EHR security. Government regulations promise onerous fines and public scrutiny to healthcare organizations that allow data security breaches. So hospital systems, in particular, are security-conscious and have gone to great lengths to protect the security of protected health information (PHI). For example, many healthcare organizations don't allow clinicians to store PHI on end-user devices. They keep everything on the server and, in some cases, adopt a virtual desktop approach to facilitate the use of EHRs and other applications. Nevertheless, security breaches are increasing at a frightening rate, partly because of the theft or loss of unencrypted laptops and other mobile devices. Meanwhile, many physician practices have yet to perform government-mandated security risk assessments.
Health information exchange (HIE). This term refers both to the act of exchanging health data and an organization that facilitates information exchange. HIEs may be statewide, regional, metropolitan, or organization-specific. The latter, known as private HIEs, have been growing more quickly than public HIEs in recent years. That is partly because public HIEs have had difficulty in providing a return on investment to local providers. Indeed, most HIEs subsisted on government grants until they dried up, and the majority of them have yet to find a viable business model. Some HIEs offer data analysis services and help in meeting the "transitions of care" requirements of the government's EHR incentive program (see the section on government regulations).
Hospital information systems. Hospital EHRs include many components that EHRs for office-based doctors lack, including ancillary clinical systems, electronic medication administration records, and computerized practitioner order entry (CPOE). In addition, they have both nursing and physician documentation. Hospital information systems are very complex and include products developed by vendors other than the healthcare system's main EHR vendor, such as lab, pharmacy, and radiology picture archiving and communications systems (PACS). To help these systems exchange information, hospitals may use interfaces based on Health Level 7 (HL7) standards, middleware, or enterprise viewers for disparate PACS.
PACS/VNA. PACS may serve all hospital departments or may be split among radiology, cardiology and other departments. These systems house radiology images and reports and may include "radiology information systems" (RIS) that handle patient scheduling, image tracking, and results reporting. But in recent years, many hospitals have turned off their RIS and have integrated PACS with EHRs for RIS functions. Multiple PACS within a hospital or across hospitals and outpatient imaging centers are hard to integrate. Moreover, storage demands are growing exponentially. So a number of healthcare organizations now use vendor-neutral archives (VNAs) to store images from disparate PACS. Clinicians can access the VNAs directly from EHRs. Alternatively, some organizations use enterprise viewers to retrieve images from multiple PACS.
Patient portals. Largely because of the EHR incentive program, it's common for EHRs to have patient portals so that patients can view or download their records and message providers online. But those activities are still occurring only to a limited extent: For example, providers objected to the requirement in the government's EHR incentive program that just 5 percent of their patients view their records online. Although patient portals could greatly increase healthcare efficiency and improve the quality of care, the potential of this technology has yet to be fully exploited.
Sign up for CIO Asia eNewsletters.