National Experts to Meet at HIMSS to Promote Health Record Banks

February 7th, 2012

In a guest column posted today at NHINWatch, I explain how health record banks (HRBs) can successfully address the three key challenges of health information infrastructure in communities (privacy, stakeholder participation, and financial sustainability) and describe the national and international group of experts who will hold their inaugural meeting at the upcoming HIMSS 2012 to discuss strategies to promote and accelerate development and adoption of HRBs.

Solving the Right Health IT Problem

September 20th, 2011

In a guest column posted today at NHINWatch, I explain why we need health record banks to solve the health IT problem.

First Large-Scale Health Record Bank Opens in Phoenix

October 4th, 2010

Today, the nation’s first large-scale health record bank (HRB) began operations in Phoenix, Arizona. Known as eHealthTrust, it provides consumers with the opportunity to have a secure place to collect and store their health records under their control. I am pleased and honored to be leading the team that developed and implemented this project.

Folks watching this blog know that it’s been quite a while since I’ve posted anything (almost two years!). It’s not because I haven’t had anything to say — rather, I’ve been busy taking my own advice. Specifically, it’s been clear to me for some time that the key problems that need to be solved to enable access to comprehensive electronic patient records when and where needed are: 1) privacy; 2) stakeholder cooperation; 3) making all the medical records electronic; and 4) financial sustainability. A health record bank can solve all these problems, provided it has the right business model. Which brings me back to Phoenix …

The eHealthTrust health record bank is offering lifetime accounts for a one-time $99 fee. Ongoing revenue comes from optional reminders and alerts, such as the “peace of mind” reminder that instantly notifies your loved ones if your HRB account is accessed by an ER physician. eHealthTrust also will be providing free EHRs for office-based physicians in the Phoenix area (or subsidies for existing systems) to ensure that all the records become electronic. We anticipate working very closely with the local Regional Extension Center (REC) to help physicians make the transition to EHRs and meet the Meaningful Use criteria so they can take advantage of the substantial Medicare and Medicaid subsidies over the next few years ($44,000 for Medicare and $63,750 for Medicaid).

What do eHealthTrust members get for their $99? A secure, electronic “safe deposit box” for their medical records that will be automatically populated over time. Initially, medication and some laboratory data will be loaded, along with a problem list from their primary care physician (if available). Later, more lab data along with hospital discharge summaries, imaging and pathology reports, and encounter reports from physician EHRs will be added (as connections to data sources are made and more physicians adopt EHRs and link them to the HRB). We will also be working to make HRB records available to EMTs while they are traveling to the site of a 911 medical emergency.

What about privacy and security? All access to eHealthTrust information is with the permission of the member, so each member gets to set their own privacy policy. The data are stored in an ultrasecure data center with backup power and Internet connectivity to assure both security and availability.

Why should you care? If you are in the Phoenix area, you should go to the eHealthTrust web site and sign up now. Then you will be able to have, for the first time ever, a secure and private place where your medical records will be available, under your control, to share with your health care providers (and family, too, if you wish).

What if you’re not in the Phoenix area? Hopefully, a health record bank will be coming to your community very soon. More importantly, the success of eHealthTrust in Phoenix will mark the beginning of the solution to the problem of delivering comprehensive electronic patient records when and where needed — which has been a national priority since the President created the Office of the National Coordinator for Health Information Technology in 2004. Lack of availability of such records results in duplicate testing and procedures, as well as costly (and sometimes dangerous) medical errors. There is good evidence that more complete information will both reduce costs and improve quality — which would certainly be good news for health care.

So watch this space for further developments about health record banking — and join us in the hope that this will be a major step forward for health care not just in Phoenix, but across the entire country.

A Health IT Plan for the Nation

December 20th, 2008

In an op-ed article in Business Week online posted 12/19/08, I describe how health record banks (HRBs) can solve the problem of making complete patient records available at any point of care while providing electronic medical records (EMRs) to all physicians and fully protecting individual privacy. I then outline the policies that the new Obama Administration should adopt to encourage the development of health record banks with only relatively modest new Federal expenditures.

I think these issues are particularly timely and relevant since funding for health information technology is being included in the Economic Recovery bill currently being drafted. Funding alone will not solve this problem; the expenditures must be directed towards a feasible and sustainable system.

In brief, the Federal Government should take four steps to create an effective health IT system that delivers complete patient records at any point of care:

  • 1. Restore the right to medical information privacy (see my previous post for a detailed explanation about why HIPAA currently does not ensure privacy protection);
  • 2. Give all patients the right to a no-cost electronic copy of their medical information at least at the time of service (which they could direct to their HRB account);
  • 3. Make the cost of an HRB account (up to $12/year) a covered benefit for all Federal health beneficiaries (with encouragement to the private sector to do the same). This latter “pay for results” policy would only result in expenditures when consumers opened an HRB account — having the account would ensure health care savings at least 10 times the covered cost.
  • 4. Establish a regulatory framework for HRBs to provide oversight. Each HRB would be required to demonstrate compliance with privacy protections and other operational rules designed to protect consumers.
  • I believe that these policies will lead to an effective, self-sustaining, private-sector health IT system that provides heavily subsidized EMRs to all physicians and fully protects individual privacy.

    There are more details about these and related issues in the new book just published by HIMSS entitled, “Personal Health Records: The Essential Missing Element in 21st Century Healthcare” which I co-authored with Holly Miller, MD, MBA, and Howard Burde, Esq. It provides a comprehensive overview and discussion of the many issues pertaining to the adoption and use of personal health records, with chapters on PHR architecture (including the health record bank model), PHR law, and PHR business sustainability models.

    In this posting, I wanted to respond to a few FAQs about the policies I’ve recommended.

    How much would your plan cost?

    Since there are about 100 million Federal health beneficiaries, the new HRB account benefit of $12/person/year would cost a maximum of $1.2 billion/year (if everyone signed up). This amounts to 0.2% of health care costs. Conservative analyses can easily demonstrate health care cost savings of 2% as a result of HRB accounts through improving chronic disease management and avoiding preventable hospitalizations due to outpatient adverse drug events, duplicative imaging studies, and unnecessary repeat laboratory work. This 2% total savings amounts to ten times the proposed payment for a health record bank account. But even if these estimates are grossly inaccurate, the savings most certainly will be at least as great as the expenditures, not counting additional value from more timely and complete availability of information to medical researchers, public health officials, and policymakers (with consumer consent).

    Won’t a health record bank cost more to operate than your $1/person/month estimate?

    The recent Center for Information Technology Leadership report on Cost and Value of Personal Health Records (PHRs) estimates the cost of an “interoperable PHR system” (i.e., a health record bank) at $8/person/year if there are 500,000+ subscribers. My own data shows that the cost will be about $6/year (50¢/person/month) with 1 million subscribers. So the estimate I use of $1/person/month is, if anything, a bit too high.

    How much will it cost to subsidize electronic medical record systems for physicians?

    To subsidize each physician at the rate of $5,000/yr for an Internet-accessible EMR system (which would cover most of the EMR system cost) would require about $10/person/year. The way I get $10 is that there are about 600,000 physicians and 300 million total population in the U.S. Therefore, there are about 500 people/physician — therefore, to get $5,000/physician, the cost/person is $10.

    What is the business model for a health record bank?

    Revenue would be about $5/year from advertising to consumers (like the advertising you see on Google) and $12/year from reminders and alerts, for a total of $17/year. The reminders and alerts would be services such as: 1) notifying you instantly if the HRB account of any of your loved ones is touched by an emergency room physician; 2) “prevention advisor” giving you reminders of anything you need to do to stay healthy (e.g. colonoscopy, etc.); or 3) medication reminders (for each dose and/or for refills). The first two would be paid by consumers (or perhaps even by health plans), the last one by pharmaceutical firms. In any case, I think $1/person/month (or $12/year) in revenue for all reminders is very conservative, even allowing for the fact that some consumers will not want to pay for any of them.

    Expenses would be $6/year for the basic operation of the bank and $10/year to subsidize each physician in the amount of $5,000/year for an Internet-accessible EMR system.

    With revenue of at least $17/year and expenses of only $16/year, a health record bank is profitable. And this analysis includes not only the cost of the HRB itself, but also subsidies for all the EMRs for physicians. Finally, note that I have not invoked (or tried to capture) a penny of health care cost savings in this business model.

    ***

    In summary, health record banking provides a self-sustaining, private-sector health IT solution that can deliver complete patient records at any point of care, subsidize EMRs for physicians, and fully protect privacy. While it is highly likely that HRBs will result in substantial health care savings, their financial sustainability is based solely on the new value that they create for consumers.

    Some PHRs Already Have Strong Federal Privacy Protection

    December 10th, 2008

    In my last posting, I explained why the HIPAA (Health Insurance Portability and Accountability Act) Privacy Rule does not really assure our privacy. This time I want to address another widespread myth – namely, that personal health records (PHRs) have no privacy protection. The news here (thankfully) is good – it turns out that publicly-available PHRs are in fact subject to quite stringent privacy protections under Federal law. In view of this, the frequent calls that are heard to extend HIPAA privacy “protections” to PHRs are misguided at best. HIPAA does not protect privacy and, as you will soon see, extending that “non-protection” to PHRs would actually eliminate our existing protections.

    In 1986, the Electronic Communications Privacy Act (ECPA) was enacted (also known as the Stored Communications Act or SCA). The purpose of this law was to protect the privacy of electronic communications (primarily e-mail) and also data stored by a remote computing service. Specifically, ECPA prohibits the operator of a publicly-available remote computing service (such as a PHR) from releasing any information to any private party for any reason without the consent of the subscriber. Unlike HIPAA, there are no exceptions for treatment, payment, health care operations, or anything else. Therefore, at least for publicly-available PHRs, such as Microsoft HealthVault or Google Health, the organization holding the information MUST GET YOUR PERMISSION before releasing any of your data to any private party. The law is not long or complicated – I urge you to read it yourself if you have any doubts.

    While the ECPA law was not expressly directed to PHRs (which were not really contemplated in 1986), or the Internet (which had yet to gain widespread attention and use), Congress did specifically consider the issue of health records in its deliberations. Senate Report No. 99-541, (1986), said “[t]he Committee also recognizes that computers are used extensively today for the storage and processing of information. With the advent of computerized recordkeeping systems, Americans have lost the ability to lock away a great deal of personal and business information. For example, physicians and hospitals maintain medical files in offsite data banks, …” (emphasis added, quoted from page 7013 of this recent Federal Appeals Court decision) Therefore, it was clearly the intent of Congress to protect our electronic medical records with this law.

    Unfortunately, this does NOT mean that all PHRs are protected by Federal law. Only those that are “publicly-available” are included. While this clearly would apply to generally available web-based PHRs, systems provided only to specific individuals by employers, insurers, and even healthcare providers are less likely to be considered “publicly-available.” Therefore, ECPA protection is limited. So you are only covered if you use a PHR that is available to anyone. Clearly, it would be good to extend this strong Federal protection to all PHRs.

    Another reason for concern if you use a PHR that is supplied by a HIPAA “covered entity,” (which would include physicians, hospitals, employers, and health insurers) is that HIPAA, as explained before, does not protect your privacy. The holder of the information is allowed to release your data WITHOUT your consent for “treatment, payment, or health care operations” (TPO) without the necessity of keeping any records of such disclosures to prove their legitimacy after-the-fact. And even if a PHR from a HIPAA covered entity were to somehow be considered “publicly-available” and therefore be subject to ECPA, the legal argument is that HIPAA provides the consent required under ECPA for TPO uses (and therefore your information could still be released without your consent).

    Having read this far, it should now be quite clear to you that extending HIPAA “protections” to PHRs makes no sense and would actually have the effect of making these systems just as unaccountable as everything else covered by HIPAA. On the other hand, extending the EPCA law to all PHRs (not just those that are “publicly-available”) would truly give us all strong Federal privacy protections (at least for our PHRs).

    The HIPAA Privacy Myth: Why HIPAA Does NOT Assure Your Privacy

    October 11th, 2008

    It has been widely asserted, and most people believe, that the Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA) protects the privacy of health information. Unfortunately, this is a myth. Just as the “P” in HIPAA does not stand for “privacy,” it turns out that the HIPAA Privacy Rule, which went into effect in 2002, actually eliminates privacy protection, and does so in a way that prevents privacy violations from being detected, monitored, or audited.

    At this point, I’m sure you are quite skeptical — as you should be. After all, you’ve heard over and over that HIPAA protects your privacy. Furthermore, you’ve signed those long HIPAA forms at every doctor’s office, clinic, and hospital. You’re wondering “How can this be so?” I urge you to read on and find out the real story.

    First, let me describe the basic provisions of the HIPAA Privacy Rule. It says that your health information cannot be disclosed without your consent with three exceptions:

  • Treatment (your medical care)
  • Payment (processing your insurance claims)
  • Operations (business functions of health care, such as monitoring quality of care)
  • These so-called “TPO” exceptions (named for the first letter of each) seem quite reasonable. After all, you want your medical information to be used for your treatment — that’s the primary purpose of having it recorded. You also want your information to be used to process your insurance claims — that’s why you have insurance (assuming you’re not one of the tens of millions who don’t have insurance — but that’s another subject). And you also want every health care organization to be able to perform routine operations, such as monitoring the quality of care that is provided. So what’s the problem?

    The problem is this: Who decides whether a particular disclosure of your health information falls under the TPO exceptions, and can be done without your consent? It’s whoever has the information — the hospital, health plan, insurer, etc. And when they make that decision, they do NOT have to inform you that a decision is being made. You have NO input and NO right to appeal or review.

    What’s even more disturbing is that once a decision is made to disclose your information under the TPO exceptions, THERE IS NO REQUIREMENT FOR ANY RECORD OF THE DISCLOSURE. That’s right — incredibly, disclosures of health information under the TPO exceptions do not need to be recorded. Therefore, you cannot find out who has received your health information if it was provided under a TPO exception (as determined solely by the holder of the information). So in addition to not having an opportunity to be involved in the decision about whether a given disclosure qualifies as TPO, you can’t find out afterwards if the organization is really following the TPO definitions appropriately or just disclosing your information to anyone they wish (and justifying it as falling under the TPO exceptions).

    In foreign policy, President Reagan was famous for his “Trust but Verify” approach. In stark contrast, the HIPAA Privacy Rule is a “Trust but Keep no Records That Would Allow Verification” approach. While all of us hope that decisions about disclosing our health information are being made in a reasonable and equitable way, THERE IS NO WAY TO FIND OUT if this is indeed the case.

    I want to make it clear that I am not accusing any health care organizations of disclosing private health information inappropriately. I believe, as I would guess you do, that the overwhelming majority of folks in the health care industry handle our information with the utmost care and integrity. But I also know that there are always some bad apples and that accountability and monitoring are absolutely necessary. HIPAA provides NO accountability — the lack of records of TPO disclosures means there is no way to know (even after the fact) if there are improper or illegal disclosures.

    For those who may still be skeptical of my claim that no records are required for TPO disclosures, here is the actual text of the provision in the Code of Federal Regulations that says that you cannot get an accounting of TPO disclosures of “protected health information” (emphasis added):

    TITLE 45, PART 164_SECURITY AND PRIVACY
    Subpart E. Privacy of Individually Identifiable Health Information
    Sec. 164.528 Accounting of disclosures of protected health information.
    (a) Standard: Right to an accounting of disclosures of protected health information.
    (1) An individual has a right to receive an accounting of disclosures of protected health information made by a covered entity in the six years prior to the date on which the accounting is requested, except for disclosures:
    (i) To carry out treatment, payment and health care operations as provided in Sec. 164.506;

    So the forms you’ve been signing in doctor’s offices, clinics, and hospitals, are not, as many believe, “consent forms.” They are your notification about the provisions of HIPAA — essentially, you are being notified that YOUR PRIVACY IS NOT ASSURED. And it doesn’t matter if you sign or not — the HIPAA provisions apply to you regardless.

    Finally, why is this important? First, you should be able to control your health information in the same way that you have the right to decide what treatments you receive. Second, inappropriate disclosure of health information can hurt you by, for example, damaging your ability to get a job. Third, if we are going to covert our mostly paper medical records to electronic form, we need to do a better job protecting privacy because everyone knows that electronic records create more risks because they are more easily accessible.

    Prior to the adoption of the HIPAA privacy rule in 2002, it was a long-established legal principle that you have the right to control all access to your own health records. As we make the transition to electronic health records with health record banks, we need to reinstate this important legal right.

    A Health Record Bank is NOT an Information Technology (IT) Project

    January 26th, 2008

    Over the past year, as the majority of communities developing health information exchanges struggle to make progress (with a few failing outright), health record banks (HRBs) have received increasing attention as a model for successful community health information infrastructure (HII). There is a growing realization that other approaches do NOT solve the critical problems of HII that are addressed by HRBs, namely,

  • Making all the health record information electronic
  • Assuring stakeholder cooperation
  • Providing financial sustainability, and
  • Earning public trust.
  • In addition to the previously cited independent report endorsing health record banking in October, 2007, from the Information Technology and Innovation Foundation, a new study released last week by the California Health Care Foundation, Gauging the Progress of the National Health Information Technology Initiative, declared that the current approach to HII that envisions a “network of networks” known as the Nationwide Health Information Network (NHIN) is “impractical and cannot be implemented.”

    As a result, more communities are pursuing the development of HRBs. The State of Oregon recently received a $5.5 million Medicaid Transformation Grant from CMS (Centers for Medicare and Medicaid Services) to create the Health Record Bank of Oregon. The State of Arizona, also the recipient of a Medicaid Transformation Grant, is taking a close look at the HRB model. The State of New Jersey just enacted legislation creating the New Jersey Health Information Technology Commission, which is tasked to create “The Health Information Bank of New Jersey.” The State of Mississippi is evaluating the HRB approach. Greater Louisville (KY) and the State of Washington, among the earliest adopters the health record banking approach, are both continuing their efforts to build effective HRBs. (comments from readers on additional HRB activity would be welcome!)

    In a further sign of the acceptance of the HRB approach, a recent RFP from the National Governors Association’s State e-Health Alliance requesting bids on a research project to develop recommendations for potential governance and business models for HII specifically included health record banking as one approach to be evaluated.

    So isn’t this all good news for health record banking? Yes … and no. Of course, those of us who have been promoting the advantages of this approach over the past several years are pleased to see more widespread awareness and adoption. The Health Record Banking Alliance, formed in 2006 to bring together folks interested in HRBs, is growing. However, as often happens with new ideas, popularity can lead to misunderstanding as more people embrace the model without fully appreciating all of its implications.

    The fact is that developing HII, even with the HRB approach, remains a complex and difficult problem. Issues of organization, governance, policy, stakeholder cooperation, marketing, financial sustainability, public trust, and technology must all be addressed simultaneously. Furthermore, having a financial strategy for maintaining an HRB does not automatically guarantee an easy financial path for STARTING one. For example, it is relatively easy to envision how a company like Federal Express can be a sustainable, ongoing concern once its infrastructure and customer base is established over a wide geographic area. But building FedEx from a new startup organization to that point remains one of the great business achievements in recent memory.

    The most common mistake now being made by new HRB enthusiasts is to consider a health record bank to be purely an IT project. While the technology is clearly important and non-trivial, existing techniques and methods are more than sufficient to handle the job. Indeed, most of the component technology pieces that constitute an HRB, such as Personal Health Record (PHR) interfaces, consent management systems, and health information repositories, already exist and, in many cases, are in routine production at many sites.

    What does not exist is the organizational, governance, marketing, and financial mechanisms to support the technology — and these are the difficult challenges. This is best illustrated by imagining the scenario of a community that was successful in building the perfect technical infrastructure for an HRB. Let us assume such an HRB functioned ideally in every respect — it could accept deposits of any arbitrary medical data using any reasonable data format or standard, provided easy-to-use interfaces for both consumers and providers enabling consumer control of exactly what is accessible by whom, had state-of-the-art security protections, could automatically generate relevant reminders to consumers and providers, and was implemented in a high-reliability system environment that guaranteed nearly 100% availability around the clock.

    Would such an HRB be useful? Not at all, because it has NO DATA. Furthermore, it has NO USERS. Also, it has NO FINANCIAL SUSTAINABILITY and NO GOVERNANCE. Without addressing the questions of how the data ACTUALLY gets in (as opposed to whether it CAN be deposited), how patients and providers are successfully encouraged to USE the system, and how it will be GOVERNED and PAID FOR, all the fabulous technical capabilities of this “perfect” HRB have no value whatsoever.

    Therefore, the strategy of issuing an RFP to “build a health record bank” is highly unlikely to succeed, particularly if directed to health IT vendors. Building the IT infrastructure for an HRB is essential, and doing it right is extremely important. But it is truly the LEAST difficult problem to be solved on the road to successful HRBs. To succeed in creating a truly effective and sustainable HRB, close attention must be focused on acquiring data and encouraging usage within an organizational framework that provides trusted governance, and developing and deploying a business model that can reliably generate the revenue needed for ongoing operations. Simply building the IT system alone is not nearly enough.

    The Myth of Anonymized Data

    November 30th, 2007

    Today’s CNET story, “AOL, Netflix and the end of open access to research data”, describes how two large so-called “anonymized” databases have been re-identified, compromising the privacy of everyone in them. This provides yet another example of why “anonymized” data is a myth — and reinforces the need to avoid the release of large datasets of medical records, even if they are supposedly “de-identified.”

    The first incident described involves the release of 500,000 people’s movie ratings by Netflix in 2006. To protect the privacy of their subscribers, Netflix carefully removed all personal information. They offered $1 million to anyone who could develop an algorithm that would improve their movie recommendation system — a worthy goal. However, this week researchers announced that they successfully re-identified the data using publicly available information.

    A similar scenario occurred when AOL publicly released “de-identified” search data for 500,000 of its users. Some were re-identified within days.

    The lesson in this is simple: THERE IS NO SUCH THING AS ANONYMIZED DATA. To some extent, it can always be re-identified. For those who are interested in more details, computer scientist Dr. Latanya Sweeney’s Data Privacy Lab at Carnegie-Mellon has been studying this issue for years and developing the theory needed to understand it.

    So what are the implications for medical data? As previously described in this space (Protecting Privacy While Searching Health Record Banks), each person’s complete health records need to be stored in a central location with all access under the control of that individual (or whomever they designate). To provide the tremendous research benefits available from searching this data, queries should be submitted to health record banks, but NO DATA SHOULD EVER BE RELEASED. Instead, the result of a query would be a count of the number of matches and a carefully controlled demographic summary. In this way, re-identification is prevented since no actual data is available. This allows all of us to have the fruits of medical research WITHOUT having to give up our privacy.

    Let’s hope Netflix and AOL have learned their lesson and that other organizations — especially health care institutions — are paying close attention.

    First Quantitative Study of Health Information Infrastructure Workforce

    November 17th, 2007

    One of the key unanswered questions about health information infrastructure over the past several years has been, “Do we have enough trained people to build it?” Over the past year, I’ve been privileged to have the opportunity to serve as the principal investigator of a research project sponsored by the U.S. Department of Health and Human Services (Office of the Assistant Secretary for Planning and Evaluation) to begin to address this question. This work represents the first attempt to quantify the workforce requirements for building the health information infrastructure in the U.S. A presentation summarizing the final results was given to the American Health Information Community (AHIC) Electronic Health Record work group in late September, and the complete final report has recently been posted. Here is the Executive Summary:

    Nationwide Health Information Network (NHIN) Workforce Study

    Executive Summary

    For the past several years, the nation has been working to improve health care through the widespread implementation of electronic health records. One clear prerequisite for accomplishing this goal is the availability of a trained workforce to implement the developing Nationwide Health Information Network (NHIN). While it is generally acknowledged that the nation does not have a sufficient number of trained specialists for this purpose, no prior studies have produced any quantitative estimates of the workforce requirements. Accordingly, the current research was designed to further our understanding of NHIN workforce issues by collecting, assessing, and analyzing existing knowledge and data in this domain with the objective of producing an initial estimate of the number of people needed.

    This study gathered information through a series of four focus groups, five site visits, and direct communications with health information technology (HIT) vendors. The anticipated NHIN work was divided into three separate categories of activities for the purpose of assessing workforce:

  • 1) electronic health records (EHRs) in physician offices
  • 2) EHRs in hospitals and other health care institutions; and
  • 3) the health information infrastructure (HII) required in communities to link the various sources of records so that each patient’s complete electronic record could be available.
  • Assuming a 5-year time frame for NHIN implementation, results indicated that 7,600 (+/- 3,700) specialists are needed for installation of EHRs for the approximately 400,000 practicing physicians who do not have them already. For the hospitals needing EHRs (about 4,000), approximately 28,600 specialists are needed. Finally, about 420 people are needed to build the HII systems in communities to interconnect all these other systems. These data represent the first ever quantitative estimates of the workforce needed to implement the NHIN.

    These estimates should be considered preliminary and imprecise as they are based on a very small number of reports: eight for physician EHRs, four for hospitals (no data were available for other types of health care institutions), and two for communities. Furthermore, since all reported data was retrospective, the various estimates are based on information collected inconsistently at different times and under varying circumstances. Insufficient information was available to be able to characterize meaningfully the different types of personnel needed, although at least 15 different job titles were identified and defined. There was also inadequate information to allow workforce estimates for different architectures for the three major activities, despite general agreement from the expert panels that differences in architecture may have a significant impact on the personnel needs. Similarly, there was not enough data to assess or categorize the impact of size of practice or institution on workforce. However, there were some indications that the personnel requirements per physician are higher for smaller physician offices (three physicians or less). Also, the workforce data relates only to installation of systems; ongoing support and maintenance were specifically excluded. Finally, it is notable that there is no available data about the current number of specialists working in the three areas, so it is not clear whether these estimates indicate a shortage of personnel.

    Further research is needed to confirm and refine these estimates, as well as overcome the limitations of these results. Nevertheless, these first-ever quantitative estimates of the workforce needed for NHIN implementation will inform such additional studies, lead to an improved understanding of this important domain, and ultimately help ensure that adequate numbers of personnel are available for this critical work.

    Independent Report Endorses Health Record Banking

    October 26th, 2007

    Today, the Information Technology & Innovation Foundation released a new report, Improving Health Care: Why a Dose of IT May Be Just What the Doctor Ordered.  The report recommends health record banking as the way to develop an effective health information infrastructure. It also recommends four specific actions by the Federal government:

  •  Establish interoperability standards
  • Establish the regulatory framework for health record banks (by passing HR 2991)
  • Make health record bank account fees a covered benefit for all Federal health programs
  • Require that all holders of electronic health record information provide it to patients at no charge (for deposit in their health record bank accounts)
  • This report is a nice synopsis of the current situation and the rationale for health record banks. My recommendation is that you take a close look at it.