With the release of the meaningful use requirements, the switch from paper-based to electronic health records has begun in earnest. CIOs and experts say that the transition can be made without losing sight of security and privacy concerns.
As hospitals move closer to becoming paperless on the clinical side, it's inevitable that some form of paper communication will remain viable during the transition period. And while it can be frustrating for clinicians to work in both paper and digital environments, the chief information officer also has to contend with strict privacy and security requirements of Health Insurance Portability and Accountability Act (HIPAA) and the newer Health Information Technology for Economic and Clinical Health (HITECH) Act.
The most common forms of paper found during this transition are parts of patient records that need to be scanned or archived and contracts that need a signature. “The move is to electronic signatures,” notes John Kahanek, a principal at Falls Church, Va.-based CSC Healthcare Group. “But faxes are still used extensively. Again, it goes back to paper contracts where a signature is required.”
TRANSITION GAINS TRACTION
In general, the healthcare industry has been slower than other industries to give up paper, Kahanek observes. Part of the reason is generational, he says. “Change is sometimes difficult. A lot of doctors still want to work with paper.” But that's not the case with younger physicians, he adds. “Gen Y wants everything digital.” While he acknowledges that the transition to e-signatures has been slow, Kahanek believes that it should gain a wider acceptance once “everyone sees the world as digital, not digital and paper.” Another factor in moving away from paper is increased reliance on technologies such as cloud networks, which rely on e-signatures as an authentication procedure that allows users to gain access to encrypted data, he says. Regardless of whether data is paper-based or electronic, the information must be secure, particularly in light of recent healthcare reform regulations.
WE DO GET FAXES AND WE SEND OUT SOME FAXES, MAINLY TO A REFERRING PHYSICIAN. BUT WE'RE MOVING AWAY FROM THAT.-JACQUELINE DAILEY
Kahanek notes that the security portion of HIPAA covers only health information in electronic form while the privacy portion includes all health information in any form. But while the security portion deals with protecting electronic data, it only recommends the use of encryption in transmitting data over the Internet. In the privacy portion, on the other hand, all healthcare organizations must take steps to ensure that a patient's health information will not be disclosed either intentionally or unintentionally. These steps may include shredding paper documents before they are discarded or securing health records with a lock and key or passcode. Neither the security nor privacy portions of HIPAA recommend specific technologies for protecting data.
WE HAVE POLICIES ABOUT THE REQUEST OF PATIENT INFORMATION THAT SIT IN FRONT OF THOSE HIPAA STANDARDS. HIPAA SET THE BASELINE, BUT YOU CAN DO MORE.-RAYMOND ADKINS
The real impetus behind the eventual move away from paper-based records is the implementation of the HITECH Act which was part of the American Recovery and Reinvestment Act (ARRA) of 2009. This requires all healthcare providers to eventually adopt electronic health records. “HITECH is going to be the game changer for a lot of people,” says Michael Mistretta, vice president of information services and CIO of MedCentral Health System in Mansfield, Ohio. The mandated use of electronic health records (EHRs) will hasten the switch from a paper environment to an all digital one, he says.
CUTTING THE PAPER TRAIL
To be sure, security concerns and legislative mandates make the switch to electronic data not a question of if, but when. Yet it is instructive to look at the experiences of four hospital systems that have already made significant progress in making the transition away from paper-based records.