Providers NOT Required To Keep EHR Audit Systems Turned On

“If healthcare providers are using their electronic health records to falsify medical billing or cover their tracks after mistakes, there’s an easy way for investigators to find out: Check the audit trail.”

“Unfortunately, federal rules don’t require healthcare providers to keep their automated audit systems turned on. A study out this week from HHS’ watchdog office (PDF) finds that many healthcare providers can simply disable their logs or alter them after the fact—and experts say the problem may be far worse than what the study found.”

“HHS’ inspector general’s office this week reported the results of a voluntary survey of all 900 hospitals that had received federal subsidies to buy electronic health record systems as of March 2012. The survey, which had a 95% response rate, found that 44% of the hospitals reported having the ability to delete their EHR audit logs. Another 33% could disable the audit logs, while 11% could edit the records at will.”

To view the full article please visit: Providers Not Required To Keep EHR Audit Systems Turned On

Enabling the Health Care Locavore

Here’s a great article written by PPR’s Chief Technical Officer, Dr. Adrian Gropper about “why hip replacement surgery costs 5-10 times as much in the US as in Belgium even though it’s the same implant… JAMA publish[ing] research and a superb editorial on the Views of US Physicians About Controlling Health Care Costs and CMS put[ting] out a request for public comment on whether physicians’ Medicare pay should be made public.”

To view the full article, please visit Enabling the Health Care Locavore on The Health Care Blog.

Proposed Rules Prevent Patient Control Over Sensitive Information in Electronic Health Records (EHRs)

The proposed federal rules will require physicians and hospitals to use Electronic Health Records (EHRs) that prevent patient control over who can see and use sensitive personal health information.

This is the second time the federal government has proposed the use of technology that violates Americans’ strong rights to control the use and sale of their most sensitive personal information, from DNA to prescription records to diagnoses.

The proposed rules require EHRs to be able to show “meaningful use” (MU) and exchange of personal health data. PPR and other consumer and privacy advocacy groups submitted similar comments for the Stage 1 MU rules. These newly proposed rules are known as “Stage 2 MU” requirements for EHRs.

The most important function patients expect from electronic health systems is the power to control who can see and use their most sensitive personal information. Technologies that empower patients to decide who can see and use selected parts of their records have been working for 4 million people for over 10 years in 8 states with mental illness or addiction diagnoses. Today we do not have any way to know where our data flows, or who is using and selling it.

Even if we had a ‘chain of custody’ to prove who saw, used, or sold our personal health data—which we do not—it is still essential to restore patient control over personal health data so we can trust electronic health systems.

Technologies that require patient consent before data flows are cheap, effective, and should be required in all EHRs.

See Patient Privacy Rights’ formal comments on the Stage 2 MU proposed requirements submitted to the Centers for Medicare and Medicaid and the Office of the National Coordinator for Health IT at: http://patientprivacyrights.org/wp-content/uploads/2012/05/PPR-Comments-for-Stage-2MU-5-7-12.pdf

PPR Comments on the PCAST HIT Report

The President’s Council of Advisors on Science and Technology (PCAST) weighed in on the key problems with how the Administration is building health IT systems and data exchanges. They recommend that patients be able to meta-tag data to protect privacy, that interoperability requires adoption of a common “language”, and that the goal should be a “data-centric” system for research on all health records without consent. The report recommends that HHS and CMS decide when patient data can be used for “secondary” purposes without consent.

See the full PCAST report: http://www.whitehouse.gov/blog/2010/12/08/pcast-releases-health-it-report

Patient Privacy Rights letter of comments to HHS emphasized:

  • Privacy is essential to build in up front.
  • We should not rush to deploy systems and spend billions on electronic systems and data exchanges until we know the privacy technologies PCAST recommends are adequate.
  • The recommendations for de-identifying health data were insufficient. Extensive work needs to be done to ensure that standards for de-identification actually work.

See PPR’s full comments here: http://patientprivacyrights.org/wp-content/uploads/2011/01/PCAST-comments-PPR-Final.pdf

See PPR’s written testimony here: http://patientprivacyrights.org/wp-content/uploads/2011/05/Patient-Privacy-Rights-Testimony-PCAST-WG-Feb-15-2011.pdf

PPR on article: What ‘Patient-Centered’ Should Mean…

It is extremely helpful that the nominee to head of one of the largest federal agencies, the Centers for Medicare and Medicaid (CMS), stated he believes medical records should belong to patients.

You will be intrigued by Don Berwick’s terrific and very personal article titled “What ‘Patient-Centered’ Should Mean: Confessions Of An Extremist, A seasoned clinician and expert fears the loss of his humanity if he should become a patient.” He is a highly respected physician and scholar. Key quotes:

  • “Medical records would belong to patients. Clinicians, rather than patients, would need to have permission to gain access to them.”
  • “My proposed definition of “patient-centered care” is this: The experience (to the extent the informed, individual patient desires it) of transparency, individualization, recognition, respect, dignity, and choice in all matters, without exception, related to one’s person, circumstances, and relationships in health care . . .”