HIPAA and EMR Design
Thursday, January 3rd, 2008My last post prompted a comment from Mary Hawking which asked this question:
How does the legal framework in the USA influence the design of US EMRs?
My answer:
The only legal requirements for protecting patient health information in the US is the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA became effective in 2001, with mandatory compliance in 2003-2004. These rules only specify who (“covered entities”) must protect health information and the security standards for electronic transactions. All covered health care institutions in the US must now comply.
How does HIPAA influence EMR design? IMHO: Not a whole lot. Most of the functionality of an EMR system is incorporated in the data presentation and work-flow management within the EMR itself. HIPAA only dictates privacy rules and data protection when health information is being transmitted from one institution to another. Privacy and security measures must certainly be implemented within an EMR, but it is usually a relatively minor component.
I’m talking specifically about the affect HIPAA has on EMR software design though. HIPAA has had a large influence on the behavior of covered health care institutions. Here are some related resources:
Sphere: Related Content
