As electronic health records (EHRs) rapidly replace paper in health care settings, hospitals all over the country are trying to strike a balance between easy access to data for those who need it and the desire to safeguard their systems against privacy and security breaches.
Sentara Healthcare, which has 11 hospitals in Southeastern Virginia and Northeastern North Carolina, has spent or budgeted $237 million to install and operate an Epic Systems Corp. EHR over 10 years, starting in late 2005. Two-thirds of that is going to operations, not capital expenditures, according to Ken Rice, director of system process improvements for the Norfolk, Va.-based organization.
The health system realized a return on investment of $53.7 million in 2011, far exceeding the expected $38.7 million, Rice said Tuesday morning at the US News Hospital of Tomorrow conference in Washington.
On the clinical side, practitioners at Sentara facilities have avoided 180,000 avoided medication errors, he reported. Savings came from:
"To get these benefits, you need to have easy access for clinicians," Rice said, explaining why the organization created a single sign-on process for users to log onto the EHR and ancillary information systems. But physicians and other staff are prohibited from taking advantage of the streamlined access to peek at records they have no business seeing, a rule management has strictly enforced.
"We have terminated a lot of employees who have looked at their neighbor's or their ex-spouse's records," Rice said. "You have to make examples of them."
To aid in accurate matching of data to the proper individuals while also protecting against identity theft, patients are identified by an electronic master patient index and the last four digits of their Social Security numbers, not their complete SSN. Plus, Sentara hires "hacker" vendors to see how easy or difficult it is to crack the security protocols, Rice said.
A master patient index is "extremely challenging," whether at the hospital or community level, noted another speaker, Daniel Paoletti, chief executive of the Ohio Health Information Partnership, a collaboration between the State of Ohio and various provider organizations that serves as an independent health information exchange for the entire state, save the greater Cincinnati area. But being what Paoletti called a "neutral third party" to move data has helped the Ohio Health Information Partnership gain trust among hundreds of competing entities. "Collaboration is key," Paoletti said.
"You cannot have all the data in your system. You have to have collaborative relationships with other providers in your community," Paoletti said. That could be accomplished with a cloud-based database, he added.
"Vendors were extremely willing to work with us" since the exchange decided to use national standards, Paoletti continued. With more than 100 hospitals in Ohio—including the Cleveland Clinic and the Ohio State University Wexner Medical Center—running Epic EHR software, interoperability may be slightly easier there than in other states, but the exchange also has integrated with about 20 ambulatory EHR vendors, Paoletti said.
"Interoperability is pretty important," Paoletti explained. Providers will need more information than they have now, such as prescription refill patterns, when reform efforts compel them to manage populations. Payers are demanding additional data, too, according to Paoletti.
With so many hands potentially touching data, Ohio Health Information Partnership participants worked for a year to develop a consent statement that patients would trust. The information exchange chose a conservative strategy of requiring patients to opt in rather than forcing them to opt out, Paoletti said.