Electronic health record
The examples and perspective in this article may not represent a worldwide view of the subject. (July 2015) (Learn how and when to remove this template message)
An electronic health record (EHR), or electronic medical record (EMR), is the systematized collection of patient and population electronically-stored health information in a digital format. These records can be shared across different health care settings. Records are shared through network-connected, enterprise-wide information systems or other information networks and exchanges. EHRs may include a range of data, including demographics, medical history, medication and allergies, immunization status, laboratory test results, radiology images, vital signs, personal statistics like age and weight, and billing information.
EHR systems are designed to store data accurately and to capture the state of a patient across time. It eliminates the need to track down a patient's previous paper medical records and assists in ensuring data is accurate and legible. It can reduce risk of data replication as there is only one modifiable file, which means the file is more likely up to date, and decreases risk of lost paperwork. Due to the digital information being searchable and in a single file, EMRs are more effective when extracting medical data for the examination of possible trends and long term changes in a patient. Population-based studies of medical records may also be facilitated by the widespread adoption of EHRs and EMRs.
- 1 Terminology
- 2 Comparison with paper-based records
- 3 Emergency medical services (pre-hospital care)
- 4 Technical features
- 5 Philosophical views of the EHR
- 6 Implementation, end user and patient considerations
- 7 Governance, privacy and legal issues
- 8 Contribution under UN administration and accredited organizations
- 9 Medical data breach
- 10 Technical issues
- 11 eHealth and teradiology
- 12 European Union: Directive 2011/24/EU on patients' rights in cross-border healthcare
- 13 National contexts
- 13.1 Australia
- 13.2 Austria
- 13.3 Canada
- 13.4 Denmark
- 13.5 Estonia
- 13.6 Hong Kong
- 13.7 India
- 13.8 Jordan
- 13.9 Netherlands
- 13.10 Saudi Arabia
- 13.11 Switzerland
- 13.12 United Arab Emirates
- 13.13 United Kingdom
- 13.14 United States
- 13.14.1 Usage
- 13.14.2 Legal status
- 13.14.3 Goals and objectives
- 13.14.4 Quality
- 13.14.5 Meaningful use
- 13.14.6 Barriers to adoption
- 13.14.7 Implementations
- 14 In veterinary medicine
- 15 Turing test
- 16 See also
- 17 References
- 18 External links
The terms EHR, electronic patient record (EPR) and EMR have often been used interchangeably, although differences between the models are now being defined. The electronic health record (EHR) is a more longitudinal collection of the electronic health information of individual patients or populations. The EMR, in contrast, is the patient record created by providers for specific encounters in hospitals and ambulatory environments, and which can serve as a data source for an EHR.
Comparison with paper-based records
Federal and state governments, insurance companies and other large medical institutions are heavily promoting the adoption of electronic medical records. The US Congress included a formula of both incentives (up to $44,000 per physician under Medicare, or up to $65,000 over six years under Medicaid) and penalties (i.e. decreased Medicare and Medicaid reimbursements to doctors who fail to use EMRs by 2015, for covered patients) for EMR/EHR adoption versus continued use of paper records as part of the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the, American Recovery and Reinvestment Act of 2009.
One VA study estimates its electronic medical record system may improve overall efficiency by 6% per year, and the monthly cost of an EMR may (depending on the cost of the EMR) be offset by the cost of only a few "unnecessary" tests or admissions. Jerome Groopman disputed these results, publicly asking "how such dramatic claims of cost-saving and quality improvement could be true". A 2014 survey of the American College of Physicians member sample, however, found that family practice physicians spent 48 minutes more per day when using EMRs. 90% reported that at least 1 data management function was slower after EMRs were adopted, and 64% reported that note writing took longer. A third (34%) reported that it took longer to find and review medical record data, and 32% reported that it was slower to read other clinicians' notes.
The increased portability and accessibility of electronic medical records may also increase the ease with which they can be accessed and stolen by unauthorized persons or unscrupulous users versus paper medical records, as acknowledged by the increased security requirements for electronic medical records included in the Health Information and Accessibility Act and by large-scale breaches in confidential records reported by EMR users. Concerns about security contribute to the resistance shown to their widespread adoption.[weasel words]
Handwritten paper medical records may be poorly legible, which can contribute to medical errors. Pre-printed forms, standardization of abbreviations and standards for penmanship were encouraged to improve reliability of paper medical records. Electronic records may help with the standardization of forms, terminology and data input. Digitization of forms facilitates the collection of data for epidemiology and clinical studies.
EMRs can be continuously updated (within certain legal limitations – see below). If the ability to exchange records between different EMR systems were perfected("interoperability") it would facilitate the co-ordination of health care delivery in non-affiliated health care facilities. In addition, data from an electronic system can be used anonymously for statistical reporting in matters such as quality improvement, resource management and public health communicable disease surveillance.
Emergency medical services (pre-hospital care)
Ambulance services in Australia and the United States have introduced the use of EMR systems. EMS Encounters in the United States are recorded using various platforms and vendors in compliance with the NEMSIS (National EMS Information System) standard. The benefits of electronic records in ambulances include: patient data sharing, injury/illnes prevention, better training for paramedics, review of clinical standards, better research options for pre-hospital care and design of future treatment options, data based outcome improvement, and clinical decision support.
Automated handwriting recognition of ambulance medical forms has also been successful. For example, Intermedix TripTix offers handwriting support across all elements of the NEMSIS 3.3.4 and 3.4.0 standard as well as custom forms on Windows devices. These systems allow traditionally paper-based medical documents to be converted to digital at the time of entry with substantially less cost overhead. The data can then be efficiently used for epidemiological analysis, including de-identified data at the National level.
- Digital formatting enables information to be used and shared over secure networks
- Track care (e.g. prescriptions) and outcomes (e.g. blood pressure)
- Trigger warnings and reminders
- Send and receive orders, reports, and results
- Decrease billing processing time and create more accurate billing system
Health Information Exchange
- Technical and social framework that enables information to move electronically between organizations
Using an EMR to read and write a patient's record is not only possible through a workstation but, depending on the type of system and health care settings, may also be possible through mobile devices that are handwriting capable, tablets and smartphones. Electronic Medical Records may include access to Personal Health Records (PHR) which makes individual notes from an EMR readily visible and accessible for consumers.
Some EMR systems automatically monitor clinical events, by analyzing patient data from an electronic health record to predict, detect and potentially prevent adverse events. This can include discharge/transfer orders, pharmacy orders, radiology results, laboratory results and any other data from ancillary services or provider notes. This type of event monitoring has been implemented using the Louisiana Public health information exchange linking state wide public health with electronic medical records. This system alerted medical providers when a patient with HIV/AIDS had not received care in over twelve months. This system greatly reduced the number of missed critical opportunities.
Philosophical views of the EHR
Within a meta-narrative systematic review of research in the field, there exist a number of different philosophical approaches to the EHR. The health information systems literature has seen the EHR as a container holding information about the patient, and a tool for aggregating clinical data for secondary uses (billing, audit etc.). However, other research traditions see the EHR as a contextualised artifact within a socio-technical system. For example, actor-network theory would see the EHR as an actant in a network, while research in computer supported cooperative work (CSCW) sees the EHR as a tool supporting particular work.
Several possible advantages to EHRs over paper records have been proposed, but there is debate about the degree to which these are achieved in practice.
Implementation, end user and patient considerations
Several studies call into question whether EHRs improve the quality of care. One 2011 study in diabetes care, published in the New England Journal of Medicine, found evidence that practices with EHR provided better quality care.
EMRs may eventually help improve care coordination. An article in a trade journal suggests that since anyone using an EMR can view the patient's full chart, it cuts down on guessing histories, seeing multiple specialists, smooths transitions between care settings, and may allow better care in emergency situations. EHRs may also improve prevention by providing doctors and patients better access to test results, identifying missing patient information, and offering evidence-based recommendations for preventive services.
The steep price of EHR and provider uncertainty regarding the value they will derive from adoption in the form of return on investment has a significant influence on EHR adoption. In a project initiated by the Office of the National Coordinator for Health Information (ONC), surveyors found that hospital administrators and physicians who had adopted EHR noted that any gains in efficiency were offset by reduced productivity as the technology was implemented, as well as the need to increase information technology staff to maintain the system.
The U.S. Congressional Budget Office concluded that the cost savings may occur only in large integrated institutions like Kaiser Permanente, and not in small physician offices. They challenged the Rand Corporation's estimates of savings. "Office-based physicians in particular may see no benefit if they purchase such a product—and may even suffer financial harm. Even though the use of health IT could generate cost savings for the health system at large that might offset the EHR's cost, many physicians might not be able to reduce their office expenses or increase their revenue sufficiently to pay for it. For example, the use of health IT could reduce the number of duplicated diagnostic tests. However, that improvement in efficiency would be unlikely to increase the income of many physicians." One CEO of an EHR company has argued if a physician performs tests in the office, it might reduce his or her income.
The implementation of EMR can potentially decrease identification time of patients upon hospital admission. A research from the Annals of Internal Medicine showed that since the adoption of EMR a relative decrease in time by 65% has been recorded (from 130 to 46 hours).
Software quality and usability deficiencies
The Healthcare Information and Management Systems Society (HIMSS), a very large U.S. healthcare IT industry trade group, observed in 2009 that EHR adoption rates "have been slower than expected in the United States, especially in comparison to other industry sectors and other developed countries. A key reason, aside from initial costs and lost productivity during EMR implementation, is lack of efficiency and usability of EMRs currently available." The U.S. National Institute of Standards and Technology of the Department of Commerce studied usability in 2011 and lists a number of specific issues that have been reported by health care workers. The U.S. military's EHR, AHLTA, was reported to have significant usability issues. It was observed that the efforts to improve EHR usability should be placed in the context of physician-patient communication.
However, physicians are embracing mobile technologies such as smartphones and tablets at a rapid pace. According to a 2012 survey by Physicians Practice, 62.6 percent of respondents (1,369 physicians, practice managers, and other healthcare providers) say they use mobile devices in the performance of their job. Mobile devices are increasingly able to sync up with electronic health record systems thus allowing physicians to access patient records from remote locations. Most devices are extensions of desk-top EHR systems, using a variety of software to communicate and access files remotely. The advantages of instant access to patient records at any time and any place are clear, but bring a host of security concerns. As mobile systems become more prevalent, practices will need comprehensive policies that govern security measures and patient privacy regulations.
Hardware and workflow considerations
When a health facility has documented their workflow and chosen their software solution they must then consider the hardware and supporting device infrastructure for the end users. Staff and patients will need to engage with various devices throughout a patient's stay and charting workflow. Computers, laptops, all-in-one computers, tablets, mouse, keyboards and monitors are all hardware devices that may be utilized. Other considerations will include supporting work surfaces and equipment, wall desks or articulating arms for end users to work on. Another important factor is how all these devices will be physically secured and how they will be charged that staff can always utilize the devices for EHR charting when needed.
The success of eHealth interventions is largely dependent on the ability of the adopter to fully understand workflow and anticipate potential clinical processes prior to implementations. Failure to do so can create costly and time-consuming interruptions to service delivery.
A 2008 Sentinel Event Alert from the U.S. Joint Commission, the organization that accredits American hospitals to provide healthcare services, states that "As health information technology (HIT) and 'converging technologies'—the interrelationship between medical devices and HIT—are increasingly adopted by health care organizations, users must be mindful of the safety risks and preventable adverse events that these implementations can create or perpetuate. Technology-related adverse events can be associated with all components of a comprehensive technology system and may involve errors of either commission or omission. These unintended adverse events typically stem from human-machine interfaces or organization/system design." The Joint Commission cites as an example the United States Pharmacopeia MEDMARX database where of 176,409 medication error records for 2006, approximately 25 percent (43,372) involved some aspect of computer technology as at least one cause of the error.
The National Health Service (NHS) in the UK reports specific examples of potential and actual EHR-caused unintended consequences in their 2009 document on the management of clinical risk relating to the deployment and use of health software.
In a February 2010 US Food and Drug Administration (FDA) memorandum, FDA notes EHR unintended consequences include EHR-related medical errors due to (1) errors of commission (EOC), (2) errors of omission or transmission (EOT), (3) errors in data analysis (EDA), and (4) incompatibility between multi-vendor software applications or systems (ISMA) and cites examples. In the memo FDA also notes the "absence of mandatory reporting enforcement of H-IT safety issues limits the numbers of medical device reports (MDRs) and impedes a more comprehensive understanding of the actual problems and implications."
A 2010 Board Position Paper by the American Medical Informatics Association (AMIA) contains recommendations on EHR-related patient safety, transparency, ethics education for purchasers and users, adoption of best practices, and re-examination of regulation of electronic health applications. Beyond concrete issues such as conflicts of interest and privacy concerns, questions have been raised about the ways in which the physician-patient relationship would be affected by an electronic intermediary.
EHRs are intrinsically detrimental to physician productivity, whether the data are entered during the encounter or at some time thereafter. The only way to counter this negative consequence seems to be to deploy a scribe, onsite or remotely. That way the physician can focus on the patient and on analyzing the information evolving during the encounter, not on data entry, leading to higher quality and more efficient care.
Privacy and confidentiality
In the United States in 2011 there were 380 major data breaches involving 500 or more patients' records listed on the website kept by the United States Department of Health and Human Services (HHS) Office for Civil Rights. So far, from the first wall postings in September 2009 through the latest on 8 December 2012, there have been 18,059,831 "individuals affected," and even that massive number is an undercount of the breach problem. The civil rights office has not released the records of tens of thousands of breaches it has received under a federal reporting mandate on breaches affecting fewer than 500 patients per incident.
Governance, privacy and legal issues
In the United States, Great Britain (Teeth), and Germany, the concept of a national centralized server model of healthcare data has been poorly received. Issues of privacy and security in such a model have been of concern.
Privacy concerns in healthcare apply to both paper and electronic records. According to the Los Angeles Times, roughly 150 people (from doctors and nurses to technicians and billing clerks) have access to at least part of a patient's records during a hospitalization, and 600,000 payers, providers and other entities that handle providers' billing data have some access also. Recent revelations of "secure" data breaches at centralized data repositories, in banking and other financial institutions, in the retail industry, and from government databases, have caused concern about storing electronic medical records in a central location. Records that are exchanged over the Internet are subject to the same security concerns as any other type of data transaction over the Internet.
The Health Insurance Portability and Accountability Act (HIPAA) was passed in the US in 1996 to establish rules for access, authentications, storage and auditing, and transmittal of electronic medical records. This standard made restrictions for electronic records more stringent than those for paper records. However, there are concerns as to the adequacy of these standards.
In the United States, information in electronic medical records is referred to as Protected Health Information (PHI) and its management is addressed under the Health Insurance Portability and Accountability Act (HIPAA) as well as many local laws. The HIPAA protects a patient's information; the information that is protected under this act are: information doctors and nurses input into the electronic medical record, conversations between a doctor and a patient that may have been recorded, as well as billing information. Under this act there is a limit as to how much information can be disclosed, and as well as who can see a patient's information. Patients also get to have a copy of their records if they desire, and get notified if their information is ever to be shared with third parties. Covered entities may disclose protected health information to law enforcement officials for law enforcement purposes as required by law (including court orders, court-ordered warrants, subpoenas) and administrative requests; or to identify or locate a suspect, fugitive, material witness, or missing person.
Medical and health care providers experienced 767 security breaches resulting in the compromised confidential health information of 23,625,933 patients during the period of 2006–2012.
In the European Union (EU), a new directly binding instrument, a regulation of the European Parliament and of the Council, was passed in 2016 to go into effect in 2018 to protect the processing of personal data, including that for purposes of health care, the General Data Protection Regulation.
Threats to health care information can be categorized under three headings:
- Human threats, such as employees or hackers
- Natural and environmental threats, such as earthquakes, hurricanes and fires.
- Technology failures, such as a system crashing
These threats can either be internal, external, intentional and unintentional. Therefore, one will find health information systems professionals having these particular threats in mind when discussing ways to protect the health information of patients. It has been found that there is a lack of security awareness among health care professionals in countries such as Spain. The Health Insurance Portability and Accountability Act (HIPAA) has developed a framework to mitigate the harm of these threats that is comprehensive but not so specific as to limit the options of healthcare professionals who may have access to different technology.
Personal Information Protection and Electronic Documents Act (PIPEDA) was given Royal Assent in Canada on 13 April 2000 to establish rules on the use, disclosure and collection of personal information. The personal information includes both non-digital and electronic form. In 2002, PIPEDA extended to the health sector in Stage 2 of the law's implementation. There are four provinces where this law does not apply because its privacy law was considered similar to PIPEDA: Alberta, British Columbia, Ontario and Quebec.
One major issue that has risen on the privacy of the US network for electronic health records is the strategy to secure the privacy of patients. Former US president George W. Bush called for the creation of networks, but federal investigators report that there is no clear strategy to protect the privacy of patients as the promotions of the electronic medical records expands throughout the United States. In 2007, the Government Accountability Office reports that there is a "jumble of studies and vague policy statements but no overall strategy to ensure that privacy protections would be built into computer networks linking insurers, doctors, hospitals and other health care providers."
The privacy threat posed by the interoperability of a national network is a key concern. One of the most vocal critics of EMRs, New York University Professor Jacob M. Appel, has claimed that the number of people who will need to have access to such a truly interoperable national system, which he estimates to be 12 million, will inevitable lead to breaches of privacy on a massive scale. Appel has written that while "hospitals keep careful tabs on who accesses the charts of VIP patients," they are powerless to act against "a meddlesome pharmacist in Alaska" who "looks up the urine toxicology on his daughter's fiance in Florida, to check if the fellow has a cocaine habit." This is a significant barrier for the adoption of an EHR. Accountability among all the parties that are involved in the processing of electronic transactions including the patient, physician office staff, and insurance companies, is the key to successful advancement of the EHR in the US Supporters of EHRs have argued that there needs to be a fundamental shift in "attitudes, awareness, habits, and capabilities in the areas of privacy and security" of individual's health records if adoption of an EHR is to occur.
According to the Wall Street Journal, the DHHS takes no action on complaints under HIPAA, and medical records are disclosed under court orders in legal actions such as claims arising from automobile accidents. HIPAA has special restrictions on psychotherapy records, but psychotherapy records can also be disclosed without the client's knowledge or permission, according to the Journal. For example, Patricia Galvin, a lawyer in San Francisco, saw a psychologist at Stanford Hospital & Clinics after her fiance committed suicide. Her therapist had assured her that her records would be confidential. But after she applied for disability benefits, Stanford gave the insurer her therapy notes, and the insurer denied her benefits based on what Galvin claims was a misinterpretation of the notes.
Within the private sector, many companies are moving forward in the development, establishment and implementation of medical record banks and health information exchange. By law, companies are required to follow all HIPAA standards and adopt the same information-handling practices that have been in effect for the federal government for years. This includes two ideas, standardized formatting of data electronically exchanged and federalization of security and privacy practices among the private sector. Private companies have promised to have "stringent privacy policies and procedures." If protection and security are not part of the systems developed, people will not trust the technology nor will they participate in it. There is also debate over ownership of data, where private companies tend to value and protect data rights, but the patients referenced in these records may not have knowledge that their information is being used for commercial purposes.
In 2018, Social Indicators Research published the scientific evidence of 173,398,820 (over 173 million) individuals affected in USA from October 2008 (when the data were collected) to September 2017 (when the statistical analysis took place).
Legal liability in all aspects of healthcare was an increasing problem in the 1990s and 2000s. The surge in the per capita number of attorneys and changes in the tort system caused an increase in the cost of every aspect of healthcare, and healthcare technology was no exception.
Failure or damages caused during installation or utilization of an EHR system has been feared as a threat in lawsuits. Similarly, it's important to recognize that the implementation of electronic health records carries with it significant legal risks.
This liability concern was of special concern for small EHR system makers. Some smaller companies may be forced to abandon markets based on the regional liability climate.[unreliable source] Larger EHR providers (or government-sponsored providers of EHRs) are better able to withstand legal assaults.
While there is no argument that electronic documentation of patient visits and data brings improved patient care, there is increasing concern that such documentation could open physicians to an increased incidence of malpractice suits. Disabling physician alerts, selecting from dropdown menus, and the use of templates can encourage physicians to skip a complete review of past patient history and medications, and thus miss important data.
Another potential problem is electronic time stamps. Many physicians are unaware that EHR systems produce an electronic time stamp every time the patient record is updated. If a malpractice claim goes to court, through the process of discovery, the prosecution can request a detailed record of all entries made in a patient's electronic record. Waiting to chart patient notes until the end of the day and making addendums to records well after the patient visit can be problematic, in that this practice could result in less than accurate patient data or indicate possible intent to illegally alter the patient's record.
In some communities, hospitals attempt to standardize EHR systems by providing discounted versions of the hospital's software to local healthcare providers. A challenge to this practice has been raised as being a violation of Stark rules that prohibit hospitals from preferentially assisting community healthcare providers. In 2006, however, exceptions to the Stark rule were enacted to allow hospitals to furnish software and training to community providers, mostly removing this legal obstacle.[unreliable source]
In cross-border use cases of EHR implementations, the additional issue of legal interoperability arises. Different countries may have diverging legal requirements for the content or usage of electronic health records, which can require radical changes to the technical makeup of the EHR implementation in question. (especially when fundamental legal incompatibilities are involved) Exploring these issues is therefore often necessary when implementing cross-border EHR solutions.
In the United States, reimbursement for many healthcare services is based upon the extent to which specific work by healthcare providers is documented in the patient's medical record. Enforcement authorities in the United States have become concerned that functionality available in many electronic health records, especially copy-and-paste, may enable fraudulent claims for reimbursement. The authorities are concerned that healthcare providers may easily use these systems to create documentation of medical care that did not actually occur. These concerns came to the forefront in 2012, in a joint letter from the U.S. Departments of Justice and Health and Human Services to the American hospital community. The American Hospital Association responded, focusing on the need for clear guidance from the government regarding permissible and prohibited conduct using electronic health records. In a December 2013 audit report, the U.S. HHS Office of the Inspector General (OIG) issued an audit report reiterating that vulnerabilities continue to exist in the operation of electronic health records. The OIG's 2014 Workplan indicates an enhanced focus on providers' use of electronic health records.
Contribution under UN administration and accredited organizations
The United Nations World Health Organization (WHO) administration intentionally does not contribute to an internationally standardized view of medical records nor to personal health records. However, WHO contributes to minimum requirements definition for developing countries.
The United Nations accredited standardisation body International Organization for Standardization (ISO) however has settled thorough word[clarification needed] for standards in the scope of the HL7 platform for health care informatics. Respective standards are available with ISO/HL7 10781:2009 Electronic Health Record-System Functional Model, Release 1.1 and subsequent set of detailing standards.
Medical data breach
The examples and perspective in this section deal primarily with the United States and Europe and do not represent a worldwide view of the subject. (June 2014) (Learn how and when to remove this template message)
The Security Rule, according to Health and Human Services (HHS), establishes a security framework for small practices as well as large institutions. All covered entities must have a written security plan. The HHS identifies three components as necessary for the security plan: administrative safeguards, physical safeguards, and technical safeguards.
However, medical and healthcare providers have experienced 767 security breaches resulting in the compromised confidential health information of 23,625,933 patients during the period of 2006–2012.
The majority of the countries in Europe have made a strategy for the development and implementation of the Electronic Health Record Systems. This would mean greater access to health records by numerous stakeholders, even from countries with lower levels of privacy protection. The forthcoming implementation of the Cross Border Health Directive and the EU Commission's plans to centralize all health records are of prime concern to the EU public who believe that the health care organizations and governments cannot be trusted to manage their data electronically and expose them to more threats.
The idea of a centralized electronic health record system has been poorly received by the public who are wary that the governments may extend the use of the system beyond its purpose. There is also the risk for privacy breaches that could allow sensitive health care information to fall into the wrong hands. Some countries have enacted laws requiring safeguards to be put in place to protect the security and confidentiality of medical information as it is shared electronically and to give patients some important rights to monitor their medical records and receive notification for loss and unauthorized acquisition of health information. The United States and the EU have imposed mandatory medical data breach notifications.
The Health Insurance Portability and Accessibility Act (HIPAA) requires safeguards to limit the number of people who have access to personal information. However, given the number of people who may have access to your information as part of the operations and business of the health care provider or plan, there is no realistic way to estimate the number of people who may come across your records.
Additionally, law enforcement access is authorized under HIPAA. In some cases, medical information may be disclosed without a warrant or court order.
The purpose of a personal data breach notification is to protect individuals so that they can take all the necessary actions to limit the undesirable effects of the breach and to motivate the organization to improve the security of the infrastructure to protect the confidentiality of the data. The US law requires the entities to inform the individuals in the event of breach while the EU Directive currently requires breach notification only when the breach is likely to adversely affect the privacy of the individual. Personal health data is valuable to individuals and is therefore difficult to make an assessment whether the breach will cause reputational or financial harm or cause adverse effects on one's privacy.
The Security Rule that was adopted in 2005 did not require breach notification. However, notice might be required by state laws that apply to a variety of industries, including health care providers. In California, a law has been in place since 2003 requiring that a HIPAA covered organization's breach could have triggered a notice even though notice was not required by the HIPAA Security Rule. Since 1 January 2009, California residents are required to receive notice of a health information breach.
Federal law and regulations now provide rights to notice of a breach of health information. The Health Information Technology for Economic and Clinical Health (HITECH) Act requires HHS and the Federal Trade Commission (FTC) to jointly study and report on privacy and data security of personal health information. HITECH also requires the agencies to issue breach notification rules that apply to HIPAA covered entities and Web-based vendors that store health information electronically. The FTC has adopted rules regarding breach notification for internet-based vendors.
The Breach notification law in the EU provides better privacy safeguards with fewer exemptions, unlike the US law which exempts unintentional acquisition, access, or use of protected health information and inadvertent disclosure under a good faith belief.
- ASC X12 (EDI) – transaction protocols used for transmitting patient data. Popular in the United States for transmission of billing data.
- CEN's TC/251 provides EHR standards in Europe including:
- Continuity of Care Record – ASTM International Continuity of Care Record standard
- DICOM – an international communications protocol standard for representing and transmitting radiology (and other) image-based data, sponsored by NEMA (National Electrical Manufacturers Association)
- HL7 – a standardized messaging and text communications protocol between hospital and physician record systems, and between practice management systems
- Fast Healthcare Interoperability Resources (FHIR) – a modernized proposal from HL7 designed to provide open, granular access to medical information
- ISO – ISO TC 215 provides international technical specifications for EHRs. ISO 18308 describes EHR architectures
- xDT – a family of data exchange formats for medical purposes that is used in the German public health system.
The U.S. federal government has issued new rules of electronic health records.
- openEHR: an open community developed specification for a shared health record with web-based content developed online by experts. Strong multilingual capability.
- Virtual Medical Record: HL7's proposed model for interfacing with clinical decision support systems.
- SMART (Substitutable Medical Apps, reusable technologies): an open platform specification to provide a standard base for healthcare applications.
Each healthcare environment functions differently, often in significant ways. It is difficult to create a "one-size-fits-all" EHR system. Many first generation EHRs were designed to fit the needs of primary care physicians, leaving certain specialties significantly less satisfied with their EHR system.
An ideal EHR system will have record standardization but interfaces that can be customized to each provider environment. Modularity in an EHR system facilitates this. Many EHR companies employ vendors to provide customization.
This customization can often be done so that a physician's input interface closely mimics previously utilized paper forms.
At the same time they reported negative effects in communication, increased overtime, and missing records when a non-customized EMR system was utilized. Customizing the software when it is released yields the highest benefits because it is adapted for the users and tailored to workflows specific to the institution.
Customization can have its disadvantages. There is, of course, higher costs involved to implementation of a customized system initially. More time must be spent by both the implementation team and the healthcare provider to understand the workflow needs.
Long-term preservation and storage of records
An important consideration in the process of developing electronic health records is to plan for the long-term preservation and storage of these records. The field will need to come to consensus on the length of time to store EHRs, methods to ensure the future accessibility and compatibility of archived data with yet-to-be developed retrieval systems, and how to ensure the physical and virtual security of the archives.
Additionally, considerations about long-term storage of electronic health records are complicated by the possibility that the records might one day be used longitudinally and integrated across sites of care. Records have the potential to be created, used, edited, and viewed by multiple independent entities. These entities include, but are not limited to, primary care physicians, hospitals, insurance companies, and patients. Mandl et al. have noted that "choices about the structure and ownership of these records will have profound impact on the accessibility and privacy of patient information."
The required length of storage of an individual electronic health record will depend on national and state regulations, which are subject to change over time. Ruotsalainen and Manning have found that the typical preservation time of patient data varies between 20 and 100 years. In one example of how an EHR archive might function, their research "describes a co-operative trusted notary archive (TNA) which receives health data from different EHR-systems, stores data together with associated meta-information for long periods and distributes EHR-data objects. TNA can store objects in XML-format and prove the integrity of stored data with the help of event records, timestamps and archive e-signatures."
In addition to the TNA archive described by Ruotsalainen and Manning, other combinations of EHR systems and archive systems are possible. Again, overall requirements for the design and security of the system and its archive will vary and must function under ethical and legal principles specific to the time and place.
While it is currently unknown precisely how long EHRs will be preserved, it is certain that length of time will exceed the average shelf-life of paper records. The evolution of technology is such that the programs and systems used to input information will likely not be available to a user who desires to examine archived data. One proposed solution to the challenge of long-term accessibility and usability of data by future systems is to standardize information fields in a time-invariant way, such as with XML language. Olhede and Peterson report that "the basic XML-format has undergone preliminary testing in Europe by a Spri project and been found suitable for EU purposes. Spri has advised the Swedish National Board of Health and Welfare and the Swedish National Archive to issue directives concerning the use of XML as the archive-format for EHCR (Electronic Health Care Record) information."
Synchronization of records
When care is provided at two different facilities, it may be difficult to update records at both locations in a co-ordinated fashion.
Synchronization programs for distributed storage models, however, are only useful once record standardization has occurred.
Merging of already existing public healthcare databases is a common software challenge. The ability of electronic health record systems to provide this function is a key benefit and can improve healthcare delivery.
eHealth and teradiology
The sharing of patient information between health care organizations and IT systems is changing from a "point to point" model to a "many to many" one. The European Commission is supporting moves to facilitate cross-border interoperability of e-health systems and to remove potential legal hurdles, as in the project www.epsos.eu/. To allow for global shared workflow, studies will be locked when they are being read and then unlocked and updated once reading is complete. Radiologists will be able to serve multiple health care facilities and read and report across large geographical areas, thus balancing workloads. The biggest challenges will relate to interoperability and legal clarity. In some countries it is almost forbidden to practice teleradiology. The variety of languages spoken is a problem and multilingual reporting templates for all anatomical regions are not yet available. However, the market for e-health and teleradiology is evolving more rapidly than any laws or regulations.
European Union: Directive 2011/24/EU on patients' rights in cross-border healthcare
The European Commission wants to boost the digital economy by enabling all Europeans to have access to online medical records anywhere in Europe by 2020. With the newly enacted Directive 2011/24/EU on patients' rights in cross-border healthcare due for implementation by 2013, it is inevitable that a centralised European health record system will become a reality even before 2020. However, the concept of a centralised supranational central server raises concern about storing electronic medical records in a central location. The privacy threat posed by a supranational network is a key concern. Cross-border and Interoperable electronic health record systems make confidential data more easily and rapidly accessible to a wider audience and increase the risk that personal data concerning health could be accidentally exposed or easily distributed to unauthorised parties by enabling greater access to a compilation of the personal data concerning health, from different sources, and throughout a lifetime.
The Australian Government has a policy to development a lifetime electronic health record for all its citizens. PCEHR—the Personally Controlled Electronic Health Record—is the major national EHR initiative in Australia, being delivered through territory, state, and federal governments. This electronic health record was initially deployed in July 2012, and is under active development and extension. It is now called "My Health Record".
MediConnect is an earlier program that provides an electronic medication record to keep track of patient prescriptions and provide stakeholders with drug alerts to avoid errors in prescribing.
Within Australia, there is a not-for-profit organisation called Standards Australia, which has created an electronic health website relating to information not only about Australia and what is currently going on about EHRs but also globally. There is a large number of key stakeholders that contribute to the process of integrating EHRs within Australia, they range from each States Departments of Health to Universities around Australia and National E-Health Transition Authority to name a few.The name of PCEHR has changed to My Health Record since 2015 with opt-out model. Australian government budgeted around $485million for this system which potentially could save nearly 5,000 lives per year when functional state.
Security and privacy concerns have been raised. Originally, participation of the system was to opt-in by each person giving consent, however due to low participation rates, participation without consent become the default option and each person must opt-out to be excluded from the system. Each person has three months, or until October 2018 to opt-out. There are 13,000 health providers involved from specialists and general practice doctors to pharmacies. Incidents of scamming, phishing and website security breach have occurred. As of July 2018 the My Health Records development budget is estimated to be AU$2 billion.
In December 2012 Austria introduced an Electronic Health Records Act (EHR-Act). These provisions are the legal foundation for a national EHR system based upon a substantial public interest according to Art 8(4) of the Data Protection Directive 95/46/EC. In compliance to the Data Protection Directive (DPD) national electronic health records could be based upon explicit consent (Art 8(2)(a) DPD), the necessity for healthcare purposes (Art 8(3) DPD) or substantial public interests (Art 8(4) DPD).
The Austrian EHR-Act pursues an opt-out approach in order to harmonize the interests of public health and privacy in the best possible manner.
The 4th Part of the Austrian Health Telematics Act 2012 (HTA 2012) – these are the EHR provisions – are one of the most detailed data protection rules within Austrian legislation. Numerous safeguards according to Art 8(4) DPD guarantee a high level of data protection. For example:
- personal health data needs to be encrypted prior to transmission (§ 6 HTA 2012), or
- strict rules on data usage allow personal health data only to be used for treatment purposes or exercising patients' rights (§ 14 HTA 2012), or
- patients may declare their right to opt out from the national EHR at any time (§ 15 HTA 2012), or
- the implementation of an EHR-Ombudsman, to support the patients in exercising their rights (§ 17 HTA 2012), or
- the Access Control Center provides EHR-participants with full control over their data (§ 21 HTA 2012), or
- judicial penalties for privacy breaches (Art 7 of the EHR-Act).
Canadian provinces have launched a number of EHR projects and there are ongoing discussions about interoperability.
Denmark does not have nationwide EHR. It is mandatory for primary care practices and hospitals to use EHRs. The Danish Health Data Network (Medcom) acts as a data integrator to ensure interoperability. Unfortunately, non-interoperability is an issue despite the high adoption rate. The five regions are attempting to address this problem by each setting up their own electronic health record systems for public hospitals. However, all patient data will still be registered in the national e-journal.
Estonia is the first country in the world that has implemented a nationwide EHR system, registering virtually all residents' medical history from birth to death. It was launched on 17 December 2008.
Estonia used its existing digital public service software known as X-Road to create the EHR network. Estonia’s system was overseen by the Ministry of Social Affairs until the creation of the Estonian e-Health Foundation. Since its implementation, 95% of health data has been digitized. Citizens that participate in the program are given an individual card that is used to access their records, like a national identification.
The cost of this system has been €7.50 per person at the time of creation. Costs can stay low due to Estonia’s small population. The system is still too small to create proper diagnosis and track national statistics according to the National Audit Office.
Along with e-Health records, Estonia has also created a e-Prescription service. It allows doctors to create an electronic prescription that is then added to a patient’s health card and accessed at a pharmacy to receive the medicine they may require. Now 97% of prescriptions are digital in Estonia.
The Electronic Health Record Sharing System is a government-led, opt-in and free of charge program launched since Mar 2016 for sharing of health records of citizens in both public and private healthcare sectors in Hong Kong. The operation of the system and uses of data in the system are governed by the existing and a specific Electronic Health Record Sharing System Ordinance  including allergies, adverse drug reactions, diagnosis, procedures, medications, appointments, clinical note, birth records, immunization, laboratory and radiological reports...etc. in standardized format are shared among healthcare providers for providing healthcare with the citizens' expressed consent and under the need-to-know principle. Records can be shared among public and private sectors; hospitals and clinics; specialists and GPs across institutional boundaries. eHRSS aims to facilitate high quality of healthcare and new models of care delivery and it serves an important tool to support the Public and Private Partnership Programs and Healthcare Reform in Hong Kong.
The Government of India, while unveiling of National Health Portal, has come out with guidelines for E.H.R standards in India. The document recommends set of standards to be followed by different healthcare service providers in India, so that medical data becomes portable and easily transferable.
India is considering to set up a National eHealth Authority (NeHA) for standardisation, storage and exchange of electronic health records of patients as part of the government's Digital India programme. The authority, to be set up by an Act of Parliament will work on the integration of multiple health IT systems in a way that ensures security, confidentiality and privacy of patient data. A centralised electronic health record repository of all citizens which is the ultimate goal of the authority will ensure that the health history and status of all patients would always be available to all health institutions. Union Health Ministry has circulated a concept note for the setting up of NeHa, inviting comments from stakeholders.
In 2009, the Jordanian Government made a strategic decision to address quality and cost challenges in their healthcare system by investing in an effective, national e-health infrastructure. Following a period of detailed consultation and investigation, Jordan adopted the electronic health record system of the US Veterans Health Administration VistA EHR because it was a proven, national-scale enterprise system capable of scaling to hundreds of hospitals and millions of patients.  In 2010 three of the country's largest hospitals went live with VistA EHR. It is anticipated that all further hospital deployments based on this 'gold' version will require less than 20% effort and cost of the original hospitals, enabling rapid national coverage. The implementation of VistA EHR was estimated at 75% less cost than proprietary products, with the greatest savings related to reduced costs of configuration, customization, implementation and support. When completed, Jordan will be the largest country in the world with a single, comprehensive, national electronic health care delivery network to care for the country's entire population in a single electronic network of over 850 hospitals and clinics.
The vast majority of GP's and all pharmacies and hospitals use EHR's. In hospitals, computerized order management and medical imaging systems (PACS) are widely accepted. Whereas healthcare institutions continue to upgrade their EHR's functionalities, the national infrastructure is still far from being generally accepted.
In 2012 the national EHR restarted under the joined ownership of GPs, pharmacies and hospitals. A major change is that, as of January 2013, patients have to give their explicit permission that their data may be exchanged over the national infrastructure. The national EHR is a virtual EHR and is a reference server which "knows" in which local EHR what kind of patient record is stored. EDIFACT still is the most common way to exchange patient information electronically between hospitals and GP's.
In 2007, the Swiss Federal Government approved a national strategy for adoption of e-health. A central element of this strategy is a nationwide EHR. Following the federal tradition of Switzerland, it is planned that the nationwide EHR infrastructure will be implemented in a decentralized way, i.e. using an access and control mechanism for federating existing records. In order to govern legal and financial aspects of the future nationwide EHR implementation, a bill was passed by the Swiss Federal Government in 2013, but left open questions regarding mandatory application. Besides the current discussions about a nation-wide implementation, EHR are widely used in both private and public healthcare organizations.
United Arab Emirates
Abu Dhabi is leading the way in using national EHR data as a live longitudinal cohort in the assessment of risk of cardiovascular disease.
In 2005 the National Health Service (NHS) in the United Kingdom began deployment of EHR systems in NHS Trusts. The goal was to have all patients with a centralized electronic health record by 2010. Lorenzo patient record systems were adopted in a number of NHS trusts While many hospitals acquired electronic patient records systems in this process, there was no national healthcare information exchange. Ultimately, the program was dismantled after a cost to the UK taxpayer was over $24 Billion (12 Billion GPB), and is considered one of the most expensive healthcare IT failures. The UK Government is now considered open-source healthcare platform from the United States Veterans Affairs following on the success of the VistA EHR deployment in Jordan.
In November 2013 NHS England launched a clinical digital maturity index to measure the digital maturity of NHS providers but 40% of NHS managers surveyed by the Health Service Journal did not know their ranking, and the same proportion said improving their ranking was of low or very low priority.
Electronic palliative care coordination systems have been developed by Marie Curie Cancer Care and the Royal College of General Practitioners which mean that terminally ill patients no longer have to explain their circumstances afresh to every new professional they meet and are less likely to be inappropriately taken to hospital.
Personalised Health and Care 2020
The publication of Personalised Health and Care 2020 by the Department of Health elaborated a new attempt to integrate patient records. Its stated ambition is that every citizen will be able securely to access their health records online by 2018 and make real time data available to paramedics, doctors and nurses. A real time record across health and social care is seen as the key to the provision of integrated care.
GP2GP is an NHS Connecting for Health project in the United Kingdom. It enables GPs to transfer a patient's electronic medical record to another practice when the patient moves onto the list. In General Practice in the UK the medical record has been computerized for many years, in fact the UK is probably one of the world leaders in this field. There are very few General Practices in the UK which are not computerized. Unlike the USA GP's have not had to deal with billing and have been able to concentrate on clinical care. The GP record is separate from the national Care Record and contains far more data. Shaun O'Hanlon, EMIS's Chief Clinical Officer says that the legal framework around data sharing is the main problem in integrating patient data because the Data Protection Act 1998 puts responsibilities on GPs to protect the confidentiality of patient data, but at the same time they have a "duty to share" when it is in the best interests of the patient. He says the quickest, easiest route to large scale record sharing is to put patients in the driving seat using smartphone technology. He quotes a YouGov poll which found that 85% of the population wanted any medical professional directly responsible for their treatment to have secure electronic access to key data from their GP record, such as long term conditions, medication history or allergies.
Clinical IT suppliers are moving towards greater interoperability, already achieved with the GP2GP project allowing different systems to exchange complete medical records between practices. There are projects allowing access between hospitals & GP practices. The main Primary Care systems are EMIS Health, SystmOne, iSOFT, and INPS Vision. The NHS in Scotland widely used GPASS until 2012. From April 2014 practices are contractually required to promote and offer patients the opportunity to book appointments online, order repeat prescriptions online and provide online patient record access.
The assistant coroner for inner north London has twice written to Jeremy Hunt warning that “future deaths could occur [if] further action is not taken to facilitate secondary care access to GP records”.
It has been possible for patients to access their own medical records online for some time. By 2013, the debates had moved onto discussing the impact of patient access on patient care.
In a 2008 survey by DesRoches et al. of 4484 physicians (62% response rate), 83% of all physicians, 80% of primary care physicians, and 86% of non-primary care physicians had no EHRs. "Among the 83% of respondents who did not have electronic health records, 16%" had bought, but not implemented an EHR system yet. The 2009 National Ambulatory Medical Care Survey of 5200 physicians (70% response rate) by the National Center for Health Statistics showed that 51.7% of office-based physicians did not use any EMR/EHR system.
In the United States, the CDC reported that the EMR adoption rate had steadily risen to 48.3 percent at the end of 2009. This is an increase over 2008, when only 38.4% of office-based physicians reported using fully or partially electronic medical record systems (EMR) in 2008. However, the same study found that only 20.4% of all physicians reported using a system described as minimally functional and including the following features: orders for prescriptions, orders for tests, viewing laboratory or imaging results, and clinical progress notes. As of 2013, 78 percent of office physicians are using basic electronic medical records. As of 2014, more than 80 percent of hospitals in the U.S.have adopted some type of EHR. Though within a hospital, the type of EHR data and mix varies significantly. Types of EHR data used in hospitals include structured data (e.g., medication information) and unstructured data (e.g., clinical notes).
The usage of electronic medical records can vary depending on who the user is and how they are using it. Electronic medical records can help improve the quality of medical care given to patients. Many doctors and office-based physicians refuse to get rid of the traditional paper records. Harvard University has conducted an experiment in which they tested how doctors and nurses use electronic medical records to keep their patients' information up to date. The studies found that electronic medical records were very useful; a doctor or a nurse was able to find a patient's information fast and easy just by typing their name; even if it was misspelled. The usage of electronic medical records increases in some work places due to the ease of use of the system; whereas the president of the Canadian Family Practice Nurses Association says that using electronic medical records can be time consuming, and it isn't very helpful due to the complexity of the system. Beth Israel Deaconess Medical Center reported that doctors and nurses prefer to use a much more friendly user software due to the difficulty and time it takes for a medical staff to input the information as well as to find a patients information. A study was done and the amount of information that was recorded in the EMRs was recorded; about 44% of the patients information was recorded in the EMRs. This shows that EMRs are not very efficient most of the time.
The cost of implementing an EMR system for smaller practices has also been criticized; data produced by the Robert Wood Johnson Foundation demonstrates that the first year investment for an average five person practice is $162,000 followed by about $85,000 in maintenance fees. Despite this, tighter regulations regarding meaningful use criteria and national laws (Health Information Technology for Economic and Clinical Health Act and the Affordable Care Act) have resulted in more physicians and facilities adopting EMR systems:
- Software, hardware and other services for EMR system implementation are provided for cost by various companies including Dell.
- Open source EMR systems exist, but have not seen widespread adoption of open-source EMR system software.
Beyond financial concerns there are a number of legal and ethical dilemmas created by increasing EMR use, including the risk of medical malpractice due to user error, server glitches that result in the EMR not being accessible, and increased vulnerability to hackers.
Electronic medical records, like other medical records, must be kept in unaltered form and authenticated by the creator. Under data protection legislation, the responsibility for patient records (irrespective of the form they are kept in) is always on the creator and custodian of the record, usually a health care practice or facility. This role has been said[by whom?] to require changes such that the sole medico-legal record should be held elsewhere. The physical medical records are the property of the medical provider (or facility) that prepares them. This includes films and tracings from diagnostic imaging procedures such as X-ray, CT, PET, MRI, ultrasound, etc. The patient, however, according to HIPAA, has a right to view the originals, and to obtain copies under law.
The Health Information Technology for Economic and Clinical Health Act (HITECH) (Pub.L. 111–5,§2.A.III & B.4) (a part of the 2009 stimulus package) set meaningful use of interoperable EHR adoption in the health care system as a critical national goal and incentivized EHR adoption. The "goal is not adoption alone but 'meaningful use' of EHRs—that is, their use by providers to achieve significant improvements in care."
Title IV of the act promises maximum incentive payments for Medicaid to those who adopt and use "certified EHRs" of $63,750 over 6 years beginning in 2011. Eligible professionals must begin receiving payments by 2016 to qualify for the program. For Medicare the maximum payments are $44,000 over 5 years. Doctors who do not adopt an EHR by 2015 will be penalized 1% of Medicare payments, increasing to 3% over 3 years. In order to receive the EHR stimulus money, the HITECH Act requires doctors to show "meaningful use" of an EHR system. As of June 2010, there are no penalty provisions for Medicaid.
In 2017 the government announced its first False Claims Act settlement with an electronic health records vendor for misrepresenting its ability to meet “meaningful use” standards and therefore receive incentive payments. eClinicalWorks paid $155 million to settle charges that it had failed to meet all government requirements, failed to adequately test its software, failed to fix certain bugs, failed to ensure data portability, and failed to reliably record laboratory and diagnostic imaging orders. The government also alleged that eClinicalWorks paid kickbacks to influential customers who recommended its products. The case marks the first time the government applied the federal Anti-Kickback Statute law to the promotion and sale of an electronic health records system. The False Claims Act lawsuit was brought by a whistleblower who was a New York City employee implementing eClinicalWorks’ system at Rikers Island Correctional Facility when he became aware of the software flaws. His “qui tam” case was later joined by the government. Notably, CMS has said it will not punish eClinicalWorks clients that "in good faith" attested to using the software.
Health information exchange (HIE) has emerged as a core capability for hospitals and physicians to achieve "meaningful use" and receive stimulus funding. Healthcare vendors are pushing HIE as a way to allow EHR systems to pull disparate data and function on a more interoperable level.
Starting in 2015, hospitals and doctors will be subject to financial penalties under Medicare if they are not using electronic health records.
Goals and objectives
- Improve care quality, safety, efficiency, and reduce health disparities
- Quality and safety measurement
- Clinical decision support (automated advice) for providers
- Patient registries (e.g., "a directory of patients with diabetes")
- Improve care coordination
- Engage patients and families in their care
- Improve population and public health
- Electronic laboratory reporting for reportable conditions (hospitals)
- Immunization reporting to immunization registries
- Syndromic surveillance (health event awareness)
- Ensure adequate privacy and security protections
Studies call into question whether, in real life, EMRs improve the quality of care. 2009 produced several articles raising doubts about EMR benefits. A major concern is the reduction of physician-patient interaction due to formatting constraints. For example, some doctors have reported that the use of check-boxes has led to fewer open-ended questions.
The main components of meaningful use are:
- The use of a certified EHR in a meaningful manner, such as e-prescribing.
- The use of certified EHR technology for electronic exchange of health information to improve quality of health care.
- The use of certified EHR technology to submit clinical quality and other measures.
In other words, providers need to show they're using certified EHR technology in ways that can be measured significantly in quality and in quantity.
The meaningful use of EHRs intended by the US government incentives is categorized as follows:
- Improve care coordination
- Reduce healthcare disparities
- Engage patients and their families
- Improve population and public health
- Ensure adequate privacy and security
The Obama Administration's Health IT program intends to use federal investments to stimulate the market of electronic health records:
- Incentives: to providers who use IT
- Strict and open standards: To ensure users and sellers of EHRs work towards the same goal
- Certification of software: To provide assurance that the EHRs meet basic quality, safety, and efficiency standards
The detailed definition of "meaningful use" is to be rolled out in 3 stages over a period of time until 2017. Details of each stage are hotly debated by various groups.
Meaningful use Stage 1
The first steps in achieving meaningful use are to have a certified electronic health record (EHR) and to be able to demonstrate that it is being used to meet the requirements. Stage 1 contains 25 objectives/measures for Eligible Providers (EPs) and 24 objectives/measures for eligible hospitals. The objectives/measures have been divided into a core set and menu set. EPs and eligible hospitals must meet all objectives/measures in the core set (15 for EPs and 14 for eligible hospitals). EPs must meet 5 of the 10 menu-set items during Stage 1, one of which must be a public health objective.
Full list of the Core Requirements and a full list of the Menu Requirements.
- Use computerized order entry for medication orders.
- Implement drug-drug, drug-allergy checks.
- Generate and transmit permissible prescriptions electronically.
- Record demographics.
- Maintain an up-to-date problem list of current and active diagnoses.
- Maintain active medication list.
- Maintain active medication allergy list.
- Record and chart changes in vital signs.
- Record smoking status for patients 13 years old or older.
- Implement one clinical decision support rule.
- Report ambulatory quality measures to CMS or the States.
- Provide patients with an electronic copy of their health information upon request.
- Provide clinical summaries to patients for each office visit.
- Capability to exchange key clinical information electronically among providers and patient authorized entities.
- Protect electronic health information (privacy & security)
- Implement drug-formulary checks.
- Incorporate clinical lab-test results into certified EHR as structured data.
- Generate lists of patients by specific conditions to use for quality improvement, reduction of disparities, research, and outreach.
- Send reminders to patients per patient preference for preventive/ follow-up care
- Provide patients with timely electronic access to their health information (including lab results, problem list, medication lists, allergies)
- Use certified EHR to identify patient-specific education resources and provide to patient if appropriate.
- Perform medication reconciliation as relevant
- Provide summary care record for transitions in care or referrals.
- Capability to submit electronic data to immunization registries and actual submission.
- Capability to provide electronic syndromic surveillance data to public health agencies and actual transmission.
To receive federal incentive money, CMS requires participants in the Medicare EHR Incentive Program to "attest" that during a 90-day reporting period, they used a certified EHR and met Stage 1 criteria for meaningful use objectives and clinical quality measures. For the Medicaid EHR Incentive Program, providers follow a similar process using their state's attestation system.
Meaningful use Stage 2
The government released its final ruling on achieving Stage 2 of meaningful use in August 2012. Eligible providers will need to meet 17 of 20 core objectives in Stage 2, and fulfill three out of six menu objectives. The required percentage of patient encounters that meet each objective has generally increased over the Stage 1 objectives.
While Stage 2 focuses more on information exchange and patient engagement, many large EHR systems have this type of functionality built into their software, making it easier to achieve compliance. Also, for those eligible providers who have successfully attested to Stage 1, meeting Stage 2 should not be as difficult, as it builds incrementally on the requirements for the first stage.
Meaningful use Stage 3
On March 20, 2015 CMS released its proposed rule for Stage 3 meaningful use. These new rules focus on some of the tougher aspects of Stage 2 and require healthcare providers to vastly improve their EHR adoption and care delivery by 2018.
Barriers to adoption
The steep[clarification needed] price of EMR and provider uncertainty regarding the value they will derive from adoption in the form of return on investment have a significant influence on EMR adoption. In a project initiated by the Office of the National Coordinator for Health Information (ONC), surveyors found that hospital administrators and physicians who had adopted EMR noted that any gains in efficiency were offset by reduced productivity as the technology was implemented, as well as the need to increase information technology staff to maintain the system.
The U.S. Congressional Budget Office concluded that the cost savings may occur only in large integrated institutions like Kaiser Permanente, and not in small physician offices. They challenged the Rand Corporation's estimates of savings.
Office-based physicians in particular may see no benefit if they purchase such a product—and may even suffer financial harm. Even though the use of health IT could generate cost savings for the health system at large that might offset the EMR's cost, many physicians might not be able to reduce their office expenses or increase their revenue sufficiently to pay for it. For example. the use of health IT could reduce the number of duplicated diagnostic tests. However, that improvement in efficiency would be unlikely to increase the income of many physicians. ...Given the ease at which information can be exchanged between health IT systems, patients whose physicians use them may feel that their privacy is more at risk than if paper records were used.
In a survey by DesRoches et al. (2008), 66% of physicians without EHRs cited capital costs as a barrier to adoption, while 50% were uncertain about the investment. Around 56% of physicians without EHRs stated that financial incentives to purchase and/or use EHRs would facilitate adoption. In 2002, initial costs were estimated to be $50,000–70,000 per physician in a 3-physician practice. Since then, costs have decreased with increasing adoption. A 2011 survey estimated a cost of $32,000 per physician in a 5-physician practice during the first 60 days of implementation.
One case study by Miller et al. (2005) of 14 small primary-care practices found that the average practice paid for the initial and ongoing costs within 2.5 years. A 2003 cost-benefit analysis found that using EMRs for 5 years created a net benefit of $86,000 per provider.
Some physicians are skeptical of the positive claims and believe the data is skewed by vendors and others with an interest in EHR implementation.
Brigham and Women's Hospital in Boston, Massachusetts, estimated it achieved net savings of $5 million to $10 million per year following installation[when?] of a computerized physician order entry system that reduced serious medication errors by 55 percent. Another large hospital generated about $8.6 million in annual savings by replacing paper medical charts with EHRs for outpatients and about $2.8 million annually by establishing electronic access to laboratory results and reports.
Furthermore, software technology advances at a rapid pace. Most software systems require frequent updates, often at a significant ongoing cost. Some types of software and operating systems require full-scale re-implementation periodically, which disrupts not only the budget but also workflow. Costs for upgrades and associated regression testing can be particularly high where the applications are governed by FDA regulations (e.g. Clinical Laboratory systems). Physicians desire modular upgrades and ability to continually customize, without large-scale reimplementation.
Training of employees to use an EHR system is costly, just as for training in the use of any other hospital system. New employees, permanent or temporary, will also require training as they are hired.
In the United States, a substantial majority of healthcare providers train at a VA facility sometime during their career. With the widespread adoption of the Veterans Health Information Systems and Technology Architecture (VistA) electronic health record system at all VA facilities, fewer recently-trained medical professionals will be inexperienced in electronic health record systems. Older practitioners who are less experienced in the use of electronic health record systems will retire over time.
Software quality and usability deficiencies
The Healthcare Information and Management Systems Society (HIMSS), a very large U.S. health care IT industry trade group, observed that EMR adoption rates "have been slower than expected in the United States, especially in comparison to other industry sectors and other developed countries. A key reason, aside from initial costs and lost productivity during EMR implementation, is lack of efficiency and usability of EMRs currently available." The U.S. National Institute of Standards and Technology of the Department of Commerce studied usability in 2011 and lists a number of specific issues that have been reported by health care workers. The U.S. military's EMR "AHLTA" was reported to have significant usability issues.
Lack of semantic interoperability
In the United States, there are no standards for semantic interoperability of health care data; there are only syntactic standards. This means that while data may be packaged in a standard format (using the pipe notation of HL7, or the bracket notation of XML), it lacks definition, or linkage to a common shared dictionary. The addition of layers of complex information models (such as the HL7 v3 RIM) does not resolve this fundamental issue.
In the United States, the Department of Veterans Affairs (VA) has the largest enterprise-wide health information system that includes an electronic medical record, known as the Veterans Health Information Systems and Technology Architecture (VistA). A key component in VistA is their VistA imaging System which provides a comprehensive multimedia data from many specialties, including cardiology, radiology and orthopedics. A graphical user interface known as the Computerized Patient Record System (CPRS) allows health care providers to review and update a patient's electronic medical record at any of the VA's over 1,000 healthcare facilities. CPRS includes the ability to place orders, including medications, special procedures, X-rays, patient care nursing orders, diets, and laboratory tests.
The 2003 National Defense Authorization Act (NDAA) ensured that the VA and DoD would work together to establish a bidirectional exchange of reference quality medical images. Initially, demonstrations were only worked in El Paso, Texas, but capabilities have been expanded to six different locations of VA and DoD facilities. These facilities include VA polytrauma centers in Tampa and Richmond, Denver, North Chicago, Biloxi, and the National Capitol Area medical facilities. Radiological images such as CT scans, MRIs, and x-rays are being shared using the BHIE. Goals of the VA and DoD in the near future are to use several image sharing solutions (VistA Imaging and DoD Picture Archiving & Communications System (PACS) solutions).
Clinical Data Repository/Health Data Repository (CDHR) is a database that allows for sharing of patient records, especially allergy and pharmaceutical information, between the Department of Veteran Affairs (VA) and the Department of Defense (DoD) in the United States. The program shares data by translating the various vocabularies of the information being transmitted, allowing all of the VA facilities to access and interpret the patient records. The Laboratory Data Sharing and Interoperability (LDSI) application is a new program being implemented to allow sharing at certain sites between the VA and DoD of "chemistry and hematology laboratory tests". Unlike the CHDR, the LDSI is currently limited in its scope.
One attribute for the start of implementing EHRs in the States is the development of the Nationwide Health Information Network which is a work in progress and still being developed. This started with the North Carolina Healthcare Information and Communication Alliance founded in 1994 and who received funding from Department of Health and Human Services.
The Department of Veterans Affairs and Kaiser Permanente has a pilot program to share health records between their systems VistA and HealthConnect, respectively. This software called 'CONNECT' uses Nationwide Health Information Network standards and governance to make sure that health information exchanges are compatible with other exchanges being set up throughout the country. CONNECT is an open source software solution that supports electronic health information exchange. The CONNECT initiative is a Federal Health Architecture project that was conceived in 2007 and initially built by 20 various federal agencies and now comprises more than 500 organizations including federal agencies, states, healthcare providers, insurers, and health IT vendors.
The US Indian Health Service uses an EHR similar to Vista called RPMS. VistA Imaging is also being used to integrate images and co-ordinate PACS into the EHR system. In Alaska, use of the EHR by the Kodiak Area Native Association has improved screening services and helped the organization reach all 21 clinical performance measures defined by the Indian Health Service as required by the Government Performance and Results Act.
In veterinary medicine
In UK veterinary practice, the replace of paper recording systems with electronic methods of storing animal patient information escalated from the 1980s and the majority of clinics now use electronic medical records. In a sample of 129 veterinary practices, 89% used a Practice Management System (PMS) for data recording. There are more than ten PMS providers currently in the UK. Collecting data directly from PMSs for epidemiological analysis abolishes the need for veterinarians to manually submit individual reports per animal visit and therefore increases the reporting rate.
Veterinary electronic medical record data are being used to investigate antimicrobial efficacy; risk factors for canine cancer; and inherited diseases in dogs and cats, in the small animal disease surveillance project 'VetCOMPASS' (Veterinary Companion Animal Surveillance System) at the Royal Veterinary College, London, in collaboration with the University of Sydney (the VetCOMPASS project was formerly known as VEctAR).
A letter published in Communications of the ACM describes the concept of generating synthetic patient population and proposes a variation of Turing Test to assess the difference between synthetic and real patients. The letter states: "In the EHR context, though a human physician can readily distinguish between synthetically generated and real live human patients, could a machine be given the intelligence to make such a determination on its own?" and further the letter states: "Before synthetic patient identities become a public health problem, the legitimate EHR market might benefit from applying Turing Test-like techniques to ensure greater data reliability and diagnostic value. Any new techniques must thus consider patients' heterogeneity and are likely to have greater complexity than the Allen eighth-grade-science-test is able to grade."
- Clinical documentation improvement
- European Institute for Health Records (EuroRec)
- Health informatics
- Health information management
- Hospital information system
- List of open-source health software
- Medical imaging
- Medical privacy
- Medical record
- Personal health record
- Personally Controlled Electronic Health Record, the Australian government's shared electronic health summary system
- Picture archiving and communication system
- Radiological information system
- Gunter TD, Terry NP (March 2005). "The emergence of national electronic health record architectures in the United States and Australia: models, costs, and questions". Journal of Medical Internet Research. 7 (1): e3. doi:10.2196/jmir.7.1.e3. PMC . PMID 15829475.
- "Mobile Tech Contributions to Healthcare and Patient Experience". Top Mobile Trends. Archived from the original on 30 May 2014. Retrieved 29 May 2014.
- Habib JL (2010). "EHRs, meaningful use, and a model EMR". Drug Benefit Trends. 22 (4): 99–101.
- Kierkegaard P (2011). "Electronic health record: Wiring Europe's healthcare". Computer Law & Security Review. 27 (5): 503–515. doi:10.1016/j.clsr.2011.07.013.
- "What is a personal health record?". HealthIT.gov. Office of the National Coordinator for Health IT. Retrieved 2015-07-24.
- U.S. Department of Health and Human Services Centers for Medicare & Medicaid Services 42 CFR Parts 412, 413, 422 et al. Medicare and Medicaid Programs; Electronic Health Record Incentive Program; Final Rule
- Evans DC, Nichol WP, Perlin JB (April 2006). "Effect of the implementation of an enterprise-wide Electronic Health Record on productivity in the Veterans Health Administration". Health Economics, Policy, and Law. 1 (Pt 2): 163–9. doi:10.1017/S1744133105001210. PMID 18634688.
- "VistA:Winner of the 2006 Innovations in American Government Award" (PDF). The Ash Institute for Democratic Governance and Innovation at Harvard University's John F. Kennedy School of Government. Archived from the original (PDF) on 14 January 2009.
- Groopman J, Hartzband P (12 March 2009). "Obama's $80 Billion Exaggeration". Wall Street Journal. Retrieved 3 March 2010.
- McDonald CJ, Callaghan FM, Weissman A, Goodwin RM, Mundkur M, Kuhn T (November 2014). "Use of internist's free time by ambulatory care Electronic Medical Record systems". JAMA Internal Medicine. 174 (11): 1860–3. doi:10.1001/jamainternmed.2014.4506. PMID 25200944. (subscription required)
- "Griffin Hospital reports breach of dozens of patient medical records", CtPost.com, 29 March 2010
- Kate Ramunni; "UCLA hospital scandal grows" Los Angeles Times, 5 August 2008
- Institute of Medicine (1999). "To Err Is Human: Building a Safer Health System (1999)" (PDF). The National Academies Press. Retrieved 28 Feb 2017.
- "Electronic Health Record Error Prevention Approach Using Ontology in Big Data" (PDF). 2015 IEEE 17th International Conference on High Performance and Communications (HPCC). 2015.
- "EMR Software Information Exchange, January 25, 2011". EMR Software Pro. 2011.
- "Health Information Exchanges and Your EMR Selection Process", New England Journal of Medicine, 25 January 2011
- Adapted from the IEEE definition of interoperability, and legal definitions used by the FCC (47 CFR 51.3), in statutes regarding copyright protection (17 USC 1201), and e-government services (44 USC 3601)
- "EHR Definition, Attributes and Essential Requirements" (PDF). Healthcare Information and Management Systems Society. 2003. Archived from the original (PDF) on 19 May 2006. Retrieved 28 July 2006.
- EMR in Ambulances, "Emergency Medical Paramedic", 5 May 2011. Retrieved 4 June 2011.
- "NEMSIS - National EMS Information System". nemsis.org. Retrieved 2017-05-31.
- Ambulance Victoria Annual Report, "Ambulance Victoria", 4 October 2009. Retrieved 4 June 2011.
- Intermedix. "TripTix | ePCR Solution | Intermedix". www.intermedix.com. Retrieved 2017-05-31.
- Milewski RJ, Govindaraju V, Bhardwaj A (2009). "Automatic recognition of handwritten medical forms for search engines". International Journal of Document Analysis and Recognition (IJDAR). 11 (4): 203–218. doi:10.1007/s10032-008-0077-1.
- "Electronic Health Records: What's in it for Everyone?". Cdc.gov. 2011-07-26. Retrieved 4 September 2013.
- "Handwriting and mobile computing experts". Medscribbler. Scriptnetics. Archived from the original on 19 September 2008. Retrieved 20 August 2008.
- M958 revision-Event monitors in PHS 1-02-02.PDF
- Herwehe J, Wilbright W, Abrams A, Bergson S, Foxhood J, Kaiser M, Smith L, Xiao K, Zapata A, Magnus M (2011). "Implementation of an innovative, integrated electronic medical record (EMR) and public health information exchange for HIV/AIDS". Journal of the American Medical Informatics Association. 19 (3): 448–52. doi:10.1136/amiajnl-2011-000412. PMC . PMID 22037891.
- Greenhalgh T, Potts HW, Wong G, Bark P, Swinglehurst D (December 2009). "Tensions and paradoxes in electronic patient record research: a systematic literature review using the meta-narrative method". The Milbank Quarterly. 87 (4): 729–88. doi:10.1111/j.1468-0009.2009.00578.x. PMC . PMID 20021585.
- Berg M (1997). "Of Forms, Containers, and the Electronic Medical Record: Some Tools for a Sociology of the Formal". Science, Technology & Human Values. 22 (4): 403–433. doi:10.1177/016224399702200401.
- Greenhalgh T, Stramer K, Bratan T, Byrne E, Russell J, Potts HW (June 2010). "Adoption and non-adoption of a shared electronic summary record in England: a mixed-method case study". BMJ. 340: c3111. doi:10.1136/bmj.c3111. PMID 20554687.
- Gabriel B (2008). "Do EMRs Make You a Better Doctor?". Physicians Practice. Retrieved 23 August 2009.
- Electronic health records not a panacea
- Silverstein S (2009). "2009 a pivotal year in healthcare IT". Drexel University. Retrieved 5 January 2010.
- Himmelstein DU, Wright A, Woolhandler S (January 2010). "Hospital computing and the costs and quality of care: a national study". The American Journal of Medicine. 123 (1): 40–6. doi:10.1016/j.amjmed.2009.09.004. PMID 19939343.
- Cebul RD, Love TE, Jain AK, Hebert CJ (September 2011). "Electronic health records and quality of diabetes care". The New England Journal of Medicine. 365 (9): 825–33. doi:10.1056/NEJMsa1102519. PMID 21879900.
- "Improve Care Coordination using Electronic Health Records | Providers & Professionals". HealthIT.gov. Retrieved 4 September 2013.
- "Primary Care Patients Use Interactive Preventive Health Record Integrated With Electronic Health Record, Leading to Enhanced Provision of Preventive Services". Agency for Healthcare Research and Quality. 2013-06-19. Retrieved 9 July 2013.
- RWIF, GWUMC, IHP Staff (2006). "Health Information Technology in the United States: The Information Base for Progress" (PDF). Robert Wood Johnson Foundation, George Washington University Medical Center, and Institute for Health Policy. Retrieved 17 February 2008.
- Evidence on the costs and benefits of health information technology. Congressional Budget Office, May 2008.
- Shah S. "Column: Why MDs Dread EMRs". Journal of Surgical Radiology. Archived from the original on 8 January 2012.
- Information Technology: Not a Cure for the High Cost of Health Care. Knowledge@Wharton, June 10, 2009.
- Abraham Verghese. The Myth of Prevention. The Wall Street Journal, June 20, 2009.
- Chaudhry B, Wang J, Wu S, Maglione M, Mojica W, Roth E, Morton SC, Shekelle PG (May 2006). "Systematic review: impact of health information technology on quality, efficiency, and costs of medical care". Annals of Internal Medicine. 144 (10): 742–52. doi:10.7326/0003-4819-144-10-200605160-00125. PMID 16702590.
- Defining and Testing EMR Usability. Healthcare Information and Management Systems Society (HIMSS), June 2009.
- NISTIR 7804: Technical Evaluation, Testing and Validation of the Usability of Electronic Health Records, p. 9–10. National Institute of Standards and Technology, Sept. 2011.
- U.S. Medicine – The Voice of Federal Medicine, May 2009.
- Fiks AG, Alessandrini EA, Forrest CB, Khan S, Localio AR, Gerber A (2011). "Electronic medical record use in pediatric primary care". Journal of the American Medical Informatics Association. 18 (1): 38–44. doi:10.1136/jamia.2010.004135. PMC . PMID 21134975.
- "EHRs Go Mobile" Marisa Torrieri, Physicians Practice, July/August 2012.
- Granja C, Janssen W, Johansen MA (May 2018). "Factors Determining the Success and Failure of eHealth Interventions: Systematic Review of the Literature". Journal of Medical Internet Research. 20 (5): e10235. doi:10.2196/10235. PMC . PMID 29716883.
- Kling, Rosenbaum, Sawyer, Indiana University. Understanding And Communicating Social Informatics: A Framework For Studying And Teaching The Human Contexts Of Information And Communication Technologies, pg. 23. Information Today Inc (15 September 2005), ISBN 978-1-57387-228-7
- Sawyer and Rosenbaum. Social Informatics in the Information Sciences: Current Activities and Emerging Directions, p. 94.Informing Science: Special Issue on Information Science Research, Vol. 3 No. 2, 2000.
- Tenner, Edward. Why Things Bite Back: Technology and the Revenge of Unintended Consequences. ISBN 978-0-679-74756-7, 1997.
- "Safely implementing health information and converging technologies". Sentinel Event Alert (42): 1–4. December 2008. PMID 19108351.
- MEDMARX Adverse Drug Event Reporting database
- Health informatics – Guidance on the management of clinical risk relating to the deployment and use of health software (formerly ISO/TR 29322:2008(E)). DSCN18/2009, Examples of potential harm presented by health software, Annex A, p. 38 .
- FDA memo. H-IT Safety Issues, table 4, page 3, Appendix B, p. 7–8 (with examples), and p. 5, summary. Memo obtained and released by Fred Schulte and Emma Schwartz at the Huffington Post Investigative Fund, now part of the Center for Public Integrity, in a 3 Aug. 2010 article FDA, Obama digital medical records team at odds over safety oversight, memo itself 
- Goodman KW, Berner ES, Dente MA, Kaplan B, Koppel R, Rucker D, Sands DZ, Winkelstein P (2010). "Challenges in ethics, safety, best practices, and oversight regarding HIT vendors, their customers, and patients: a report of an AMIA special task force". Journal of the American Medical Informatics Association. 18 (1): 77–81. doi:10.1136/jamia.2010.008946. PMC . PMID 21075789.
- Rowe JC. Doctors Go Digital. The New Atlantis (2011).
- Ash JS, Sittig DF, Poon EG, Guappone K, Campbell E, Dykstra RH (2007). "The extent and importance of unintended consequences related to computerized provider order entry". Journal of the American Medical Informatics Association. 14 (4): 415–23. doi:10.1197/jamia.M2373. PMC . PMID 17460127.
- Colligan L, Potts HW, Finn CT, Sinkin RA (July 2015). "Cognitive workload changes for nurses transitioning from a legacy system with paper documentation to a commercial electronic health record". International Journal of Medical Informatics. 84 (7): 469–76. doi:10.1016/j.ijmedinf.2015.03.003. PMID 25868807.
- "Breaches Affecting 500 or More Individuals". Hhs.gov. Archived from the original on 29 August 2013. Retrieved 4 September 2013.
- "Year closes on a note of breach shame | IT Everything, the healthcare IT blog by Modern Healthcare's Joe Conn". Modernhealthcare.com. 2011-12-22. Retrieved 4 September 2013.
- "Opposition calls for rethink on data storage". e-Health Insider (UK). December 2007. Archived from the original on 7 January 2009.
- "German doctors say no to centrally stored patient records". e-Health Insider (UK). January 2008. Archived from the original on 12 October 2008.
- Health & Medicine (26 June 2006). "At risk of exposure: In the push for electronic medical records, concern is growing about how well privacy can be safeguarded". Los Angeles Times. Archived from the original on 16 May 2008. Retrieved 8 August 2006.
- "FBI seeks stolen personal data on 26 million vets". CNN.com. 23 May 2006. Retrieved 30 July 2006.
- Wafa T (2010). "How the Lack of Prescriptive Technical Granularity in HIPAA Has Compromised Patient Privacy". Northern Illinois University Law Review. 30 (3). SSRN .
- US Code of Federal Regulations, Title45, Volume 1 (Revised 1 October 2005): of Individually Identifiable Health Information (45CFR164.501). Retrieved 30 July 2006.
- "Health Information Privacy". U.S. Department of Health & Human Services. Retrieved 28 March 2013.
- Summary of the HIPAA Privacy Rule
- Privacy Rights Clearinghouse's Chronology of Data Security Breaches
- Fernández-Alemán JL, Sánchez-Henarejos A, Toval A, Sánchez-García AB, Hernández-Hernández I, Fernandez-Luque L (June 2015). "Analysis of health professional security behaviors in a real clinical setting: an empirical study". International Journal of Medical Informatics. 84 (6): 454–67. doi:10.1016/j.ijmedinf.2015.01.010. PMID 25678101.
- Wager K, Lee F, Glaser J (2009). Health Care Information Systems: A Practical Approach for Health Care Management (2nd ed.). Jossey-Bass. pp. 253–254. ISBN 978-0-470-38780-1.
- "Personal Information Protection and Electronic Documents Act – Implementation Schedule". Office of the Privacy Commissioner of Canada. 1 April 2004. Retrieved 12 February 2008.
- Pear R (18 February 2007). "Warnings Over Privacy of U.S. Health Network". New York Times.
- Appel JM (30 December 2008). "Why shared medical database is wrong prescription". Orlando Sentinel.
- Nulan C (2001). "HIPAA--a real world perspective". Radiology Management. 23 (2): 29–37; quiz 38–40. PMID 11302064.
- Francis T (28 December 2006). "Spread of records stirs fears of privacy erosion". The Wall Street Journal.
- "Pittsburgh Post-Gazette". Post-gazette.com. 1969-12-31. Archived from the original on 19 January 2012. Retrieved 4 September 2013.
- Holmes A (6 September 2013). "NSA Code Cracking Puts Google, Yahoo Security Under Fire". Retrieved 14 May 2014.
- "UCLA Health Says 4.5M May Be Affected In Data Breach". npr.
- "Electronic Health Record Breaches as Social Indicators". Retrieved 25 February 2018.
- "Lawyers Per 100,000 Population 1980–2003". Congressional Budget Office. Retrieved 10 July 2007.
- "Tort reform". News Batch. May 2011. Retrieved 4 December 2013.
- "Bigger focus on compliance needed in EMR marketplace". Health Imaging News. 5 February 2007. Archived from the original on 29 September 2007.
- "Ben Kerschberg, Electronic Health Records Dramatically Increase Corporate Risk". The Huffington Post. 2010-01-10. Retrieved 4 December 2013.
- "Medical Manager History". Archived from the original on 2006-07-22. Retrieved 4 December 2013.
- "Can Technology Get You Sued?" Shelly K. Schwartz, Physicians Practice, March 2012.
- Dunlop L (6 April 2007). "Electronic Health Records: Interoperability Challenges and Patient's Right for Privacy". Shidler Journal of Computer and Technology 3:16. Archived from the original on 27 October 2007.
- "Newly Issued Final Rules under Stark and Anti-kickback Laws Permit Furnishing of Electronic Prescribing and Electronic Health Records Technology". GKLaw. August 2006.
- "New Stark Law Exceptions and Anti-Kickback Safe Harbors For Electronic Prescribing and Electronic Health Records". SSDlaw. August 2006. Archived from the original on 5 June 2008.[unreliable source]
- "epSOS: Legal and Regulatory Issues". Archived from the original on 2009-08-03. Retrieved 4 December 2013.
European Patient Smart Open Services Work Plan
- U.S.Department of Health & Human Services and U.S. Departments of Justice Letter
- Umbdenstock R. "Letter addressed to Secretary Sebelius and Attorney General Holder" (PDF). American Hospital Association. Archived from the original (PDF) on 12 March 2016.
- Levinson DR (December 2013). "Not all Recommended Fraud Safeguards have been Implemented in Hospital EHR Technology" (PDF).
- Hirsch, Marla Durben (1 February 2014). "OIG's 2014 work plan steps up scrutiny of EHRs". Fierce Health Care.
- "Medical Records Manual" (PDF). World Health Organization. March 2001. Retrieved 31 March 2012.
- "ISO/HL7 10781:2009". International Organization for Standardization. Retrieved 31 March 2012.
- Favreau A. "Electronic Primary Care Research Network". Regents of the University of Minnesota. Archived from the original on 2012-05-02. Retrieved 4 December 2013.
- Privacy Rights Clearinghouse's Chronology of Data Security Breaches involving Medical Information
- Kierkegaard P (2012). "Medical data breaches: Notification delayed is notification denied". Computer Law & Security Review. 28 (2): 163–183. doi:10.1016/j.clsr.2012.01.003.
- HIPAA Basics: Medical Privacy in the Electronic Age from the Privacy Rights Clearinghouse www.privacyrights.org
- Stevens G (2012). "Data Security Breach Notification Laws" (PDF). Federation of American Scientists. p. 3. Retrieved 30 September 2014.
- Department of Health and Human Services Breach Notification for Unsecured Protected Health Information
- Pear R (13 July 2010). "U.S. Issues Rules on Electronic Health Records". The New York Times.
- "About". www.smartplatforms.org. Archived from the original on 10 April 2012. Retrieved 20 March 2012.
- Reynolds CL (31 March 2006). "Paper on Concept Processing" (PDF). Retrieved 4 December 2013.
- Maekawa Y, Majima Y (2006). "Issues to be improved after introduction of a non-customized Electronic Medical Record system (EMR) in a Private General Hospital and efforts toward improvement". Studies in Health Technology and Informatics. 122: 919–20. PMID 17102464.
- Tüttelmann F, Luetjens CM, Nieschlag E (March 2006). "Optimising workflow in andrology: a new electronic patient record and database". Asian Journal of Andrology. 8 (2): 235–41. doi:10.1111/j.1745-7262.2006.00131.x. PMID 16491277.
- The Digital Office, September 2007, vol 2, no.9. HIMSS
- Rollins G (2006). "The Perils of Customization". Journal of AHIMA. 77 (6): 24–28.
- Mandl KD, Szolovits P, Kohane IS (February 2001). "Public standards and patients' control: how to keep electronic medical records accessible but private". BMJ. 322 (7281): 283–7. doi:10.1136/bmj.322.7281.283. PMC . PMID 11157533.
- Ruotsalainen P, Manning B (2007). "A notary archive model for secure preservation and distribution of electrically signed patient documents". International Journal of Medical Informatics. 76 (5-6): 449–53. doi:10.1016/j.ijmedinf.2006.09.011. PMID 17118701.
- Olhede T, Peterson HE (2000). "Archiving of care related information in XML-format". Studies in Health Technology and Informatics. 77: 642–6. PMID 11187632.
- Papadouka V, Schaeffer P, Metroka A, Borthwick A, Tehranifar P, Leighton J, Aponte A, Liao R, Ternier A, Friedman S, Arzt N (November 2004). "Integrating the New York citywide immunization registry and the childhood blood lead registry". Journal of Public Health Management and Practice. Suppl: S72–80. doi:10.1097/00124784-200411001-00012. PMID 15643363.
- Gioia PC (2001). "Quality improvement in pediatric well care with an electronic record". Proceedings. AMIA Symposium: 209–13. PMC . PMID 11825182.
- Williams SD, Hollinshead W (November 2004). "Perspectives on integrated child health information systems: parents, providers, and public health". Journal of Public Health Management and Practice. Suppl: S57–60. doi:10.1097/00124784-200411001-00009. PMID 15643360.
- Pohjonen H. Images can now cross borders, but what about the legislation? Diagnostic Imaging Europe. June/July 2010;26(4):16.
- Kierkegaard P (2011). "Electronic health record: Wiring Europe's healthcare". Computer Law & Security Review. 27 (5): 503–515. doi:10.1016/j.clsr.2011.07.013.
- "My Health Record". Australian Digital Health Agency.
- Mason MK (2005). "What Can We Learn from the Rest of the World? A Look at International Electronic Health Record Best Practices".
- "My Health Record launched". Aboriginal Medical Services Alliance Northern Territory (AMSANT). 2016.
- "Stakeholders". E-health.standards.org.au. Retrieved 4 September 2013.
- "About Us". Standards.org.au. Retrieved 4 September 2013.
- "Home". E-health.standards.org.au. 2013-08-30. Retrieved 4 September 2013.
- "My Health Record opt-out debate is getting silly but government is at fault". ZDNet. Retrieved 28 July 2018.
- Electronic Health Records Act (EHR-Act)
- Data Protection Directive 95/46/EC
- Reimer S (2012). "Current and Future Settings of Austrian Legislation Regarding Electronic Health Records" (PDF). European Journal on Biomedical Informatics (2): 21.
- Kierkegaard P (December 2013). "eHealth in Denmark: a case study". Journal of Medical Systems. 37 (6): 9991. doi:10.1007/s10916-013-9991-y. PMID 24166019.
- "ICMCC Record Access". Recordaccess.icmcc.org. Archived from the original on 2 February 2013. Retrieved 4 September 2013.
- "Overview of Estonian Electronic Health Record (EHR) System". Estonian eHealth Foundation. 31 August 2010.
- joomla_user2. "Overview of Estonian Electronic Health Record (EHR) System". www.e-tervis.ee. Retrieved 2017-08-07.
- "Patient opportunities in the Estonian Electronic Health Record System (PDF Download Available)". ResearchGate. Retrieved 2017-08-07.
- "Estonia launches $10 EHR". Healthcare IT News. 2011-05-11. Retrieved 2017-08-07.
- Muzõtšin M. "Some E-Health developments in Estonia". 20th EPSO Conference.
- "e-Perscription". e-Estonia Healthcare. Retrieved 2017-08-07.
- "Personal Data (Privacy) Ordinance".
- "Electronic Health Record Sharing System Ordinance".
- "E.H.R Standards for India : GOI Report". GOI. Retrieved 30 September 2013.
- "Digital India programme: Govt mulls setting up eHealth Authority". The Indian Express. 2015-04-11. Retrieved 2017-10-12.
- Terry K (15 November 2012). "EHR Adoption: U.S. Remains The Slow Poke". Informationweek.
- "Saudi Arabia Health Care System Receives Coveted "Excellence in Electronic Health Records" Award with QuadraMed's EHR solution". QuadraMed. Reston, Virginia: QuadraMed Corporation. 30 March 2010. Archived from the original on 20 May 2011.
- "eHealth - elektronische Gesundheitsdienste". Bundesamt für Gesundheit (BAG). Archived from the original on 22 January 2011.
- "Bundesgesetz über das elektronische Patientendossier". Die Bundesversammlung — Das Schweizer Parlament. 29 May 2013.
- Mettler T (2012). "Post-Acceptance of Electronic Medical Records: Evidence from a Longitudinal Field Study". Orlando, FL.
- "OxHA Summit '10 – Video". 3FOUR50. Archived from the original on 26 February 2012. Retrieved 4 September 2013.
- "NHS Connecting for Health:Delivering the National Programme for IT". Retrieved 4 August 2006.
- Quinn I. "Electronic records are less efficient than paper, finds DH research lead".
- "Health e-records 'struggling to fulfil potential'". BBC News. 16 June 2010.
- Bewley S, Perry H, Fawdry R, Cumming G (October 2011). "NHS IT requires the wisdom of the crowd not the marketplace". BMJ. 343: d6484. doi:10.1136/bmj.d6484. PMID 21994300.
- "Dismantling the NHS National Programme for IT". Department of Health Media Centre. 22 September 2011. Retrieved 29 September 2011. "The government today announced an acceleration of the dismantling of the National Programme for IT, following the conclusions of a new review by the Cabinet Office's Major Projects Authority (MPA) ... The MPA found that the National Programme for IT has not and cannot deliver to its original intent."(sic)
- Say M (26 September 2011). "Cabinet Office review pleads stay of execution for NHS IT". London: Guardian. Retrieved 29 September 2011.
- "NHS trusts to self-assess their digital maturity". Computer Weekly. 3 November 2015. Retrieved 14 November 2015.
- "Survey: Funding pressures are holding up the paperless NHS". Health Service Journal. 13 October 2015. Retrieved 14 November 2015.
- Nightingale P (21 November 2014). "Coordinated systems help ensure people die where they choose". Health Service Jpurnal. Retrieved 14 December 2014.
- National Information Board; Department of Health (13 November 2014). "Personalised Health and Care 2020". Gov.UK. Government Digital Service.
- Heywood J (12 December 2014). "How developments in technology and data in the NHS are improving outcomes for patients". Blog Civil Service. Gov.uk. Retrieved 14 December 2014.
- Read C (21 November 2014). "Roundtable: A new charter for integrated care". Health Service Journal. London: EMAP Publishing. Retrieved 14 December 2014.
- "GP2GP". NHS Connecting for Health. Archived from the original on 9 April 2010.
- O'Hanlon S (24 November 2014). "Data sharing: step out of the technological dark ages". Health Service Journal. Wilmington plc. Retrieved 18 December 2014.
- "Will your IT system support the requirements of the new contract?". Pulse. Cogora Limited. 14 April 2014. Retrieved 17 April 2014.
- Thomas R (23 August 2017). . Retrieved 6 October 2017. . Health Service Journal. Wilmington plc
- Davis Giardina T, Menon S, Parrish DE, Sittig DF, Singh H (2013). "Patient access to medical records and healthcare outcomes: a systematic review". Journal of the American Medical Informatics Association. 21 (4): 737–41. doi:10.1136/amiajnl-2013-002239. PMC . PMID 24154835.
- Smaltz, Detlev and Eta Berner. The Executive's Guide to Electronic Health Records. (2007, Health Administration Press) p.03
- DesRoches CM, Campbell EG, Rao SR, Donelan K, Ferris TG, Jha A, Kaushal R, Levy DE, Rosenbaum S, Shields AE, Blumenthal D (July 2008). "Electronic health records in ambulatory care--a national survey of physicians". The New England Journal of Medicine. 359 (1): 50–60. doi:10.1056/NEJMsa0802005. PMID 18565855.
- Hsiao C, et al. (Dec 8, 2010). "Electronic Medical Record/Electronic Health Record Systems of Office-based Physicians: United States, 2009 and Preliminary 2010 State Estimates". NCHS Health E-Stat. CDC/National Center for Health Statistics. Retrieved 31 October 2011.
- Are More Doctors Adopting EHRs? Retrieved 31 March 2011.
- National Center for Health : United States, 2008]. Retrieved 15 December 2009.
- "Office-based Physician Electronic Health Record Adoption". dashboard.healthit.gov. Retrieved 2017-01-18.
- "Big Data in Health Care". The National Law Review. The Analysis Group, Inc. 17 September 2014. Retrieved 27 September 2014.
- Simon SR, Kaushal R, Cleary PD, Jenter CA, Volk LA, Poon EG, Orav EJ, Lo HG, Williams DH, Bates DW (2007). "Correlates of electronic health record adoption in office practices: a statewide survey". Journal of the American Medical Informatics Association. 14 (1): 110–7. doi:10.1197/jamia.M2187. PMC . PMID 17068351.
- Menachemi N, Perkins RM, van Durme DJ, Brooks RG (2006). "Examining the adoption of electronic health records and personal digital assistants by family physicians in Florida". Informatics in Primary Care. 14 (1): 1–9. PMID 16848961.
- Bleich HL, Slack WV (January 2010). "Reflections on electronic medical records: when doctors will use them and when they will not". International Journal of Medical Informatics. 79 (1): 1–4. doi:10.1016/j.ijmedinf.2009.10.002. PMID 19939731.
- Roukema J, Los RK, Bleeker SE, van Ginneken AM, van der Lei J, Moll HA (January 2006). "Paper versus computer: feasibility of an electronic medical record in general pediatrics". Pediatrics. 117 (1): 15–21. doi:10.1542/peds.2004-2741. PMID 16396855.
- Millman J. "Electronic health records were supposed to be everywhere this year. They're not—but it's okay". www.washingtonpost.com. The Washington Post. Retrieved 8 August 2014.
- "The Future of Nursing". Norwich University. Retrieved 25 September 2014.
- "EMR – Electronic Medical Records Solutions". Dell. Archived from the original on 3 April 2012. Retrieved 31 March 2012.
- Sittig DF, Singh H (April 2011). "Legal, ethical, and financial dilemmas in electronic health record adoption and use". Pediatrics. 127 (4): e1042–7. doi:10.1542/peds.2010-2184. PMC . PMID 21422090.
- Gamble M. "5 Legal Issues Surrounding Electronic Medical Records". Becker's Hospital Review. Becker's Healthcare.
- National Archives and Records Administration (NARA): Long-Term Usability of Optical Media. Retrieved 30 July 2006.
- Shabo, Amnon (2014): "It’s Time for Health Record Banking!" editorial to special issue of Methods of Information in Medicine, Vol. 53, No. 2, pp. 63–65 "change in current legislation so that the copy of a legally-authenticated medical record stored in an IHRB [Independent Health Record Bank] is the sole medico-legal record and healthcare providers are no longer required by the law to hold archives of medical records." page 65, 
- Medical Board of California: Medical Records – Frequently Asked Questions. Retrieved 30 July 2006.
- CDC (Jun 3, 2011). "Introduction". Meaningful Use. CDC. Retrieved 31 October 2011.
- Blumenthal D (February 2010). "Launching HITECH". The New England Journal of Medicine. 362 (5): 382–5. doi:10.1056/NEJMp0912825. PMID 20042745.
- Blumenthal D, Tavenner M (August 2010). "The "meaningful use" regulation for electronic health records". The New England Journal of Medicine. 363 (6): 501–4. doi:10.1056/NEJMp1006114. PMID 20647183.
- "Electronic Health Records Vendor to Pay $155 Million to Settle False Claims Act Allegations". U.S. Department of Justice. 31 May 2017. Retrieved 16 October 2017.
- "EHR vendor eClinicalWorks reaches ground-breaking $155 million whistleblower settlement", Phillips & Cohen LLP Press Release, May 31, 2017
- Sullivan T (July 6, 2017). "CMS won't punish eClinicalWorks customers for meaningful use EHR attestations". Healthcare IT News.
- Greenhalgh T, Potts HW, Wong G, Bark P, Swinglehurst D (December 2009). "Tensions and paradoxes in electronic patient record research: a systematic literature review using the meta-narrative method". The Milbank Quarterly. 87 (4): 729–88. doi:10.1111/j.1468-0009.2009.00578.x. PMC . PMID 20021585. Archived from the original on 15 May 2016.
- Cohen GR, Grossman JM, O'Malley AS (2010). "Electronic Medical Records and Communication with Patients and Other Clinicians: Are We Talking Less?". Center for Studying Health System Change, Issue Brief No. 131 (full text)
- Centers for Medicare & Medicaid Services (Oct 12, 2011). "CMS EHR Meaningful Use Overview". EHR Incentive Programs. Center for Medicare & Medicaid Services. Retrieved 31 October 2011.
- Zhai H, Iyer S, Ni Y (2014). "Mining a large-scale EHR with machine learning methods to predict all-cause 30-day unplanned readmissions". ASE@360 Open Scientific Digital Library.
- Zhai H, Brady P, Li Q, Lingren T, Ni Y, Wheeler DS, Solti I (August 2014). "Developing and evaluating a machine learning based algorithm to predict the need of pediatric intensive care unit transfer for newly hospitalized children". Resuscitation. 85 (8): 1065–71. doi:10.1016/j.resuscitation.2014.04.009. PMC . PMID 24813568.
- "What is Meaningful Use? | Policy Researchers & Implementers | HealthIT.gov". Healthit.hhs.gov. Retrieved 4 September 2013.
- "HealthIT.gov | the official site for Health IT information". Healthit.hhs.gov. Archived from the original on 11 March 2012. Retrieved 4 September 2013.
- Torrieri, Marisa "Dealing with Meaningful Use Attestation Aggravation" Archived 8 January 2012 at the Wayback Machine.. Physicians Practice. January 2012.
- "Meaningful Use: Stage 2 Regulations Overview" Robert Anthony, CMS, 30 August 2012.
- "EHR Incentive Program: A Progress Report" Marisa Torrieri, Physicians Practice, September 2012.
- NalashaaHealth. "Quality Payment Program". nalashaahealth. NalashaaHealth.
- Centers for Medicare & Medicaid Services (30 March 2015). "Medicare and Medicaid Programs; Electronic Health Record Incentive Program-Stage 3". The Federal Register.
- Bresnick J (23 March 2015). "Breaking Down the Health IT Impacts of Stage 3 Meaningful Use". EHR Intelligence.
- Menachemi N, Collum TH (2011). "Benefits and drawbacks of electronic health record systems". Risk Management and Healthcare Policy. 4: 47–55. doi:10.2147/RMHP.S12985. PMID 22312227.
- Fleming NS, Culler SD, McCorkle R, Becker ER, Ballard DJ (March 2011). "The financial and nonfinancial costs of implementing electronic health records in primary care practices". Health Affairs. 30 (3): 481–9. doi:10.1377/hlthaff.2010.0768. PMID 21383367.
- Miller RH, West C, Brown TM, Sim I, Ganchoff C (2005). "The value of electronic health records in solo or small group practices". Health Affairs. 24 (5): 1127–37. doi:10.1377/hlthaff.24.5.1127. PMID 16162555.
- Wang SJ, Middleton B, Prosser LA, Bardon CG, Spurr CD, Carchidi PJ, Kittler AF, Goldszer RC, Fairchild DG, Sussman AJ, Kuperman GJ, Bates DW (April 2003). "A cost-benefit analysis of electronic medical records in primary care". The American Journal of Medicine. 114 (5): 397–403. doi:10.1016/S0002-9343(03)00057-3. PMID 12714130.
- "A State Policy Approach: Promoting Health Information Technology in California". California Legislative Analyst Office. February 2007.
- Parish C (2006). "Edging towards a brave new IT world". Nursing Standard. Royal College of Nursing. 20 (27): 15–6. PMID 16566331.
- "NDAA Image Exchange". United States Department of Veterans Affairs. 3 March 2009. Archived from the original on 24 October 2009. Retrieved 4 March 2010.
- "CHDR". United States Department of Veterans Affairs. 3 March 2009. Archived from the original on 24 October 2009. Retrieved 4 March 2010.
- "LDSI". United States Department of Veterans Affairs. 3 March 2009. Archived from the original on 24 October 2009. Retrieved 4 March 2010.
- Traynor K (November 2008). "National health information network passes live test". American Journal of Health-System Pharmacy. 65 (22): 2086–7. doi:10.2146/news080090. PMID 18997131.
- Mearian L (6 January 2010). "VA, Kaiser Permanente launch e-health records exchange". Computerworld. Framingham, MA. ISSN 0010-4841. Retrieved 31 October 2011.
- "What is CONNECT?". CONNECT Community Portal. U.S. Department of Health and Human Services. Retrieved 4 March 2010.
- "Federal Health Architecture" (PDF). Federal Health Architecture. healthit.gov. Retrieved June 27, 2016.
- "Rural Practice Redesigns Care Processes To Allow Multidisciplinary Teams To Leverage Electronic Health Record, Leading to Better Screening of Medically Underserved". Agency for Healthcare Research and Quality. 2013-05-22. Retrieved 22 May 2013.
- Gill, M. (2007) Attitudes to clinical audit in veterinary practice, Royal Veterinary College elective project, unpublished work
- Carruthers H (2009). "Disease surveillance in small animal practice". In Practice. 31 (7): 356–358. doi:10.1136/inpract.31.7.356.
- "VEctAR (Veterinary Electronic Animal Record) (2010)". Archived from the original on 28 February 2013.
- Brodbelt D, Midleton S, O'Neil D, Sumers J, Church D (2011). "Companion Animal Practice Based Disease Surveilance in the UK" (PDF). Epidemiol. et sante anim. 59–60: 38–40.
- Kartoun U (January 2018). "A Leap from Artificial to Intelligence". Letters to the editor. Communications of the ACM. 61 (1). doi:10.1145/3168260.
- Mendelson D (August 2004). "HealthConnect and the duty of care: a dilemma for medical practitioners". Journal of Law and Medicine. 12 (1): 69–79. PMID 15359551.
- Can Electronic Health Record Systems Transform Health Care?
- Maryland Health Care Commission EHR Product Portfolio is a resource to compare and evaluate EHR products along with information on product vendors.
- Open-Source EHR Systems for Ambulatory Care: A Market Assessment (California HealthCare Foundation, January 2008)
- US Department of Health and Human Services (HHS), Office of the National Coordinator for Health Information Technology (ONC)
- US Department of Health and Human Services (HHS), Agency for Healthcare Research and Quality (AHRQ), National Resource Center for Health Information Technology
- Security Aspects in Electronic Personal Health Record: Data Access and Preservation – a briefing paper at Digital Preservation Europe