The Role of Electronic Health Records When Disaster Comes
September 28th, 2017 by CHHS RAs
By CHHS Extern Virginia Giannini
What do you do when you receive an evacuation notice? You pack your most valuable belongings, secure the property you are leaving behind and leave on your evacuation route. But like most people, you are probably missing something very valuable: your health information and records. Failure to bring these records can be critical during and after an emergency. Fortunately, some healthcare facilities are remembering for you through their use of electronic health/medical records (EHR/EMRs). In late August, Hurricane Harvey brought questions of emergency preparedness back to the forefront of national news. The healthcare industry showed significant progress in emergency preparation and implementation of EHR/EMRs.
In 2005, Hurricane Katrina demonstrated the fallibility of paper medical records and the need to move towards a modernized system. Thousands of patient medical files were lost, increasing the recovery time and difficulty for hospitals to manage patients. At that time, approximately 25% of physicians in the United States were using EHR/EMRs. Superstorm Sandy in 2012 put health records to the test again. While more hospitals and physicians in New York and New Jersey were using EHRs/EMRs than in 2005, some facilities that had transitioned lost their data centers and had inadequate back up plans. This resulted in the same loss of patient medical information as if a paper-based storage room had been flooded. The push for the healthcare sector to create an electronic infrastructure after Katrina was heard but without sufficient investment in backup generators, the sector was still unprepared for an emergency.
According to the Center for Disease Control, 86.9% of physicians in the U.S. use either an EHR or EMR system. Approximately 77.9% of those systems are certified, meaning the system meets criteria defined by the Department of Health and Human Services (DHHS). This is a drastic improvement from 2005 but reflects only those using EHR/EMRs and does not consider access to those records through either health information exchanges or backup generators.
Less than one year ago, DHHS established national emergency preparedness requirements for Medicare and Medicaid participating providers. In light of the threat potential for both natural and man-made disasters, DHHS saw fit to provide the healthcare sector with a more comprehensive plan that would better insulate patients from harm beyond the effects of the disaster. The department chose to not mandate EHR/EMRs but did outline an expectation that facilities must have the ability to preserve and protect patient records. DHHS also encouraged facilities to find a secure way to store and disseminate medical information.
It should be noted that even in a situation of full compliance with the EHR/EMR emergency preparedness requirements, the modernization of health records presents significant privacy concerns. While it is useful to have private medical information in an easily accessible cloud, there must also be a robust security network protecting that information. According to an article from Wired, EHR/EMRs are accessible to different physicians, depending on the treatment they provide you. For example, your neurologist would have access to brain scans but not to records having to do with your heart (unless previous disclosure is permitted). Under this scheme, an ER doctor would need to get permission from your primary physician to access specific cloud information. During a crisis like a hurricane, that permission is difficult to obtain and starting a new file is not ideal. In a bigger scope, protecting sensitive medical information from hackers provides another hurdle to EHR/EMRs. The transformation from paper to electronic records must be matched with a strong cybersecurity infrastructure that can encrypt and protect data from hackers.
The benefits of EHR/EMRs are clear: cloud storage, remote access during patient transfers, and backups of information. The DHHS recommendation for electronic health records is a step in the right direction but is not mandatory like the requirements of evacuation plans that hospitals must revisit regularly. Further, the electronic infrastructure is still not functioning at the level we need it to: it needs better data backups, a safe and effective way to share that information and increased security. EHR/EMRs are clearly a double-edged sword: health care wants the convenience and speed of vital information in the cloud but must also account for the risk of privacy violations and basic backup capabilities.
The healthcare response to Hurricane Harvey was an improvement in comparison to the response to Hurricane Katrina or Superstorm Sandy but there is still a long way to go. Not only does this question of increased information sharing and access need to be addressed, but we still do not have full EHR/EMR participation from healthcare providers. In fact, some of the more vulnerable states have the lowest rates of EHR/EMR participation including Louisiana and New Jersey, two states affected by some of the most devastating hurricanes in recent U.S. history. Healthcare providers are asking for the healthcare sector to move towards modern technological infrastructure and to increase funding for the development of secure health information exchanges. As healthcare organizations continue to revise and update their emergency preparedness plans, they should remember to prioritize EHR/EMRs.
Since DHHS established the new emergency response requirements for healthcare facilities, CHHS staff members have aided health agencies to provide further information on these requirements and assistance with compliance. If your organization would like more information, please contact Trudy Henson at 410-706-3531.