A Different Kind of Immunization

by Ruby Raley
Director, Healthcare Solutions
Axway

Have you heard about ARRA and the HITECH Act?

A little background. The HITECH Act is a 400-page piece of legislation and part of the American Recovery and Reinvestment Act (ARRA), and its purpose is to provide grants, incentives and penalties to improve the healthcare infrastructure within doctor’s offices, hospitals, and state and federal agencies.

The government hopes to foster the adoption of e-medical records and e-health records (eMR and eHR) with this act, and they plan to pay doctors and hospitals a certain amount for the next three to five years to foster that adoption. Then, after that period, the government will impose penalties or reduced Medicare payments if doctors and hospitals don’t have the technology necessary to comply.

So what does this mean to doctors and hospitals?

Imagine a hospital with subcontractor doctors. All their anesthesiologists are in a group practice, and, in fact, a number of specialists are in group practices. The hospital also has doctors that work directly for them as employees and don’t work outside the hospital. It has relationships with labs and other satellite clinics. It has relationships with family providers all around town. It has relationships with certain payers, like insurance companies.

How is this hospital going to actually accommodate all of these providers who now get to decide which vendor they’re going to select for eMR and eHR? How is this hospital going to satisfy HIPAA privacy protection requirements? After all, the government enhanced the requirements for HIPAA privacy protection because they felt that if people didn’t believe that their data–their personal private data–was safe, they wouldn’t support doctors sharing it with others through an electronic system.

This sentiment is easy to understand. If you went to a doctor, gave your social security number, disclosed the fact that your family has a history of cancer, and then realized that that information was going to become public information, that that information could stop you from getting future medical coverage or that that information could be used to steal your identity, you would be outraged.

The government got this. They decided that they had to put more pressure on HIPAA, which ushered in new rules.

The new rules demand that data must be encrypted whenever it’s moving, and that data at rest must be encrypted or destroyed.

Which brings us to where we’re at today.

To accommodate these new rules, doctors and hospitals need the right tools to protect patient data, to safely move data from one vendor of eMR to another vendor of eHR, and to enable themselves to work with and submit data to any of the state-supported portals (i.e., Health Information Exchanges). Doctors and hospitals must solve interoperability, privacy, compliance, and protection problems, have their infrastructure assessed, and determine what they need to satisfy these new demands.

Anything short of that will, very soon, put doctors and hospitals at risk of the aforementioned imposed penalties or reduced Medicare payments, and what was once a non-issue for medical practitioners will become an extraordinarily critical issue. As an industry well acquainted with the importance of immunization, healthcare should understand that the sting of a data privacy vaccination is necessary to prevent serious harm in eHR exchange in the years ahead.

(Photo by robertdx: http://www.flickr.com/photos/robertdx/ / CC BY 2.0)

Leave a comment

No comments yet.

Comments RSS TrackBack Identifier URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s