Patient rights are protected by the privacy and security rules of the Health Insurance Portability and Accountability Act of 1996 (
HIPAA). These rules hold the healthcare industry accountable during the collection, viewing, and dissemination of patient information. In the past, security of paper documentation was as easy as locking the records office. Now, with the push to implement Electronic Health Record (EHR) software, securing a patient’s digital record is much more difficult.
The Institute of Medicine (IOM) stated an EHR system should address
five core functionalities:
- improve patient safety,
- support the delivery of effective patient care,
- facilitate management of chronic conditions,
- improve efficiency,
- and feasibility of implementation.
Below we show how Automatic Identification and Data Capture (AIDC) – barcode scanning – in conjunction with EHR software, allows health care providers to successfully meet each of these five core functionalities.
In 1999, the Institute of Medicine published the report
To Err is Human: Building a Safer Health System. Since its publication, both the health care industry and the federal government have sought to change the delivery of health care with the goal of making the system safer for its consumers. At the time of the report, two studies were cited as dire evidence calling for intervention.
Preventable injuries caused by medical management (adverse events) were a leading cause of death in the United States – between 44,000 and 98,000 deaths per year occurred because of medical errors. The financial cost of these errors was estimated to be between $37.6 and $50 billion. A large percentage of these adverse events were specifically attributed to medication errors. In 1993 alone, 7,391 people died from acknowledged medication errors.
These mistakes were preventable, and the IOM’s call for the reform of health care delivery was heard by hospitals, nursing homes, clinical laboratories, and other health care facilities. Many of these organizations turned to technology for assistance. EHR software collecting sensitive patient information, the use of barcode labels with National Drug Codes (NDC) on medications, and
healthcare barcode scanners all offered a quick and efficient way to capture data. However, the use of technology created new vulnerabilities for patients – that of implementing and maintaining secure patient records according to the federal guidelines outlined by HIPAA.
The HIPAA
privacy rule requires health care providers to ensure “appropriate safeguards to protect the privacy of personal health information.” This rule must be followed each and every time a patient’s information is accessed – whether that information is on paper or in a digital format. The HIPAA
security rule specifically regulates how a patient’s electronic health information is “created received, used, or maintained.”
The monetary penalties for violating these
HIPAA rules can range from $100 to $50,000 per violation – depending whether the violation is judged as reasonable, neglectful, or willfully neglectful.
The ability to abide by the HIPAA rules and still meet the IOM’s core functionalities can be tricky to implement. Successful health care providers recognize both requirements – HIPAA & the IOM functionalities – are not mutually exclusive. In fact, barcoding medication, patients, and staff effectively merges the need for securing a patient’s information with the delivery of optimal patient care.
Case Study
All About Kids Pediatrics, an Orlando, FL pediatric clinic, examines between 80 and 100 children a day. Their goal is to provide quality care while protecting their patients’ information. Prior to using barcodes and a barcode scanner, staff members spent hours documenting by hand all provided care (a method prone to error). Now that their medication is barcoded with lot, producing company, expiration date and delivery location (the NDC), a nurse quickly scans (using
Wasp’s 450H healthcare scanner) the medication vial, her I.D., and the patient’s paperwork –
delivering quality care and
safely connecting patient data
effectively,
efficiently, and
feasibly to the correct electronic health record.