Ensuring that an EHR system properly safeguards adult patient information is made easier by the fact that the vast majority EHR vendors and products are tailored to these kinds of patients. The same cannot be said of specialists such as pediatricians whose patient population presents unique challenges for providers wanting to engage their patients meaningfully while doing so confidentiality.
According to Brock Morris, CIO of Pediatrics Associates in Washington State, this disparity has real consequences for the health IT systems and services his organization is able and willing to implement.
“Unfortunately, because pediatrics is oftentimes not a focus when it comes to content, innovation, features, enhancements to both EHRs and the other technologies that are coming out,” he explains, “we pretty frequently have to choose not to implement something because it can’t get us that security that we need.”
Morris is optimistic that new opportunities in pediatric EHR and health IT will become available as the interest in and demand for these tailored products and services grows. Morris and his group are heavily involved with the Model Children’s EHR Format, a project spearheaded by the Agency for Healthcare Research and Quality that aims to fill in the system gaps and be better suited to pediatric care. “We’re trying to drive it wherever we can,” he observes.
Much of the challenge of safeguarding pediatric patient health information is the result of the legal stipulations that come into play as soon as children reach their early teenage years. “One of the biggest concerns is confidentiality. At the age of 12 or 13 for reproductive health, there’s a whole series of rules that come into play for full confidentiality where we cannot share information,” reveals Morris.
For Morris and Pediatrics Associates, appointment reminders are a perfect example of how these rules impact a pediatric organization’s strategy for adding features to its EHR and health IT systems. As an example of what these rules mean:
We can’t open up our appointment reminders to all appointment types because if it ends up that a patient calls and wants to make a confidential appointment, we can’t send the automated reminder to the parents’ email address or phone number. So we’ve had to do without sending reminders for those appointment types. We had to make strategic changes and plans around not doing it because the functionality doesn’t exist in the product and we’ve tried to work closely with the vendors to make sure they incorporate that.
In some instances, it’s possible to configure workarounds that at the very least extend something like appointment reminders to a subset of patients. “Sometimes it means that we have to unfortunately not adopt or implement or try to come up with a way around or only do it for a certain segment of our patient population — we’re only going to do 11 and under to make sure we don’t cross any of those boundaries,” says Morris.
More important is educating providers and patients about the privacy and security ramifications for choosing to implement or avoid implementing seemingly basic features and justifying those business decisions.
“On the other side, it’s making sure to just communicate with the patients,” continues Morris. “We talk to our doctors a lot about reassuring patients that the electronic health record is secure, that it’s held in a secure, encrypted format, that the devices that they use are secure. We actually publish our EHR through Citrix so from a technology standpoint none of the data is held on the mobile device.” Source