The issue with de-identified data in healthcare lies in the fact that some Electronic Health Record (EHR) companies have crafted Business Associate Agreements (BAAs) that could potentially harm healthcare providers and their patients. While it is not entirely clear whether these companies are strictly adhering to the letter of the law, they certainly do not uphold the spirit of it. The original intention of a BAA, as outlined in the HITECH Act and further refined by the Omnibus Rule, is to serve as the company's commitment to understanding HIPAA privacy and security requirements. In cases where breaches are caused by the software, the company should take responsibility. However, when data is de-identified, companies gain significant latitude in its use. They are not obliged to seek permission or inform subscribers about how or when their patients' data is utilized, nor are they held accountable for software failures that result in data breaches.
HIPAA is a frightening thing to many behavioral health providers. Although it is something to take seriously, it need not be frightening . Nor do you need to pay big bucks to a company to set things up for you. A very simple thing that will help you become compliant is to get an EHR that is both integrated and features end-to-end encryption. This post explains why.
Mental health therapists are beginning to talk about wanting “integrated products” to help manage their practice tasks. But what do they mean by “integrated product?” More importantly, if you wanted to look at some, how would you go about finding them? Googling “integrated product” isn’t likely to produce the results you want.
One of the problems is that these types of products go by more than one name, which may be why people have begun referring to them as “integrated products.” Common names are Electronic Health Record (EHR), Electronic Medical Record (EMR) or Practice Management System. To complicate matters, just being called one of those titles doesn’t automatically mean the product is well-integrated.
Recently, a top journal in the field of Electronic Health Record (EHR) development posted this quote from an anonymous doctor who was dissatisfied with his EHR:
“I firmly believe this EHR makes important information difficult to find and interpret, and it is very inefficient.” He went on to say, “It creates superfluous and difficult-to-navigate notes and information that are not centralized. That makes it easy for care providers to disregard notes, and they often do. That affects patient safety. . . . It is difficult and arduous to document in the EHR, and providers’ efforts to do so still yield subpar results with erroneous, irrelevant information.”
This doctor is pointing out a very real problem inherent in some EHRs. However, he was referring to one of the "ONC Certified" EHRs which we've discussed previously. Those types of EHRS are inherently much more difficult to use than most EHRs that have been specifically created for the mental health professions, such as PSYBooks.
Actually, most patients don't. A recent study conducted by Catalyst Healthcare Research found that 93% of adults would prefer to go to a doctor that offers email communication, even if there was a $25 fee (Pai, 2014). Encrypted email is incorporated into most, if not all present-day EHRs that also have patient portals. By being integrated with the entire medical record, it's relatively easy for doctors to correspond with patients right from their electronic chart. Leaders in prominent health care groups in Houston, encouraged patient enrollment in their EHR system and have found similar results. Dr. Robert Dickinson, Kelsey-Seybold's medical director for executive health and wellness says, "They think it's the coolest thing they've ever seen. It's like online banking. People love this kind of access. Before, it was kind of mysterious" (Hines, 2014).
However, when you ask doctors if they like EHRs, you often get an entirely different story. You mostly hear dislike, frustration and irritability. There are actually excellent reasons for this.
Think you're not doing telehealth? Think again. Although there's no one-size-fits-all definition that cuts across state and/or discipline lines, most agree that telehealth basically involves any electronic method you use to communicate with or about your clients. This can include common things like phones, email and electronic file storage, in addition to video sessions, which is what we typically think of with the term telehealth.
I sometimes hear therapists mention specific software programs they’re using in their practices for tasks like notes, calendar/schedulers, online file storage, billing, video sessions or email and then add something like, “They’re HIPAA compliant. They just don’t – you know – have Business Associate Agreements.”
The portal is the web-based interface between you and your clients. In a sense, it allows your clients (or anyone else you designate) to have their own “mini” version of PSYBooks that contains just their own data – no one else’s. You can view data they enter on your side and interact with the client about their data, all through the portal.
Let’s face it. There are LOTS of EHRs on the market and most of us simply don’t have the time, energy, or frankly – interest – to put a lot of effort into researching them. Some therapists have told me that although they’d sort of like to explore EHRs, they begin looking at all the options, get overwhelmed, and decide to put the whole thing off. Although it doesn’t have to be overwhelming, it IS an important decision. An EHR that’s designed well, with attention paid to usability issues so it’s easy to use, can simplify your life enormously and save you a lot of time and money. On the other hand, an EHR that’s poorly designed will have you pulling your hair out and cursing EHRs in general – possibly not realizing that not all EHRs are the same and that there might be better options.
The acronym EHR stands for Electronic Health Record. Originally the term EHR was supposed to mean a very specific thing. It was to be a type of digital (i.e., computerized) practice management system for health care professionals that could “talk to” (i.e., share data with) EHRs of other health care providers and organizations, such as laboratories, specialists, school and workplace clinics, medical imaging facilities, pharmacies, emergency facilities – essentially anyone that might be involved in a patient’s care. Similar products that did NOT automatically have the “talk to everyone” feature were to be referred to by other names, such as EMR (Electronic Medical Record) or simply, practice management system.