See also:
Electronic Health Records
Medical Informatics
Transparency
Information Technology Used in Health Care
Data Stewardship
The amount of health data generated in digital format, stored in computer databases internal and external to the physician practices, and transmitted to and from family physicians’ practices will grow exponentially. The following data stewardship guidelines should be followed in the collection, storage, transmission, analysis, and reporting of these data. Execution of these processes must be in a manner that is ethical and protects the interests, including that of privacy, of both the patients and their physicians from whom the data arise.
The guidelines specifically address the conditions under which de-identified clinical and administrative data derived from physicians’ electronic systems is collected and used by third parties, e.g., Medicare and other payers, commercial health plans, retail pharmacies, hospitals, clinical laboratories, and any intermediary parties such as clearinghouses or application service provider software vendors who store physician data in remote sites.
NOTE: Nothing herein or below shall be construed as contravening the standards for health information contained in HIPAA that relate to privacy or security of personal health information. Generally, the recommendations below pertain to de-identified and aggregated data only.
The guidelines specifically address the conditions under which de-identified clinical and administrative data derived from physicians’ electronic systems is collected and used by third parties, e.g., Medicare and other payers, commercial health plans, retail pharmacies, hospitals, clinical laboratories, and any intermediary parties such as clearinghouses or application service provider software vendors who store physician data in remote sites.
NOTE: Nothing herein or below shall be construed as contravening the standards for health information contained in HIPAA that relate to privacy or security of personal health information. Generally, the recommendations below pertain to de-identified and aggregated data only.
- Submission of data from physician practices to third parties must be voluntary.
- Physician practices reserve the right to submit data to entities of their own choosing, either in addition to or as part of the chain of data submission (e.g., to payers, health plans, or community data repositories), for purposes such as quality improvement and pay-for-performance programs.
- Third parties who collect, store, manage, or analyze data derived from physicians’ EHRs and other office-based systems, must provide physician practices with a clear written policy detailing the intended uses of such data prior to submission of such data. In addition, any change in the use of such data, or the terms of the agreement, must be relayed to those physician practices prior to the use of such data. This notification must be written, provided in a timely manner, and allow physician practices the right to decline those uses.
- Third parties should share with physician practices any analysis of the practice’s data or aggregation of such data that has the potential to improve efficiency, quality, or safety in that practice.
- To maximize the quality of care and patient safety, data submitted to third parties, under the scenarios outlined in items 2-4 above, must be non-discoverable in a court of law.
- Processes that measure and assure accuracy of the data need to be in place during collection, submission, storage, analysis, and reporting.
- Adoption of standards defining data capture, representation, and messaging are needed for collection and transmission of these data. These standards would include controlled vocabularies and data structure (i.e. an XML document).
- Third parties should be responsible for verifying the completeness of submitted data and checking the validity of each data element of all collected data.
- Storage of these data must adhere to industry standards for data of similar criticality and confidentiality.
- A process must be in place for physician practices to validate any reports. There must be adequate time for those practices to perform this validation.
- Third parties must be responsible for the completeness of the data reported back to physician practices.
- Payers who have collected data for quality or performance measurement purposes must allow near real-time access to these data to the physician practices generating these data. The purpose of the data is to improve quality and safety, and there is no logical reason to delay decision-making by physician practices that impact quality and safety by restricting access to the data.
- Data required for submission must be clearly defined in both purpose and format. Only data critical to fulfilling the stated objectives should be required.
- Standards regarding benchmarking, display, and use of particular technologies (e.g. web-based and application programming interfaces) must be adopted. Using industry standards allows for easy access to the reporting data either via the web or integrated into other applications. To afford near real-time access to the data, reporting to participating physician practices should be at least web-based.
- To maximize the value of quality and performance data, these data must be stratified by risk and/or severity.
(2004)