronic health records.^[91] In a December 2013 audit report, the U.S. HHS Office of the Inspector General (OIG) issued an audit report reiterating that vulnerabilities continue to exist in the operation of electronic health records.^[92] The OIG's 2014 Workplan indicates an enhanced focus on providers' use of electronic health records.^[93]

Contribution under UN administration and accredited organizations

The United Nations World Health Organization (WHO) administration intentionally does not contribute to an internationally standardized view of medical records nor to personal health records. However, WHO contributes to minimum requirements definition for developing countries.^[94]

The United Nations accredited standardisation body International Organization for Standardization (ISO) however has settled thorough word^{[clarification needed]} for standards in the scope of the HL7 platform for health care informatics. Respective standards are available with ISO/HL7 10781:2009 Electronic Health Record-System Functional Model, Release 1.1^[95] and subsequent set of detailing standards.^[96]

Medical data breach

The Security Rule, according to Health and Human Services (HHS), establishes a security framework for small practices as well as large institutions. All covered entities must have a written security plan. The HHS identifies three components as necessary for the security plan: administrative safeguards, physical safeguards, and technical safeguards.

However, medical and healthcare providers have experienced 767 security breaches resulting in the compromised confidential health information of 23,625,933 patients during the period of 2006–2012.^[97]

The majority of the counties in Europe have made a strategy for the development and implementation of the Electronic Health Record Systems. This would mean greater access to health records by numerous stakeholders, even from countries with lower levels of privacy protection. The forthcoming implementation of the Cross Border Health Directive and the EU Commission's plans to centralize all health records are of prime concern to the EU public who believe that the health care organizations and governments cannot be trusted to manage their data electronically and expose them to more threats.

The idea of a centralized electronic health record system has been poorly received by the public who are wary that the governments may extend the use of the system beyond its purpose. There is also the risk for privacy breaches that could allow sensitive health care information to fall into the wrong hands. Some countries have enacted laws requiring safeguards to be put in place to protect the security and confidentiality of medical information as it is shared electronically and to give patients some important rights to monitor their medical records and receive notification for loss and unauthorized acquisition of health information. The United States and the EU have imposed mandatory medical data breach notifications.^[98]

The Health Insurance Portability and Accessibility Act (HIPAA) requires safeguards to limit the number of people who have access to personal information. However, given the number of people who may have access to your information as part of the operations and business of the health care provider or plan, there is no realistic way to estimate the number of people who may come across your records.^[99]

Additionally, law enforcement access is authorized under HIPAA. In some cases, medical information may be disclosed without a warrant or court order.

Breach notification

The purpose of a personal data breach notification is to protect individuals so that they can take all the necessary actions to limit the undesirable effects of the breach and to motivate the organization to improve the security of the infrastructure to protect the confidentiality of the data. The US law requires the entities to inform the individuals in the event of breach while the EU Directive currently requires breach notification only when the breach is likely to adversely affect the privacy of the individual. Personal health data is valuable to individuals and is therefore difficult to make an assessment whether the breach will cause reputational or financial harm or cause adverse effects on one's privacy.

The Security Rule that was adopted in 2005 did not require breach notification. However, notice might be required by state laws that apply to a variety of industries, including health care providers. In California, a law has been in place since 2003 requiring that a HIPAA covered organization's breach could have triggered a notice even though notice was not required by the HIPAA Security Rule.^[100] Since 1 January 2009, California residents are required to receive notice of a health information breach.

Federal law and regulations now provide rights to notice of a breach of health information. The Health Information Technology for Economic and Clinical Health (HITECH) Act requires HHS and the Federal Trade Commission (FTC) to jointly study and report on privacy and data security of personal health information. HITECH also requires the agencies to issue breach notification rules that apply to HIPAA covered entities and Web-based vendors that store health information electronically. The FTC has adopted rules regarding breach notification for internet-based vendors.^[101]

The Breach notification law in the EU provides better privacy safeguards with fewer exemptions, unlike the US law which exempts unintentional acquisition, access, or use of protected health information and inadvertent disclosure under a good faith belief.^[98]

Technical issues

Standards

• ASC X12 (EDI) - transaction protocols used for transmitting patient data. Popular in the United States for transmission of billing data.
• CEN's TC/251 provides EHR standards in Europe including:
  • EN 13606, communication standards for EHR information
  • CONTSYS (EN 13940), supports continuity of care record standardization.
  • HISA (EN 12967), a services standard for inter-system communication in a clinical information environment.
• Continuity of Care Record - ASTM International Continuity of Care Record standard
• DICOM - an international communications protocol standard for representing and transmitting radiology (and other) image-based data, sponsored by NEMA (National Electrical Manufacturers Association)
• HL7 - a standardized messaging and text communications protocol between hospital and physician record systems, and between practice management systems
• Fast Healthcare Interoperability Resources (FHIR) - a modernized proposal from HL7 designed to provide open, granular access to medical information
• ISO - ISO TC 215 provides international technical specifications for EHRs. ISO 18308 describes EHR architectures
• xDT - a family of data exchange formats for medical purposes that is used in the German public health system.

The U.S. federal government has issued new rules of electronic health records.^[102]

Open specifications

• openEHR: an open community developed specification for a shared health record with web-based content developed online by experts. Strong multilingual capability.
• Virtual Medical Record: HL7's proposed model for interfacing with clinical decision support systems.
• SMART (Substitutable Medical Apps, reusable technologies): an open platform specification to provide a standard base for healthcare applications.^[103]

Customization

Each healthcare environment functions differently, often in significant ways. It is difficult to create a "one-size-fits-all" EHR system. Many first generation EHRs were designed to fit the needs of primary care physicians, leaving certain specialties significantly less satisfied with their EHR system.^{[citation needed]}

An ideal EHR system will have record standardization but interfaces that can be customized to each provider environment. Modularity in an EHR system facilitates this. Many EHR companies employ vendors to provide customization.

This customization can often be done so that a physician's input interface closely mimics previously utilized paper forms.^[104]

At the same time they reported negative effects in communication, increased overtime, and missing records when a non-customized EMR system was utilized.^[105] Customizing the software when it is released yields the highest benefits because it is adapted for the users and tailored to workflows specific to the institution.^[106]

Customization can have its disadvantages. There is, of course, higher costs involved to implementation of a customized system initially. More time must be spent by both the implementation team and the healthcare provider to understand the workflow needs.

Development and maintenance of these interfaces and customizations can also lead to higher software implementation and maintenance costs.^{[107][unreliable source?][108][unreliable source?]}

Long-term preservation and storage of records

An important consideration in the process of developing electronic health records is to plan for the long-term preservation and storage of these records. The field will need to come to consensus on the length of time to store EHRs, methods to ensure the future accessibility and compatibility of archived data with yet-to-be developed retrieval systems, and how to ensure the physical and virtual security of the archives.^{[citation needed]}

Additionally, considerations about long-term storage of electronic health records are complicated by the possibility that the records might one day be used longitudinally and integrated across sites of care. Records have the potential to be created, used, edited, and viewed by multiple independent entities. These entities include, but are not limited to, primary care physicians, hospitals, insurance companies, and patients. Mandl et al. have noted that "choices about the structure and ownership of these records will have profound impact on the accessibility and privacy of patient information."^[109]

The required length of storage of an individual electronic health record will depend on national and state regulations, which are subject to change over time. Ruotsalainen and Manning have found that the typical preservation time of patient data varies between 20 and 100 years. In one example of how an EHR archive might function, their research "describes a co-operative trusted notary archive (TNA) which receives health data from different EHR-systems, stores data together with associated meta-information for long periods and distributes EHR-data objects. TNA can store objects in XML-format and prove the integrity of stored data with the help of event records, timestamps and archive e-signatures."^[110]

In addition to the TNA archive described by Ruotsalainen and Manning, other combinations of EHR systems and archive systems are possible. Again, overall requirements for the design and security of the system and its archive will vary and must function under ethical and legal principles specific to the time and place.^{[citation needed]}

While it is currently unknown precisely how long EHRs will be preserved, it is certain that length of time will exceed the average shelf-life of paper records. The evolution of technology is such that the programs and systems used to input information will likely not be available to a user who desires to examine archived data. One proposed solution to the challenge of long-term accessibility and usability of data by future systems is to standardize information fields in a time-invariant way, such as with XML language. Olhede and Peterson report that "the basic XML-format has undergone preliminary testing in Europe by a Spri project and been found suitable for EU purposes. Spri has advised the Swedish National Board of Health and Welfare and the Swedish National Archive to issue directives concerning the use of XML as the archive-format for EHCR (Electronic Health Care Record) information."^[111]

Synchronization of records

When care is provided at two different facilities, it may be difficult to update records at both locations in a co-ordinated fashion.

Two models have been used to satisfy this problem: a centralized data server solution, and a peer-to-peer file synchronization program (as has been developed for other peer-to-peer networks).

Synchronization programs for distributed storage models, however, are only useful once record standardization has occurred.

Merging of already existing public healthcare databases is a common software challenge. The ability of electronic health record systems to provide this function is a key benefit and can improve healthcare delivery.^{[112][113][114]}

eHealth and teleradiology

The sharing of patient information between health care organizations and IT systems is changing from a "point to point" model to a "many to many" one. The European Commission is supporting moves to facilitate cross-border interoperability of e-health systems and to remove potential legal hurdles, as in the project www.epsos.eu/. To allow for global shared workflow, studies will be locked when they are being read and then unlocked and updated once reading is complete. Radiologists will be able to serve multiple health care facilities and read and report across large geographical areas, thus balancing workloads. The biggest challenges will relate to interoperability and legal clarity. In some countries it is almost forbidden to practice teleradiology. The variety of languages spoken is a problem and multilingual reporting templates for all anatomical regions are not yet available. However, the market for e-health and teleradiology is evolving more rapidly than any laws or regulations.^[115]

European Union: Directive 2011/24/EU on patients' rights in cross-border healthcare

The European Commission wants to boost the digital economy by enabling all Europeans to have access to online medical records anywhere in Europe by 2020. With the newly enacted Directive 2011/24/EU on patients' rights in cross-border healthcare due for implementation by 2013, it is inevitable that a centralised European health record system will become a reality even before 2020. However, the concept of a centralised supranational central server raises concern about storing electronic medical records in a central location. The privacy threat posed by a supranational network is a key concern. Cross-border and Interoperable electronic health record systems make confidential data more easily and rapidly accessible to a wider audience and increase the risk that personal data concerning health could be accidentally exposed or easily distributed to unauthorised parties by enabling greater access to a compilation of the personal data concerning health, from different sources, and throughout a lifetime.^[116]

National contexts

United States

Lua error in package.lua at line 80: module 'strict' not found.

Usage

Even though EMR systems with a computerized provider order entry (CPOE) have existed for more than 30 years, fewer than 10 percent of hospitals as of 2006 had a fully integrated system.^[117]

In a 2008 survey by DesRoches et al. of 4484 physicians (62% response rate), 83% of all physicians, 80% of primary care physicians, and 86% of non-primary care physicians had no EHRs. "Among the 83% of respondents who did not have electronic health records, 16%" had bought, but not implemented an EHR system yet.^[118] The 2009 National Ambulatory Medical Care Survey of 5200 physicians (70% response rate) by the National Center for Health Statistics showed that 51.7% of office-based physicians did not use any EMR/EHR system.^[119]

In the United States, the CDC reported that the EMR adoption rate had steadily risen to 48.3 percent at the end of 2009.^[120] This is an increase over 2008, when only 38.4% of office-based physicians reported using fully or partially electronic medical record systems (EMR) in 2008.^[121] However, the same study found that only 20.4% of all physicians reported using a system described as minimally functional and including the following features: orders for prescriptions, orders for tests, viewing laboratory or imaging results, and clinical progress notes. As of 2013, 78 percent of office physicians are using basic electronic medical records.^{[citation needed]} As of 2014, more than 80 percent of hospitals in the U.S.have adopted some type of EHR. Though within a hospital, the type of EHR data and mix varies significantly. Types of EHR data used in hospitals include structured data (e.g., medication information) and unstructured data (e.g., clinical notes).^[122]

The healthcare industry spends only 2% of gross revenues on HIT, which is low compared to other information intensive industries such as finance, which spend upwards of 10%.^[123][124]

The usage of electronic medical records can vary depending on who the user is and how they are using it. Electronic medical records can help improve the quality of medical care given to patients. Many doctors and office-based physicians refuse to get rid of the traditional paper records. Harvard University has conducted an experiment in which they tested how doctors and nurses use electronic medical records to keep their patients' information up to date. The studies found that electronic medical records were very useful; a doctor or a nurse was able to find a patient's information fast and easy just by typing their name; even if it was misspelled. The usage of electronic medical records increases in some work places due to the ease of use of the system; whereas the president of the Canadian Family Practice Nurses Association says that using electronic medical records can be time consuming, and it isn't very helpful due to the complexity of the system.^[125] Beth Israel Deaconess Medical Center reported that doctors and nurses prefer to use a much more friendly user software due to the difficulty and time it takes for a medical staff to input the information as well as to find a patients information. A study was done and the amount of information that was recorded in the EMRs was recorded; about 44% of the patients information was recorded in the EMRs. This shows that EMRs are not very efficient most of the time.^[126]

The cost of implementing an EMR system for smaller practices has also been criticized; data produced by the Robert Wood Johnson Foundation demonstrates that the first year investment for an average five person practice is $162,000 followed by about $85,000 in maintenance fees.^[127] Despite this, tighter regulations regarding meaningful use criteria and national laws (Health Information Technology for Economic and Clinical Health Act and the Affordable Care Act)^[128] have resulted in more physicians and facilities adopting EMR systems:

• Software, hardware and other services for EMR system implementation are provided for cost by various companies including Dell.^[129]
• Open source EMR systems exist, but have not seen widespread adoption of open-source EMR system software.

Beyond financial concerns there are a number of legal and ethical dilemmas created by increasing EMR use, including the risk of medical malpractice due to user error, server glitches that result in the EMR not being accessible, and increased vulnerability to hackers.^[130][131]

Legal status

Electronic medical records, like other medical records, must be kept in unaltered form and authenticated by the creator.^[132] Under data protection legislation, the responsibility for patient records (irrespective of the form they are kept in) is always on the creator and custodian of the record, usually a health care practice or facility. This role has been said to require changes such that the sole medico-legal record should be held elsewhere.^[133] The physical medical records are the property of the medical provider (or facility) that prepares them. This includes films and tracings from diagnostic imaging procedures such as X-ray, CT, PET, MRI, ultrasound, etc. The patient, however, according to HIPAA, has a right to view the originals, and to obtain copies under law.^[134]

The Health Information Technology for Economic and Clinical Health Act (HITECH) (Pub.L. 111–5,§2.A.III & B.4) (a part of the 2009 stimulus package) set meaningful use of interoperable EHR adoption in the health care system as a critical national goal and incentivized EHR adoption.^[135][136] The "goal is not adoption alone but 'meaningful use' of EHRs — that is, their use by providers to achieve significant improvements in care."^[137]

Title IV of the act promises maximum incentive payments for Medicaid to those who adopt and use "certified EHRs" of $63,750 over 6 years beginning in 2011. Eligible professionals must begin receiving payments by 2016 to qualify for the program. For Medicare the maximum payments are $44,000 over 5 years. Doctors who do not adopt an EHR by 2015 will be penalized 1% of Medicare payments, increasing to 3% over 3 years. In order to receive the EHR stimulus money, the HITECH Act requires doctors to show "meaningful use" of an EHR system. As of June 2010, there are no penalty provisions for Medicaid.^[3]

Health information exchange (HIE) has emerged as a core capability for hospitals and physicians to achieve "meaningful use" and receive stimulus funding. Healthcare vendors are pushing HIE as a way to allow EHR systems to pull disparate data and function on a more interoperable level.^{[citation needed]}

Starting in 2015, hospitals and doctors will be subject to financial penalties under Medicare if they are not using electronic health records.^[102]

Goals and objectives

• Improve care quality, safety, efficiency, and reduce health disparities

Quality and safety measurement

Clinical decision support (automated advice) for providers

Patient registries (e.g., "a directory of patients with diabetes")

• Improve care coordination
• Engage patients and families in their care
• Improve population and public health

Electronic laboratory reporting for reportable conditions (hospitals)

Immunization reporting to immunization registries

Syndromic surveillance (health event awareness)

• Ensure adequate privacy and security protections

Quality

Studies call into question whether, in real life, EMRs improve the quality of care.^[30][31] 2009 produced several articles raising doubts about EMR benefits.^{[32][33][138]} A major concern is the reduction of physician-patient interaction due to formatting constraints. For example, some doctors have reported that the use of check-boxes has led to fewer open-ended questions.^[139]

Meaningful use

The main components of Meaningful Use are:

• The use of a certified EHR in a meaningful manner, such as e-prescribing.
• The use of certified EHR technology for electronic exchange of health information to improve quality of health care.
• The use of certified EHR technology to submit clinical quality and other measures.

In other words, providers need to show they're using certified EHR technology in ways that can be measured significantly in quality and in quantity.^[140]

The meaningful use of EHRs intended by the US government incentives is categorized as follows:

• Improve care coordination
• Reduce healthcare disparities
• Engage patients and their families
• Improve population and public health^[141][142]
• Ensure adequate privacy and security

The Obama Administration's Health IT program intends to use federal investments to stimulate the market of electronic health records:

• Incentives: to providers who use IT
• Strict and open standards: To ensure users and sellers of EHRs work towards the same goal
• Certification of software: To provide assurance that the EHRs meet basic quality, safety, and efficiency standards

The detailed definition of "meaningful use" is to be rolled out in 3 stages over a period of time until 2017. Details of each stage are hotly debated by various groups.^[143]

Meaningful use Stage 1

The first steps in achieving meaningful use are to have a certified electronic health record (EHR) and to be able to demonstrate that it is being used to meet the requirements. Stage 1 contains 25 objectives/measures for Eligible Providers (EPs) and 24 objectives/measures for eligible hospitals. The objectives/measures have been divided into a core set and menu set. EPs and eligible hospitals must meet all objectives/measures in the core set (15 for EPs and 14 for eligible hospitals). EPs must meet 5 of the 10 menu-set items during Stage 1, one of which must be a public health objective.^[144]

Full list of the Core Requirements and a full list of the Menu Requirements.

Core Requirements:

1. Use computerized order entry for medication orders.
2. Implement drug-drug, drug-allergy checks.
3. Generate and transmit permissible prescriptions electronically.
4. Record demographics.
5. Maintain an up-to-date problem list of current and active diagnoses.
6. Maintain active medication list.
7. Maintain active medication allergy list.
8. Record and chart changes in vital signs.
9. Record smoking status for patients 13 years old or older.
10. Implement one clinical decision support rule.
11. Report ambulatory quality measures to CMS or the States.
12. Provide patients with an electronic copy of their health information upon request.
13. Provide clinical summaries to patients for each office visit.
14. Capability to exchange key clinical information electronically among providers and patient authorized entities.
15. Protect electronic health information (privacy & security)

Menu Requirements:

1. Implement drug-formulary checks.
2. Incorporate clinical lab-test results into certified EHR as structured data.
3. Generate lists of patients by specific conditions to use for quality improvement, reduction of disparities, research, and outreach.
4. Send reminders to patients per patient preference for preventive/ follow-up care
5. Provide patients with timely electronic access to their health information (including lab results, problem list, medication lists, allergies)
6. Use certified EHR to identify patient-specific education resources and provide to patient if appropriate.
7. Perform medication reconciliation as relevant
8. Provide summary care record for transitions in care or referrals.
9. Capability to submit electronic data to immunization registries and actual submission.
10. Capability to provide electronic syndromic surveillance data to public health agencies and actual transmission.

To receive federal incentive money, CMS requires participants in the Medicare EHR Incentive Program to "attest" that during a 90-day reporting period, they used a certified EHR and met Stage 1 criteria for meaningful use objectives and clinical quality measures. For the Medicaid EHR Incentive Program, providers follow a similar process using their state's attestation system.^[145]

Meaningful use Stage 2

The government released its final ruling on achieving Stage 2 of meaningful use in August 2012. Eligible providers will need to meet 17 of 20 core objectives in Stage 2, and fulfill three out of six menu objectives. The required percentage of patient encounters that meet each objective has generally increased over the Stage 1 objectives.

While Stage 2 focuses more on information exchange and patient engagement, many large EHR systems have this type of functionality built into their software, making it easier to achieve compliance. Also, for those eligible providers who have successfully attested to Stage 1, meeting Stage 2 should not be as difficult, as it builds incrementally on the requirements for the first stage.^[146][147]

Meaningful use Stage 3

On March 20, CMS released its proposed rule for Stage 3 meaningful use.^[148] These new rules focus on some of the tougher aspects of Stage 2 and require healthcare providers to vastly improve their EHR adoption and care delivery by 2018.^[149]

Barriers to adoption

Costs

The steep^{[clarification needed]} price of EMR and provider uncertainty regarding the value they will derive from adoption in the form of return on investment have a significant influence on EMR adoption.^[37] In a project initiated by the Office of the National Coordinator for Health Information (ONC), surveyors found that hospital administrators and physicians who had adopted EMR noted that any gains in efficiency were offset by reduced productivity as the technology was implemented, as well as the need to increase information technology staff to maintain the system.^[37]

The U.S. Congressional Budget Office concluded that the cost savings may occur only in large integrated institutions like Kaiser Permanente, and not in small physician offices. They challenged the Rand Corporation's estimates of savings. "Office-based physicians in particular may see no benefit if they purchase such a product—and may even suffer financial harm. Even though the use of health IT could generate cost savings for the health system at large that might offset the EMR's cost, many physicians might not be able to reduce their office expenses or increase their revenue sufficiently to pay for it. For example. the use of health IT could reduce the number of duplicated diagnostic tests. However, that improvement in efficiency would be unlikely to increase the income of many physicians."^[38] "Given the ease at which information can be exchanged between health IT systems, patients whose physicians use them may feel that their privacy is more at risk than if paper records were used."^[38]

Doubts have been raised about cost saving from EMRs by researchers at Harvard University, the Wharton School of the University of Pennsylvania, Stanford University, and others.^[33][40][41]

Start-up costs

In a survey by DesRoches et al. (2008), 66% of physicians without EHRs cited capital costs as a barrier to adoption, while 50% were uncertain about the investment. Around 56% of physicians without EHRs stated that financial incentives to purchase and/or use EHRs would facilitate adoption.^[118] In 2002, initial costs were estimated to be $50,000–70,000 per physician in a 3-physician practice. Since then, costs have decreased with increasing adoption.^[150] A 2011 survey estimated a cost of $32,000 per physician in a 5-physician practice during the first 60 days of implementation.^[151]

One case study by Miller et al. (2005) of 14 small primary-care practices found that the average practice paid for the initial and ongoing costs within 2.5 years.^[152] A 2003 cost-benefit analysis found that using EMRs for 5 years created a net benefit of $86,000 per provider.^[153]

Some physicians are skeptical of the positive claims and believe the data is skewed by vendors and others with an interest in EHR implementation.^{[citation needed]}

Brigham and Women's Hospital in Boston, Massachusetts, estimated it achieved net savings of $5 million to $10 million per year following installation of a computerized physician order entry system that reduced serious medication errors by 55 percent. Another large hospital generated about $8.6 million in annual savings by replacing paper medical charts with EHRs for outpatients and about $2.8 million annually by establishing electronic access to laboratory results and reports.^[154]

Maintenance costs

Maintenance costs can be high.^[150] Miller et al. found the average estimated maintenance cost was $8500 per FTE health-care provider per year.^[152]

Furthermore, software technology advances at a rapid pace. Most software systems require frequent updates, often at a significant ongoing cost. Some types of software and operating systems require full-scale re-implementation periodically, which disrupts not only the budget but also workflow. Costs for upgrades and associated regression testing can be particularly high where the applications are governed by FDA regulations (e.g. Clinical Laboratory systems). Physicians desire modular upgrades and ability to continually customize, without large-scale reimplementation.^{[citation needed]}

Training costs

Training of employees to use an EHR system is costly, just as for training in the use of any other hospital system. New employees, permanent or temporary, will also require training as they are hired.^[155]

In the United States, a substantial majority of healthcare providers train at a VA facility sometime during their career. With the widespread adoption of the Veterans Health Information Systems and Technology Architecture (VistA) electronic health record system at all VA facilities, few recently-trained medical professionals will be inexperienced in electronic health record systems. Older practitioners who are less experienced in the use of electronic health record systems will retire over time.^{[citation needed]}

Software quality and usability deficiencies

The Healthcare Information and Management Systems Society (HIMSS), a very large U.S. health care IT industry trade group, observed that EMR adoption rates "have been slower than expected in the United States, especially in comparison to other industry sectors and other developed countries. A key reason, aside from initial costs and lost productivity during EMR implementation, is lack of efficiency and usability of EMRs currently available."^[43] The U.S. National Institute of Standards and Technology of the Department of Commerce studied usability in 2011 and lists a number of specific issues that have been reported by health care workers.^[44] The U.S. military's EMR "AHLTA" was reported to have significant usability issues.^[45]

Lack of semantic interoperability

In the United States, there are no standards for semantic interoperability of health care data; there are only syntactic standards. This means that while data may be packaged in a standard format (using the pipe notation of HL7, or the bracket notation of XML), it lacks definition, or linkage to a common shared dictionary. The addition of layers of complex information models (such as the HL7 v3 RIM) does not resolve this fundamental issue.

Implementations

In the United States, the Department of Veterans Affairs (VA) has the largest enterprise-wide health information system that includes an electronic medical record, known as the Veterans Health Information Systems and Technology Architecture (VistA). A key component in VistA is their VistA imaging System which provides a comprehensive multimedia data from many specialties, including cardiology, radiology and orthopedics. A graphical user interface known as the Computerized Patient Record System (CPRS) allows health care providers to review and update a patient's electronic medical record at any of the VA's over 1,000 healthcare facilities. CPRS includes the ability to place orders, including medications, special procedures, X-rays, patient care nursing orders, diets, and laboratory tests.^{[citation needed]}

The 2003 National Defense Authorization Act (NDAA) ensured that the VA and DoD would work together to establish a bidirectional exchange of reference quality medical images. Initially, demonstrations were only worked in El Paso, Texas, but capabilities have been expanded to six different locations of VA and DoD facilities. These facilities include VA polytrauma centers in Tampa and Richmond, Denver, North Chicago, Biloxi, and the National Capitol Area medical facilities. Radiological images such as CT scans, MRIs, and x-rays are being shared using the BHIE. Goals of the VA and DoD in the near future are to use several image sharing solutions (VistA Imaging and DoD Picture Archiving & Communications System (PACS) solutions).^[156]

Clinical Data Repository/Health Data Repository (CDHR) is a database that allows for sharing of patient records, especially allergy and pharmaceutical information, between the Department of Veteran Affairs (VA) and the Department of Defense (DoD) in the United States. The program shares data by translating the various vocabularies of the information being transmitted, allowing all of the VA facilities to access and interpret the patient records.^[157] The Laboratory Data Sharing and Interoperability (LDSI) application is a new program being implemented to allow sharing at certain sites between the VA and DoD of "chemistry and hematology laboratory tests." Unlike the CHDR, the LDSI is currently limited in its scope.^[158]

One attribute for the start of implementing EHRs in the States is the development of the Nationwide Health Information Network which is a work in progress and still being developed. This started with the North Carolina Healthcare Information and Communication Alliance founded in 1994 and who received funding from Department of Health and Human Services.^[159]

The Department of Veterans Affairs and Kaiser Permanente has a pilot program to share health records between their systems VistA and HealthConnect, respectively.^[160] This software called 'CONNECT' uses Nationwide Health Information Network standards and governance to make sure that health information exchanges are compatible with other exchanges being set up throughout the country. CONNECT is an open source software solution that supports electronic health information exchange.^[161] The CONNECT initiative is a Federal Health Architecture project that was conceived in 2007 and initially built by 20 various federal agencies and now comprises more than 500 organizations including federal agencies, states, healthcare providers, insurers, and health IT vendors.^[162]

The US Indian Health Service uses an EHR similar to Vista called RPMS. VistA Imaging is also being used to integrate images and co-ordinate PACS into the EHR system. In Alaska, use of the EHR by the Kodiak Area Native Association has improved screening services and helped the organization reach all 21 clinical performance measures defined by the Indian Health Service as required by the Government Performance and Results Act.^[163]

UK

<templatestyles src="Module:Hatnote/styles.css"></templatestyles>

In 2005 the National Health Service (NHS) in the United Kingdom began deployment of EHR systems in NHS Trusts. The goal was to have all patients with a centralized electronic health record by 2010.^[164] Lorenzo patient record systems were adopted in a number of NHS trusts While many hospitals acquired electronic patient records systems in this process, there was no national healthcare information exchange.^{[29][165][166][167][168]} Ultimately, the program was dismantled after a cost to the UK taxpayer was over $24 Billion (12 Billion GPB), and is considered one of the most expensive healthcare IT failures.^[169] The UK Government is now considered open-source healthcare platform from the United States Veterans Affairs following on the success of the VistA EHR deployment in Jordan.^{[citation needed]}

In November 2013 NHS England launched a clinical digital maturity index to measure the digital maturity of NHS providers^[170] but 40% of NHS managers surveyed by the Health Service Journal did not know their ranking, and the same proportion said improving their ranking was of low or very low priority.^[171]

Electronic palliative care coordination systems have been developed by Marie Curie Cancer Care and the Royal College of General Practitioners which mean that terminally ill patients no longer have to explain their circumstances afresh to every new professional they meet and are less likely to be inappropriately taken to hospital.^[172]

Personalised Health and Care 2020

The publication of Personalised Health and Care 2020 by the Department of Health elaborated a new attempt to integrate patient records.^[173] Its stated ambition is that every citizen will be able securely to access their health records online by 2018 and make real time data available to paramedics, doctors and nurses.^[174] A real time record across health and social care is seen as the key to the provision of integrated care.^[175]

GP Systems

GP2GP is an NHS Connecting for Health project in the United Kingdom. It enables GPs to transfer a patient's electronic medical record to another practice when the patient moves onto the list.^[176] In General Practice in the UK the medical record has been computerized for many years, in fact the UK is probably one of the world leaders in this field. There are very few General Practices in the UK which are not computerized. Unlike the USA GP's have not had to deal with billing and have been able to concentrate on clinical care. The GP record is separate from the national Care Record and contains far more data. Shaun O'Hanlon, EMIS's Chief Clinical Officer says that the legal framework around data sharing is the main problem in integrating patient data because the Data Protection Act 1998 puts responsibilities on GPs to protect the confidentiality of patient data, but at the same time they have a "duty to share" when it is in the best interests of the patient. He says the quickest, easiest route to large scale record sharing is to put patients in the driving seat using smartphone technology. He quotes a YouGov poll which found that 85% of the population wanted any medical professional directly responsible for their treatment to have secure electronic access to key data from their GP record, such as long term conditions, medication history or allergies.^[177]

Clinical IT suppliers are moving towards greater interoperability, already achieved with the GP2GP project allowing different systems to exchange complete medical records between practices. There are projects allowing access between hospitals & GP practices. The main Primary Care systems are EMIS Health, SystmOne, iSOFT, and INPS Vision. The NHS in Scotland widely used GPASS until 2012. From April 2014 practices are contractually required to promote and offer patients the opportunity to book appointments online, order repeat prescriptions online and provide online Patient record access.^[178]

Patient Access

It has been possible for patients to access their own GP records online for some time, and Dr Amir Hannan pioneered this using EMIS software. He says "there are some doctors and nurses who have genuine concerns about patients suddenly being let loose to access their records without any controls in place or without clinicians having to do anything and a feeling of irresponsibility that that raises."^[179]

See Patient record access

Australia

Australia is dedicated to the development of a lifetime electronic health record for all its citizens. PCEHR - the Personally Controlled Electronic Health Record - is the major national EHR initiative in Australia, being delivered through territory, state, and federal governments. This electronic health record was initially deployed in July 2012, and is under active development and extension.^[180]

MediConnect is an earlier program that provides an electronic medication record to keep track of patient prescriptions and provide stakeholders with drug alerts to avoid errors in prescribing.^[181]

Within Australia, there is a not-for-profit organisation called Standards Australia, which has created an electronic health website relating to information not only about Australia and what is currently going on about EHRs but also globally. There is a large number of key stakeholders that contribute to the process of integrating EHRs within Australia,they range from each States Departments of Health to Universities around Australia and National E-Health Transition Authority to name a few.^{[182][183][184]}

Austria

In December 2012 Austria introduced an Electronic Health Records Act (EHR-Act).^[185] These provisions are the legal foundation for a national EHR system based upon a substantial public interest according to Art 8(4) of the Data Protection Directive 95/46/EC.^[186] In compliance to the Data Protection Directive (DPD) national electronic health records could be based upon explicit consent (Art 8(2)(a) DPD), the necessity for healthcare purposes (Art 8(3) DPD) or substantial public interests (Art 8(4) DPD).^[187]

The Austrian EHR-Act pursues an opt-out approach in order to harmonize the interests of public health and privacy in the best possible manner.

The 4th Part of the Austrian Health Telematics Act 2012 (HTA 2012) - these are the EHR provisions - are one of the most detailed data protection rules within Austrian legislation. Numerous safeguards according to Art 8(4) DPD guarantee a high level of data protection. For example:

• personal health data needs to be encrypted prior to transmission (§ 6 HTA 2012), or
• strict rules on data usage allow personal health data only to be used for treatment purposes or exercising patients' rights (§ 14 HTA 2012), or
• patients may declare their right to opt out from the national EHR at any time (§ 15 HTA 2012), or
• the implementation of an EHR-Ombudsman, to support the patients in exercising their rights (§ 17 HTA 2012), or
• the Access Control Center provides EHR-participants with full control over their data (§ 21 HTA 2012), or
• judicial penalties for privacy breaches (Art 7 of the EHR-Act).

Canada

Canadian provinces have launched a number of EHR projects and there are ongoing discussions about interoperability.

Jordan

In 2009, the Jordanian Government made a strategic decision to address quality and cost challenges in their healthcare system by investing in an effective, national e-health infrastructure. Following a period of detailed consultation and investigation, Jordan adopted the electronic health record system of the US Veterans Health Administration VistA EHR because it was a proven, national-scale enterprise system capable of scaling to hundreds of hospitals and millions of patients. [10] In 2010 three of the country's largest hospitals went live with VistA EHR. It is anticipated that all further hospital deployments based on this 'gold' version will require less than 20% effort and cost of the original hospitals, enabling rapid national coverage. The implementation of VistA EHR was estimated at 75% less cost than proprietary products, with the greatest savings related to reduced costs of configuration, customization, implementation and support. When completed, Jordan will be the largest country in the world with a single, comprehensive, national electronic health care delivery network to care for the country's entire population in a single electronic network of over 850 hospitals and clinics.

Denmark

Denmark does not have nationwide EHR. It is mandatory for primary care practices and hospitals to use EHRs. The Danish Health Data Network (Medcom) acts as a data integrator to ensure interoperability. Unfortunately, non-interoperability is an issue despite the high adoption rate.^[188] The five regions are attempting to address this problem by each setting up their own electronic health record systems for public hospitals. However, all patient data will still be registered in the national e-journal.

Estonia

Estonia is the first country in the world that has implemented a nationwide EHR system, registering virtually all residents' medical history from birth to death.^[189] It was launched on 17 December 2008 ^[190]

India

The Government of India, while unveiling of National Health Portal, has come out with guidelines for E.H.R standards in India. The document recommends set of standards to be followed by different healthcare service providers in India, so that medical data becomes portable and easily transferable.^[191]

India is considering to set up a National eHealth Authority (NeHA) for standardisation, storage and exchange of electronic health records of patients as part of the government's Digital India programme. The authority, to be set up by an Act of Parliament will work on the integration of multiple health IT systems in a way that ensures security, confidentiality and privacy of patient data. A centralised electronic health record repository of all citizens which is the ultimate goal of the authority will ensure that the health history and status of all patients would always be available to all health institutions. Union Health Ministry has circulated a concept note for the setting up of NeHa, inviting comments from stakeholders.^[192]

Netherlands

The vast majority of GP's ^[193] and all pharmacies and hospitals use EHR's. In hospitals, computerized order management and medical imaging systems (PACS) are widely accepted. Whereas healthcare institutions continue to upgrade their EHR's functionalities, the national infrastructure is still far from being generally accepted.

In 2012 the national EHR restarted under the joined ownership of GPs, pharmacies and hospitals. A major change is that, as of January 2013, patients have to give their explicit permission that their data may be exchanged over the national infrastructure. The national EHR is a virtual EHR and is a reference server which "knows" in which local EHR what kind of patient record is stored. EDIFACT still is the most common way to exchange patient information electronically between hospitals and GP's.

UAE

Abu Dhabi is leading the way in using national EHR data as a live longitudinal cohort in the assessment of risk of cardiovascular disease.^[194]

Saudi Arabia

In 2010, Saudi Arabian National Guard Health Affairs was recognized with the Arab Health Award for "Excellence in Electronic Health Records".^[195]

Switzerland

In 2007, the Swiss Federal Government has approved a national strategy for adoption of e-health.^[196] A central element of this strategy is a nationwide EHR. Following the federal tradition of Switzerland, it is planned that the nationwide EHR infrastructure is implemented with a decentralized approach, i.e. using access and control mechanism for federating existing records. In order to govern legal and financial aspects of the future nationwide EHR implementation, a bill is currently under development by the Swiss Federal Government.^[197] Besides the current discussions about a nation-wide implementation, EHR are widely used in both private and public healthcare organizations.^[198]

In veterinary medicine

In UK veterinary practice, the replace of paper recording systems with electronic methods of storing animal patient information escalated from the 1980s and the majority of clinics now use electronic medical records. In a sample of 129 veterinary practices, 89% used a Practice Management System (PMS) for data recording.^[199] There are more than ten PMS providers currently in the UK. Collecting data directly from PMSs for epidemiological analysis abolishes the need for veterinarians to manually submit individual reports per animal visit and therefore increases the reporting rate.^[200]

Veterinary electronic medical record data are being used to investigate antimicrobial efficacy; risk factors for canine cancer; and inherited diseases in dogs and cats, in the small animal disease surveillance project 'VetCOMPASS' (Veterinary Companion Animal Surveillance System) at the Royal Veterinary College, London, in collaboration with the University of Sydney (the VetCOMPASS project was formerly known as VEctAR).^[201]

See also

<templatestyles src="Div col/styles.css"/>

References

External links

• Can Electronic Health Record Systems Transform Health Care?
• Maryland Health Care Commission EHR Product Portfolio is a resource to compare and evaluate EHR products along with information on product vendors.
• Open-Source EHR Systems for Ambulatory Care: A Market Assessment (California HealthCare Foundation, January 2008)
• US Department of Health and Human Services (HHS), Office of the National Coordinator for Health Information Technology (ONC)
• US Department of Health and Human Services (HHS), Agency for Healthcare Research and Quality (AHRQ), National Resource Center for Health Information Technology
• Security Aspects in Electronic Personal Health Record: Data Access and Preservation - a briefing paper at Digital Preservation Europe