Professional Documents
Culture Documents
An Introductory Tutorial
William Tierney, MD
Atif Zafar, MD
AHRQ PBRN Resource Center
Outline of Presentation
• Introduction to EMRs (very basic information)
• Barriers to Adoption: Some Problems with Data Accessibility and
Care Processes
• EMRs for Clinical Research
• EMRs and HIPAA Security
• No Nonsense Guide to Selecting an EMR
• Examples of EMRs
– OpenSource
– Commercial
• Lessons Learned
Introduction to EMRs
Introduction to EMRs
• Why do we need Electronic Medical Records
(EMRs)?
• Many problems with the current healthcare system
(underuse and overuse)
– 30% of children receive excessive antibiotics for otitis
– 20-50% of surgical procedures are not necessary
– 50% of back pain x-rays not necessary
– 50% of elderly patients don’t get a pneumovax
Introduction to EMRs
• Why do we need EMRs?
– Clinical practice is a data intensive operation a
– Inadequate data communication causes
medical errors
– Human cognition is good at pattern recognition
but not at remembering lists or evaluating
multiple business rules.
Why do we need EMRs?
• Available 24 x 7
• Can be viewed by more than one user at a time
• Is available from remote locations
– To covering MDs
– Others with appropriate needs
• Data can nearly always be found
• Is legible
Why do we need EMRs?
• Enhances Communication:
– Between providers--clinical messaging
– Can tag EMR location with message
– Referrals
• Half of specialists didn’t know what main question was
• A third of the time no information came back to PCP
Why do we need EMRs?
• Cost Savings:
– Dictation cost savings
• $170/FTE/month
– Chart pull savings
• $217/FTE/month
– Savings accrue to practice, apply to all payers
Why do we need EMRs?
• Assist with Decision Support:
– Many domains—cost and selection of:
– Drugs
• 18% reduction found by Overhage
– Lab tests
• 10-15% reduction in cost for charges, last result, probability of
abnormal
– Radiological studies
Why do we need EMRs?
• Decision Support:
• In inpatients, computerizing ordering decreased
– Serious medication errors by 55%
– All medication errors by 81%
• EMR can help by
– Structuring medication orders
• 34% error rate with paper vs. 6% with electronic
– Alerting about
• Allergies
• Duplicate medications
• Many other issues
Introduction to EMRs
• Do EMRs make a difference?
– UNEQUIVOCALLY YES, BUT AT A COST!
– In multiple studies, EMRs have been shown to:
• Shorten Length of Stay in a Hospital setting
• Decrease Adverse Drug Events (ADEs)
• Improve Readability, Consistency and Content of
the medical record
• Improve Continuity of Care
• Reduce practice variation
• Most benefits come from Decision Support.
EMR Use in the United States
• Even though the US Health Care system is
the costliest in the world, its performance
ranks 37th in the world according to the
WHO!
• Only 5% of US primary care providers use
EMRs (Bates et. Al., JAMIA 2003), 7% of
all physicians (Wang, Bates, et. Al.,
American Journal of Medicine, April 2003)
EMR Use Around the World
Use PCs Use EMR
• Australia 90% 53%
• Denmark 95% 62%
• Netherlands 95% 88%
• Sweden 95% 90%
• United Kingdom 95% 58%
(c) 2001 Harris Interactive
Breakdown by Function - 2002
Australia UK
• Use EMR 90% 99%
• Of Those:
– Prescrip 100% 80%
– Notes Unknown 45%
– Reminders Unknown 70%
– Clin Vocab 15% (ICPC) 100% (Read)
– Paperless Unknown 45%
REGISTRATION SYSTEM
Clerks
DECISION SUPPORT
LAB SYSTEM
Nursing Staff
PHARMACY SYSTEM
Physicians
RADIOLOGY SYSTEM
Coding Staff
BILLING SYSTEM
Insurance Co.
Order Entry/Results Reporting
Different Types of EMRs
• EMRs don’t necessarily need to be expensive and
complicated or require that a computer be used to
enter data
• Can have hybrid computer/paper based approaches
– Ex: In the CHICA™ System, paper is used to interact with
an electronic data repository
– Standardized paper forms are printed and then “scanned”
– Characters are recognized and the electronic data so
generated interacts with the data repository
Different Types of EMRs
• At Indiana University, pediatric clinics use this system:
– A data repository was developed using Microsoft SQL Server
– A clinical guideline system was written in Arden Syntax
– An optical character recognition system called Cardiff Teleforms is used
to process handwritten numerical data on preprinted scanned forms
– The data so generated is stored in the database and dynamic reminders
are generated for the physician
– These are printed on the clinic computer
– The entire operation takes < 2-3 minutes!
Different Types of EMRs
• The Mosoriot Medical Record System™
– Indiana University has an HIV Effort in Kenya
– A Simple MS Access based database holds all
patient records (3 years worth!)
– Provides forms for data entry, standard term
dictionary, medication listings, registration
system, clinical documentation system etc.
– Created by 1 programmer over 2-3 weeks!
– Highly effective, easy to maintain, inexpensive!
Data Sources
• So how can EMRs populate their databases?
• Data can come from many many sources:
– Admission/Discharge/Billing
– Anesthesia Systems
– Cytology Systems
– Diagnostic Imaging Management Systems
– EKG Carts
– Endoscopy Systems
– ER Systems
Data Sources
• More Data Sources:
– Home Care Systems
– ICU Monitoring Systems
– IV Fluid Infusion Control Systems
– Laboratory Systems
– Nurse Triage
– Order Entry Systems
– Pharmacy Systems (Inpatient/Outpatient)
– Pulmonary Function Systems
Data Sources
• More Data Sources
– Radiology systems
– Risk Management systems
– Registration Systems
– Scheduling and Clinic Charge Systems
– Transcription Systems
– Unit Dose Dispensing machines
– Ventilator Management systems
Data Sources
• So if there are so many data sources
available and so many people are interested
in using EMRs, why are they not more
prevalent?
The Challenges of EMR
Implementation
Problems with Electronic Data
• For the last 30 years the medical informatics
community has struggled with how to architect the
“vessel” that will hold patient data
• Problem is that they have focused on the wrong
problem!
• We don’t just want to create a system that permits
entry of data electronically, we want to create a
system that can acquire this data automatically
from other electronic data repositories and make
it available at the time of service.
Problems with the Data Sources
• Too many repositories or “islands” of systems
• Difficult to “bridge” and combine in useful ways
• Contain different data at different levels of granularity
• Each uses a different code to identify the same information.
• Many institutions do not capture all of the data of interest to
clinicians.
– Labs are sent to external reference laboratories
– Patients fill their scripts at community pharmacies
• As a result many implementations do not lead to satisfactory
achievement of the intended quality assurance goals
Problems with Data Sources
• Another problem is that there are many many care providing sites in the
United States:
– Hospitals 5000+
– Nursing Homes 19000+
– Pharmacies 59722+
– Physician offices 200000+
– Laboratories 63000
– Emergency Rooms 4856
– Hospice Care 2800
– Home Care agencies 4258
• All of these sites generate data that are not necessarily compatible.
Problems with Electronic Data
• Thus, the problem is not one of creating database
fields de novo, it is one of merging existing fields
from many different sources in meaningful ways
DATA ANALYSIS
LAB SYSTEM
PHARMACY SYSTEM
RADIOLOGY SYSTEM
BILLING SYSTEM
INTERVENTION
EMR Features Conducive to
Research
• Reliance on Standards (HL7, LOINC, ICD9, CPT)
• Easy access to data repository, i.e. database structure
is well documented
• Built-in Practice Profile Management systems
• Built-in decision support and order entry functionality
• Able to export data in a standard format (CSV, MDB
etc.)
HIPAA Security
Introduction
• HIPAA = Heath Information Portability and
Accountability Act
• Final Security Rule Published in the Federal
Register on February 20, 2003 (effective 60 days)
– http://www.cms.hhs.gov/hipaa/hipaa2/regulations/securit
y/default.asp
• Designation: 45 CFR 160, 162, 164
• Compliance Dates: April 20, 2005
– Covered Entities: 24 months after effective date
– Small Health Plans: 36 months after effective date
HIPAA Security
• Some excellent links:
• http://privacy.med.miami.edu/glossary/gt_security_rule.htm
• http://www.hipaadvisory.com/tech/wireless.htm
• http://www.hipaadvisory.com/regs/securityoverview.htm
HIPAA Security
• Security should not be confused with Privacy or
Confidentiality
– Privacy: The rights of an individual to control his/her
personal information without risk of divulging or
misuse by others against his or her wishes
– Confidentiality only becomes an issue when the
individuals personal information has been received by
another entity. Confidentiality is then a means of
protecting this information
– Security refers to the spectrum of physical, technical
and administrative safeguards used for this protection
HIPAA Security
• Addresses 3 tiers of protection:
– Administrative Safeguards
– Physical Safeguards
– Technical Safeguards
Administrative Safeguards
• Institutional level
– Develop security management process where
potential “threats” to PHI are determined
– Provide training to all employees about HIPAA
– Provides appropriate level of authorization
based on a protocol for granting access
– Violations should be clearly documented and
investigated
– A disaster recovery plan should be in place
Physical Safeguards
• Applies to 3 elements of the PHI data
storage infrastruture:
– Facility where PHI data is stored
– Workstations on which it is stored
– Media on which it is stored
Physical Safeguards
• Require that the facility have access control
• Contingency plans need to be in place in case an
intruder gains access
• Workstation security measures be in place
– Automatic logoff
– Screen is placed away from potential viewers
– PDAs should be password protected
• Devices and media should be appropriately disposed
of in case they are no longer needed and data should
be erased properly
Technical Safeguards
• Applies to how information is stored, verified,
accessed and transmitted/received
• Access and audit controls
• Emergency access to information when needed
• Automatic logoff is enforced
• Data is encrypted and decrypted during
transmission
• Verify integrity of the storage and transmission
(digital signatures)
Am I HIPAA Compliant?