Indiana’s records system sheds light on future of EHR
It was a busy Thursday night and the ED was threatening to go on diversion. A gentleman we’ll call Mr. Thompson presented with a chief complaint of weakness, but he was a poor historian and couldn’t give me very accurate information. After what seemed like an eternity he finally recounted that he had felt the same way a few weeks ago and had been admitted at another hospital across town, through an emergency department not affiliated with ours. This is not uncommon. Of patients who have more than one ED visit, 19% of patients will visit a separate healthcare system to seek care. Normally, we wouldn’t have routine access to this previous information and would be forced to repeat the workup. Thankfully, however, I happen to live in Indianapolis, home of the Indiana Network for Patient Care (INPC). The INPC is a local health information infrastructure, an electronic medical records tank of sorts, arguably the first and best regional health exchange in the country. It includes information from the five major hospital systems – over twenty-one separate hospitals – the county and state public health departments, and Indiana Medicaid and prescription information delivered through RxHub.
Thanks to the INPC, I reviewed the data on Mr. Thompson’s file which indicated that he had recently been admitted for renal failure. This simplified our work-up as we ordered the appropriate tests and were also able to compare our results to his recent discharge data. There are countless episodes like this every day in Indianapolis because of the portability of medical records in the region. Patients often indicate: “just look in the computer” when asked about medications or a past medical history.
Health information exchanges (HIEs), like the one in Indiana, are the larger, organizational pieces to the portable health records puzzle. For many, this idea of a portable health record started with patients wearing bracelets with their drug allergies or major illnesses. These were meant to alert their doctors in the event they were unconscious. Next came key fobs containing microfiche copies of ECGs or even entire medical records. These early versions of compressed information soon gave way to microchip-containing cards, USB drives, and even Radio Frequency Implanted Devices (RFIDs) that could be implanted under the skin and read by a scanner. The biggest problem with many personal, portable health records, however, is that the patient is responsible for updating the information. The next logical development was the electronically-linked network of health records.
Within this concept of networked health records, there are two approaches, bottom-up and top-down. The bottom-up starts with electronically accessible records within a hospital or multiple hospitals within the same system. Indianapolis took it to the next step and linked all the hospitals in a single region. Then there is the top-down approach. We all heard the news when Google and Microsoft entered this ring, promising to make health records accessible anywhere there’s a Wi-Fi signal. Some balk about security concerns, but others say, “Well, we got used to online banking…” Whatever the final result, HIEs like the one in Indiana, offer an important perspective. By standing the test of time, the INPC bridged the gap between lo-tech medical charts and the juggernaut of new networking technology. The lessons learned along the way may shed light on other areas of EHR development.
How electronically linked health records actually work
Here’s how the INPC works in practice. When a patient arrives in the ED of a participating hospital, the registration process triggers an automatic search which combines the patient’s records from across the various source systems. The result is what’s called an ED Abstract, which prints out with the registration face sheet (see image). The ED Abstract and additional registration paperwork are then combined with the ED paper record. Additionally, this signal from the registration process allows credentialed providers access to the patient’s entire medical record for 24 hours.
Having access to data from multiple hospital systems is an instant time saver. I no longer need to obtain a separate consent from the patient, find the hospital fax number, contact medical records to let them know I’m sending a fax, and then wait for the information to arrive. But just as important as saving time, the INPC has also been shown to shave costs, to the tune of about $26 per patient visit*. In our system of over 500,000 visits, that adds up to 13 million dollars per year.
But not everyone agrees that cost is a major upside to going to electronic records. The initial costs can be daunting. “Establishing the infrastructure for the system is a massive undertaking, involving the cooperation of thousands of moving parts,” says Dan Handel MD, who has written extensively on the topic. Beyond the question of how much EHRs cost to establish and maintain is the question of who will pay for it. Will the cost be incorporated in the medical bill or some other way? Recently, Google joined forces with the Cleveland Clinic to enter the EHR market, raising some interesting cost/marketing questions. Google has been known to offer complex new features free of charge, paying for it with advertising dollars. What about pharmaceutical advertising? How much would a company that makes headache remedies pay to have their banner appear next to any medical record with the keyword ‘headache’ in it? It’s currently only hypothetical, but it just makes sense, and fits the internet model.
In the case of Indianapolis, the HIE was supported through grants from the National Library of Medicine and the Agency for Healthcare Research and Quality. The INPC began gathering clinical data from the Regenstrief Medical Record System (RMRS) in 1972 and has been adding hospitals ever since. By 2004, all INPC institutions had committed to providing radiology reports, discharge summaries, operative notes, pathology reports, medication records, and EKG reports as their minimum contribution to the INPC. The five participating systems operate over twenty-one hospitals and more than a hundred clinics and day surgery facilities, distributed throughout Indianapolis and the surrounding counties. Together they generate 12 million patient registrations, and over 500,000 emergency department and 2.7 million outpatient visits per year.
The database, however, includes more than radiographs and discharge summaries. Indiana Medicaid has agreed to include much of its administrative data (including prescription records) in the INPC, and RxHub is now delivering medication usage history for INPC patients seeking care in Indianapolis EDs. The Marian County Health Department and the Indiana State Department of Health also contribute data: childhood immunization information and public health laboratory results for clinical use and tumor registry data for de-identified research use. The INPC repository now carries 950 million discrete observations; 21.5 million text reports; 48 million radiology images; and 750,000 EKG tracings.
The INPC has developed a community-wide clinical repository, which is organized by patient. The medical record data are segregated into separate files by institutional source, but the data about one patient from many institutions can be viewed as a single virtual medical record.
But what about patient privacy? If it’s easy to access, isn’t it also easy to breach? In the case of Google, security breach warning flags were on the field before they could finish announcing their entire into the EHR market. Would they be held accountable by the same HIPAA statutes that govern hospital medical records? According to some legal minds they would not. Would pharmaceutical companies or insurance firms eventually sneak their tentacles into the database and mine every minutia of patient data? These, and a myriad other security questions will have to be addressed as we move forward. The good news is that people seem to be asking the right questions and demanding that whatever system emerges has a high level of security.
The INPC employs security rules that actually go above and beyond HIPAA requirements. The INPC collaborative operates under a mutual contract that adheres to all HIPAA requirements and allows the use of repository data or prescribed treatment, public health and research, and purposes with oversight by the INPC management committee. The contract includes a HIPAA business associate agreement; it permits research on de-identified data extracts but prohibits research that compares institutions or providers, even if de-identified, unless specifically approved by the involved parties. The Regenstrief Institute is responsible for gathering and standardizing the data and developing and operating the computer systems. The provider institutions all commit to providing the same minimal set of clinical reports. There were no intrinsic legal barriers to the construction of the INPC.
Regarding security, before physicians are allowed to view patient data three criteria must be met. First, the patient must be known to be physically present at a specific facility, based upon the registration message. Second, the particular clinician accessing data must be credentialed at the given facility. Lastly, the computer workstation from which the information is requested must be physically associated with the hospital system where the patient is registered.
Wait for Google or DIY?
If you hope to foster a regional health information system in your area, there are a few things you need to know. For starters, you’ll need a critical mass of users. Their are some basic costs that are fixed regardless of the size of the project. So look for economies of scale. New systems with limited resources should focus upon incorporating the most valuable data from the high-volume data producers. This may be your only hope of reaching a critical mass. That being said, the second principle is, don’t try to boil the entire ocean. There is a natural order of priority and ease of incorporation. Concentrate on gaining access to important information that will save time. And last, standardize the input of information. Support repository services requires standardization of content at the patient, report/test/measurement identifier, and units of measure.
Today, Indiana, tomorrow, the world
What happens when a regional health information system tries to go national? First of all, someone has to own and operate the infrastructure. Systems like the INPC would have to come into a standardized alignment with an overarching system. That could mean the private sector, such as Google or Microsoft, or it could mean the federal government, via the CDC. All three candidates for president in 2008 have included EHR in their health care reform plans, claiming that they would help fund, or promote, the infrastructure. So the question remains, is a national EHR infrastructure akin to the highway system, as some physicians say, needing the overriding support and regulation of the federal government, or should the development of EHR systems come from the ground up?
Or perhaps they’ll meet somewhere in the middle. Only time will tell.
* Overhage JM, Dexter PR, Perkins SM, Cordell WH, McGoff J, McGrath R, McDonald CJ. A randomized, controlled trial of clinical information shared from another institution. Ann Emerg Med. January 2002;39:14-23.