The move to electronic medical records presents challenges, but technology solutions offer a range of options for health practitioners, reports Greg Masters.
When the North Carolina Cancer Hospital (NCCH) opened its doors in August 2009, Michael Young was keenly aware that the protection of patient information was going to be an ongoing task.
Young, director of telemedicine at the Lineberger Comprehensive Cancer Center, the research arm of NCCH, each housed on the south end of the campus of the University of North Carolina at Chapel Hill, was instrumental in developing a high-definition video-conferencing system for the facility. Using primarily a Tandberg video-conferencing setup transmitted over IP, the system connects virtual rooms among the multidisciplinary groups at NCCH and other facilities for consultation and education purposes.
But while the technology succeeded in connecting the various units, Young's next challenge was meeting federal compliance requirements. This meant figuring out how to move data from the brand new, 315,000-square-foot, $180 million, state-of-the-art facility while making sure patient information is stripped out. This was achieved using Video Control System (VCS), a technology solution that keeps the video secure. Video data comes in before a firewall, where a series of functions encrypts the file. Using Covescent, a secure web application that allows a remote site to be put on a web portal, the file is then directed to the security team who opens the record and make sure it contains no personally identifiable information (PII). It is then passed on to a team of doctors who review and discuss the medical condition and treatment options of a patient.
"We have a secure PACS [picture and archiving communications server]," says Young (left). This sends data via a Digital Imaging and Communications in Medicine (DICOM) standard – a secure jpeg file with information about the patient in headers – without touching electronic medical records (EMR) at the site or hospital.
“These high-definition video-conferencing capabilities allow teams of UNC specialists from various disciplines to talk with physicians across the state in real time, so that we can collaborate with them to develop the best, individualized treatment plans for each patient – an approach that has been shown to improve patient care,” says Richard Goldberg, NCCH's physician-in-chief, as well as chief of the division of hematology and oncology at UNC-Chapel Hill School of Medicine.
In addition to the videoconferencing capabilities, the hospital also uses a password-protected, electronic medical records (EMR) system, says Goldberg (right). The EMR does practice management and lets people tie records together. It ensures that only credentialed users are accessing the system via a secure VPN connection. It can prove challenging for some to use, but Goldberg says he has found it helpful.
"While adapting to UNC's homegrown EMR, known as WEBCIS, can involve a learning curve for new physicians and staff, I personally find that it is very useful in interactions with patients and for sharing patient information among the medical teams involved in their care," Goldberg says. "For example, at NCCH, we have the EMR terminals in the room. This allows me to call up a patient's scans and discuss them with the patient and family right there in the room.
Further, all laptops, flash drives and mobile computing devices are required to be password-protected and encrypted, says Goldberg, who formerly served as professor of oncology at the Mayo Clinic in Rochester, Minn. "UNC Health Care is continually upgrading encryption software to meet the changing industry parameters and distributes it enterprise-wide to those who need to use them. Clearly there is a need for constant vigilance to ensure the security of patient records."
In addition to the technology solutions, hospitals are required to adhere to strict policies to ensure the safety of patient records. Being that NCCH (left) – one of very few facilities designated comprehensive by the National Cancer Institute – is part of the UNC Health Care System, it has enterprise-wide policies, procedures, practices and technology to protect patient privacy and confidential information and comply with all applicable state and federal law, says Goldberg. "We simply imported these policies and procedure when we occupied the new building."
These rules, he adds, are on the minds of the hospital's patient care personnel and are an integral part of their practice every day. "All UNC Health Care employees are trained annually to refresh their knowledge of the laws and update them on any changes to them. Protection of patient privacy and confidentiality is and has been an integral aspect of professional practice for our physicians and these regulations, in many cases, simply formalize or make more explicit principles and practices that we have followed for years."