Appendix: Healthcare Standards
Sources for healthcare standards include references [1-17]. Reference [1] presents an overview of these standards. Standards exist for the following [1]:
· patient identifier
· provider identifier
· care site identifier
· product and supply identifier
· computer to computer communication message formats
· clinical data representation
· patient chart content and structure
· medical terminology within the chart
· privacy, confidentiality and security
· performance measures within managed care
· evidence-based medical care
· health outcomes.
When any definitive standard is established or changed, this can cost large healthcare organizations millions of dollars in that they have to retrofit many existing computer software systems. Preparation for such changes in standards could involve many years of preparation.
There are a number of organizations, standard development organizations (SDOs), working on healthcare standards. These SDOs include ANSI (American National Standards Institute) that has developed healthcare standards for electronic commerce through EDI for Medicare via the X12N standard [2], the ASTM (the American Society for Testing and Materials) that produces a standard for the CPR [3], the National Committee of Quality Assurance (NCQA) that produces an HMO “report card” [4], and the American Medical Association that produces CPT-4 codes for reporting medical services and procedures.
Also there are organizations and groups that coordinate and promote standards established by other organizations. The primary such organization working to coordinate standards from other organizations is the ANSI Health Informatics Standards Planning Panel (HISPP). The Hewlett-Packard Company has formed the Andover Working Group for Interoperability [5] to build upon existing healthcare standards; the principal standards supported by the Andover Working Group are HL7, DICOM, ASTM for clinical lab data interchange, EDIFACT for healthcare data interchange, HTML for information on the Internet, and IEEE P1073 for medical device communication with computer systems. And an organization that focuses on automation of the patient medical record and supports groups who further this effort is the Computer-based Patient Record Institute (CPRI) [6].
There are also government organizations that promote or develop standards. These include the Health Care Financing Association (HCFA) that controls Medicare and Medicaid and supports standards for reimbursement. Also, there is the National Library of Medicine that supports the Unified Medical Language System (UMLS), a system linking together various medical vocabularies [7].
At the time of this writing, the most important changes in standards are a result of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) [2] under the control of HCFA. HIPAA mandates standards for healthcare organizations dealing with Medicare. Many of these standards and mandates must be put in by the first quarter of 2002. Although these HIPAA mandates are primarily meant for transmission of Medicare payments through EDI (Electronic Data Interchange), administrative standards often cross over into the clinical area.
HIPAA mandates standards for claims transactions, a national patient identifier (although this change is on hold), a provider identifier, a healthcare organization identifier, a provider taxonomy (defining specialty areas for providers—ANSI X12N), and establishes requirements for security (including standards for an electronic signature) and for privacy. HIPAA security and privacy mandates also apply to clinical data.
From reading this chapter, the reader should gain an appreciation and understanding of the importance of standards in healthcare. This chapter may not be up-to-date nor accurate at any point in time, so more definitive information should come from other more authoritative sources.
The U.S. government, though HIPAA, has mandated that there be a standard unique health identifier for each individual [2] by the year 2000 for the purposes of electronic commerce. This mandate has been put on hold
Different SDOs are developing requirements for this identifier. ASTM’s (American Society for Testing and Materials) E31.12 Subcommittee developed a E1714 Guide for the Properties of a Universal Health Care Identifier [3]. (T. Scott Powers of Care Data Systems, Inc. and Dr. Paul C. Carpenter, MD, of Mayo Clinic have suggested that the Universal Health Care Identifier consist of a series of three universal/immutable values plus a checksum: 1) A 7 digit date code for the date of birth, 2) A 6 digit geographic code that relates to the place of birth, or entry into the healthcare system, 3) A 5 digit sequence code to identify people born on the same date, and the same geographic area, plus 4) a 4 digit checksum.)
A joint conference has been held on the patient identifier [8], with the patient identifier being referred to as the “Master Patient Index”. Participating organizations include the CPRI (the Computer-Based Patient Record Institute); CORBAmed of the Object Management Group; HCFA (Health Care Financing Administration); Healthcare Open Systems & Trials; Motorola, Inc.; University of Texas Health Science Centers; CERC, West Virginia University; DARPA (Defense Advanced Research Projects Agency); Los Alamos National Laboratory; Hermann Hospital, Houston; NC Healthcare Information & Comm Alliance; University of Virginia Health Science Center. In the industry, the Master Patient Index is a cross-reference to all the patient identifiers that the various healthcare organizations and clinical information systems use for each patient. The author feels that eventual standardization on one universal patient identifier would be much less problematic with every source document having a local patient identifier storing the translation of local identifier to the universal identifier.
Besides mandating a national patient identifier, the U. S. government through HIPAA has mandated that there be standard unique identifiers for health plans and health care providers by the year 2001 [2]. Along these lines, an industry-sponsored, non-profit, SDO, the Health Industry Business Communications Council (HIBCC), has developed site-of-care identifiers and provider identifiers for Electronic Data Interchange (EDI) transmission, mainly for purposes of financial reimbursement.
A Health Industry Number (HIN) is assigned by HIBCC to every health care provider facility in the United States. It includes more than 200,000 identifiers including hospitals, nursing homes, HMOs, pharmacies and can not only identify specific health care facilities, but also specific locations or departments within them. An HIN Practitioner Database now comprises approximately 450,000 individual physicians and other prescribers.
HCFA uses a Unique Physician Identifier Number (UPIN) to identify providers for Medicare billing purposes. The UPIN identifier will soon be replaced by the National Patient Identifier (NPI identifier) [2].
In addition to provider identifiers, provider job descriptors for EDI have been developed through ANSI that will be used by HCFA. ANSI chartered the Accredited Standards Committee (ASC) X12 to develop standards for EDI. These standards include provider job descriptors referred to as Provider Taxonomy Codes [2].
The HIBCC has developed a uniform bar code labeling standard for products shipped to hospitals. HIBCC has developed Labeler Identification Codes (LICs) that identify manufacturers. HIBCC is in charge of a repository for two Universal Product Number (UPN) codes, HIBC-LIC codes and UCC/EAN codes, that are used for product bar codes to identify medical and surgical products and manufacturers. Part of an HIBC-LIC (Health Industry Bar Code—Labeler Identification Code) is the LIC code to identify the manufacturer together with a manufacturer assigned product number. The UCC/EAN also identifies a manufacturer and a manufacturer assigned product number.
The National Drug Code system identifies pharmaceuticals in great detail. The U.S. Federal Drug Administration requires their use for reporting.
A number of computer communications standards are well established for computer to computer communication:
1. Standards for transactions for transmitting data about patient registrations, admissions, discharges, transfers, orders and results, master files, appointments scheduling, problem lists, etc.: HL7. A standard used by many vendors for communications between automated healthcare systems and recommended in this book for communication between the automated patient medical record system and other health organization clinical systems [9].
2. Standards for transactions between payers and providers: ANSI X12N, 148, 270, 271, 276-278, 834, 835, 837; EDI and EDIFACT, that are standards for electronic commerce over various types of networks. X12N codifies provider type and provider specialization for medically related providers; EDIFACT and X12N will coordinate their standards.
3. Standards for transactions used to request and send patient data (tests, procedures, surgeries, allergies, etc.) between a requesting party and the party maintaining a database: ANSI X12N, 274 and 275, which is compatible with HL7.
4. Standards for transferring clinical observations between independent systems: ASTM 1238-94 and sister standard HL7, and LOINC (Logical Observation Identifier, Names and Codes), a data base providing a set of universal names and ID codes for identifying clinical laboratory test results.
5. Standards for transferring information between clinical instruments: ASTM Subcommittee E31.4, E1394. For a list of some of the clinical instruments for which there are standards, see section 4.4.1.2.
6. IEEE P1073, a family of standards for medical device communications with computerized hospital information systems.
7. Standards for defining and sharing medical knowledge bases, referred to as Arden Syntax, developed by the ASTM Subcommittee E31.14, and described in document E1490. Arden Syntax is a method of encoding medical knowledge and organizing it to make medical decisions such as diagnoses, interpretations, and generating medical alerts.
8. Standards for transfer of diagnostic image information: DICOM- 3 (Digital Imaging and Communications), a standard supported by all Picture Archiving and Communications Systems (PACS) vendors.
Clinical data representations exist for diagnoses, procedures, clinical tests and drugs, among others.
1. Codes based upon diseases used mainly for reimbursement purposes: ICD-9-M (International Classification of Diseases) codes maintained by the World Health Organization and DRGs (Diagnostic Related Groups) maintained by HCFA (the Health Care Financing Administration). A replacement coding scheme, ICD-10-CM expands on ICD-9, containing a larger number of categories for classification and includes further detail.
2. Codes used for classification of procedures for reimbursement and utilization review: CPT-4 (Current Procedural Terminology) codes maintained by the AMA.
3. Codes for various clinical purposes including pathological test results: SNOMED (Systematized Nomenclature of Human and Veterinary Medicine) maintained by the College of American Pathologists. SNOMED was created for indexing the entire medical record including signs, symptoms, diagnoses and procedures, and is thus a probable future standard for the computer-based patient record.
4. Universal clinical test code database, containing codes for 6300 types of laboratory observations, including those for chemistry, toxicology, serology and microbiology: LOINC (Laboratory Observation Identifier Names and Codes).
5. Codes for mental disorders: DSM-IV (Diagnostic and Statistical Manual of Mental Disorders).
6. Drug codes: UPC format (Universal Product Code for identification at point of sale), National Drug Code (NDC) maintained by the FDA (Federal Drug Administration).
The ASTM Committee E31 on Healthcare Informatics has a number of documents on the content and structure of patient charts, including the following [2]:
· E1384 Standard Guide for Description for Content and Structure on an Automated Patient Health Record
· E1744 Guide for a View of Emergency Medical Care in the Computerized Patient Record
· E1769 Guide for Properties of Electronic Health Records and Record Systems
· A Standard Description for Content and Structure of an Automated Longitudinal Health Record (Work in progress)
· Specification for Drug Therapy Documentation (Work in progress).
The ASTM Committee E31 also has standards for other clinical systems that may communicate information to the CPR, including, but not limited to, the following:
· E1238 Specification for Transferring Clinical Observations Between Independent Computer Systems
· E1639 Guide for the Functional Requirements of Clinical Laboratory Information Management Systems
· E1712 Specification for Representing Clinical Laboratory Test and Analyte Names
· E1239 Guide for Description of Reservation/Registration-Admission, Discharge, Transfer (R-ADT) Systems for Automated Patient Care Information Systems
· E1715 Practice for an Object-Oriented Model for Registration, Admitting, Discharge and Transfer (RADT) Functions in Computer-Based Patient Record Systems.
Sweden has established nation-wide standards for the Electronic Health Care Record (EHCR) through a project christened “Computerised Care Documentation” (Swedish abbreviation DVD). This was done through the Swedish Institute for Health Services Development (SPRI).
The American Medical Association (AMA) has a survey on the Internet to elicit opinions on which data elements should be included in an Electronic Medical Record [10].
Current charts may use a variety of different medical terminology, making it hard for one caregiver to understand another caregiver’s chart. The following is one attempt to establish a common medical terminology.
The U.S. National Library of Medicine is developing the United Medical Language System (UMLS), a database of medical terminology [7] that was developed by combining terminology taken from a diverse variety of computerized and non-computerized systems, including terminology from
· SNOMED, CPT, ICD-9-CM, DSM, Read Classification System (RCS)
· NANDA, North American Nursing Diagnosis Association terms
· NIC, Nursing Intervention Classifications
· NOC, Nursing Outcome Classifications
· COSTAR, a medical computer system
· Al Rheum, the NLM Rheumatology expert system
· DxPLAIN, Massachusetts General Hospital’s expert diagnostic system
· COSTART, the FDA’s thesaurus of adverse reaction terms.
For whatever medical terminology set is chosen, section 7.7.6 identifies an approach to organizing this terminology to facilitate automated patient chart information retrieval.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 for Medicare and Medicaid programs includes requirements for security and privacy of claims and clinical information for individuals and mandates standards for electronic signatures [2]. On December 20, 2000, U.S. Department of Health and Human Services Secretary Donna E. Shalala, announced privacy policies for a patient’s personal medical records [11]: “The new standards: limit the non-consensual use and release of private health information; give patients new rights to access their medical records and to know who else has accessed them; restrict most disclosure of health information to the minimum needed for the intended purpose; establish new criminal and civil sanctions for improper use or disclosure; and establish new requirements for access to records by researchers and others.” The new rules allow “disclosure of the full medical record to providers for purposes of treatment”, but protect against “unauthorized use of medical records for employment purposes”.
But HIPAA security and privacy rules are even broader than this, especially for large healthcare organizations: HIPAA requires that various technical, physical and administrative security measures be combined to protect the privacy, integrity and availability of patients' medical records. Current information on HIPAA regulations can be found in reference [12]. Also see section 13.9.1 of this book.
There are many other organizations providing input to the establishment of privacy, confidentiality, security and integrity standards for medical information in computer information systems. The most influential group is the Joint Committee on Accreditation of Healthcare Organizations [13] (JCAHO), the primary healthcare accreditation organization, whose standards cannot be ignored; otherwise, a healthcare organization might lose its accreditation.
An international initiative for establishment of criteria for security standards in all fields of information technology is “Common Criteria” [14]. The governments of Canada, Europe and the United States joined together in 1993 to produce an evaluation system for IT security products, with the ultimate goal of the evaluation criteria being accepted by the ISO as an international standard.
Many advisory groups are also interested in the privacy, confidentiality and security of electronic patient records. A CPRI Working Group on Confidentiality, Privacy and Security (WCPS) has been meeting to “encourage the creation of policies and mechanisms to protect patient and provider confidentiality, and ensure data security and is developing a series of security guidelines for access and use of patient data in a CPR system” [6].
A subcommittee of the ASTM, E31.17, has been meeting on Access, Privacy, and Confidentiality of Medical Records. A resultant publication is E1869 Guide for Confidentiality, Privacy, Access and Data Security Principles for Health Information Including Computer Based Patient Records [3]. Another publication of the ASTM relates to authentication of caregivers based upon electronic signatures: E1762 Guide for Electronic Authentication of Health Care Information [3].
Another group that is interested in this area is the American College of Healthcare Executives [15]. Although “policy positions” are not the same as standards, some the policy positions of the American College of Healthcare Executives that relate to the patient health record, and which should be considered when developing standards, are the following:
· While the healthcare organization owns the health record, the information in that record remains the patient’s personal property.
· Institutional policies on confidentiality and release of information must be consistent with state and federal regulations.
· Within healthcare organizations, personal information contained in medical records is reviewed not only by physicians and nurses, but also by professionals in areas such as social work, case management, rehabilitation, pharmacy, accounting, and quality assurance.
· Needs to access by external parties have escalated dramatically and include attorneys, employers, media representatives, government agencies and third-party payers. Rules for such access are needed.
· Very sensitive information requires special security, including psychiatric, genetic, HIV and substance abuse treatment information.
· Patients should be ensured access to their own records.
The Health Plan Employer Data and Information Set (HEDIS) is a standardized set of 60 performance measures for managed care plans, producing a managed care “report card”, comparing one managed care organization versus others. HEDIS is controlled by the National Committee for Quality Assurance (NCQA). which is a non-profit organization dedicated to reporting the quality of managed care plans, including HMOs [4].
The Agency for Health Care Policy and Research (AHCPR), a government agency, has established a National Guideline Database of clinical practice guidelines for treatment of a number of medical conditions in association with private and public healthcare organizations based upon the best available scientific evidence [16]. Although the structure of these guidelines is not an official standard, it establishes a de facto standard for such guidelines.
AHCPR guidelines exist for the medical conditions listed in figure 5.4.
Such clinical practice guidelines are designed to determine medical care guidelines that produce the best outcomes. Thus determination of health outcomes is a necessary part of establishing guidelines.
Important organizations in the establishment of health outcomes evaluation are the Health Outcomes Institute (HOI) and Henry Ford Health System’s Center for Clinical Effectiveness. Together, they support a Health Outcomes Question Database that identifies questions to ask to evaluate the effectiveness of care for various types of medical conditions [17]. (Note that HOI is now a part of Stratis Health.)
This section presents a list of existing and emerging standards that might be useful in a future universal patient record and the automated patient medical record. Standards are constantly changing. Mandates for standards and widespread agreement on particular standards is expected in the future.
References
[1] Jeffrey S. Blair, “An overview of healthcare information standards”, IBM Corporation White Papers, found on the Internet at http://www.hipaanet.com/cpri.htm.
[2] Health Insurance Portability and
Accountability Act (HIPAA) documents are available on the Internet at the
following sites:
Security and Electronic Signature Standards: http://aspe.hhs.gov/admnsimp/faqsec.htm
National Standard Employee Identifier: http://aspe.hhs.gov/admnsimp/faqemp.htm
National Provider Identifier: http://aspe.hhs.gov/admnsimp/faqnpi.htm
HIPAA Law: http://aspe.hhs.gov/admnsimp/pl104191.htm
ANSI ASC X12N standards: http://hipaa.wpc-edi.com/HIPAA_40.asp
Composite of Standards for EDI and Electronic Transactions and Code Sets: http://erm.aspe.hhs.gov/ora_web/plsql/erm_rule.rule?user_id=&rule_id=14
[3] ASTM, Volume 14.01, June 2000, Healthcare Informatics; Computerized Systems and Chemical and Material Information, includes all standards from E-31 committee on Healthcare Informatics, ASTM, 2000.
[4] The National Committee for Quality Assurance (NCQA) produces a “report card” for evaluating the quality of managed care organizations. Its home page on the Internet is http://www.ncqa.org/index.htm.
[5] More information on the HP Andover Working Group and its supported standards can be found at Internet site http://www.digineer.com/edevelopment/standards.htm.
[6] Contact: Computer-Based Patient Record Institute, 1000 E. Woodfield Rd., Ste 102, Schaumburg, IL 60173-4742, Tel: 847-706-6746.
[7] Web site for the Unified Medical Language System (UMLS) year 2000 update sponsored by the National Library of Medicine (NLS), http://www.nlm.nih.gov/research/umls/UMLSDOC.HTML.
[8] Workshops on Components of Computer-based Patient Records, The First Workshop on the Master Patient Index, held in Santa Fe, New Mexico, May 20-22, 1997.
[9] The Health Level Seven, Inc. site can be found at http://www.hl7.org.
[10] An American Medical Association (AMA) website at http://www.ama-assn.org/ama/pub/category/2912.html has a survey tool eliciting opinions on which data elements should be included in an Electronic Medical Record.
[11] U.S. Department of Health & Human Services press release, “HHS ANNOUNCES FINAL REGULATION ESTABLISHING FIRST-EVER NATIONAL STANDARDS TO PROTECT PATIENTS' PERSONAL MEDICAL RECORDS”, December 20, 2000, available on the web at http://aspe.os.dhhs.gov/admnsimp/final/press2.htm.
[12] Department of Health & Human Services website on Administrative Simplification provisions of HIPAA, http://aspe.os.dhhs.gov/admnsimp/.
[13] JCAHO, “JCAHO Information Management Initiative: Leveraging the Potential Contributions of the Composite Health Care System (CHCS)”, Accreditation Manual for Hospitals, JCAHO, 1995.
[14] Look for the topic “Common Criteria” at the web site for the National Institute of Standards and Technology, http://csrc.nist.gov.
[15] Contact: American College of Healthcare Executives, Suite 1700, One North Franklin Street, Chicago, IL 60606-3491, Tel: 312-424-2800.
[16] Agency for Health Care Policy and Research (AHCPR) Clinical Practice Guidelines, found in Internet under http://text.nlm.nih.gov, with guidelines for acute pain management, urinary incontinence, pressure ulcers, etc., AHCR.
[17] For information on the Health Outcomes Question Database, go to Web sites http://www.hoi-stratishealth.org/sec6.htm and http://www.hoi-stratishealth.org/sec8.htm.
Copyright
© 2000-2001 Michael R. McGuire
Duplication not permitted without express written permission
Comments? mailto:Michael.McGuire@abac.com