EHR and HIPAA – Overview
Both are essential parts of running a successful business in health care.
An electronic health record (EHR) is a digital version of a patient’s paper chart. EHRs are real-time, patient-centered records that make information available instantly and securely to authorized users. (healthit.gov)
The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA Compliance. (digitalguardian.com)
PHI is any demographic information that can be used to identify a patient. Examples include: names, dates of birth, Social Security numbers, insurance information, phone numbers, full facial photos, and health care records, to name a few examples. (compliancy-group.com)
A Short History
EHR Emerging in the 1970s
US federal government began implementing VistA (formerly known as the Decentralized Hospital Computer Program) at the Department of Veteran Affairs. A study by the Institute of Medicine (now National Academy of Medicine) began in the 1980s, and its findings recommended the use of EHRs when they were published in 1991. (readwrite.com)
The Health Insurance Portability and Accountability Act introduced in 1996
The Health Insurance Portability and Accountability Act (HIPAA) was passed on August 21, 1996, with the dual goals of making health care delivery more efficient and increasing the number of Americans with health insurance coverage. Since its implementation, healthcare organizations have been issued huge fines for non-compliance, e.g. Anthem $16 million HIPPA fine paid in 2018.
The Dilemma
Tough regulations were implemented before the applications (EHRs, etc.) grow into their best format/position in the healthcare system. The regulations made the softwares slow to upgrade/adjust themselves and prevented certain competitions.
EHRs are only an example of healthcare data regulated by HIPAA but a good one. It could have been a program like Apple Health Kit (on patients’ end) in the current era of well-designed apps like uber/gmail/amazon/instagram; but it was limited at the beginning stage and was left no time to refine itself. No wonder most parts are a vivid demonstration of tech/IT system some twenty years ago.