So I've been absent dealing with my own medical issues. This has allowed me to particiipate as a patient in several different Health IT Setups. The surgical center I used was on Epic. I interacted with this as a patient via Epic's "MyChart". The web interface seems to be pretty good and most of the things I might need to know as a patient are readily available and easily found. There are a couple of areas that were confusing. On a funny side note, after scheduling my appointments I was granted access to the portal. The "Home" page lists action items you can take and as a new patient the prominent ones were intake and initial paperwork. I completed these that evening from the comfort of my home. When I arrived at the hospital to be processed, the nurse started to go through these with me and even had blank paper forms in hand. Within a few minutes she noted that the "information" was already iin Epic and she asked me if I had already gone through this process. I informed her that no, but I had filled out the online forms. She was surrprised and let me know that I was the first patient she had encountered who had filled these out online in a manner that didn't require her to type them in.
As part of my prep, I was hooked up to Vitals machines and had an EKG performed and both of these went right into the chart directly from the instrument. The Vitals machines of course also reported out to the nurse desk. The EKG results including interpretation were ready for my review in MyChart a few days later.
I've been able to communicate with my nurse and provider via the secure messaging center. This is a convienence but on the other hand, nothing beats instant gratification. Alas, even when I phoned, I rarely got to speak to anybody as typically I was screened, a message taken and then I was called back anywhere from 2 - 6 hours later. A little frustrating as a patient but I certainly understand the need of the clinical staff to have tme to research, pose a question to a provider and then get back with a more informed decision.
Where all this IT has broken down for me is with regards to the type of procedure I had. It's evidently not a common one. My provider is in Dallas and I'm in Austin and most of my interactions are back with my local doctor.which adds a different perspective.. And finally there seems to be no readily available information online that a patient can use to verify whether syptoms being experienced are a normal part of the healing process or symptoms of concern.
I see a lot of progress and I also see a lot of opportunities.
Tuesday, September 29, 2015
Tuesday, June 23, 2015
What is "Open Access"?
University Health Services at UT Austin runs a traditional style appointment schedule. Patients book their appointments days in advance usually. Some appointments open up on the same day and can be booked online after midnight. (Our patient population consists of university students so you can bet they are up past midnight). Once the semester picks up however, we find ourselves booked solid for days in advance. Students who want to be seen today are frequently triaged into our Urgent Care facility where they may wait for an hour or longer to see a medical provider.
Recently we have been processing feedbacks (mostly of the complaint variety) from our patients that they want to be seen sooner. They are frustrated that they cannot schedule an appointment when they want one and they are tired of not being seen when they think they need to be seen. In addition, the "Urgent Care" clinic model has sprouted up around us, some in walking distance of campus where students can be seen on demand. Thus we are in the process of implementing an "Open Access" model ourselves.
But what does this mean? In general Open Access scheduling means providing an appointment for any patient on the day they want to be seen. In some places it may be implemented in the form of a walk-in clinic. Patients are seen in the order they arrive. In other places, it may be that there are still scheduled appointment types such as a physical exam or annual but most visit types are seen on demand. In theory this should shorten our backlog of appointments and better meet demand.
The goal would be to have each day carved in half and the third next available appointment will never be longer away then that half day. This will require plenty of data to understand how we are meeting demand now and how our patients are trying to access our services. Some of these will be questions we don't know answers to, for example, how will we ever know who didn't use our services because nothing was available when they wanted it? We won't know what we don't know. It will require a culture shift in our provider staff and nursing staff. It will require more efficiencies from our tools (such as the EHR). It will require ensuring that the right person is doing the right job at the right time. Finally it will require for us to "do today's work today".
Some additional reading from American Association of Family Practice:
Implementing Open-Access
Potential Outcomes of Open-Access
Recently we have been processing feedbacks (mostly of the complaint variety) from our patients that they want to be seen sooner. They are frustrated that they cannot schedule an appointment when they want one and they are tired of not being seen when they think they need to be seen. In addition, the "Urgent Care" clinic model has sprouted up around us, some in walking distance of campus where students can be seen on demand. Thus we are in the process of implementing an "Open Access" model ourselves.
But what does this mean? In general Open Access scheduling means providing an appointment for any patient on the day they want to be seen. In some places it may be implemented in the form of a walk-in clinic. Patients are seen in the order they arrive. In other places, it may be that there are still scheduled appointment types such as a physical exam or annual but most visit types are seen on demand. In theory this should shorten our backlog of appointments and better meet demand.
The goal would be to have each day carved in half and the third next available appointment will never be longer away then that half day. This will require plenty of data to understand how we are meeting demand now and how our patients are trying to access our services. Some of these will be questions we don't know answers to, for example, how will we ever know who didn't use our services because nothing was available when they wanted it? We won't know what we don't know. It will require a culture shift in our provider staff and nursing staff. It will require more efficiencies from our tools (such as the EHR). It will require ensuring that the right person is doing the right job at the right time. Finally it will require for us to "do today's work today".
Some additional reading from American Association of Family Practice:
Implementing Open-Access
Potential Outcomes of Open-Access
Tuesday, May 19, 2015
Campus Health, FERPA and HIPAA
At next week's American College Health Association meeting in Orlando Florida, I will be giving a joint presentation to college health professionals that covers FERPA, HIPAA and the campus health center. I have served as the local security and privacy officer for our campus health center for several years which involves working closely with the campus equivalents and also taking lots of opportunites to learn all I can about how this legislation may impact healthcare operations on a college campus.
Many college health centers are struggling with this issue right now. The conflicting priorities of both the federal and state/local laws have never been thornier. Under the provision of FERPA, any record generated by a college or university that receives federal monies (whether research dollars, financial aid, or some other form of money) is protected as an academic record. This record cannot be disclosed outside of the university except for certain defined scenarios, but within the university any person conducting the business of that university could presumably have access. Under the provision of HIPAA, any medical or counseling record (hereafter defined as a treatment record) is protected from disclosure without patient consent except in certain pre-defined conditions such as payment for care, continuity of care and so forth. Nobody should be accessing the treatment record unless they are involved in the healthcare process.
The issue arises when a treatment record is generated by a college entity such as a counseling or health center. Are such records HIPAA, FERPA or some hybrid variation? Many colleges answer this question by ignoring HIPAA completely and choosing to only follow the rules spelled out in FERPA. Some of these entities follow the HIPAA guidelines unofficially but ultimately FERPA will trump HIPAA in every case. This is a simple way of addressing the issue for the college but it makes it difficult to legally participate in other facets of care that are increasingly becoming common at the college health center, such as filing electronically, filing on Medicare/Medicaid, participating in a state or local Health Information Exchange (HIE) or other collaborations in the community. Other schools, like what we do here at the University of Texas, choose to follow a hybrid approach. Treatement records are considered HIPAA protected and would not be released without patient consent to any entity not previously defined by the law. However, our organization also participates in the academic record. For example, the State of Texas has immunization requriements for admission. Our campus health center processes these. Those records are FERPA records, however if the student subdquently becomes a patient, we may pull those records into the treatment record. At that point these immunization records might be both HIPAA and FERPA. It's a narrow tight rope.
Recently a case at the University of Oregon has brought attention to this thorny issue. The basic facts appear to be that a student accused three members of the university basketball team of raping her. An internal investigation cleared these students of the rape charge but subsequently charged them with "sexual conduct without consent" (I will not speculate what the difference might be as I'm not a lawyer). The players were dismissed from the team and the university itself. In the meantime, the student, feeling as if she did not receive justice in the case, sued the university of not handling her accusations properly. The university released her psychotherapy records to itself in order to create a legal defense, in essence attempting to use the private record of her post-rape therapy against her. The university backed down but strenuously claimed it acted well within it's rights under the terms of FERPA law. It would appear that FERPA law stipulates
In the meantime, my take on the matter, admittedly heavily influenced by my own experience and values leads me to believe that just because FERPA says a university can do something doesn’t mean it has to, or should...experts argue. There is a definite line between what is technically legal and what is ethical. In the same article Brett A. Sokolow, executive director of the Association of Title IX Administrators is on record as stating
Many college health centers are struggling with this issue right now. The conflicting priorities of both the federal and state/local laws have never been thornier. Under the provision of FERPA, any record generated by a college or university that receives federal monies (whether research dollars, financial aid, or some other form of money) is protected as an academic record. This record cannot be disclosed outside of the university except for certain defined scenarios, but within the university any person conducting the business of that university could presumably have access. Under the provision of HIPAA, any medical or counseling record (hereafter defined as a treatment record) is protected from disclosure without patient consent except in certain pre-defined conditions such as payment for care, continuity of care and so forth. Nobody should be accessing the treatment record unless they are involved in the healthcare process.
The issue arises when a treatment record is generated by a college entity such as a counseling or health center. Are such records HIPAA, FERPA or some hybrid variation? Many colleges answer this question by ignoring HIPAA completely and choosing to only follow the rules spelled out in FERPA. Some of these entities follow the HIPAA guidelines unofficially but ultimately FERPA will trump HIPAA in every case. This is a simple way of addressing the issue for the college but it makes it difficult to legally participate in other facets of care that are increasingly becoming common at the college health center, such as filing electronically, filing on Medicare/Medicaid, participating in a state or local Health Information Exchange (HIE) or other collaborations in the community. Other schools, like what we do here at the University of Texas, choose to follow a hybrid approach. Treatement records are considered HIPAA protected and would not be released without patient consent to any entity not previously defined by the law. However, our organization also participates in the academic record. For example, the State of Texas has immunization requriements for admission. Our campus health center processes these. Those records are FERPA records, however if the student subdquently becomes a patient, we may pull those records into the treatment record. At that point these immunization records might be both HIPAA and FERPA. It's a narrow tight rope.
Recently a case at the University of Oregon has brought attention to this thorny issue. The basic facts appear to be that a student accused three members of the university basketball team of raping her. An internal investigation cleared these students of the rape charge but subsequently charged them with "sexual conduct without consent" (I will not speculate what the difference might be as I'm not a lawyer). The players were dismissed from the team and the university itself. In the meantime, the student, feeling as if she did not receive justice in the case, sued the university of not handling her accusations properly. The university released her psychotherapy records to itself in order to create a legal defense, in essence attempting to use the private record of her post-rape therapy against her. The university backed down but strenuously claimed it acted well within it's rights under the terms of FERPA law. It would appear that FERPA law stipulates
"the records on students at the campus health clinics of such institutions. These records will be either education records or treatment records under Ferpa, both of which are excluded from coverage under the Hipaa Privacy Rule." -http://www2.ed.gov/policy/gen/guid/fpco/doc/ferpa-hipaa-guidance.pdfThe case is still playing itself out in one way or another. There are Oregon state legislators seeking to amend state law, and Oregon congressional reps hoping to close the perceived FERPA loophole. It remains to be seen what will come of it.
In the meantime, my take on the matter, admittedly heavily influenced by my own experience and values leads me to believe that just because FERPA says a university can do something doesn’t mean it has to, or should...experts argue. There is a definite line between what is technically legal and what is ethical. In the same article Brett A. Sokolow, executive director of the Association of Title IX Administrators is on record as stating
even if the university was legally entitled to the student’s therapy records, he said, "it is certainly a very aggressive use of Ferpa that is inconsistent with the normally obsessive adherence to privacy that colleges exhibit when disclosure does not serve their public-relations interests." -https://chronicle.com/article/Just-How-Private-Are-College/228229/>If I wanted to obtain my college records, I would expect to find transcripts, grade reports a GPA and other relevant items, I certainly wouldn't expect to find my health record. Conversely if I release my medical record to another healthcare provider, I would not think that that provider would be in receipt of my grades and course records. I think it will take a lot of thinking outside the box but I definitely think a college healthcare facility can operate in a FERPA environment as a HIPAA covered entity.
Monday, April 13, 2015
Navigating HIPAA and HIT in a campus student health center
Welcome to my blog
Introductions are always best first. My name is Robert Reed and I've worked IT in a college health setting for almost 20 years. When I started, Health IT didn't exist in my facility. The IT department was no different from any IT department anywhere. We helped users figure out why they couldn't print, how to do things on their computers (at the time Power Macs running Mac OS 9!) and all the usual issues plus we deployed the computers.
Health IT in our health center began with a solution. One of my colleagues at the time was sitting in a meeting and overheard two clinical staff members speculating on how hard it was to take a phone message from a patient and then track that message to it's resolution. This was probably 1998. My colleague built a system based on FileMaker Pro that was served out on a simple web server (using LASSO) to allow the nurse to take the message and when they clicked submit, an outguide was printed in Medical Records. The outguide was two part: the first part was used as a place holder in the chart stack and the second had the text of the message and was clipped to the chart when it was delivered to the clinic. The appropriate research was done and then the response to the patient was recorded. The chart could then be returned to the medical record department. After the patient was successfully contacted, the system alerted Medical Records so that the chart could be returned to the clinic and the loop closed.
When we began to support the actual mission of the clinic and not just the computers and IT infrastrucure we officially became Health IT and not just IT. Other home grown solutions followed, such as a secure message system that we wrote with PERL, mySQL and hosted on FreeBSD servers with Apache. This worked in the same manner all secure message systems work today (ie you create the message in the system, the recipient is notified via email that a message is waiting and then they log in to view it).
At about this time I began to focus on a different set of learning objectives than my campus IT peers. I learned about HIPAA (our campus health center is a HIPAA covered entitiy along with navigating the FERPA landscape), as well as other policies as they came up: Meaningful Use, ICD-10 Conversion, HITECH act, officially certified EHR systems (back when CCHIT was the only game in town) and others.
So that is who I am. I wish to use this blog to share what we are doing and hopefully somebody will read and find my thoughts useful. Hopefully others will read and offer suggestions. I'm also keen to hear what kinds of topics might be addressed in a blog such as this.
If you are going to attend ACHA this spring, I would be happy to make your acquaintance. I will be co-presenting a topic on navigating the HIPAA vs FERPA landscape.
Subscribe to:
Posts (Atom)