The VA and Health Information Technology

Like many of today’s emerging health information professionals, I am also a veteran. My interest in the Veteran Administration’s health services approach to information technology is not merely academic and professional, it is also very personal.

From the perspective of a student who is only a few classes away from a basic associate’s degree in health information technology, and still a few semesters away from my bachelor’s in Healthcare Services administration, there are many important lessons to be learned from the Veteran Administration’s testing and implementation of information technology over the last couple of decades. Though much of this technological shift has been driven by legislation and regulation, there has also been a concerted push from both medical managers and administrators within the VA who recognize the error reduction, efficiency enhancement, and customer(patient) service amplification these technologies offer. In addition to proofing many of the early theories, practices and hardware/software aspects of health information technology, they are also a leading educator/trainer in the field of Health Information Management with a 2-year HIM internship program that is garnering increasing amounts of my interest and attention!

As a (future) professional in the field of Healthcare Administration, I am intrigued by the innovations in management and technology that are in the process of renovating (on-the-fly) not only healthcare, but business in general. Due to the VA’s position as one of the largest healthcare operations on the planet, it tends to establish the trends and birth the innovations that later become the standards and established practices of legislation, regulation and SOP throughout the rest of the healthcare industry, public and private. The Office of Health Information is the department of the VA which specifically addresses issues of how the VA is testing, adopting, and training its staff and managers in information technology.

Finally, as a veteran, who has been covered by the veteran’s administration healthcare system for many years now, I am extremely interested in how information technology is improving my healthcare and my interface with the VA medical system. The most immediate differences that I, personally, am aware of in the VA’s patient interface, is the ability to track my prescriptions and appointments through a secure internet connection, and the ability to contact my health care manager and general or treating physicians via a personal message system and generally receive a reply (and when needed a referral to the appropriate clinic) within a few days.

I’m sure my blog posts will frequent VA issues in the future, as I obviously have a multi-spectrum interest in the VA’s health and informatics involvements.

What is Health Information Technology?

I had originally intended to write today's posting on the upcoming Health and Human Services department conference regarding personal health records, when I realized that it might be best to get some fundamental definitions and explanations up here so that those with less specialized understandings can follow along and participate!

HHS describes Health Information Technology as:

"...  the tangible technical aspects of a health information system, including network backbones such as the Internet in its present and future versions; the World Wide Web, wireless connections, hardware, Internet appliances, and handheld devices, as well as applications for information management, decision-support tools, communication, and transactional programs. Also involved are technical capabilities in areas such as bandwidth and latency." (http://www.healthit.hhs.gov/)

In more practical terms, HIT revolves around the modern computerized medical record and information networks that are fast becoming the back bone of healthcare services in this nation, and the federal and state regulations that oversee these records and systems. Health IT enables health care providers to manage patient care and service through the use of secure systems which allow the rapid sharing of a patient's health information between individual care providers and healthcare department/facilities. While Health IT includes the use of electronic health records (EHRs - .pdf) it also covers the integration of paper medical records into today's computerized management systems to maintain people's health information.

Early on, one of the major federal regulations to impact health records in general, but the HIT field in particular, was the Health Insurance Portability and Accountability Act of 1996, or what is most popularly known by its acronym as: "HIPAA." I have touched upon some of the HIPAA issues in my initial post and will (undoubtedly) address more in the future, but in conjunction with understanding what Health IT is all about, it is important to understand that HIPAA is one of the foundational pieces of legislation that guided the formation and distinctions that separate Health IT from more general business and corporate Information Technology concerns and issues.

Over the coming weeks, I'll mix in a few definitional and basic concept explanation posts while keeping abreast of new devlopments and happenings in the field, to help everyone keep up to speed on the issues being discussed.

HITECH Security

A new benchmark study on Patient Privacy and Data Security put out by the Ponemon Institute seems to indicate that roughly $12B dollars have been lost due to data breaches in US hospitals over the last two years alone. This is almost $1M per organization per year during the course of the study. Passed as part of the 2009 economic recovery act, the HITECH act (Health Information Technology for Economic and Clinical Health Act) was supposed to beef-up and add some real bite to HIPAA (Health Insurance Portability and Accountability Act -1996). The primary purpose of HIPAA was to assure that personal information security and privacy concerns are addressed while allowing healthcare professionals access to the flows of information necessary to insure informed quality care of the individual. Despite these efforts to establish and strengthen the federal legal statutes and enforcement, this study finds that there are still gaping holes in our information security systems in the healthcare industry.

This field benchmarking study concerns me greatly as it is looking behind the curtain at the particular industry I am working to enter. Despite much industry and state/federal regulator press releases, health information security just doesn't seem to be that big an issue for most hospitals and healthcare facilities. Few actual prosecutions for federal HIPAA violations have occurred, much less from the violations of State information security regulations (with acknowledgement that some states are seemingly stepping up notably California) and those prosecutions which have occurred are predominantly aimed at the health insurance industry rather than at hospitals. The study indicated that even many of the larger hospitals only have one or two employees who are dedicated to handling information security issues, and many these are general IT people who have had little, or no, real training in Health Information, HIPAA or the unique security issues associated with medical records and information. I feel the societal need for the skills and training I’ve acquired, unfortunately, until society recognizes that need; I’m left wondering what direction my career is taking!