The National Health Information Infrastructure:
Implications for Providers, Patients and the Future of Healthcare Delivery
By Amanda Dorsey, Director, Phoenix Health Systems
Despite the wealth of press surrounding National Health Information Infrastructure (NHII) initiatives, many unanswered questions and misconceptions remain about what exactly the NHII would be. Critics fear the NHII could become yet another unfunded governmental mandate – a financial burden that they will have to assume. Public attention on the NHII has been focused on privacy concerns surrounding the NHII, and rightfully so; many fear that this initiative could result in an Orwellian database of their personal health information to be freely shared throughout the healthcare community without their consent. Others worry that the NHII primarily represents government-imposed establishment of rigid technical standards for software development efforts. But there is a growing group of healthcare professionals who welcome the concept of a NHII and what it could mean for the future of healthcare delivery.
This article seeks to quell the most common concerns about the NHII by examining the driving forces behind its conception, and its implications for IT operations, privacy, patient safety, homeland security, and the future of healthcare delivery.
The NHII – Background and Overview
The concept of a NHII is the result of many public and private organizations acknowledging a crisis confronting the US Healthcare delivery system. In its 1999 study, "To Err is Human," the Institute of Medicine (IOM) revealed a rather unsavory aspect of our healthcare delivery system: between 44,000 to 98,000 patients annually die due to preventable mistakes. One cannot help but be alarmed by such a statistic. How could fatal mistakes happen in a country where the healthcare delivery system is among the best in the world? A little research, however, quickly shows that the US healthcare system has no coordinated mechanism to report patient safety mistakes, provide education about them, or most important, prevent future reoccurrences.
Also in 1999, groups such as the National Research Council and the President's Information Technology Advisory Committee (PITAC) promoted the use of the Internet and IT to transform healthcare. In 2001, the Department of Health and Human Services (HHS) founded the Consolidated Health Informatics (CHI) initiative, and charged it with devising a strategy for adoption of healthcare standards by federally funded healthcare settings. IOM released a new report that year, "Crossing the Quality Chasm: A New Health System for the 21st Century" – another call for action to address quality and patient safety issues. The common themes among these initiatives were:
- Americans deserve safe care, and patient safety is indistinguishable from quality care
- The use of improved information systems and national data standards is critical to support patient safety as a standard of care in all clinical settings
In the last two years, new homeland security concerns, including bio-terrorism, as well as wide-spread medical emergencies have provided additional impetus for the development of a NHII. Events such as the World Trade Center disaster and the anthrax attack in 2001 and, later, the proliferation of the West Nile Virus and SARS have underlined the need for a national capability to quickly share and respond collaboratively to major health-related threats.
As the New York Times noted in November 1993, "Left in its current state, the US healthcare delivery system is unable to meet present, let alone future needs of the American public."
How would the NHII address these complex and threatening issues?
HHS asked the leaders of the Privacy, Security and Populations sub-committees of the National Committee on Vital Health Statistics (NCVHS) to create a plan to address standards for collection, coding and classification of patient safety information. In January 2003, the group delivered a report to HHS Secretary Tommy Thompson with its recommendations – chief among them being the formation of the NHII.
The NHII is defined as "a set of technologies, standards, applications, systems, values, and laws that support all facets of individual health, healthcare, and public health." These distinct requirements are intended to work collaboratively, creating a secure, interconnected repository of data from which providers and other health officials may learn and make sound healthcare-related decisions. Of importance to note: the vision for the NHII specifically is not intended to be a centralized database of our health records.
The NCVHS report projected a 10-year timeframe for achievement of the NHII, beginning with a two-year planning period followed by an accelerated standards process and the commitment of resources, including strong public/private collaboration. Actual implementation would be undertaken and completed in the final five years.
Implications for IT in the Provider Community
Significant IT investments in other industries such as finance, transportation, and manufacturing have improved quality of products and services as well as lowered errors and costs. For example, in the airline industry, pilots now have instant access to the information they need to make informed decisions. They also can capture and learn from their own accident (or near-miss) data.
This is not to say that the healthcare industry doesn't already have requirements to report errors in care delivery and adverse outcomes. The Joint Commission on Accreditation of Healthcare Organizations (JCAHO) has required reporting of sentinel and adverse events for years. Further, some existing technology offers decision support tools, prompts, reminders and access to large databases of information, allowing caregivers to not rely solely on memory. Clearly this is a step in the right direction of reducing errors in patient care. Nevertheless, healthcare industry investments in IT and infrastructure have been relatively small, and the value of data collected by JCAHO and other healthcare organizations is limited. Such data is not widely shared with other providers and is frequently reported in a non-standard format.
In order for the NHII to be of benefit to providers, a New England Journal of Medicine study has recommended that they must invest in electronic health records (EHR) that will:
- prevent errors and adverse events (using decision support capabilities)
- perform checks against databases in real-time
- encourage a rapid response after an adverse event occurs
Privacy, Confidentiality, Security – How Will HIPAA Figure into the Equation?
Though the NHII will not be a centralized database of medical records, issues related to compliance with HIPAA's Security and Privacy Rules must be factored into its development.
From an information security standpoint, developers of the NHII must carefully assess the risks in connecting information sources, decide who is allowed access to the system, and design a state-of-the-art change management system. From a privacy perspective, the design of the system must consider who ultimately controls the information. Other questions must be resolved: who can disclose the information must be resolved – for example, only the person who put it into the system, or the institution? Which individuals will have access to the system? Who should agree to a patient's request for a disclosure restriction?
While progress has been made toward helping patients understand their rights regarding their protected health information (PHI), the NHII undoubtedly will generate new public concerns. It will be critical to the NHII's success that its developers educate the public that the value of the NIHII relative to patient safety, public health, and homeland security will be balanced against the priority of health information privacy, and that their information will be shared according to stringent federal standards.
Promoting the Role of Standards in the NHII
The concept of using standards to support patient care is not new. Standards have been introduced in many forums in recent years, such as the US Congress, previously mentioned IOM studies, and meetings within industry organizations such as the Healthcare Information and Management Systems Society (HIMSS) and the American Medical Informatics Association (AMIA). Standards have been promulgated by numerous states and, of course, by the federal HHS through the HIPAA standards for Privacy, Security, and Transactions and Code Sets (TCS). HIPAA will become a building block upon which the NHII can now be built because it introduced to the public the use of standardized (structured, unvarying) data and practices, and it has already established an applicable privacy and security framework within the healthcare environment. But HIPAA is a first, small step; many others are necessary in order to effectively and responsibly compare like-data across different sites nationwide.
The IOM has stated that the use of standards is a pre-requisite for integration and re-use of data collected from multiple sites and across time. Wider use of existing standards and rapid adoption of new standards for these practices is necessary to ensure optimum value of the NHII. The following list provides a glimpse into the enormous amount of work needed to standardize input and transfer of information to, from and within the NHII:
1. Standardized data elements to describe items like gender, date of birth, presenting complaint and other clinical indications.
2. Standardized descriptions of a particular entity or event like a birth certificate or a report of an injury
3. Standardized message formats for transmission of information
4. Standardized values for data elements – clearly helped by the adoption of such standards as ICD-10 for cause of death, ICD-O for cancer registry entries, Logical Observations: Identifiers, Names, Codes (LOINC) for laboratory observation names), large sets of unique identifiers for particular entities or individuals, (e.g., provider identifiers), or very restricted sets of values (e.g., race/ethnicity codes)
5. Mappings between different value sets like SNOMED (Systematized Nomenclature of Medicine) and ICD-9-CM
New Hope for Detecting Bio-terrorism Efforts?
An unpleasant but very real threat to the US healthcare system is that of increased likelihood of a bio-terrorism event. It is hoped that embedding decision support aids and like alerts within the NHII will bring about an earlier detection of a possible bio-terrorist event. The exposure of unusual clusters of common symptoms and a spike in ER visits may set off a warning for public health officials to conduct a more thorough investigation.
Again, public health departments are keenly aware of bio-terrorist threats and some have highly developed information systems to help detect them. But standalone systems are of little use if the main goal is to stop the event. The NCVHS pictures public health departments with a real-time connection to the NHII, fostering early detection of a bio-terrorism or syndromic event. Ultimately, enabling the NHII to detect such events could result in an improved homeland defense program.
Looking Ahead – Will the NHII Become a Reality?
A natural question concerning the development of the NHII is that of funding. No budget has been provided for the NHII as yet, but a former Assistant Secretary of the HHS has indicated that $14 billion could be spent on this initiative over the next 10 years; roughly equating to $1.4 billion per year. Just who is picking up the check has yet to be determined, although proposals have been made for a public-private partnership. The development of standards, however, rests with multiple volunteer-based standards-setting organizations. Because of the government's considerable involvement in healthcare (Medicare, Medicaid), it has been suggested by the Committee on Data Standards and Patient Safety that Congress provide not only authority, but financial support for development of data standards.
Organizations like HIMSS and the Committee on Data Standards for Patient Safety continue to delve into the issues that confront the development of an NHII. This is no doubt a topic that will be addressed in many forums this year and one that will directly impact your organization sometime in the future. So keep watch on this topic on our HIPAAdvisory website and in other news.
Amanda Dorsey, Director, Phoenix Health Systems, delivers HIPAA consulting solutions to physician practices and hospital clients, which have included a major multi-hospital IDN, an academic medical center, and two mid-size rural hospital groups.
|
