Application Programming Interfaces are system of tools and resources in an operating system that enable developers to create software applications. So-called “open APIs“ – where specifications are available for outside programmers to build upon – are considered important for the growth of interoperable health information technology and new innovations.
A blockchain is most commonly associated with digital currency such as Bitcoin. Blockchain is a data structure that can be timed-stamped and signed using a private key to prevent tampering. Some view blockchain as an important development in health IT to combat cybersecurity threats and advance the free and secure exchange of health information.
Certified Health IT
Certified health IT included any products, programs or systems that meet standards set by the federal government on their security, privacy, usability and interoperability. The Office of the National Coordinator for Health Information Technology (ONC), a division of the U.S. Health and Human Services Department (HHS) oversees health IT certification. Certified health IT participation is voluntary but providers are required to use certified health IT products and systems to participate in Meaningful Use and other federal electronic health record adoption programs.
Computerized physician order entry (CPOE)
Computerized physician order entry is the process of a medical professional entering medication orders or other instructions electronically rather than on paper. Quality improvement groups have championed CPOE because it ensures legibility of the order, and also CPOE systems can be combined with clinical decision support (CDS) programs that give real-time feedback and guidance on medication contradictions and errors. An estimated 90 percent of medication errors occur during manual ordering and transcribing. Recent reports suggest, however, that CPOE is not a panacea and can fail to catch medication errors.
Electronic health record (EHR)
An electronic health record (EHR) is a digital record of a patient's medical information and health history. EHRs aim to be real-time records that reflect the most up-to-date information about each patient, as well as providing a comprehensive health history. An EHR is supposed to be instantly available in a secure format to all providers authorized to access it. An EHR can include: inpatient stays, outpatient visits, operations, diagnoses, allergies, lab test results, radiology images, prescribed medications and immunizations. EHRs also allow access to evidence-based databases and other tools to help providers make care decisions. EHRs automate and streamline workflow and populate online databases about a community's health, including disease registries and immunization rates. EHRs should be portable across facilities, providers and state lines, and they should be shared to help physicians and public health officials better care for individual patients and for whole populations. Ideally, patients should be able to access their EHRs. EHRs at this stage are fulfilling some of their initial promises, but many providers complain of having to spend too much time imputing information into EHRs. And patient groups have said that patients' access to their own records is lacking. Privacy breeches of celebrity EHRs have resulted in fines, penalties and new laws in recent years. And the sharing of EHRs across health systems and even between departments within systems has been hampered by lack of interoperability of various EHR platforms.
Electronic medical record (EMR)
An electronic medical record (EMR) contains standard medical and clinical information at one provider's office, basically an electronic medical chart. By contrast, an electronic health record (EHR) contains a more complete patient history and is considered more flexible, portable and with a richer data source for use in population health management. Most providers prefer to refer to their electronic patient record systems these days as EHRs, not EMRs.
Health informatics is the interdisciplinary study of the design, development, adoption and application of IT-based innovations in health care services delivery, management and planning. Informatics can include human interface design, data mining, cognitive sciences, decision support, databases and algorithms. Health informatics professionals typically have backgrounds in both computer and biomedical sciences.
Health information exchange (HIE)
Health information exchange is the action of sharing relevant health information electronically among trusted clinical partners regardless of physical location. The information sharing can be about a single patient to enhance the care of that patient. Or, the information can be about a group of patients for the purposes of public health tracking and improvement. For providers who have already adopted electronic health records (EHRs), HIE enables them to share EHRs and “talk“ to one another over a secure network that protects patient privacy and data integrity. However, HIE can happen with paper records as well. HIE can help with a broad array of care quality and provider workflow concerns, including referrals and discharges; lab and radiology orders and results; redundant testing; medication management; analytics and reporting to health agencies; chronic disease management; and paperwork. HIE can also help patient engagement and patient satisfaction. The federal meaningful use program incorporates HIE, requiring providers to engage in some HIE as part of Stage 2 certification. Stage 3 of meaningful use requires even more robust HIE capabilities.
On Oct. 1, 2015, the federal government required providers in clinical settings to transition from ICD-9 to ICD-10 codes. ICD is short for International Classification of Diseases and the '10' means it's the tenth revision of those classifications. This is important because these codes classify procedures, diseases, injuries and encounters in health care settings. They determine how much providers get paid for each patient encounter, and they also help track incidence of conditions (such as cancer and sepsis) at health facilities. The ICD-9 codes were more than 30 years old. Considering all the advances in medicine in the past three decades, the ICD-9 codes had become outdated. There are 68,000 ICD-10 codes (vs. 14,000 ICD-9 codes), and the code format has been extended, providing more specific information on the patient’s diagnosis. The switch to ICD-10 aims to provide better data on health care utilization and patient care quality. Beginning Oct. 1, 2016, the Centers for Medicare and Medicaid Services will require provider claims to be more specific in terms of ICD-10 codes in order for providers to get paid.
Information blocking happens when someone willingly or knowingly interferes or “blocks“ the exchange and use of electronic health information. The federal government and Congress believe information blocking exists and is taking steps to penalize offenders. Some in the private sector have disputed that this is a widespread or even marginal problem.
Interoperability describes the extent to which systems and devices can exchange data, and interpret that shared data. For systems to be interoperable, they must be able to exchange data and subsequently present that data so it is understood by users. Interoperability is a word thrown around a lot these days and it's super important because without it, health information will be “siloed“ or potentially walled off from being usable and meaningful to providers and patients. In an era where improved coordinated care is becoming more important, interoperability will play a leading role. In October 2015, the U.S. Office of the Coordinator for Health IT (ONC), released its first roadmap on interoperability. The roadmap sets out timeframes to achieve interoperability, which can be extremely helpful to understand where local health providers fall in terms of interoperability. HIMSS wrote up a nice synopsis of the roadmap.
Medicare Access and CHIP Reauthorization Act (MACRA)
The Medicare Access and CHIP Reauthorization Act was signed the law on April 16, 2015. MACRA does four important things: Repeals the flawed sustainable growth rate (SGR) methodology for determining updates to the Medicare physician fee schedule (known as the 'doc fix'); creates a framework that ties physician payments to quality achievements; consolidates existing Medicare physician quality programs, including Meaningful Use (MU) of electronic health records; and establishes a pathway for physicians to participate in Alternative Payment Models (APMs). MACRA provisions are scheduled to go into effect on January 1, 2019. Read more about MACRA on this tip sheet.
Meaningful use (MU)
This is a term the federal Centers for Medicare & Medicaid Services (CMS) uses to describe the optimal use of electronic health record (EHR) systems. The CMS says that certified EHRs should be used to reduce health disparities and improve quality, safety, and efficiency; to engage patients and family; to improve population health, public health, and care coordination; and to maintain privacy and security of patient health information. Under meaningful use, the CMS has been paying physicians and hospitals to adopt, implement, upgrade, or demonstrate meaningful use of certified EHRs. Physicians and hospitals receive incentive payments to move from paper records to secure EHRs. The meaningful use program is designed to support physicians and hospitals in installing certified EHR systems in three stages. Stage 1 was in 2011-12 and involved data capture and sharing; stage 2 was in 2014 and was designed to improve clinical processes; and stage 3 is in 2016, when meaningful use aims to help providers improve patient and population health outcomes.
Meaningful use has come under fire from various interest groups, including physicians and hospitals, for being too rigid and requiring too much too quickly. For instance, the American Hospital Association in March 2016 asked the CMS to certify hospitals that have achieved 70 percent of meaningful use requirements as having completed the program. In January 2016, CMS Acting Administrator Andy Slavitt said 2016 would likely mark the end of the meaningful use program.
Mobile health (mhealth)
Mobile health, or mhealth, is health services supported by mobile devices. The emergence of low-cost smartphones and tablets and the proliferation of health-related apps (over 165,000 to date) caused in the explosion of the mhealth sector in just the past few years. Some projections have the sector reaching $50 billion or more by 2020. Mhealth is based on the premise of 'care anywhere' and can include consumer health information, diagnostics, fitness support, remote patient monitoring, video services and text messaging. In February 2015, the Food and Drug Administration (FDA) issued final guidance on mobile health apps. The upshot was that the FDA said most mobile health apps will not be subject to FDA regulations. In April 2016, the Federal Trade Commission (FTC) released a handy interactive tool to guide health app developers on regulations that might apply to their products. These include federal consumer and patient privacy laws.
A “lure” that entices an unwitting user to grant a thief remote access to proprietary data. For instance, a victim will click on a link in an email from someone they think is a trusted source, opening an access door to their computer. Phishing is a way for criminals to infect a computer with ransomware.
Predictive analytics is the branch of advanced analytics, and is used to make predictions about future events. Predictive analytics applies data mining, statistics, modeling, machine learning and artificial intelligence to analyze available data to make predictions about future. Predictive analytics can be a tool in population health management to intervene in patient health to improve outcomes.
Any unauthorized break-in of a computer system from a remote source.
A type of malware (malicious software) that attempts to deny access to the user’s own data, by encrypting the data with a key that won't unlock until a ransom is paid. Ransoms are usually paid in an untraceable cryptocurrency such as Bitcoin.
Incidents where staff at hospitals access someone’s medical records without authorization or being directly involved in the patient’s care. High-profile incidents involving celebrities have led to hospital fines.
Telehealth is the delivery of health services and information remotely, using telecommunications technologies. Telehealth is a broad and expanding field, and the term 'telehealth' seems to be usurping 'telemedicine' to describe it. Generally, telehealth facilitates the diagnosis, treatment, education, monitoring and management of a patient's care while the patient is in one location and the provider is at another site. Telehealth can also mean collaboration between providers in different physical locations to diagnose and treat a patient. Today, there are four common modes of telehealth: 1) Live video interaction; 2) Store-and-forward, where information is sent, usually via secure email, and the provider reviews the information at a later time; 3) remote patient monitoring, where personal health information or data is collected at one site, typically at home, and that information is transmitted and stored to guide care decisions; 4) mobile health (mhealth), which means health care supported by mobile devices and mobile applications. All of these modes are fast converging as companies and providers seek to offer on-demand access to health services via smartphones.
Theft and loss
This includes stolen laptops and lost thumb drives containing patient information that is not encrypted or otherwise secured.
This is information that is not easily organized and often in disperse locations. An example of unstructured data is physician notes in the EHR. Other unstructured data includes information collected from wearable devices, remote monitoring systems, social media, sensors, patient reports and images such as X-rays.
The terms “wearables,” “wearable technology” and “wearable devices“ refer to electronic technologies that are worn on the body or clothing to perform computing tasks. Generally, wearables are able to store and transmit data, and information can be accessed in real-time.