With the release of the meaningful use requirements, the switch from paper-based to electronic health records has begun in earnest. CIOs and experts say that the transition can be made without losing sight of security and privacy concerns.
As hospitals move closer to becoming paperless on the clinical side, it's inevitable that some form of paper communication will remain viable during the transition period. And while it can be frustrating for clinicians to work in both paper and digital environments, the chief information officer also has to contend with strict privacy and security requirements of Health Insurance Portability and Accountability Act (HIPAA) and the newer Health Information Technology for Economic and Clinical Health (HITECH) Act.
The most common forms of paper found during this transition are parts of patient records that need to be scanned or archived and contracts that need a signature. “The move is to electronic signatures,” notes John Kahanek, a principal at Falls Church, Va.-based CSC Healthcare Group. “But faxes are still used extensively. Again, it goes back to paper contracts where a signature is required.”
TRANSITION GAINS TRACTION
In general, the healthcare industry has been slower than other industries to give up paper, Kahanek observes. Part of the reason is generational, he says. “Change is sometimes difficult. A lot of doctors still want to work with paper.” But that's not the case with younger physicians, he adds. “Gen Y wants everything digital.” While he acknowledges that the transition to e-signatures has been slow, Kahanek believes that it should gain a wider acceptance once “everyone sees the world as digital, not digital and paper.” Another factor in moving away from paper is increased reliance on technologies such as cloud networks, which rely on e-signatures as an authentication procedure that allows users to gain access to encrypted data, he says. Regardless of whether data is paper-based or electronic, the information must be secure, particularly in light of recent healthcare reform regulations.
WE DO GET FAXES AND WE SEND OUT SOME FAXES, MAINLY TO A REFERRING PHYSICIAN. BUT WE'RE MOVING AWAY FROM THAT.-JACQUELINE DAILEY
Kahanek notes that the security portion of HIPAA covers only health information in electronic form while the privacy portion includes all health information in any form. But while the security portion deals with protecting electronic data, it only recommends the use of encryption in transmitting data over the Internet. In the privacy portion, on the other hand, all healthcare organizations must take steps to ensure that a patient's health information will not be disclosed either intentionally or unintentionally. These steps may include shredding paper documents before they are discarded or securing health records with a lock and key or passcode. Neither the security nor privacy portions of HIPAA recommend specific technologies for protecting data.
WE HAVE POLICIES ABOUT THE REQUEST OF PATIENT INFORMATION THAT SIT IN FRONT OF THOSE HIPAA STANDARDS. HIPAA SET THE BASELINE, BUT YOU CAN DO MORE.-RAYMOND ADKINS
The real impetus behind the eventual move away from paper-based records is the implementation of the HITECH Act which was part of the American Recovery and Reinvestment Act (ARRA) of 2009. This requires all healthcare providers to eventually adopt electronic health records. “HITECH is going to be the game changer for a lot of people,” says Michael Mistretta, vice president of information services and CIO of MedCentral Health System in Mansfield, Ohio. The mandated use of electronic health records (EHRs) will hasten the switch from a paper environment to an all digital one, he says.
CUTTING THE PAPER TRAIL
To be sure, security concerns and legislative mandates make the switch to electronic data not a question of if, but when. Yet it is instructive to look at the experiences of four hospital systems that have already made significant progress in making the transition away from paper-based records.
Peninsula Regional Medical Center: Peninsula Regional, a 360-bed hospital in Salisbury, Md., is in the latter stages of its conversion from a paper environment to a digital one. Peninsula Regional began its transition in the late 1990s, according to Raymond Adkins, CIO, who acknowledges that the hospital has not quite made a complete switch. “We still utilize faxes, probably more on the discharge side for skilled nursing or home healthcare,” he says. In those instances, faxes containing information from a patient's current medical record are sent to a placement center for review before that patient is transferred to an appropriate facility or back home.
A limited number of faxes also are sent to the hospital's pharmacy, Adkins reports. While more than 80 percent of medication orders are entered electronically by physicians via a CPOE, some orders are still written by hand and then faxed. Once the pharmacy keys in the order, the paper fax is destroyed. Likewise, the original paper order is scanned into the patient's record and it, too, is destroyed.
Adkins adds that because a number of physician practices have yet to adopt EHRs, these physicians will often fax information on a patient prior to that patient being admitted. That paper also is scanned and then destroyed. Physicians’ progress notes are still paper-based, although he says they will soon become electronic. While Peninsula Regional has adopted electronic signatures for clinicians, they are not yet available for patients, he says.
On the issue of security, Adkins says Peninsula Regional has set higher security standards than required by legislative mandates. “We have policies about the request of patient information that sit in front of those HIPAA standards. HIPAA set the baseline, but you can do more.”
Children's Hospital of Pittsburgh of UPMC: Children's Hospital began going paperless in 2002. “We're automating all our venues from paper to electronic,” according to Vice President and CIO Jacqueline Dailey. The hospital has made significant strides in EHR. All patient records are stored online, and only 1 percent of the data in those records are scanned from paper. “If we do scan a document, the paper is destroyed within 24 hours.” Dailey also acknowledges that faxes are still part of the hospital's mix. “We do get faxes and we send out some faxes, mainly to a referring physician. But we're moving away from that,” she says.
Children's Hospital has begun using electronic signatures, but only for consent forms. “When you're admitting a child, parents can sign on an electronic signature pad,” she says. Physicians also need to sign these forms; if they do not have access to an electronic signature pad when the patient is being admitted, they may hand-sign the paper form, which then gets scanned and then is destroyed.
WE'VE BEEN WORKING TOWARD BANKING STANDARDS, SO DATA IS ENCRYPTED ON THE MOVE AND AT REST. AND WHEN IT'S BACKED UP, IT'S ENCRYPTED.-GREGORY VELTRI
In fact, Dailey says, many physicians now welcome electronic communications. Dailey notes that clinicians have been partly responsible for the rapidity in which the 296-bed Children's Hospital has been moving away from paper. “It's frustrating to be part paper and part electronic,” she says. “Clinicians had trouble working in two environments.”
ABOUT THE ONLY THING LEFT ON PAPER IS PHYSICIAN PROGRESS NOTES.-MICHAEL MISTRETTA
The sheer volume of paper that is saved by making the transition to electronic data has been impressive. “When we send them an electronic feed, we can send them an electronic summary of all their patients that we've seen that day.” That has meant going from 50 sheets of paper to one electronic summary, Dailey says.
MedCentral Health: The two-hospital, 351-bed provider began the process of shedding paper 10 years ago. Today, according to Michael Mistretta, “About the only thing left on paper is physician progress notes.” Today MedCentral gets few inbound faxes, although it occasionally needs to send a fax to a physician's office or to a nursing home prior to a patient's discharge. Any faxes received are scanned within 48 hours and then destroyed, Mistretta says.
Physicians use e-signatures, as do outpatients. However, this technology is still not available on the inpatient side, so paper forms are scanned and then destroyed, he says.
Denver Health & Hospital: With 477 beds and a number of outpatient centers, this Denver, Colo.-based provider employs its own physicians, which cuts down on the number of incoming and outgoing faxes, according to CIO Gregory Veltri. While some faxes are sent to other hospitals that request information on a transferring patient, all incoming faxes are scanned and then destroyed, he says. And although the hospital's lab runs most tests, some results from reference labs are faxed to Denver Health. The lab then keys in the results and destroys the paper, Veltri says.
Denver Health & Hospital uses a single electronic record for each patient; it has a grand total of 2.7 million records to date. “We're almost all electronic except for physician notes and discharge summaries,” Veltri says.
Physician documentation software will be rolled out at Denver Health & Hospital by next year. None of the paper records that will have been dated prior to the roll out of the EHR are being back-scanned, which Veltri says would be too cost prohibitive. Instead, an automated tracking program will determine which charts should be destroyed and when, he says.
Electronic signatures are used extensively at Denver Health & Hospital, when patients register; when patients pick up their medications from the pharmacy; and when doctors sign orders. Veltri says the hospital's electronic document management system allows e-signatures on whatever documents that need to be signed by a physician-even scanned documents. If a physician needs to sign a document, he gets a reminder each and every time he logs on the network, along with a warning that unless he signs within a given number of days he will be locked out of the system. “No doc has ever been locked out,” Veltri states.
Veltri, who has a background in the banking industry, is making sure Denver Health & Hospital meets or exceeds all security standards. “We have four security analysts and a manager,” he says. “That office provides internal and external security compliance. We've been working toward banking standards, so data is encrypted on the move and at rest. And when it's backed up, it's encrypted,” he says.
Healthcare Informatics 2010 October;27(10):37-39