Abstract
Emerging electronic health record models present numerous challenges to health care systems, physicians, and regulators. This article provides explanation of some of the reasons driving the development of the electronic health record, describes two national electronic health record models (currently developing in the United States and Australia) and one distributed, personal model. The US and Australian models are contrasted in their different architectures (“pull” versus “push”) and their different approaches to patient autonomy, privacy, and confidentiality. The article also discusses some of the professional, practical, and legal challenges that health care providers potentially face both during and after electronic health record implementation.
Keywords: Medical records systems, computerized; delivery of health care; patient care; information management; medical record linkage; confidentiality; policy making; United States; Australia; Internet
Introduction
The electronic health record (EHR) is an evolving concept defined as a longitudinal collection of electronic health information about individual patients and populations. Primarily, it will be a mechanism for integrating health care information currently collected in both paper and electronic medical records (EMR) for the purpose of improving quality of care. Although the paradigmatic EHR is a wide-area, cross-institutional, even national construct, the electronic records landscape also includes some distributed, personal, non-institutional models.
Emerging EHR models present numerous challenges to health care systems, physicians, and regulators. This article provides explanation of some of the reasons driving the development of the EHR, describes three different EHR models, and discusses some of the practical and legal challenges that health care providers potentially face both during and after EHR implementation.
Stakeholders and Drivers
Information technology (IT) has become the principal vehicle that some believe will reduce medical error. In the United States, the non-governmental and highly influential Institute of Medicine (IOM) has committed to technology-led system reform [1] and urged “a renewed national commitment to building an information infrastructure to support health care delivery, consumer health, quality measurement and improvement, public accountability, clinical and health services research, and clinical education.” [2] As is well known, this IT-led system reform involves several intersecting technologies, including the following: tracking systems (barcodes and Radio Frequency Identification [RFID]); computerized physician order entry (CPOE) systems; clinical decision support systems (CDSSs) that complement order entry devices operating with server-side systems that reference drug interaction information or treatment models (such as clinical practice guidelines); and enhanced reporting systems that provide for adverse event and medical error disclosure, and facilitate population-based health care models and more extensive outcomes research.
The electronic record is at the center of the IOM's goal of eliminating most handwritten clinical data by the end of this decade [2]. Electronic records are superior to paper records because they decrease error due to handwriting problems and ease physical storage requirements [3]. Additionally, electronic records simultaneously leverage other error-reducing technologies and render them coherent. EHR models present significant additional advantages because of their potential to deliver a longitudinal record that tracks all medical interactions by a particular patient and provide comprehensive data across populations. Thus, the IOM envisions a longitudinal collection of electronic health information for and about individuals and populations as feeding data into error-reducing “knowledge and decision support systems.” [4,5]
Error reduction aside, business concerns and structural changes in health care delivery are driving EHR implementation. Although some of these phenomena are unique to the US model of health care financing and delivery, mature systems in other countries must also accommodate stresses from similar developments. First, the shift from in-patient to ambulatory care (and other episodic models) has accelerated the need for accurate and efficient flow of patient medical and billing information between organizationally and geographically distinct providers. Second, the operational aspects of managed care, such as the data needs of “gate keeping” physicians, demands by payers for performance “report cards,” and system administrators' increasing needs for sophisticated utilization review and risk management tools, have increased the need for data transparency [6]. Third, the growth of “shared care”, whereby the patient both shares responsibility with the provider for care and is likely to have increasingly fragmented or episodic relationships with multiple providers, requires that patients must have access to health data generally and, more controversially, to information in their record [7,8]. Furthermore, it requires that providers have transparent access to other occasions of treatment, particularly pharmacotherapy. Finally, both patients and regulators are demanding increasing amounts of data regarding errors or near misses and outcomes in populations [9]—data that is difficult to generate without sophisticated data coding and nearly impossible to analyze without complex, comprehensive database systems.
In addition to safe, high-quality care, patients expect privacy, rights of access and correction [7], and the opportunity to give consent for research uses of their health information [10]. As patient care moves from an in-patient to ambulatory or other fragmented models of service delivery utilizing multiple providers, the portability of and timely access to data become increasingly important to patients as well as providers. In the words of one patient,
I don't want much - just for my medical records to be seen only by those whom I authorize, and for the record to be readily accessible to them wherever they are. . . . I would like a bigger say in what goes into my notes, and if I don't like something I would like it taken out. [11]
Providers continue to embrace confidentiality to foster an environment in which patients will disclose information related to their health. However, in the realm of health information, the needs of those delivering, regulating, and paying for health care may be at odds with the principles of privacy and confidentiality [12,13]. Technological acquisition, storage, access to, and distribution of patient health data exacerbates that tension.
In addition to maintaining confidentiality, providers are subject to legal and ethical obligations to evaluate and document the encounter. Providers engage in narrative with the patient and form opinions throughout and across interviews [14]. Therefore it follows that the available EHR vocabulary must accommodate symptoms and modifiers in addition to diagnoses and summary statements [14]. Data entry systems must be seamless and unobtrusive, and should include handwriting or voice recognition in addition to standardized checklists and templates. Otherwise, provider time will be lost as physicians attempt to code findings during the encounter [14]. Since medical care itself is not standardized, it remains difficult to envision a “one size fits all” approach to medical record computing [8,15].
Although there has been debate among providers about the feasibility and safety of having all patient information computerized and available across institutions, the authors accept the premise that EHR implementation is inevitable because of the support for the idea from health care regulators, third-party payers, hospital administrators, and physician advocacy groups such as the American Medical Association [16].
Progress and Models
As EHR models have struggled towards maturity, some key questions have arisen. Debatable issues include the following: whether the originating record should supply complete data or a summary; whether the data subsequently generated is episodic or longitudinal; and whether patients and providers will either control which information is “pushed” to the central record or be spectators as comprehensive data is “pulled” by remote systems. The EHR models that are developing in Australia and the United States suggest some divergent answers to these questions. Although less visible than institutional (provider or governmental) models, a third EHR model focuses on a web-based, distributed “personal” longitudinal record. This model raises discrete quality and confidentiality issues.
Australia
Australia's proposed national health information network is called HealthConnect [17]. The basic HealthConnect model is to extract a summary record from locally collected patient data which is then aggregated to create a centralized HealthConnect record that may then be shared among participating and authorized providers [18].
A HealthConnect “event summary” consists of the “critical information considered to be useful to other health care providers involved in the future care of the consumer.” [19] Thus, HealthConnect does not create a comprehensive longitudinal record. Rather, patients, with their providers, will choose which elements may be extracted from an existing health record and transmitted to the HealthConnect record. Providers, with the consent of their patients, may subsequently add data to the HealthConnect record. It follows, therefore, that HealthConnect is a “push” system, selectively sending data to a centralized record [20].
The patient controls which elements of the centralized record may be used for which purposes or displayed in which “views” [21]. For example, a patient might elect to include details of his psychotropic prescriptions in an event summary and consent to all his prescribing doctors viewing that data, but only consent to other mental health professionals viewing his psychiatrist's discharge order. The system's dedication to voluntary participation is desirable based on demonstrated patient interest in confidentiality. However, the summary data that is centralized may not fully support the system's secondary goals of disseminating professional education, supporting research, furthering utilization, increasing access, and improving quality [20]. HealthConnect has completed 2 years of pilot testing. It is estimated that the system will save AUD $300 million per year by reducing errors and duplication of effort [20].
United States
The IOM has been critical of the rate of technology adoption by US hospitals [22]. Notwithstanding, and representing the public sector, the Department of Veterans Affairs is committed to process reform and technologically mediated delivery of services [23]. More broadly, the Consolidated Health Informatics (CHI) initiative is accelerating the use of common clinical vocabularies and messaging standards across federal agencies that process health data [24]. In addition to projects of national scope, some state governments have EHR launch initiatives; for example, Massachusetts has recently announced a statewide initiative, partially funded by the health insurer Blue Cross Blue Shield, with the goal of having a statewide electronic records system in place within five years [25]. Similar initiatives are being undertaken by some of the largest private providers; for example, Kaiser Permanente, the largest nonprofit health management organization (HMO) in the United States, with some 8.4 million members in 9 states and 12000 participating physicians, has recently adopted a 3-year, $1.8 billion electronic records program [26].Providing additional direction in developing EHR models have been the Connecting for Health initiative funded by the Markle Foundation [27], and the work of the EHR Collaborative [28], which consists of the major professional stakeholders such as the American Medical Association, and the Healthcare Information and Management Systems Society.
In the United States, as is the case in Australia and the UK [29], the purer EHR model is evolving at the national level. To date, the IOM [30] and the National Committee on Vital and Health Statistics (NCVHS) [31,32] have focused primarily on the technical aspects of EHR implementation in the United States. Both have identified two core components in the project: first, building a national health information infrastructure and, second, establishing data interoperability and comparability for patient safety data. In order to achieve data interoperability and comparability, NCVHS and IOM have recommended the adoption of core standardized EHR terminologies (eg, ICD-9 for diseases or symptoms [33], CPT-4 to code medical procedures, and services [34], and RxNorm for drug names and doses [35]). Considerable development is also underway to standardize event taxonomy (eg, adverse event or near-miss reporting using the College of American Pathologists' SNOMED CT taxonomy [36]) and to express knowledge representation such as clinical practice guidelines.
At this stage in the development of the US national model, its architects are concentrating on the interoperability and comparability of all patient safety-related data [37], designing a full “pull” architecture such that centralized and local records can import semantically similar data. Currently it is unclear which data consumers will choose to extract from remote systems or what limitations will be imposed, or by whom.
The Internet Alternative—the Personal EHR
Most EHR initiatives are national in scope and frequently government initiated or funded. EMR initiatives are typically hospital- or system-wide, yet are being designed with an eye to broader push or pull systems that will make wide-area use of such institutional data. A personal EHR model is quite different in concept. It assumes that individual patients will aggregate their diverse records and then make them selectively available to new or emergency providers. There are several subscription, web-based personal EHR systems such as PersonalMD.com [38] and Vital Vault [39] that provide secure web space in which patients can aggregate their medical data. Some of these systems also offer automated updating from select providers. Thus, the emerging model emulates popular personal finance applications (such as Microsoft Money or Intuit's Quicken) that allow for both end-user input and importation of data from institutional records to allow management of accounts. As with many emerging Internet-based health-related services, personal EHRs are immature, tend to exhibit limited functionality, and lack permanence [40,41].
Challenges
While Australia's HealthConnect respects patient and provider choices and generates only limited data sets, the US system seems to be moving towards interoperability and comparability of all patient data, maximizing patient data flow into local and national systems but, arguably, at the cost of patient autonomy. The Australian system may pay too much attention to patient consent and jeopardize broader outcomes and reporting goals. Both institutional systems require careful scrutiny with regard to their costs, confidentiality, and liability risks. The nascent Personal EHR model generates additional concerns, which are similar to those experienced with other web-based products such as medical advice sites.
Cost
Considerable uncertainty exists regarding the costs associated with electronically mediated health initiatives and their allocation [42]. During transitional periods, costs rise as both traditional and technologically mediated models work in parallel. Most immediately, the health care industry will have to adjust to costs associated with evolving technologies and short system-lives. There has been recent controversy in the United States over Congressional rejection of President Bush's initiative to expand funding for the Office for National Health Information Technology coordination (ONCHIT) of the Department of Health and Human Services; this will likely jeopardize public-sector EHR demonstration projects that were to have been funded out of that office [43].
Equally, there are practical, economic, political, and professional barriers that impede the acceptance of electronic records systems. Individual physicians or small practice groups have particular concerns about the costs and learning curves associated with electronic records systems [44]. Additionally, there are questions about whether to convert records retrospectively or whether electronic records systems should be prospective. Predictably, the medical community is concerned about costly dependence on proprietary technology companies, which could potentially monopolize the hardware and software required for interoperability. One possible solution would be for the mechanism of implementation of the EHR to be a public service built to public standards and/or under patient control [45].
Privacy and Confidentiality
An EHR system must satisfy its users regarding privacy, confidentiality, and security [46]. In the United States, the Health Insurance Portability and Accountability Act (HIPAA), passed in 1996 [47], committed the federal government to a process of “Administrative Simplification” to reduce health care costs. That mandate included regulatory authority to promulgate national Standards for Privacy of Individually Identifiable Health Information (PIHI) [48]. The PIHI regulations only regulate the disclosure of health data; they place no limitations on its the collection. Although the regulations limit use and disclosure with a “minimum necessary” rule [49], that limitation is inapplicable in cases of treatment or when disclosure is required by law [50]. Further, PIHI permits disclosure to a very broad range of public health, law enforcement, and judicial authorities [51], and provides for less than robust control of disclosures for secondary uses, such as marketing by providers [52]. Confusingly the PIHI regulations only supplement more rigorous state privacy laws. More recently, the HIPAA legislation has given rise to comprehensive federal security rules that govern health care transactions [53].Their limitations, notwithstanding the regulations made under HIPAA, apply to existing health records kept by most providers and are equally applicable to forthcoming EMR and EHR data. It appears unlikely, however, that US EHR developments will be accompanied by any additional protections, either by providing enhanced collection (privacy) or disclosure (confidentiality) rules or by derogating from a pure “pull” model of data aggregation.
Australian state [54] and federal (Commonwealth) governments aggressively protect patient information [55]. The Commonwealth National Privacy Principles [56] are broadly sensitive to the needs of the health information domain and protect patients with collection-centric (by placing limits on collection and granting consumers anonymity rights) and disclosure-centric rules as well as addressing data quality, data security, and access rights. In 2001, the Australian Federal Privacy Commissioner issued his nonbinding but influential initial Guidelines on Privacy in the Private Health Sector [57] that map the National Privacy Principles to the health context and provide for a robust collection-centric approach. In most cases, consent is required prior to collecting patient health information. This consent should include disclosure of the purposes for which the information is being collected. Further, the “[i]nformation collected should be limited to what is necessary for the health service provider's functions and activities.” [58] The Guidelines state that a provider should “only use or disclose personal information for the primary purpose for which it was collected, or for directly related secondary purposes if these fall within the reasonable expectations of the individual” [59]. As a result, the Guidelines provide a satisfactory framework for emerging EHR models, while the HealthConnect patient-controlled “push” model is intrinsically protective of patient interests.
The US PIHI rules regulating the disclosure of health data have less certain application outside traditional bricks-and-mortar providers, such as those engaged in Internet prescribing and web-based medical advice [60]. As a result, considerable attention needs to be paid to the confidentiality and security of data stored by Personal EHR businesses. In many cases the patient's protection will be limited to that granted by a privacy policy published by the personal EHR provider.
Litigation Risks
Privacy and confidentiality aside, providers already face legal costs with regard to their records. For example, a US provider's failure to maintain timely, legible, accurate and complete records will likely breach state licensure standards [61,62], with severe disciplinary implications [63,64], and may also jeopardize Medicare participation [65]. Improper record keeping may also give rise to medical malpractice liability [66]. In this context, at least one US court has expressed doubt as to the adequacy of a summary rather than comprehensive record [67].
EHR systems inevitably will contribute other costs for users because of interactions with the legal system. Emerging EHR systems, particularly those linked to CDSSs, will be vulnerable to actions focusing on design or other operational flaws [68]. Providers who adopt immature systems may face liability risks because of system deficiencies or insufficient training; those who wait for mature systems are likely to face actions for their failure to implement new but plaintiff-labeled “state-of-the-art” records and CDSSs [69]. Adoption of electronic records systems may also create more indirect legal costs. Litigants may attempt to leverage the new systems to promote their recovery in clinical negligence cases. For example, plaintiffs' attorneys may attempt to use data-mining tools to identify related occurrences to bolster evidence or use their clients' rights of access and modification to manipulate the patient record [70].
Conclusion
On April 26, 2004, President Bush announced the goal of assuring that most Americans have EHRs within the next 10 years [71]. To this end, the President appointed a National Health Information Technology Coordinator to guide the “nationwide implementation of interoperable health information technology.” [72]
If properly funded and nationally implemented, the US EHR model has the following potentials: to interconnect with and enhance other error-reducing and cost-saving technologies such as decision support systems; to streamline health care dataflow using an interoperable and standardized nomenclature; to improve quality by encouraging accurate and legible communication among providers; to automate adverse event and medical error disclosure; and to facilitate reliable and reproducible outcomes research and reporting [73].
As EHR progress continues, several important questions remain unanswered. Which is the preferable EHR model—a shared summary system or a full interpretational longitudinal record? How much say will or should patients and providers have regarding which health information is shared across systems? Would an interactive EHR increase patient interest and involvement in their own care? And, of course, will electronic records conquer the technical problems they pose, avoid the security and privacy costs their critics identify, and deliver lower costs and higher quality; or will they be responsible for still more costs and errors, while promoting the continued industrialization of health care delivery and subordinating patient autonomy and professional ideals to soulless systems?
It has never been more important for providers to be aware of emerging technology, to comprehend the tension between improved care and the preservation of patient privacy and autonomy, and to offer feedback to the American Medical Association and other professional bodies as these entities move to influence the development of the EHR.
Abbreviations
- CDSS
computerized decision support system
- CHI
Consolidated Health Informatics
- CPOE
computerized physician order entry
- EHR
electronic health record
- EMR
electronic medical record
- HIPAA
Health Insurance Portability and Accountability Act
- HMO
health management organization
- IOM
Institute of Medicine
- IT
information technology
- NCVHS
National Committee on Vital and Health Statistics
- PIHI
Standards for Privacy of Individually Identifiable Health Information
- RFID
Radio Frequency Identification
Footnotes
None disclosed.
References
- 1.Institute of Medicine, authors. Crossing the Quality Chasm: A New Health System for the 21st Century. Washington, DC: National Academies Press; 2001. Jun 1, p. 15. http://books.nap.edu/books/0309072808/html/index.html. [PubMed] [Google Scholar]
- 2.Institute of Medicine, authors. Crossing the Quality Chasm: A New Health System for the 21st Century. Washington, DC: National Academies Press; 2001. Jun 1, p. 166. http://books.nap.edu/books/0309072808/html/index.html. [PubMed] [Google Scholar]
- 3.Hippisley-cox Julia, Pringle Mike, Cater Ruth, Wynn Alison, Hammersley Vicky, Coupland Carol, Hapgood Rhydian, Horsfield Peter, Teasdale Sheila, Johnson Christine. The electronic patient record in primary care - regression or progression? A cross sectional study. BMJ. 2003 Jun 28;326(7404):1439–43. doi: 10.1136/bmj.326.7404.1439. http://bmj.bmjjournals.com/cgi/content/full/326/7404/1439.326/7404/1439 [DOI] [PMC free article] [PubMed] [Google Scholar]
- 4.Aspden P, Corrigan JM, Wolcott J, Erickson SM, editors. Committee on Data Standards for Patient Safety, Board on Health Care Services, Institute of Medicine, authors. Patient Safety: Achieving a New Standard for Care. Washington, DC: The National Academies Press; 2004. p. 4. http://www.nap.edu/catalog/10863.html. [PubMed] [Google Scholar]
- 5.Kaushal R, Bates DW. Computerized Physician Order Entry (CPOE) with Clinical Decision Support Systems (CDSSs) In: Shojania KG, Duncan BW, McDonald KM, Wachter RM, editors. Making Health Care Safer: A Critical Analysis of Patient Safety Practices. Evidence Report/Technology Assessment, No. 43, Chap 6. AHRQ Publication No - 01-E058 (Prepared by the University of California at San Francisco - Stanford University Evidence-based Practice Centre) Rockville, MD: Agency for Healthcare Research and Quality; 2001. [2004 Dec 16]. http://www.ahrq.gov/clinic/ptsafety/ [Google Scholar]
- 6.Tang PC, Hammond WE. Committee on Improving the Patient Record, Institute of Medicine, authors. A Progress Report on Computer-Based Patient Records in the United States. In: Dick RS, Steen EB, Detmer DE, editors. The Computer-Based Patient Record: An Essential Technology for Health Care. Rev ed. Washington, DC: National Academies Press; 1997. [2004 Dec 16]. http://books.nap.edu/html/computer/commentary.html. [PubMed] [Google Scholar]
- 7.Tsai C C, Starren J. Patient participation in electronic medical records. JAMA. 2001 Apr 4;285(13):1765. doi: 10.1001/jama.285.13.1765.jms0404-3 [DOI] [PubMed] [Google Scholar]
- 8.Rashbass J. msJAMA. The patient-owned, population-based electronic medical record: a revolutionary resource for clinical medicine. JAMA. 2001 Apr 4;285(13):1769. doi: 10.1001/jama.285.13.1769-a.jms0404-7 [DOI] [PubMed] [Google Scholar]
- 9.Landro L. Wall Street Journal. 2004. Jan 29, The informed patient: consumers need health-care data; p. D3. [Google Scholar]
- 10.Willison Donald J, Keshavjee Karim, Nair Kalpana, Goldsmith Charlie, Holbrook Anne M Computerization of Medical Practices for the Enhancement of Therapeutic Effectiveness investigators, authors. Patients' consent preferences for research uses of information in electronic medical records: interview and survey data. BMJ. 2003 Feb 15;326(7385):373. doi: 10.1136/bmj.326.7385.373. http://bmj.bmjjournals.com/cgi/content/full/326/7385/373. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 11.Macdonald R. Commentary: A patient's viewpoint. BMJ. 2001;322(7281):287. doi: 10.1136/bmj.322.7281.287. http://bmj.bmjjournals.com/cgi/content/full/322/7281/283?maxtoshow=&HITS=10&hits=10&RESULTFORMAT=&fulltext= [DOI] [Google Scholar]
- 12.Mandl K D, Szolovits P, Kohane I S. Public standards and patients' control: how to keep electronic medical records accessible but private. BMJ. 2001 Feb 3;322(7281):283–7. doi: 10.1136/bmj.322.7281.283. http://bmj.bmjjournals.com/cgi/content/full/322/7281/283?maxtoshow=&HITS=10&hits=10&RESULTFORMAT=&fulltext= [DOI] [PMC free article] [PubMed] [Google Scholar]
- 13.Markwell D. Commentary: Open approaches to electronic patient records. BMJ. 2001;322:286. http://bmj.bmjjournals.com/cgi/content/full/322/7281/283?maxtoshow=&HITS=10&hits=10&RESULTFORMAT=&fulltext= [Google Scholar]
- 14.Walsh Stephen H. The clinician's perspective on electronic health records and how they can affect patient care. BMJ. 2004 May 15;328(7449):1184–7. doi: 10.1136/bmj.328.7449.1184. http://bmj.bmjjournals.com/cgi/content/full/328/7449/1184.328/7449/1184 [DOI] [PMC free article] [PubMed] [Google Scholar]
- 15.Safran C. msJAMA. Electronic medical records: a decade of experience. JAMA. 2001 Apr 4;285(13):1766. doi: 10.1001/jama.285.13.1766.jms0404-4 [DOI] [PubMed] [Google Scholar]
- 16.AMA throws support behind health IT coordinator. Modern Physician. 2004 Dec 9; [Google Scholar]
- 17.Australian Government Department of Health and Ageing, authors. HealthConnect. 2004. Nov 11, [2004 Dec 16]. http://www.healthconnect.gov.au/
- 18.Australian Government Department of Health and Ageing, authors. HealthConnect - an overiew. 2004. May, [2004 Dec 16]. http://www.healthconnect.gov.au/pdf/HealthConnect_overview_May2004.pdf.
- 19.Australian Government Department of Health and Ageing, authors. HealthConnect Business Architecture version 1.0. 2003. Apr, [2004 Dec 17]. p. 20, sect 4.3. http://www.healthconnect.gov.au/pdf/bav1.pdf.
- 20.Australian Government Department of Health and Ageing, authors. HealthConnect Business Architecture version 1.0. 2003. Apr, [2004 Dec 17]. pp. 30–31. http://www.healthconnect.gov.au/pdf/bav1.pdf.
- 21.Australian Government Department of Health and Ageing, authors. HealthConnect Business Architecture version 1.0. 2003. Apr, [2004 Dec 17]. p. 23, sect 4.5. http://www.healthconnect.gov.au/pdf/bav1.pdf.
- 22.Aspden Philip, Corrigan Janet M, Wolcott Julie, Erickson Shari M, editors. Committee on Data Standards for Patient Safety, Board on Health Care Services, Institute of Medicine, authors. Patient Safety: Achieving a New Standard for Care. Washington, DC: National Academies Press; 2004. May 10, p. 436. http://www.nap.edu/catalog/10863.html. [PubMed] [Google Scholar]
- 23.VA National Center for Patient Safety (NCPS), authors Creating a Culture of Safety. [2004 Dec 16]. http://www.patientsafety.gov/vision.html.
- 24.Consolidated Health Informatics, authors. Home page. [2004 Dec 16]. http://www.whitehouse.gov/omb/egov/gtob/health_informatics.htm.
- 25.Peter J. Mass. launches computerized medical files. Washington Post/Associated Press. 2004. Dec 6, [2004 Dec 16]. http://www.washingtonpost.com/wp-dyn/articles/A41136-2004Dec6.html.
- 26.Rundle RL. Wall Street Journal. 2003. Feb 4, Big HMO plans to put medical records online; p. D4. [Google Scholar]
- 27.Markle Foundation, Data Standards Working Group, authors. Connecting for Health - A Public-Private Collaborative, Report and Recommendations. 2003. Jun 5, [2004 Dec 16]. http://www.connectingforhealth.org/resources/dswg_report_6.5.03.pdf.
- 28.EHR Collaborative, authors. Home page. [2004 Dec 16]. http://www.ehrcollaborative.org/
- 29.National Health Service, United Kingdom, authors. National Programme for IT in the NHS. [2004 Dec 16]. http://www.npfit.nhs.uk/
- 30.Aspden Philip, Corrigan Janet M, Wolcott Julie, Erickson Shari M, editors. Committee on Data Standards for Patient Safety, Board on Health Care Services, Institute of Medicine, authors. Patient Safety: Achieving a New Standard for Care. Washington, DC: National Academies Press; 2004. May 10, pp. 1–28. http://www.nap.edu/catalog/10863.html. [PubMed] [Google Scholar]
- 31.National Committee on Vital and Health Statistics, authors. Report to the Secretary of the US Department of Health and Human Services on Uniform Data Standards for Patient Medical Record Information. 2000. Jul 6, [2004 Dec 16]. http://www.ncvhs.hhs.gov/hipaa000706.pdf.
- 32.National Committee on Vital and Health Statistics, authors. Recommendations for PMRI terminology standards. 2003. Nov 5, [2004 Dec 16]. http://www.ncvhs.hhs.gov/031105lt3.pdf.
- 33.National Center for Health Statistics, Centers for Disease Control and Prevention, authors. International Classification of Diseases, Ninth Revision, Clinical Modification (ICD-9-CM) [2004 Dec 16]. http://www.cdc.gov/nchs/about/otheract/icd9/abticd9.htm.
- 34.American Medical Association, authors. CPT Process - How a Code Becomes a Code. 2004. Nov 4, [2004 Dec 16]. http://www.ama-assn.org/ama/pub/category/3882.html.
- 35.National Library of Medicine, authors. Unified Medical Language System, RxNorm. 2004. Nov 2, [2004 Dec 16]. http://www.nlm.nih.gov/research/umls/rxnorm_main.html.
- 36.SNOWMED International, authors. SNOMED CT. [2004 Dec 16]. http://www.snomed.org/snomedct/index.html.
- 37.Aspden Philip, Corrigan Janet M, Wolcott Julie, Erickson Shari M, editors. Committee on Data Standards for Patient Safety, Board on Health Care Services, Institute of Medicine, authors. Patient Safety: Achieving a New Standard for Care. Washington, DC: National Academies Press; 2004. May 10, p. 438. http://www.nap.edu/catalog/10863.html. [PubMed] [Google Scholar]
- 38.PersonalMD, authors. Home page. [2004 Dec 16]. http://www.personalmd.com/
- 39.VIMSystems, authors. Vital Vault. [2002 Dec 16]. http://www.vimsystems.com/prod_vault.htm.
- 40.Schneider J H. Online personal medical records: are they reliable for acute/critical care? Crit Care Med. 2001 Aug;29(8 Suppl):N196–201. doi: 10.1097/00003246-200108001-00009. [DOI] [PubMed] [Google Scholar]
- 41.Kim Matthew I, Johnson Kevin B. Personal health records: evaluation of functionality and utility. J Am Med Inform Assoc. 2002;9(2):171–80. doi: 10.1197/jamia.M0978. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 42.Hawryluk M. Push continues for electronic health records. Bills set the foundation for action in the next Congress. American Medical News. 2004. Jun 14, [2004 Dec 16]. http://www.ama-assn.org/amednews/2004/06/14/gvsc0614.htm.
- 43.Lohr S. Health Care Technology Is a Promise Unfinanced. New York Times. 2004. Dec 3, p. C5.
- 44.Richmond R. Small Business: Doctors See Healthy Returns in Digital Records. Wall Street Journal. 2004 Dec 7;:B1. [Google Scholar]
- 45.Mandl K D, Szolovits P, Kohane I S. Public standards and patients' control: how to keep electronic medical records accessible but private. BMJ. 2001 Feb 3;322(7281):283–7. doi: 10.1136/bmj.322.7281.283. http://bmj.bmjjournals.com/cgi/content/full/322/7281/283. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 46.Terry Nicolas P. Privacy and the health information domain: properties, models and unintended results. Eur J Health Law. 2003 Sep;10(3):223–37. doi: 10.1163/157180903770847517. [DOI] [PubMed] [Google Scholar]
- 47.Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Pub.L. 104-191, Aug. 21, 1996, 110 Stat. 1936) [PubMed]
- 48.Standards for Privacy of Individually Identifiable Health Information (PIHI), Federal Register. (codified at 45 CFR §160, §164)
- 49.45 CFR. §164.502(b)(1)
- 50.45 CFR. §164.502(b)(2)
- 51.45 CFR. §164.512.
- 52.45 CFR. §164.508.
- 53.Health Insurance Reform: Security Standards, 68 Federal Register 8334. 2003. [2004 Dec 16]. (codified at 45 CFR §160, §162, §164) http://a257.g.akamaitech.net/7/257/2422/14mar20010800/edocket.access.gpo.gov/2003/03-3877.htm. [PubMed]
- 54.Office of the Health Services Commissioner, Commonwealth of Australia, authors. Victorian Health Privacy Principles extracted from the Health Records Act. 2001. [2004 Dec 16]. http://www.health.vic.gov.au/hsc/hppextract.pdf.
- 55.Office of the Federal Privacy Commissioner, Commonwealth of Australia, authors. The Commonwealth Privacy Amendment (Private Sector) Act 2000 extended the operation of the Privacy Act of 1988 to cover the private sector, including healthcare. [2004 Dec 16]. Effective from December 21, 2001 http://www.privacy.gov.au/act/privacyact/index.html.
- 56.Office of the Federal Privacy Commissioner, Commonwealth of Australia, authors. National Privacy Principles (Extracted from the Privacy Amendment (Private Sector) Act. 2000. [2004 Dec 16]. http://www.privacy.gov.au/publications/npps01.html.
- 57.Office of the Federal Privacy Commissioner, Commonwealth of Australia, authors. Guidelines on Privacy in the Private Health Sector. 2001. Nov 9, [2004 Dec 17]. http://www.privacy.gov.au/publications/hg_01.html.
- 58.Office of the Federal Privacy Commissioner, Commonwealth of Australia, authors. Guidelines on Privacy in the Private Health Sector (November 9, 2001) 2001. Nov 9, [2004 Dec 17]. Sect 1.2: Collect only necessary information http://www.privacy.gov.au/publications/hg_01.html.
- 59.Office of the Federal Privacy Commissioner, Commonwealth of Australia, authors. Guidelines on Privacy in the Private Health Sector (November 9, 2001) 2001. Nov 9, [2004 Dec 17]. Sect 2: Use and disclosure http://www.privacy.gov.au/publications/hg_01.html.
- 60.Terry Nicolas P. Prescriptions sans frontières (or how I stopped worrying about Viagra on the Web but grew concerned about the future of healthcare delivery) Yale J Health Policy Law Ethics. 2004;4(2):183–272. [PubMed] [Google Scholar]
- 61.NRS. §630.3062(1) (Nevada)
- 62.Wyo. Stat. §33-26-402 (Wyoming)
- 63.Schwarz v. Board of Regents, 89 AD2d 711, 453 NYS2d 836. (NY App Div 3d Dep't 1982)
- 64.Nieves v. Chassin, 214 AD2d 843, 625 NYS2d 344. (NY App Div 3d Dep't 1995)
- 65.42 CFR. §482.24(b)-(c)
- 66.Brown v. Hamid, 856 SW2d 51. (MO 1993)
- 67.Thomas v. United States, 660 F Supp 216, 218. (DDC 1987)
- 68.Fernando Bernard, Savelyich Boki S P, Avery Anthony J, Sheikh Aziz, Bainbridge Mike, Horsfield Pete, Teasdale Sheila. Prescribing safety features of general practice computer systems: evaluation using simulated test cases. BMJ. 2004 May 15;328(7449):1171–2. doi: 10.1136/bmj.328.7449.1171. http://bmj.bmjjournals.com/cgi/content/full/328/7449/1171.328/7449/1171 [DOI] [PMC free article] [PubMed] [Google Scholar]
- 69.Terry NP. When the “machine that goes ‘ping'” causes harm: default torts rules and technologically-mediated health care injuries. St Louis Univ Law J. 2002;46:37–59. [Google Scholar]
- 70.Terry N P. An eHealth diptych: the impact of privacy regulation on medical error and malpractice litigation. Am J Law Med. 2001;27(4):361–419. [PubMed] [Google Scholar]
- 71.The White House, authors. Transforming Health Care: The President's Health Information Technology Plan. [2004 Dec 16]. http://www.whitehouse.gov/infocus/technology/economic_policy200404/chap3.html.
- 72.Executive Order 13335 of April 27, 2004, Incentives for the Use of Health Information Technology and Establishing the Position of the National Health Information Technology Coordinator, 69 Federal Register 24059, Sect. 3. 2004. Apr 30, [2004 Dec 16]. http://a257.g.akamaitech.net/7/257/2422/14mar20010800/edocket.access.gpo.gov/2004/pdf/04-10024.pdf.
- 73.Australian Council for Safety and Quality in Health Care, authors. Open Disclosure Standard: A National Standard for Open Communication in Public and Private Hospitals, Following an Adverse Event in Health Care. 2003. Jul, [2004 Dec 16]. http://www.safetyandquality.org/articles/publications/OpenDisclosure_web.pdf.