The funds are part of the $2 billion allotted to HHS’s Health Resources and Services Administration (HRSA) under the American Recovery and Reinvestment Act to expand healthcare services to low-income and uninsured individuals.

The $27.8 million will be used to expand and upgrade health IT systems, including electronic health records, and are related to other ARRA efforts to promote the adoption and use of health IT throughout healthcare.

Eighteen grants totaling more than $22.6 million will support EHR implementations. Grants totaling more than $2.6 million will help four grantees implement other health IT-related projects, including creation of health information exchange networks. Another five grants totaling more than $2.5 million will help health centers use existing EHRs to improve patient health outcomes.

HRSA-supported health centers treated 17 million patients in 2008, 40 percent of whom have no health insurance, according to HHS.

A list of grant recipients is available through the above link. More on ARRA provisions for community health centers is available through the HHS.gov/Recovery site.

The first applications from aspiring health IT resource centers are due in two weeks—September 8. The Office of the National Coordinator for Health Information Technology will award grants in two additional cycles with initial deadlines in December and June. ONC announced the deadlines in a press event last week.

Program details and the full application schedule appears in the funding opportunity announcement on the Health and Human Services health IT Web site. Applications will be screened in two phases. Successful preliminary applicants will be requested to submit a full application for merit review.

The centers are part of the HITECH Act in the American Recovery and Reinvestment Act (ARRA). ONC released a draft plan for public comment in late May.

The regional centers will furnish education, outreach, and technical assistance to help providers select, successfully implement, and meaningfully use certified EHR technology.  They will also help providers achieve, through appropriate available infrastructures, exchange of health information in compliance with applicable statutory and regulatory requirements, and patient preferences.

ONC expects to establish 70 or more centers supporting 100,000 primary care providers. Each center will serve a defined geographic area.

In addition to the summary report, the seven subgroups that comprise the collaboration are presenting their work through free webinars on Tuesdays and Thursdays this month. The sessions focus on the tools and processes developed by each group, as well as how individual, local, regional, and state-level stakeholders can use them.

Formed in 2006, the Health Information Security and Privacy Collaboration was charged with studying privacy and security issues associated with interstate electronic health information exchange. It is managed by RTI International under a contract with the Department of Health and Human Services. The third phase, scheduled to end in April, received a last-minute extension through July. RTI will add an addendum to the recent report to describe the work of the extension.

Material from all three phases of the HISPC project—including documents, tools, reports, and products—are available through Health and Human Services.

Exactly how HISPC’s body of work will live on, and how directly it is promoted, is unclear given the changes in HHS personnel and programming brought about by the new presidential administration and the American Recovery and Reinvestment Act. However, ARRA’s goal to promote the secure, widespread exchange of electronic health records certainly relies on overcoming the barriers to health data exchange between states that HISPC identified and worked toward resolving.

The extension program is called for under the HITECH Act in ARRA, the American Recovery and Reinvestment Act. It authorizes creation of a National Health Information Technology Research Center and affiliated regional extension centers to assist providers in selecting and implementing certified electronic health records.

The program also will assist providers in becoming “meaningful users” of the systems, a prerequisite to receiving bonus Medicare and Medicaid payments under a separate ARRA provision.

The extension program is to give preference to providers serving uninsured, underinsured, underserved, and special-needs populations.

The HITECH Act also calls for the regional centers to participate “to the extent practicable” in health information exchanges and to integrate health IT into the initial and ongoing training of health professionals and others in the industry. They will be encouraged to seek broad industry, academic, and state government participation and use federal expertise where appropriate.

ONC proposes that the regional extension centers will form a consortium coordinated and facilitated by the research center. The research center’s primary function will be to produce best practices, and the regional centers will be responsible for disseminating them.

The draft proposes that the regional centers’ key service will be on-site assistance, with an established minimum level of service that would include unbiased information on appropriate exchange of health information and information on integrating health IT into practice workflow.

HITECH specifies that the regional centers will be organizations “affiliated with any United States-based nonprofit organization, or group thereof.” ONC’s proposal includes draft required criteria as well as its own preferred criteria, which include “multi-stakeholder collaborations that leverage local resources,” as well as applicants that identify viable matching funds.

ONC is proposing two-year awards based on the size of the population served. It expects awards to range $1-2 million per year, with a maximum of $10 million.

ONC anticipates that applicants will require 2 months or more to prepare their proposals. It expects to make awards as early as the first quarter of 2010 and continue through that year. The timing is intended to enable the centers to help providers be eligible for the bonus payments in 2011 (hospitals) and 2012 (physicians), when the incentives are greatest.

HIPAA has sharper teeth and a wider net due to the American Recovery and Reinvestment Act of 2009 (ARRA).  A section of ARRA called The Health Information Technology for Economic and Clinical Health Act (HITECH Act) is the healthcare portion of the stimulus package that provides $19 billion for health information technology and the Federal financial commitment which supports and promotes the adoption of electronic health records (EHRs) by 2014.  Some of the perceived weaknesses in HIPAA’s privacy and security regulations will be rectified by ARRA, dubbed “HIPAA II.”

There has been much discussion around the privacy and security issues of shared data.   Before the stimulus package, health information exchanges (HIE) were not directly regulated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The new legislation is loaded with requirements, new enforcement provisions and penalties for covered entities, business associates, vendors and others.

The legislation expands HIPAA’s net to include employees of covered entities and to individual or corporate persons that perform any function or activity involving the use or disclosure of protected health information  (PHI)  on behalf of a covered entity such as “business associates.” HIPAA defines covered entities as “health care providers that conduct certain electronic transactions, health care clearinghouses, and health plans.”

Business associates will be required to implement the same security safeguards and restrictions on uses and disclosures, to protect individually identifiable health information. It also subjects business associates to the same potential civil and criminal liability for breaches as covered entities. All business associate agreements will have to be amended to reflect these changes.  To ensure compliance the Secretary of HHS is required to conduct periodic compliance audits of business associates as well as covered entities.

The HITECH Act is meant to increase the momentum of the development and implementation of the EHR by 2014.  HHS is allocated $2 billion for the Office of the National Coordinator for Health Information Technology.  ARRA has also expanded the duties and authority of this office.  The national coordinator is responsible for:

• the coordinating development and implementation of HIT standards,
• strategic planning, including the electronic exchange of health information,
• certification of HIT as meeting standards,
• assessment of disparities in the use of HIT,
  evaluate benefits and costs of the use of EHR, and
• development and updating of EHR technology.

Timelines for the privacy provisions, regulations, and guidance under HITECH Act are listed in the linked table.

The act represents commitment by the federal government to bolster the healthcare industry, particularly in the adoption of EHRs.  At the same time, the lawmakers have put teeth into the enforcement of laws and regulations governing the privacy and security of personal health information.  

The act does not change state law preemption, and covered entities and business associates will continue to have to comply with federal privacy and security standards as well as more restrictive state law requirements.

References

“American Recovery and Reinvestment Act of 2009 — An Analysis.” LexisNexis Emerging Issues Analysis, 2009.

H.R. 1, American Recovery and Reinvestment Act of 2009.

Mills, Tom, and Marion Kristal Goldberg. “The Stimulus Bill’s Effect on the Health Care Industry.” Winston & Strawn, LLP Healthcare Practice Briefing, 2009.

Steinbrook, Robert. “Health Care and the American Recovery and Reinvestment Act.” New England Journal of Medicine, March 12, 2009.

Under HISPC, 42 US states and territories have worked to identify and solve privacy and security barriers to health information exchange (HIE). Formed in 2006, HISPC organized into seven multistate collaboratives in its most recent phase, each focused on a specific issue such as interstate disclosure and patient consent requirements or consumer education.

Currently in its third and final phase, HISPC was originally scheduled to wrap up its work at a March national conference in which the seven collaboratives demonstrated their deliverables. But the no-cost extension that begins today will allow the groups more time to complete, test, and implement their work, according to Linda Dimitropoulos, PhD, the director of the health services program at RTI International and project manager for HISPC. RTI, based in Chicago, was contracted by ONC to run HISPC.

The extension was welcomed by HISPC participants as a way to keep their momentum going. The work of discovery and consensus-building takes time, Dimitropoulos said, and the groups “have been pressed; the schedules have been so aggressive that this gave them a little breathing room to actually finalize their work in a way that they can be really happy and proud of.”

The HISPC phase 3 Challenge and Innovation Stage will last until July 31. During the extension, all seven collaboratives will use the tools developed by the Consumer Education and Engagement and Provider Education Collaboratives to conduct outreach and education on HIE health information exchange issues with consumers and providers in HISPC states.

A Window to Keep the Work Going

In phase 3, the Inter-Organizational Agreements Collaborative developed a standardized legal agreement that promotes the interstate exchange of public health data such as immunization records. The group will use the extension to lobby additional states to adopt the form and begin exchanging limited data.

Public health data exchange is already taking place between several state health departments through the collaborative’s work. The group will also continue to increase the number of private organizations exchanging health data with other private entities, another of its initiatives.

The Provider Education Collaborative initially focused its HIE education outreach to primary care physicians. During the extension, the collaborative will adapt its materials for specialty physicians and reach out to those groups, Dimitropoulos said.

As of now, HISPC will end following the completion of the phase 3 extension. An additional year of work was built into the original contract, but ONC has opted not to renew the project, Dimitropoulos said. Given the leadership change occurring at both Health and Human Services and ONC, including the recent appointment of new ONC head David Blumenthal, healthcare experts have said ONC officials are waiting to finalize any initiatives until the new administration’s priorities and goals are established.

RTI plans to release its HISPC wrap-up report this summer in the form of an “action and implementation” manual, which will detail the findings, tools, and deliverables. RTI will add an addendum describing the work done during the extension.

A feature in the upcoming May issue of the Journal offers a look at the ambitious three-year HISPC project and details select work from its most recent phase.

Health record banks centrally store copies of consumer’s health records, which providers “deposit” into the accounts. Consumers control which providers can contribute information and which providers and individuals can view their records.

This model of health information exchange, where many providers send patient information to one central location, is seen as an alternative to the many-to-many exchange model, where several organizations directly exchange copies of patient’s records. If the pilot project is successful, Washington State hopes to show by example that health record banks are the ideal model for nationwide information exchange, says Juan Alaniz, health record bank pilot project manager for HCA.

Advocates for the health record banks agree that the pilot is an important demonstration of the model. William Yasnoff, MD, PhD, is managing partner of National Health Information Infrastructure Advisors and CEO of the Health Record Banking Alliance. “As the first operational health record bank, the Washington State pilots represent an important step in demonstrating how this approach addresses the key challenges of making comprehensive electronic medical records available at any point of care,” he says.

A main goal of the pilot is to show that health information can get into the hands of patients and providers, Alaniz says, which will reduce redundant medical procedures and costs and improve the quality and safety of care provided. “By having this information available, I think that we are arming consumers with valuable information they can use in a timely basis,” he says.

Three Pilot Sites

The Washington State pilot is the first large-scale testing of the health record bank model. The test contains three projects across the state, which will target 18,000 participants who have specialized healthcare needs such as chronic-illness patients, families with children, and caregivers.

The banks are managed by local community healthcare facilities, which identified and recruited patients to take part in the pilot, Alaniz says. The state contributed $1.7 million to the pilot, with participant healthcare communities also pitching in funds.

The three pilot sites are in the following locales:

• Bellingham, with St. Joseph Hospital Foundation and the Critical Junctures Institute
• Cashmere, with Community Choice Healthcare Network
• Spokane, with Inland Northwest Health Services.

“High Value” Data

Participating providers will begin by loading five types of “high value” data into consumers’ health record banks: medication history, immunization records, allergy information, family history, and a health status synopsis. 

The pilot will end in July, when a preliminary results analysis will be conducted, Alaniz says. The project will test the financial sustainability of the banks, their ability to provide public health data, and how the banks should be organized and governed.

But most importantly, the pilot is meant to see if consumers and providers find health record banks valuable and would sign up for a fully-integrated, statewide health record banking system. “If it is of no value to consumers or providers, then we certainly don’t want to do this,” Alaniz says.

At the end of the pilot, the health record banks will continue to operate if funding can be secured. The goal is to have the banks financially self-sustainable by 2011. 

Private Infrastructure

The pilot banks run PHR programs from Microsoft Health Vault and Google Health. Each site chose between the two programs, which Alaniz describes as PHRs “on steroids.” When data are uploaded into the bank, the information is automatically organized in specialized ways useful to patients and providers.

Having private companies provide the infrastructure saved HCA the cost of developing its own software. In addition, the banks benefit from the companies’ work to make the interfaces consumer friendly, says Alaniz. If the health record bank project was to advance, Alaniz says banks would have their choice between using existing products and developing platforms from scratch.

Prior to the pilot, it was unclear who would build or provide the technical infrastructure for health record banks. The choice of Google and Microsoft isn’t surprising, says Yasnoff—the majority of health information infrastructures are built and operated from systems developed by private firms. Each of the health record bank pilots is governed by the local community, which he says will provide a watchful eye on how the records are managed.

Public Results

Washington State officials plan to share the information they obtain from the pilots with interested parties. HCA has already talked with Oregon and New York state officials about sharing pilot data. Other communities including Louisville, KY, Ocala, FL, and Kansas City, MO, are also interested in pursuing health record banks, Yasnoff says.

The pilots are only the “test and learn” phase of building a state-wide health record bank system, which officials hope to launch in 2012, Alaniz says. If the results of the pilot support moving forward, the project will begin implementing lessons learned and develop the basic bank infrastructure.

Users may now share their health profiles with others, such as doctors and family. Account owners grant access to others via e-mail addresses. Viewers cannot edit or share a profile. Account owners control how much of the profile others see, another change.

Google’s list of partners continues to grow. Partners are primarily national pharmacy chains that can feed medication information into Google Health accounts. However, patients of the Cleveland Clinic and Beth Israel Deaconess Medical Center can import their records through those facilities’ patient portals.

AHIMA’s library contains additional related guidance on redisclosure. Look for these practice briefs:

• “Defining and Disclosing the Designated Record Set and the Legal Health Record”
• “Notice of Privacy Practices”
• “Patient Access and Amendment to Health Records (Updated)”
• “Understanding the Minimum Necessary Standard (Updated)”

The Center for Information Technology Leadership (CITL), a nonprofit IT research center based at Partners HealthCare System in Boston, offers the projections in the study “The Value of Personal Health Records.” The study describes an evidence-based model that estimates the industry costs and benefits of four different PHR architectures. The study is the first of its kind to examine the different PHR architectures and show their direct cost savings to healthcare providers and payers, CITL officials say.

PHRs provide patients with greater access to their health information and, depending on the individual product, give them an opportunity to add their own information. Many PHRs put patients in control of who can access their records, allowing them to share their information with providers, payers, and caregivers.

A PHR is different from a provider or payer’s record, which the organization controls for business and legal purposes. PHRs have the potential to improve care by sharing patient information among authorized providers. They can also increase a consumer’s awareness of his or her health and help in making informed health decisions.

Savings Vary by Type

Blackford Middleton, MD, MPH, MSs, is chairman of CITL and director of clinical informatics research and development for Partners Healthcare. He says that CITL believes electronic health record systems—implemented and maintained by providers—are a part of improving care and lowering cost; however, “we believe that the PHR is perhaps an equally important or maybe even more important part of the solution as well.”

Published November 12 and presented at the American Medical Informatics Association annual symposium, the CITL cost-benefit model assumes 80 percent of the US population actively uses one of four emerging PHR architectures: payer-tethered PHRs, provider-tethered PHRs, third-party PHRs, and interoperable PHRs. A panel of healthcare experts organized by CITL synthesized hundreds of articles on healthcare and PHRs to build the model.

Provider-tethered PHRs are tied to a healthcare organization’s internal record system. Payer-tethered systems are tied to a given payer’s system. Consumers use third-party PHRs to aggregate data from different, unconnected sources.

Interoperable PHRs represent a “future type” of record “populated with data from all regional data sources via standards-based automated data exchange. The connections with these sources would create a record that is more complete than any individual repository (e.g., [electronic health records], other PHRs, payer claims databases),” according to the report.

While the implementation and steady use of each of the four PHR architectures would result in vast cost savings, some architectures produce greater savings than others, according to the study.

The model projects that mass use of the interoperable PHR architecture could lead to the highest savings by streamlining healthcare operations and decreasing administrative and clinical costs, such as preventing duplicate medical tests and reducing adverse drug interactions.

The projected annual savings by model are:

• Interoperable PHRs: $21 billion
• Third-party PHR: $16 billion
• Provider-tethered PHR: up to $14 billion 
• Payer-tethered PHR: $13 billion

Highlighting the Value of Data Sharing

The  model assumes that PHRs in each category have certain functionality, including the ability to share test results and medication information. Other, more specialized functions include electronic appointment scheduling and e-visits. Middleton hopes the study will help policy makers and the general healthcare industry understand which PHR models can best improve healthcare and reduce costs.

“The PHR architecture and what data is accessible—and to what degree data is interoperable—that really defines the value of a PHR,” Middleton says. “Our intent is to model a what-if scenario; [for example,] what if everyone had a provider-tethered PHR or an interoperable PHR. And the goal is then to highlight the differences so that we can inform policy makers and the industry about what is valuable.”

Though interoperable PHRs presents the highest potential savings in cost, they are still a work in progress. But CITL’s cost-benefit model indicates that PHR development should lean toward an interoperable architecture, Middleton says. Interoperable PHRs act as a hub for patient information, connecting multiple payers and providers to each other through a patient-controlled record.

While PHR use does offer savings, establishing the products and the networks takes money. The cost-benefit model also adjusts to reflect the savings after deducting the cost of implementing each PHR architecture. Providing interoperable PHRs for 80 percent of the US population could cost an estimated $3.7 billion to acquire and $1.9 billion annually to maintain, the study estimates. After cost, and based on a 10-year roll-out of infrastructure, the interoperable PHR could still save $19 billion annually in healthcare costs.

CITL hopes several things come as the result of this model, Middleton says. Third-party PHR companies like Google Health and Microsoft HealthVault can use the study to recognize the value of standards that will make their products more interoperable. Providers and payers can recognize the value of PHRs and pledge their support for PHR adoption. Finally, policymakers can recognize the value of PHRs and address issues that will allow nationwide health IT adoption, Middleton says.