Electronic Medical Records and Personal Health Records

by David B. Troxel, MD, Medical Director, Board of Governors

The Personal Health Record (PHR) is owned and password-controlled by the patient and can be shared with his or her providers. It contains basic health care information such as lists of medications, medical conditions, allergies, immunizations, past surgical procedures, and other information related to care provided by all physicians or hospitals. This is the information currently collected on a clipboard when the patient has an office appointment, is admitted to a hospital, or is seen in an emergency department.

The Electronic Medical Record (EMR) is owned, controlled, and used by the physician or hospital that provides care to the patient. It contains detailed information about the care provided, but only for the care delivered by a single provider and only during the period that the patient was in his or her care. It provides better presentation of data for clinical decision-making because it is easily readable, provides clear documentation, has automatic alerts for allergies and drug interactions, provides medication lists, charts lab and radiology results, provides current medical guidelines for preventive care and chronic-disease management, and allows timely remote access.

About 10 percent of physicians use an EMR, and more than half are primary care physicians. A review of 363 malpractice claims from The Doctors Company revealed that system errors contributed to 30 percent of the claims. Thirty-two percent of these system errors were medication-related errors, 27 percent were communication errors, and 13 percent were medical record errors. Medication errors involved monitoring (one-third were failures to properly monitor Coumadin), wrong dosage, inappropriate medication, failure to consider side effects, drug-to-drug interactions, and errors related to medication reconciliation.

The EMR can reduce these errors through medication alerts concerning drug interactions and allergies, by facilitating communication among providers, by providing computerized physician order entry (CPOE) to eliminate errors resulting from legibility issues and hand-offs, and by improving medical record documentation.

Potential malpractice risks may result from a physician’s increased access to data that originates outside his or her practice. Physicians may have difficulty keeping up with all the medical information coming to their EMR from outside sources and will need to review new information in the system at each patient visit. They may think they can read online reports from other providers and not file them in their own EMR, or that they can simply ignore online data (lab results). However, audit trails may show that electronic messages were sent and/or opened, and a plaintiff’s attorney may prove that a physician had access to information, failed to review or utilize it, and then initiated an incorrect treatment or prescription.

Medication histories, available to physicians who prescribe electronically, also pose a liability challenge. For example, a physician may discover that another doctor has prescribed a medication that interacts with a drug he or she has prescribed to a patient. Obviously, acting on that discovery could prevent an adverse drug event—and failure to act could result in patient injury.

The Electronic Health Record (EHR) combines the EMR with the PHR. Some PHRs communicate electronically with the EMR from any physician or hospital providing care, thereby creating a comprehensive record. If an EHR were used by all physicians, all physicians would know all medications, tests, procedures, and diagnoses for a given patient. The EHR would have a profound impact on medical record accuracy and would reduce medication errors.

iHealth

Medem was founded in 1999 by the American Medical Association (AMA) and U.S. medical societies to develop iHealth, a suite of integrated online patient-physician communication and health care services. Medem works with the AMA, medical societies, the Food and Drug Administration (FDA), the Centers for Disease Control (CDC), the American Heart Association, the American Cancer Society, liability carriers, and health plans.

Privacy policies and data use are governed by iHealth Alliance, an advisory board chaired by former AMA president Nancy Dickey, MD, with representatives from health care organizations such as the American Heart Association and the American Cancer Society, malpractice carriers (The Doctors Company), and others. The iHealth suite of online network services (iHealth service) includes:

iHealthRecord—is a PHR that is owned and password-controlled by the patient that can be shared with the patient’s providers. It contains basic health care information such as current medical conditions and medical history, medications, allergies, immunizations, previous surgeries and procedures, emergency contacts, insurance ID, pharmacy ID, and other information related to care provided by all physicians or hospitals. This is the information collected on a clipboard when the patient has an office appointment.

This secure, interactive online PHR can be built and accessed by patients on the physician’s practice Web site (provided by Medem), and is free to the patient. Patients can grant viewing privileges to physicians, hospitals, clinics, and emergency departments. They can access their iHealthRecord from any of the 70,000 network physician Web sites that offer the service and at www.ihealthrecord.org or www.medem.com. Patients can find physicians who offer the iHealthRecord in the physician directories of the AMA, medical societies, and most major U.S. health plans (including Aetna, CIGNA, Anthem, United Healthcare, Connecticare, and BlueCross BlueShield plans).

When patients call for an appointment, they are instructed to go to the physician’s Web site and complete the iHealth registration. This needs to be done only once. In completing the registration, the patient is also creating his or her personal health record, which then replaces the clipboard as the vehicle for office registration. Patients can be asked to review or update their iHealthRecord online and to print it prior to appointments. Patients who forget to print their PHR can have a copy printed in the doctor’s office.

The iHealthRecord information is entered into structured data fields allowing the PHR to exchange information with EMRs, providers, and payers to keep the health data current. The iHealthRecord is integrated with Allscripts EMR, allowing data transfer into this EMR and will soon be integrated with other EMRs.

Physician Practice Web Site—features an award-winning library of clinical information from organizations that include the AMA, American Academy of Pediatrics, American Psychiatric Association, American College of Obstetricians and Gynecologists, the FDA, and the CDC. It provides new patient access to physicians through exclusive links to the provider directories of health plans representing more than 70 million lives. This Web site can be linked to other Web sites, and the iHealth services (including iHealthRecord) can be accessed by patients from their physician’s Web site.

e-Prescribing—an easy-to-use Web-based service integrated with and accessible from the practice Web site. It connects with virtually every pharmacy and many insurance company formularies. Prescription renewal requests by patients are synchronized with this system and with the patient’s iHealthRecord. It instantly checks for drug interactions, dosage, and patient-specific medication factors. It is provided free by Allscripts and the National ePrescribing Patient Safety Initiative (NEPSI).

When a medication listed in an iHealthRecord matches a medication in an FDA patient safety alert, the FDA notification is sent directly to the patient’s iHealthRecord, thereby taking some of the burden of notifying patients off the doctor. It also creates an audit trail showing that the notification was sent and opened.

Automated Disease Management (“Adherence”) Services—the iHealthRecord also allows patients to receive automated patient education and medication/condition-specific disease management messages and reminders. These patient education programs come from authoritative organizations, including the AMA Physician Consortium, the FDA, CDC, American Heart Association, American Cancer Society, and leading medical societies. Messages can be approved or edited by the physician. Physicians can also create their own adherence programs for their patients.

Secure Messaging—a HIPAA-compliant patient-provider e-mail service that allows patients to communicate more efficiently with their doctors. This service facilitates administrative messaging between office staff and patients, e.g., appointment requests, prescription refill requests, administrative questions, and automated appointment reminders.

Online Consultation—allows secure physician-patient messaging for online clinical consultations. Some health plans now pay for a portion of Online Consultations, and there is a CPT code for this service. If patients are charged a fee for Online Consultations (typically a copayment amount), there is a separate Medem transaction fee. If no fee is charged, Online Consultation is included as a network service.

Secure Pay—enables patients to pay outstanding balances via their physician’s Web site using major credit cards.

Health Care Notification Network (HCNN)

To improve patient safety as related to prescription medications and other products, the FDA has requested assistance in delivering electronic product-related patient safety notices to health care providers so that they receive them in a timely, efficient, and effective manner.

The current process, which relies on the U.S. mail, leads to delays in notifying physicians and patients of important patient safety issues. The iHealth Alliance has worked with the FDA, manufacturers, medical societies, and others to create a network for delivering patient safety notifications to providers online that will fulfill FDA regulations and make the delivery both timely and efficient. Key aspects of the Health Care Notification Network include the following:

1. It is free to physicians. (Their e-mail addresses will be used only for patient safety notifications, not for marketing purposes—no lists will be sold to or used by third parties.)
2. Physicians will receive the notices days to weeks ahead of current paper/U.S. mail–based notifications.
3. Physicians can identify additional e-mail recipients to receive these notices. i.e., office staff.
4. The funding for the HCNN comes from user fees paid by manufacturers.
5. Providers can opt out of the HCNN at any time.

The HCNN will provide rapid online communication with physicians for FDA-mandated product recalls and warnings. Physicians not enrolled in the HCNN or who enroll but don’t open their e-mail notifications will be notified via standard mail. Practices can forward notifications via e-mail to their patients, post them on their Web sites, or go to www.medem.com and send a blast e-mail with a personal message regarding the FDA alert to their patients whose iHealthRecords list that medication.

The iHealth Alliance is working with the CDC and Department of Homeland Security on the appropriate use of the HCNN for national public health emergencies, and the CDC has been offered a liaison seat on the iHealth Alliance board similar to the FDA’s liaison participation. It is hoped that, in the near future, CDC public health messages and bioterrorism alerts will be added to the HCNN.

To register for the Health Care Notification Network, follow these instructions:

• Go to Health Care Notification Network Home Page at www.hcnn.net.
• Click Sign Up.
• A window with this message will appear:
  By clicking the “Send” button on this e-mail, you will be preregistered for the HCNN. In the coming weeks, you will receive an e-mail from the HCNN with more information and authentication instructions. Be sure to add www.hcnn.net to your list of known senders in your e-mail client to prevent HCNN messages from getting routed to your spam folders.
  Thank you for your commitment to patient safety. If you have any questions about the HCNN, please call (866) 925-5155 or e-mail info@hcnn.net.
• Click Send.

eRisk Guidelines for Online Communication

The use of online communication and consultation between doctors and patients is becoming more common in everyday physician practice. Medicine is increasingly using the Internet for communications, and there is growing pressure from health plans, employers, and government to use both personal health records and electronic medical records. In light of these developments, it is important for physicians to know how to avoid potential risks when using online patient communications.

The eRisk Guidelines for Online Communication were developed by the eRisk Working Group for Healthcare, a consortium of professional liability carriers, medical societies, and state licensure board representatives. The legal rules, ethical guidelines, and professional etiquette that govern and guide traditional communications are equally applicable to e-mail, Web sites, and Personal Health Records. However, online communications introduce special concerns and risks as follows:

1. Pre-Existing Clinician-Patient Relationship. Physicians may increase their liability exposure by initiating a clinician-patient relationship online. Online communications of any kind are best suited for patients previously seen and evaluated in an office setting.
2. Licensing Jurisdiction. Online interactions between a health care clinician and a patient are subject to requirements of state licensure. Communications online with a patient outside of the state in which the clinician holds a license may subject the clinician to increased risk. Intra-specialty consultation does not require in-state licensure, provided the consultation is requested by a physician licensed within the state and is referenced in a report they issue.
3. Sensitive Subject Matter. Clinicians should advise patients of the risks that information the patient may consider sensitive may inadvertently be accessed by someone not authorized to see it. Examples include mental health, substance abuse, reproductive history, sexually transmitted diseases, drug and alcohol problems, genetic disorders, and HIV status. Some states may prohibit electronic transfer of specific classes of information regardless of patient consent.
4. Patient Education and Care Management. Health care clinicians are responsible for the information that they make available to their patients online. Information provided to patients through a PHR, automated patient education programs, care management, and other online services should come either directly from the clinician or from a recognized, credible, and authoritative source.
5. Emergency Subject Matter. Health care clinicians should advise patients of the risks associated with online communication related to emergency medical subjects such as chest pain, shortness of breath, high fever, physical trauma, or bleeding during pregnancy. For medical emergencies, instruct patients to call the office or go to an emergency department.
6. Practice Web Site Commercial Information. Web sites and online communications of an advertising, promotional, or marketing nature may unrealistically raise patient expectations and subject clinicians to increased liability, including implicit guarantees or implied warranty and potential violation of consumer protection laws designed to protect against deceptive business practices. This is particularly true when cosmetic procedures, off-label drug use, and non-FDA approved procedures are promoted.
7. Informed Consent. Prior to initiating an online clinical consultation, the health care clinician should obtain the patient’s informed consent to participate in the consultation, including discussing appropriate expectations, disclaimers, and any fees that may be imposed.
8. Online Consultation vs. Online Diagnosis and Treatment. Clinicians should distinguish between an online consultation related to a known pre-existing condition (such as those concerning ongoing treatment and follow-up questions)—and the diagnosis and treatment of new conditions addressed for the first time online that may compromise patient safety and increase liability exposure.
9. Internet Pharmacies. There are potential risks when patients are referred to online pharmacies, since some employ “cyberdocs” who dispense drugs and medical devices without a valid doctor’s order, and others may be involved in the illegal importation of prescription drugs. The National Association of Boards of Pharmacy has a Verified Internet Pharmacy Practice Sites (VIPPS) program, and pharmacies in compliance with its standards show the VIPPS seal of approval on their home page.
10. Personal Health Records often include electronic patient education, FDA and medical device warnings, disease management guidelines, and other programs. PHRs are being promoted by the government, health plans, employers, and patient advocacy groups. The PHR introduces special concerns and potential risks:
    1. The PHR service is provided to patients for their convenience only, and is distinct from the medical record maintained by the physician. Entries in the PHR do not become part of the medical record unless and until they are formally accepted for inclusion by the clinician.
    2. It should be made clear to patients that physicians are not responsible for knowing the information contained within a PHR except when they have consulted it in association with a formal office visit or online consultation.
    3. The PHR is not a substitute for directly communicating the patient’s medical information to his or her physician in a traditional format (in-person, by telephone, etc.). Patients should not assume that their Personal Health Record has ever been seen or reviewed by their clinician(s).
    4. Patients are responsible for notifying their health care provider(s) when new information appears in their PHR—whether they personally update it or it is automatically updated by third parties (health plans and other insurers, pharmacies, laboratories, etc.).
    5. The provider should make it clear that the responsibility for the accuracy of the information in the PHR remains with the patient or caregiver as the owner of the record.

The Doctors Company’s EMR Policy

The Doctors Company regards iHealthRecord and the Health Care Notification Network as important patient safety initiatives. We believe they have the potential to improve the quality of patient care, facilitate medication compliance and disease management, and ease the transition to the development of the EHR. When the EHR fully integrates physicians’ offices with hospitals, clinical laboratories, pharmacies, and one another, forming an integrated health system–wide network, physician and health system error, malpractice risk, and ultimately medical malpractice claims and premiums should be reduced.

We encourage our physician members to participate in the iHealth suite of services. Medem offers members of The Doctors Company a discounted fee of $24.50 per month for all iHealth services, including the iHealthRecord and the physician practice Web site.

For more information, visit www.ihealthrecord.org or www.medem.com. To join the Medem network, contact Medem Member Services toll free at (877) 926-3336 or e-mail Medem at info@medem.com.

J6932 2/08

Print this page