Physicians who use electronic health records (EHRs) in their offices are increasingly being called upon in their communities to participate in the development of local health information exchanges (HIEs). During the early stages of HIE planning there are important decisions that are best made in collaboration with local physicians. As with any health information technology usage, the anticipated benefits of exchanging electronic health data must be balanced against the inherent risks of the technology. Physicians who use EHRs already have valuable experience with some of the inherent risks associated with electronic health data usage, but may not have experience with the clinical risks associated with the exchange of electronic health data. The following case scenarios are intended to raise awareness and understanding of key patient safety risks associated with the clinical use of electronic personal health information (PHI) that could be obtained through a community-wide HIE.
Conflicting data scenario: A nurse records a penicillin allergy in the hospital EHR when a patient experiences GI symptoms after receiving a penicillin injection. The next day, the patient is seen by her primary care physician (PCP). After reviewing the history, the PCP is convinced that the reported symptoms were unrelated to the penicillin injection. She records “No Known Allergies” in her office EHR. The local HIE retrieves “allergies” from both EHRs and displays this patient’s allergies as both “no known allergies” and “penicillin.”
In such cases, the physician will have to reconcile the data by considering the sources, dates, and times of each and decide whether additional investigation is necessary.
Segmented data scenario (this applies only if the HIE will allow patients to exclude some or all of their data as a part of the consent process): For privacy reasons an HIV patient decides to exclude his diagnoses from the HIE which results in a problem list so that it does not disclose his HIV status. He also excludes data from two sources: his psychiatrist and a psychiatric hospital. This patient had suffered an episode of neuroleptic malignant syndrome secondary to an antipsychotic medication a year ago while under the care of the psychiatrist at that hospital. Since records from the psychiatrist and hospital are excluded, the HIE will not contain this information. A physician viewing the patient’s information through the HIE will see no record of the patient’s susceptibility to a life-threatening event from a certain class of medications.
Informing the viewing physician that the patient has excluded some data from the Problem List and some data from both a physician and a hospital may prompt important additional questions and dialogue with the patient that could prevent an avoidable adverse event.
Clinical Risk Management
Community-wide HIE initiatives are increasingly turning to local physicians who use EHRs to assist with assessments of both the benefits and risks associated with the clinical use of electronic health data shared across their community. The clinical risks outlined in these scenarios can be managed through the following principles:
1. An HIE must provide physicians access to the source, date and time for all displayed data
2. An HIE must alert clinicians when data or data sources are excluded
- The alert should specify the type of data (“lab results”) or type of source (“hospitals”) that have been excluded from the HIE through the patient consent process
3. An HIE must inform physicians about:
- The patient consent policy used by the HIE (and of policy changes when they occur
- A list of the specific types of data they are generally able to access through the HIE
- A list of the specific sources of data that the HIE exchanges with