A Brief History of EHR

Veriphyr proactively reports impermissible use of PHI the first time it happens.

 

Electronic health records (EHR) are essentially the digital version of what’s on the clipboard at the end of a hospital bed. Now, entire EHR systems are being bought up, expanded, and incorporated into artificial intelligence by big tech companies.

Protecting patient information privacy is a challenge that has guided EHR system development from its advent. The digitization of health records has meant that data is more easily tampered with, hacked into, and copied and pasted. Thankfully, we now have the technology to help protect this information.

 

The Medicaid and Medicare EHR Incentive Program

In 2009, the Medicaid and Medicare EHR Incentive Program began in order to encourage healthcare providers to switch to EHR over paper records.

Around this time, the Office of the National Coordinator for Health IT issued recommendations for EHR. A survey of 800 hospitals showed that very few were using the recommendations to their full extent (e).

The incentive program paid more than $17.7 billion to healthcare providers by the start of 2014. At that time, over 436,000 hospitals had registered for the program (g).

By 2015, 75% of hospitals had adopted basic EHR systems (c). Basic EHR systems are defined as having functions like, “measures for patient demographics, physician notes, nursing assessments, patient problem lists, patient medication lists, discharge summaries, laboratory reports, radiologic reports, diagnostic test results, and order entry for medications” (c).

By 2016,  67% of all healthcare providers reported using EHR (b). The University of Texas M.D. Anderson Cancer Center massively overhauled it’s EHR system around that time. In doing so, one of the largest health systems in Houston was made drastically more efficient.

The rapid success of EHR meant kinks were conspicuous. Key issues that arose included copy-and-paste practices, flimsy audits, potential for error, and fraud.

 

Misuse  of Electronic Health Records

In 2012, an audit of the Louisiana State Univeristy Health Sciences Center in Shreveport found that there was “unnecessary and inappropriate” access granted to employees of the hospital and its EPIC electronic health records system (f).

As a result, 350 people had access to change patient’s data. This resulted in the auditor recommending that the center “segregate IT staff and contractor duties and access, control and closely monitor administrative system access” (f).

Steve Katz, cybersecurity expert, weighs in on the necessity of limiting access to patient information in Becker’s Hospital Review.

A year after the breach at LSU, a doctor and an office manager of an optometry practice in Florida copied parts of their practice’s EHR system, quit, moved to a competitor, and used the data from the EHR to market themselves to patients’ of the old practice. Without patient consent, the pair scheduled appointments to the competitor.

“Had these been paper records… patient information still could have been stolen, but the former employees would not have been able to electronically override the scheduling information and change appointments. They also likely would not have been able to access so many records” (h).

A survey and analysis of patient privacy breaches was conducted by Veriphyr in 2011, two years into the incentive program.

In 2015, the Office of the Inspector General requested $4oo million (a $105 million increase from the previous year ) in order to expand audits and reviews of IT security, HIPAA compliance, and EHR (d).

“IG will need to adopt oversight approaches that are suited to an increasingly sophisticated healthcare system and that are tailored to protect programs and patients from existing and new vulnerabilities” – Daniel R. Levinson, U.S. inspector general

 

Recent Developments

The EHR system market is crowded because larger companies purchased and merged with smaller companies. Allscripts, for example, acquired HealthGrid Holding Company, and Practice Fusion, which both served smaller scale practices.

Larger companies are able to take on larger  clients, such as the Veteran’s Administration (VA). In June 2018, the VA signed a $10 billion contract to implement Cerner EHR. The Coast Guard and Department of Defense also use Verner.

EHR is becoming highly profitable, and the large companies providing EHR systems “have changed the face of the health IT landscape through disruptive investments, partnerships, and innovations” (a).

Innovations include EHR-integrated virtual assistants powered by artificial intelligence. EPIC, eClinicalWorks, and athenahealth have all launched such projects.

“The advent of the voice-activated, EHR-integrated virtual assistant could drive improvements in EHR usability and physician satisfaction with EHR technology. Enabling providers to spend less time on data entry by dictating physician notes to virtual assistants could also free up providers to spend more time with patients” (a).

 

Big tech companies see opportunity in EHR. You can probably guess the three big companies developing healthcare technology.

Apple launched a Health Records EHR data viewer, which will make it easier for patients to view and engage with their medical records, as well as keep track of doctor’s advice and prescriptions.

In addition, Apple is releasing an application programming interface (API) specifically for health records. These will allow doctors to develop apps for patient/doctor communication. Google has done the same.

There are endless rumors of impending Amazon involvement in the EHR field. While Amazon doesn’t currently provide healthcare related services, companies in the EHR market like Medsphere operate their systems on Amazon Work Spaces

 

Conclusions

While EHRs are credited with improving healthcare delivery, they have also made it easier to steal patients’  medical information. Healthcare organizations seeking to proactively detect identity theft and data privacy breaches can use advanced data analytics. Veriphyr provides such a service.

 

Sources

(a) Top 5 Ways Health IT Companies Are Changing the EHR Market

(b) EHR Adoption Rates

(c) Basic Hospital EHR Adoption Rates Climbs to Nearly 75%

(d) More EHR Audits to Come in 2015 

(e) OIG takes hospitals to task on EHR use – Healthcare IT news

(f) Auditor: Inappropriate access to electronic health records at LSU-S

(g) EHR Payments Soar to Near $20B

(h) Healthcare Privacy Thieves Deserve No Mercy