EMR, EHR, PHR, and e-Prescribing PDF

Summary

This document provides an overview of electronic health records (EHR), including electronic medical records (EMR), personal health records (PHR), and electronic prescribing. It discusses the benefits and uses of each type of record within healthcare settings. It also touches on health information exchange (HIE).

Full Transcript

EMR, EHR, PHR, and e-Prescribing

o HIS may include the following systems to computerize health records:
1. Electronic Medical Records (EMR)
2. Electronic Health Records (EHR)
3. Personal Health Records (PHR)
4. Electronic Prescribing (e-Prescribing)

Before defining the previous terms, we need to differentiate between two
important terms: medical records and health records. Physicians
- by
Medical records were for use by clinicians mostly for diagnosis and
treatment.
2-9
=

-

Health records relates to “The condition of being sound in body, mind, or
spirit; especially freedom from physical disease or pain the general
condition of the body.”
↳
4
Electronic Medical Records (EMR)

o The benefits of EMR are:
EMii
1. Enable providers to track data over time,
2. Identify patients for preventive visits and screenings,
3. Monitor patients, and
4. Improve health care quality.
* shared
with
provideraeration
of same
o The information stored in EMR is not usually shared with providers outside of an
organization.

o A patient’s record might even have to be printed out and delivered by mail to specialists
and other members of the care team.
-

Noti h

6
Sample of EMR

7
Electronic Health Records (EHR)

o EHR are digital records of health information.
EHR

o HER include:
X

Vital Signs
o Past medical history

Tier
o Vital signs a

S
o Progress notes
9 o Diagnoses
o Medications
o Immunization dates
reports
o Allergies data-aging
Lab
o Lab data
o Imaging reports ·wasa
o Can also contain other relevant information, such as insurance information, and
demographic data.

8
Electronic Health Records (EHR)

o EHR are built to share information with other health care providers and organizations
such as:

o Laboratories

I
o Specialists
o Medical imaging facilities
o Pharmacies
o Emergency facilities, and
o School and workplace clinics.

They contain information from all clinicians involved in a patient’s care.

9
Electronic Health Records (EHR)

o The benefits of EHR are:
-
1. Improve patient care improve patient care

patient participation
2. Increase patient participation increase
3. &
Improved care coordination Practice
&
4. Improved
a -

Wi
diagnostics & patient outcomes
5. Practice efficiencies and cost savings
=>

11
 digitalcondda
EMR vs EHR Allow
access
providers
to
toleur

took they an
walm
ve in disesion

be a
resend can i
Steve

EHR EMR

A digital record of health information A digital version of patient chart

Allows access to tools that providers Is mainly used by providers for diagnosis
can use for decision making and treatment

Allows a patient’s medical information to Patient record cannot easily be sent
be accessed from different places outside the practice

Simplified sharing of updated, real-time Not designed to be shared outside the
information individual practice

12
 medical darts
Electronic medical
Personal Health Records (PHR) patient's
designedtubeSetupa
containing
a

data ,

o PHR are electronic medical charts that contain medical data and information about a
patient that are designed to be set up, accessed, and managed by patients themselves.
Pas

o Patients can use PHR to maintain and manage their health information in a private,
secure, and confidential environment.

o PHR include information from a variety of sources including:
o Clinicians
o Home monitoring devices, and
o Patients themselves.

13
Personal Health Records (PHR)

oThe benefits of PHR are:

1.
--
PHR grant patients access to a wide range of health information sources, best
medical practices, and health knowledge.
2. All of an individual’s medical records are stored in one place instead of paper-
based files in various doctors’ offices.
3. PHR offer patients the opportunity to submit their data to their physicians
→ This helps clinicians make better treatment decisions.

15
Personal Health Records (PHR)

oThe benefits of PHR are: ①
4. PHR help in analyzing patient’s health profile for analysis drug interaction,
② current best medical practices, gaps in current medical care plans, and
identification of medical errors. & &
5. PHR help in tracking patient illnesses.
6. PHR help in reducing the time consumed by face-to-face meetings and telephone
communication.
7. PHR can quickly provide critical information to proper diagnosis or treatment. It
also helps in making appointments, etc.

16
The difference between PHR, EHR, and EMR
EMR EHR PHR

Medical specialists in one Doctors across hospitals, labs,
End-user Patients
department pharmacies, patients

Include patient's medical history
that is entered by patients
Medical history, prescriptions, Electronic records of health-
Type of themselves, as well as data from
current patient's health related information on an
information other sources such as
conditions individual
pharmacies, labs, and healthcare
providers

Can be created, gathered,
Can be created, managed, and
managed, and consulted by
Information consulted by authorized clinicians Can be created, gathered, and
authorized clinicians and staff
access and staff across more than one managed by patients
within a single healthcare
healthcare organization
organization

17
Electronic prescribing (e-Prescribing)

o Prescription is securely transmitted to pharmacies electronically using a special software
program over the Internet / Intranet.

o When a pharmacy receives a request, it can begin filling the medication right away.

o The benefits of e-Prescribing are:
1. Improves health care quality and patient safety by reducing medication errors and
checking for drug interactions.
2. E-Prescribing is more convenient, cheaper, and safer for doctors, pharmacies, and
patients.

18
Health Information Exchange (HIE)

o Electronic Health Information Exchange (HIE) allows doctors, nurses, pharmacists, other
health care providers and patients to appropriately access and securely share a patient’s
vital medical information electronically improving:
Speed
quality
seefty
cost

The The The The cost of
speed quality safety patient care

4
Health Information Exchange (HIE)

o Appropriate, timely sharing of vital patient information can better inform decision
making at the point of care and allow providers to:

% 4
· 4151
Standardization of Avoid readmissions Avoid medication
patient data errors

%* Decrease duplicate
Improve diagnoses
testing
*

5
 Health Information Exchange (HIE)
Forms of exchange
o There are currently three key forms of HIE:
1. Directed exchange: ability to send and receive secure information electronically between
care providers.

e
2. Query-based exchange: ability for providers to find and/or request information on a
patient from other providers.
&
3. Consumer mediated exchange: ability for patients to aggregate and control the use of
their health information among providers.

↓
x.
The foundation of standards, policies and technology required to initiate all three forms of HIE
are complete, tested, and available today.

di
·

6
Health Information Exchange (HIE)
Forms of exchange
1. Directed exchange
o Directed exchange is used by providers to easily and securely send patient information
such as:
jei
Laboratory orders and results
41j801
Patient referrals, or
Discharge summaries directly to another health care professional.
o This information is sent over the Internet in an encrypted, secure, and reliable way
amongst health care professionals who already know and trust each other and is
commonly compared to sending a secured email.
o This form of information exchange enables coordinated care, benefitting both providers
and patients.

7
Health Information Exchange (HIE)
Forms of exchange

o Example of directed exchange:
A primary care provider can directly send electronic care summaries that include
medications, problems, and lab results to a specialist when referring their patients.
This information helps to inform the visit and prevents the duplication of tests, redundant
collection of information from the patient, wasted visits, and medication errors.

8
Health Information Exchange (HIE)
Forms of exchange
2. Query-based exchange
o Query-based exchange is used by providers to search and discover accessible clinical
sources on a patient.
o This type of exchange is often used when delivering unplanned care.
o Examples:
Emergency room physicians who can utilize query-based exchange to access patient
information such as medications, recent radiology images, and problem lists might adjust
treatment plans to avoid adverse medication reactions or duplicative testing.
If a pregnant patient goes to the hospital, query-based exchange can assist a provider in
obtaining her pregnancy care record, allowing them to make safer decisions about the care
of the patient and her unborn baby.

9
Health Information Exchange (HIE)
Forms of exchange
3. Consumer-Mediated Exchange
o Consumer-mediated exchange provides patients with access to their health information,
allowing them to manage their health care online in a similar fashion to how they might
manage their finances through online banking.
o When in control of their own health information, patients can actively participate in their
care coordination by:
Providing other providers with their health information.
Identifying and correcting wrong or missing health information.
Identifying and correcting incorrect billing information.
Tracking and monitoring their own health.

10
Health Information Exchange (HIE)
Benefits of HIE
o Many benefits exist with information exchange regardless of the means of which is it
transferred.
o However, the value of electronically exchanging is the standardization of data.
-S
o Once standardized, the data transferred can seamlessly integrate into the recipients'.

Electronic Health Records (EHR), further improving patient care.
o Example:
If laboratory results are received electronically and incorporated into a provider’s HER a list
of patients with diabetes can be generated.

The provider can then determine which of these patients have uncontrolled blood sugar and
schedule necessary follow-up appointments.

11
Health Information Exchange (HIE)
Benefits of HIE
o HIE benefits include:
HIE reduces duplicative treatments and avoids costly mistakes.
Improves quality and safety of patient care by reducing medication and medical errors.
Stimulates patient’s involvement in their own health care.
Increases efficiency by eliminating unnecessary paperwork.
Provides caregivers with clinical decision support tools for more effective care and treatment.
Improves public health reporting and monitoring.
Provides a basic level of interoperability among electronic health records (EHRs)
Reduces health related costs.

12
Health Information System Security

o To reap the promise of digital health information to achieve better health outcomes,
smarter spending, and healthier people, providers and individuals alike must trust that an
individual’s health information is private and secure.
If HIS are not secure and they have security breaches then patients do not trust such systems.

o This lack of trust may incur:
Reputational and financial harm.
Harm to your patients.
Vulnerability of patient information in your health information system.
The risk of successful cyber-attack..

4
Health Information System security
The main principles of security within HIS
o Information security is the protection of information and information systems from:
Unauthorized access

is
Use
Disclosure 2081
Disruption 5
Modification, or destruction ·

o Information security is achieved by ensuring:
The confidentiality
The integrity, and
The availability of information
Figure: The CIA triad

5
Health Information System security
The main principles of security within HIS

Confidentiality
o Confidentiality requires health care providers to keep a patient’s personal health
information private.

o Creating a trusting environment by respecting patient privacy encourages the patient to
seek health care.

o In accordance with the Health Information Portability and Accountability Act of 1997
(HIPAA), institutions are required to have policies to protect the privacy of patients’
electronic information.

6
Health Information System security
The main principles of security within HIS

Integrity

·
o Integrity means that a health institution’s data is dependable and accurate.

o It also means that ·
only authorized users can have access to patient data and that the data is
not altered or destroyed in any manner.

7
 Health Information System security
The main principles of security within HIS

Availability
o Availability means that HIS is available for end users.

o Availability is ensured by:
&
Proper maintenance of all hardware
Keeping current with all system upgrades
Phase a
d Providing adequate communication bandwidth
Fast and adaptive disaster recovery.
alary ↓

request tint
mattingtu
our
enouypacity 8
Information Security in Health Care
Security threats

o The object of security is to protect valuable or sensitive organizational
information while making it readily available.
o Attackers trying to harm a system or disrupt normal business operations.

They exploit vulnerabilities by using various techniques, methods, and tools.
o System administrators need to understand the various aspects of security to
develop measures and policies to protect assets and limit their vulnerabilities.

9
Information Security in Health Care
Security threats
o Attackers generally have motives or goals—for example, to disrupt normal business
operations or steal information.

Security threats

Human Natural desasters

Floods, Fires,
Malicious Non-Malicious
Earthquakes, Hurricanes

Outsiders Insiders Ignorant employees
Like crackers or Like disgruntled
hackers employees

Figure: Security threats into different areas
10
Information Security in Health Care
Natural disasters
o Nobody can stop nature from taking its course.
Earthquakes, hurricanes, floods, lightning, and fire can cause severe damage to computer
systems.
Gig i jig
o Information can be lost, downtime or loss of productivity can occur, and damage to
hardware can disrupt other essential services.
i
o Few safeguards can be implemented against natural disasters.
-
x
The best approach is to have disaster recovery plans and contingency plans in place.

o Other threats such as riots, wars, and terrorist attacks could be included here.
Although they are human-caused threats, they are classified as disastrous.

11
Information Security in Health Care Security
threats
Human threats – Malicious threats E
Talicious
natural
E Su
e
human >ulicia
- de
insiders outsides
o Malicious threats consist of:
↓
employe who
C
Ignorant natural
disasters
are
angry vaune na system ↓
E
disrupt empolyes
Inside attacks by disgruntled or malicious employees, and
and
work tauthyvalles victs
lightning
Outside attacks by non-employees just looking to harm and disrupt an organization.
was

Live terroristactivities

Si hurrican

flood
o The most dangerous attackers are usually insiders (or former insiders), because they
know many of the codes and security measures that are already in place.

12
Information Security in Health Care
Human threats – Malicious threats

o Malicious attackers normally will have a specific goal, objective, or motive for an attack
on a system.
These goals could be to disrupt services and the continuity of business operations.

o Attackers are not the only ones who can harm an organization The primary
threat to data integrity comes from authorized users who are not aware of the actions
they are performing.

o Errors and omissions can cause valuable data to be lost, damaged, or altered.

13
Information Security in Health Care
Human threats – Malicious threats

o The goal of some attacks is not the physical destruction of the computer system but the
penetration and removal or copying of sensitive information.
75
o Attackers want to achieve these goals either for personal satisfaction or for a reward.

o Malicious attackers can gain access or deny services in numerous ways.
Examples: Virus, Trojan horses, worms, password cracking, and Email hacking.

14
Information Security in Health Care
Human threats – Non-malicious threats

o Non-malicious threats usually come from employees who are untrained in
computers and are unaware of security threats and vulnerabilities.
Example: Users who open up Microsoft Word documents using Notepad, edit the
documents, and then save them could cause serious damage to the information
stored on the document.

o Users, data entry clerks, system operators, and programmers frequently make
unintentional errors that contribute to security problems, directly and indirectly.

o Sometimes the error is the threat, such as a data entry error or a programming
error that crashes a system. In other cases, errors create vulnerabilities.
Errors can occur in all phases of the system life cycle.

15