Frequently Asked Questions for Providers
- What is health information exchange?
- What is SHARE?
- How does SHARE work?
- How is health information technology and health information exchange being funded?
- How secure are electronic health records?
- What principles of security and privacy are followed?
- Can the HIE Record be subpoenaed?
- What is the process, supporting policy and procedure for highly sensitive Protected Health Information?
- Is the hospital liable if it has access to the data in the HIE and does NOT use it for treatment?
- Are Participants required to get the patient’s signature on the opt-out form?
- Does SHARE provide an accounting of disclosures, or documentation to determine records that are viewed within the HIE?
- Does the HIE, through Surescripts, provide a "last date of fill?"
- If my clinic receives non-discreet data (for example, scanned lab reports) in our EHR, does it remain non discreet within SHARE?
Health Information Exchange (HIE) provides the capability to electronically move clinical information between disparate health care information systems to facilitate access to and retrieval of clinical data, thereby helping to provide safer, timely, efficient, effective, equitable patient-centered care.
The State Health Alliance for Records Exchange (SHARE) is Arkansas’s health information exchange. SHARE allows unaffiliated doctors and hospitals to share and access health information in a secure network.
When all parts of the Arkansas health care system use standardized electronic health records and connect those systems to SHARE, it will be possible for patients to ensure that their doctors, hospitals, clinics, insurers and pharmacies have the information they need at the time and place they need it to provide the best treatment possible.
For many providers, patient information is collected and stored the same way as it was decades ago: in bulky paper files kept in one practitioner’s office. The doctor sees a patient, jots down notes in a folder, fills out a form to order tests, and scribbles out a prescription on another piece of paper. Later, if the patient needs to see a specialist or get a prescription filled, numerous paper records must be retrieved, copied and sent. Health care providers in Arkansas are transitioning to electronic health records (EHR), with 37 percent of providers using EHRs in 2011, and marked increases in adoption every year.
But moving from a paper-based system to an electronic system for managing health information does not help the majority of patients who see more than one doctor. How can all of their treating providers have a complete picture of the patient’s health when each provider only keeps their piece of the patient’s medical information? SHARE is the answer to this problem.
Electronic health records connected through SHARE allow a patient seeing a doctor in one part of the state to share or retrieve health information from a health care provider (e.g. hospital, lab, or surgeon) in another part of the state – instantly and accurately, to ensure timely and informed delivery of care.
Arkansas received $7.9 million in funding as part of the State Health Information Cooperative Agreement Program made available through the Office of the National Coordinator for Health Information Technology (ONC). This money will cover the initial costs of planning and developing the health information exchange.
There are several other HIT-related federal stimulus grants that have been awarded to several different agencies and organizations in Arkansas for:
- Regional extension centers that help doctors make the transition from paper to electronic health records.
- Incentive payments, (based on population and Medicaid enrollment), for doctors, hospitals, and other health care providers who become meaningful users of electronic health records.
- Increased matching funds to cover states’ administrative costs for Medicaid.
- Broadband and telehealth
- Electronic health record adoption in community health centers
Traditional methods for securing medical records are regulated to lock-and-key solutions for protecting physical medical record files. Electronic health records provide a high level of accountability for use and access through enhanced security and privacy layers such as electronic access control, electronic logging of access and use, electronic auditing of access, and the ability to review individual access to data in near-real time. These enhanced security operations are in addition to and build on traditional security controls such as housing resources within physical secure locations.
Existing privacy and security requirements under HIPAA and HITECH that cover access to and use of health information apply to electronic health information as well as traditional paper documentation. SHARE utilizes technologies, policies and processes to incorporate HIPAA and HITECH requirements into the management and oversight of health information that is exchanged through SHARE.
Yes, the HIE Record may be subpoenaed. OHIT will comply with all applicable state and federal laws in making disclosures of Protected Health Information.
What is the process, supporting policy and procedure for highly sensitive Protected Health Information?
A Participant will not be liable for access, which complies with all applicable policies and regulation. The OHIT Privacy Policies 400 and 1200 state that all Participants are responsible to access, use and disclose Protected Health Information though SHARE consistent with applicable federal and state laws and regulations. Participants are all responsible for training and supervising their authorized users consistent with the Participants’ and OHIT’s Privacy Policies and the terms of the Participation Agreement.
OHIT Policies allow the Participant to determine the process by which to notify OHIT when a patient has opted out. OHIT will use the documentation supplied by the Participant for auditing purposes.
Does SHARE provide an accounting of disclosures or documentation to determine records that are viewed within the HIE?
SHARE can provide audits for accessing records through utilization reporting.
A connection to SureScripts must be in place to provide this information. SHARE is in negotiations with SureScripts for the connection in order to include the SureScripts medication requiry.
If my clinic receives non-discreet data (for example, scanned lab reports) in our EHR, does it remain non discreet within SHARE?
Yes, SHARE cannot restructure data that is concurrently not normalized. It will be viewed as a non-structured document and not as structured data.
The answer is “No.” If there is a data breach, the sending clinic would not be held responsible for the breach so long as the clinic has complied with all applicable law and policy. Only those participants and bad actors who have not complied with applicable law and policy will be held liable for any breach.