A 1930 Medical Record

I was recently in my hometown of New Martinsville visiting my dad, a retired family physician. When I arrived he had waiting for me a copy of one of my grandfather's medical records from the 1930s. My grandfather, Dr. Albert Coffield, practiced rural medicine in Wetzel County, West Virginia from 1911 until his death in 1936.

My dad told me the following story about the medical record.

My dad was a doctor who practiced out of his house on Coffield Ridge in Wetzel County. After my dad died in 1936 our mother sold the household furnishing and his office equipment. I was 12 years old when he died and my older brother was a first year student at West Virginia University. Since my mother wasn't employed she decided to move us to Morgantown where the University was so that my older brother could continue his college education. As a way to continue the family income she rented rooms to college students - many who came to the University from Wetzel County.

Included in the sale of the household and office furnishing was a wooden credenza with metal alphabetized slides. Behind some of the slides were some old medical records that were left in the credenza.

Thirty years later a lady who was a patient of mine brought the wooden credenza to me and told me that she had bought the credenza at the auction of my family's household items in 1936. She told me that she thought I would appreciate having it.

Here are photos of the medical record of a patient from 1934. The medical record format is simple yet complete. It contains all the important demographic and clinical information - including the patient statement, habits, family history, past history, physician examination and diagnosis. On the back is additional space for notes and a drawing of the internal organs that I suspect was meant to be used with the patient for education and instruction. It even has a built in billing record section that even the change:healthcare crowd would love.

What can these photos tell us about the current health care reform debate. Compare these photos of a medical record from 1934 to those that cost .73 cents today. Could today's physician and his or her patient get "meaningful use" out of this record?

A close up of the billing section for the change:healthcare gang.

Visualizing HR 3962: Affordable Health Care for America Act

Below is a visual of the top 500 words used in HR 3962: Affordable Health Care for America Act. Since most people (including many of our representatives in Washington) haven't read all 1,990 pages of the Health Care Reform Bill, I thought a visual aid might be helpful.

I had been thinking of creating the word cloud of the Bill since it was introduced on October 29, 2009, however, yesterday a couple of tweets by Vince Kuraitis caught my eye and I finally got around to creating the HR 3962 Wordle Cloud this morning. Vince's tweets looked into the word count of a couple of key words in the Bill. His tweets:

• @VinceKuraitis "medical home" referenced 67 times in latest House #healthreform leg
• @VinceKuraitis "pilot program" referenced 106 times in latest #healthreform leg -- lots of experimentation

In creating the cloud I was able to look at the use of some other words in the Bill. Here is what I found:

• Privacy referenced 28 times
• Insurance referenced 552 times
• Physician referenced 182 times
• Hospital referenced 330 times
• Consumer referenced 36 times
• Consumer-directed referenced 1 time
• Consumer-oriented referenced 1 time

Click graphic for larger/clearer version. Thanks to Wordle (www.wordle.net) for the cloud.

Federal Advisory Committee Blog (FACA Blog)

The Office of the National Coordinator for Health Information Technology (ONCHIT) has launched a new blog called the Federal Advisory Committee Blog (FACA Blog).

The initial post by Judy Sparrow discusses that the FACA Blog will be uses in a spirit of transparency and collaboration to help open a broader dialogue on the issues before the Health IT Standards Committee and the Health IT Policy Committee. The post also provides some background on the role that Federal Advisory Groups play under the Federal Advisory Committee Act.

The second post by Aneesh Chopra, Federal Chief Technology Officer, spells out the planned process for an open conversation that will take place over the next couple of weeks with various committee members blogging about a variety of topics (Proposed Standards, Interoperability, Vocabularies, Privacy, Security, Quality, Implementation Cases Studies).

The FACA Blog allows individuals to share public comments on each post and has an RSS feed. Great to see ONCHIT using a blog platform to quickly and efficiently distribute information about the ongoing work being done by the committees to further the health information technology efforts under HITECH.

West Virginia H1N1 (Swine) Flu Resource Center

The West Virginia Department of Health and Human Resources (DHHR) unveiled a website for sharing information and updates specific to West Virginia about the H1N1 Flu also known as Swine Flu. The website has information for prevention, schools, businesses, parents and providers.

The new West Virginia H1N1 (Swine) Flu Resource Center can be found at www.wvflu.org. The website also has includes a link to the federal Flu.Gov website with national information.

Please spread the word about the new website (but don't spread the flu).

HIPAA Enforcement Meets HITECH: HIPAA Administrative Simplification: Enforcement Rule

On October 30, 2009, the Secretary of the Department of Health and Human Services (HHS) issued the HIPAA Administrative Simplification: Enforcement Interim Final Rule, 45 CFR Part 160 (74 Federal Register 56123, October 30, 2009).

This new rule was developed and adopted by HHS to conform the enforcement regulations under HIPAA to the revisions made to HIPAA under the Health Information Technology for Economic and Clinical Health Act (HITECH), which was part of the American Recovery and Reinvestment Act of 2009 (ARRA).

The rule amends the HIPAA enforcement regulations to include the imposition of tiered ranges for civil money penalty amounts based upon an increasing culpability associated with the violation. A full chart of the violation categories and related amounts can be found in the rule.

The interim final rule is effective on November 30, 2009. Comments on the rule can be made prior to December 29, 2009.

Congressional Members Concerned About HHS Inclusion of "Harm Standard" In Breach Notification Rule

Members of the U.S. House of Representative submitted an October 1, 2009 letter of concern to Secretary Sebelius and the Department of Health and Human Services (HHS) concerning inclusion of a "harm standard" in the recently released(August 24, 2009) Interim Final Rule - Breach Notification for Unsecured Protected Health Information (45 CFR Part 160 and 164) 74 Fed. Reg. 42740.

HHS in developing the Interim Final Rule interpreted the term "compromises" as meaning that a threshold substantial harm standard should be included when determining whether a breach of data has occurred. However, the Members indicate in their letter that they considered whether a "harm standard" should be a part of the legislation and decided not to include such a standard. The letter urges HHS to revise and repeal the harm standard provisions included in the Interim Final Rule.

The letter was submitted by Rep. Henry Waxman, Rep. Charles Rangel, Rep. John Dingell, Rep. Frank Pallone, Jr., Rep. Pete Stark and Rep. Joe Barton.

Tip to Alan Goldberg, health care attorney and American Health Lawyer Association HIT Listserve Moderator, who posted a copy of the letter.

ARRA - HITECH: Health Care Information Breach Notification Regulations Now In Effect

Have you had a health data security breach? Do you know what a health data breach is? Are you required to notify individuals impacted by the breach? Do you have to notify federal agencies of such breach?

Read on for more information regarding the Office for Civil Right (OCR) and Federal Trade Commission (FTC) regulations requiring health care providers and other health data business vendors to assess and in some cases notify and report health information data breaches under the new federal law created by ARRA-HITECH.

The new regulations went into effect on September 23, 2009 and September 24, 2009, respectively, with a full compliance date of February 22, 2010. Health care providers covered under HIPAA and third party users of health information, including personal health record (PHR) companies and vendors, PHR related entities, health 2.0 companies and other third party health data service providers, should examine the regulations and understand the impact on their business.

The regulations require entities to develop internal compliance processes to act upon and advise individuals of data breaches that pose a significant risk of financial, reputational or other harm to the affected individual. The OCR regulations apply mainly to covered entities and business associates under HIPAA and the FTC regulations apply mainly to PHR vendors and PHR related entities. The regulations define a "breach" and set forth the time frames and scope of notification required. The regulations require the tracking and reporting of such data breaches to OCR and FTC. Also, OCR has published separate guidance specifying the technology and methods that will render health information unusable, unreadable and undecipherable as defined under ARRA-HITECH.

OCR has provided a summary of the breach notification rule on its website. OCR has also published instructions for reporting breaches to the HHS Secretary. The instructions include details for reporting "Breaches Affecting 500 or More Individuals" and "Breaches Affecting Fewer than 500 Individuals." OCR will also maintain a list of reported breaches that impact 500 or more individuals. The FTC also has a section on its website providing information on its health breach notification rule.

Below are links to the full regulation text:

• OCR Interim Final Rule - Breach Notification for Unsecured Protected Health Information (45 CFR Part 160 and 164) 74 Fed. Reg. 42740 (Aug 24, 2009).
  

• OCR Guidance Specifying the Technologies and Methodologies That Render Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals for Purposes of the Breach Notification Requirements Under Section 13402 of Title XIII (Health Information Technology for Economic and Clinical Health Act) of the American Recovery and Reinvestment Act of 2009; Request for Information 74 Fed. Reg. 19006 (April 27, 2009).
  

• Federal Trade Commission: Health Breach Notification Rule: Final Rule -- Issued Pursuant to the American Recovery and Reinvestment Act of 2009 -- Requiring Vendors of Personal Health Records and Related Entities To Notify Consumers When the Security of Their Individually Identifiable Health Information Has Been Breached (16 CFR Part 318) 74 Fed. Reg. 42962 (Aug 25, 2009). The FTC has also issued a Breach Notification Form.

UPDATE (July 29, 2010):

Today the OCR/HHS issued a statement that the OCR Interim Final Rule listed above and published on August 24, 2010, is being withdrawn from the Office of Management and Budget (OMB). The full notice published on the OCR website states:

Breach Notification Final Rule Update

The Interim Final Rule for Breach Notification for Unsecured Protected Health Information, issued pursuant to the Health Information Technology for Economic and Clinical Health (HITECH) Act, was published in the Federal Register on August 24, 2009, and became effective on September 23, 2009. During the 60-day public comment period on the Interim Final Rule, HHS received approximately 120 comments.

HHS reviewed the public comment on the interim rule and developed a final rule, which was submitted to the Office of Management and Budget (OMB) for Executive Order 12866 regulatory review on May 14, 2010. At this time, however, HHS is withdrawing the breach notification final rule from OMB review to allow for further consideration, given the Department’s experience to date in administering the regulations. This is a complex issue and the Administration is committed to ensuring that individuals’ health information is secured to the extent possible to avoid unauthorized uses and disclosures, and that individuals are appropriately notified when incidents do occur. We intend to publish a final rule in the Federal Register in the coming months.