BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Meaningful use stage 2 rules foster patient engagement in a simple way: Physicians and hospitals receiving federal EHR incentive payments must motivate at least 5% of patients to view, download or transmit their digitized health data.
Let's call that patient engagement 1.0, a cute little hybrid subcompact driving down the highway. Hurtling right behind it is the 18-wheeler, semitrailer version 2.0, as powerful economic factors motivate patients to police their own records.
Healthcare IT leaders and their health information management (HIM) partners need to find ways to embrace this coming interactivity in order to harness its power for the benefit of their organizations' HIPAA compliance; patient safety and community outreach; and to compare favorably to their competitors. Right now. Later in the game, a reactionary approach could just get in the way of better health data security and good old-fashioned customer relationship management.
Consumers waking up to costs of errant health data
What is this coming patient awakening? In talking with several national health data leaders in the compliance, health information exchange and data security fields, I found a trend is emerging: Patients might not want to care about the accuracy or security of the data in their electronic record, but they're slowly figuring out they have to. When a billing statement contains errant information because of ID theft, duplicate EHR records, or improperly cut-and-pasted information, it can severely damage a patient's personal finances. Even when errors can be fixed, it takes time and effort and double-checking to solve the issues.
Worse yet, a patient's insurer may cancel his policy when certain falsehoods pop up in an EHR, leaving him dangling in the wind, healthcare-wise. That would be devastating or even life-threatening for older patients or those suffering from chronic diseases. Don't even start thinking about the effect illicit claims flowing in on your employer's health plan might have on your career if a drug abuser were to steal your medical identity. That is, unless you want a migraine.
These aren't hypothetical scenarios that consultants concoct to scare providers into buying their services. In a story we wrote on research by the Medical Identity Fraud Alliance (MIFA), such things are happening and will continue to happen. In that story, health data security guru Rick Kam, president and co-founder of MIFA charter member ID Experts, envisioned a day when patients would be "in the middle of the fight, protecting themselves and their families."
In another story we recently published, an assembly of healthcare compliance officers indicated patients were scrutinizing their data -- specifically, examining bills more closely, line by line. In fact, patients are triggering audits of physicians at some healthcare facilities, and the compliance department is getting involved in governing the use of EHRs' copy and paste features. As well they should: When used improperly, copy and paste can inflate bills and hit patients with high-deductible policies directly in the wallet. Patients won't take that anymore.
HIEs can open more doors for patients to monitor health data privacy
Health information exchanges (HIEs) will offer patients yet another view of their clinical information. Laura Adams, president and CEO of the Rhode Island Quality Institute, which administers the state's CurrentCare HIE, said RIQI is confident about the safety and security of her organization's patient data handling. But she envisions a day not too far in the future when patients can examine and even monitor the audit logs of their clinical data. In turn, they would be able to notify the HIE of suspicious activity if someone without consent appears to access their data. Adams would welcome such participation.
"I get excited," Adams said. "If I'm a tech person, I'm thinking, 'Wow, the next thing I want to develop is an app for somebody who's worried about access to their sensitive data and they want to be notified every time someone checks [for example] their substance abuse record.'"
That level of engagement fosters even stronger security, she added. "A detect-and-alert function is something we do 24/7 around here. We can detect and alert admissions, we can detect and alert just about anything you want. Why not detect that when someone's opened your record, it generates an automatic application-programming-interface call and a secure email is generated, maybe through Direct [messaging protocols]? We could easily send it to a patient."
So, whether their healthcare providers like it or not, patients will be double-checking their statements and monitoring EHR data. Not because they feel warm and fuzzy and technologically savvy, but more out of self-defense. Just like we do with the charges on our our credit card bill to make sure everything on it is something we actually purchased. And we'll be calling your facility to correct errors when we spot them.
Here's where IT execs and HIM managers come in: Will you treat this like another technical problem to solve, or will you see your patients as partners -- no, deputies -- helping you uncover health data security problems or physician documentation issues that threaten the integrity of your clinical data?
Your call. Either way, patient engagement 2.0 is coming, and it will make meaningful use look like tiddlywinks. Buckle up and enjoy the ride.