UC Davis Health System has been selected to receive golden and silver awards in the UC Office of the President’s 2013 Larry L. Sautter Award Program.
The health system received a Golden Award for its creation of a Tethered Meta Registry, which integrates data from multiple sources and provides the ability to query and analyze data across multiple patient populations. The Silver Award is for the development of a privacy and security system for electronic health records that already is a model for other hospitals and health systems.
Consolidating clinical registries
The Tethered Meta Registry (TMR) integrates data from multiple existing registries at UC Davis Medical Center and provides the ability to query and analyze information across multiple patient populations. The first registry of its magnitude in the U.S., the TMR consolidates more than 2.1 million patient records and provides a centralized source of highly diversified population data for research and clinical quality-improvement purposes.
The TMR eliminates the need for individual spreadsheets and databases maintained separately by students, faculty, clinicians, researchers, administrators and other health system employees. The new registry brings together various “silos” of clinical content, such as data in the electronic health record (EHR), administrative and billing data, imaging data, laboratory information systems, and niche clinical applications.
Kent Anderson, research technology manager for Information Technology, said that there is a total of about 165 registries at the health system, and they have a number of drawbacks. They include redundancies, misinterpretation of data and other errors, and vulnerabilities to the unauthorized release of protected health information (PHI).
“The TMR is designed to provide a modern, centralized and standardized database,” said Anderson. “Our intent is to eliminate the need for 165 registries.”
The unique advantage of the TMR is its ability to summarize, analyze and visualize multiple aspects of a patient population, rather than just a single disease or condition, Anderson said. Population health analytics are the first step in deriving hypotheses, interventions and quality-improvement projects targeted at improving individual patient and community health, and measuring changes resulting from health-system initiatives.
Prior to the TMR, Anderson said, individual registries often were managed with non-secure software applications. These applications often can be security risks, and the data derived from them frequently is incompatible across other systems due to varying interpretations of how patient populations should be defined.
The TMR immediately provides the most recently available data in near-real time. At the latest, the data will be from the previous night. In contrast, many of the individually managed registries could take one to a few months to contain data that is entered manually.
The rapid response of the TMR is made possible by a new, five-member team dedicated to maintaining the database.
“Their exclusive focus is on finding value from data in the EHR,” said Anderson. “They relieve others of the burden of having to update and maintain individual registries. They are curating available data in a way that is far superior than is possible from any single individual.”
Protecting privacy of electronic health records
Although an electronic health record (EHR) presents many advantages, such records are accompanied by concerns about the privacy and security of protected health information (PHI) and the legal responsibility health-care providers have to adequately protect against unauthorized access, use and disclosures.
UC Davis Health System has more than 2 million patient records, about 10,000 EHR users and several thousand community-based users, such as referring physicians, researchers, reviewers and telemedicine users. The health system has the daunting task of efficiently processing and tracking nearly 121,000 PHI disclosures per year, said Monica Moldovan, health information privacy and security manager for the health system. Adding to the challenge are increasing regulations on health-care privacy and security and high-risk patients.
In addition, the health system has privacy and security responsibilities arising from the emphasis on engaging patients and families in managing and making decisions about their care without jeopardizing the confidentiality of patients — via MyChart, a tethered personal health record — and improving communication among caregivers — via PhysicianConnect, which allows community providers to follow their UC Davis patients.
Despite an intensive, months-long industry search, the health system could not locate an “off-the-shelf” product that would achieve its objectives:
- Bring the major clinical applications, electronic audit and access logs into one repository
- Allow for live and retrospective privacy review of all staff activities within the EHR, and simultaneously validate the appropriateness of such access to PHI as mandated by HIPAA
Following the unsuccessful search, the health system decided to create its own software, said Moldovan. In six months, the team assembled for this purpose developed the Surveillance Information System, which has streamlined privacy surveillance procedures and significantly increased the efficiency and effectiveness of the UC Davis Health System Surveillance Program.
Even before development of the Electronic Privacy Surveillance Information System began, UC Davis Health System was a national privacy leader in the health-care industry, said Mary Pat Curry, manager of the Health Information Management Department. The new surveillance system has exceeded all of the project team’s objectives.
The strongest return on the investment in the new system has been the avoidance of significant electronic privacy breaches by UC Davis clinical system users, said Curry. The Compliance Office, Legal Clinical Affairs and Human Resources partner with Health Information Management to fine-tune the requirements of the Privacy Surveillance Program and assure adequate privacy and security training for the workforce.
Since the implementation of the new Privacy Surveillance Information System Program, the health system has had no unauthorized access of PHI that posed significant risk of financial penalties, reputation damage or harm to patients. A 2011 study found that 96 percent of 72 surveyed health-care organizations had at least one data breach in the last 24 months, with an average annual cost of $2.4 million.
The new system has received praise nationally. Representatives of the Healthcare Information and Management Systems Society said the tools and technology developed by UC Davis are “some of the best privacy technical solutions in the nation.” In addition, Curry said, other hospitals and integrated health systems have modeled their electronic privacy-protection programs after the UC Davis Surveillance Information System.
The steering committee that directed the development of the new system consisted of representatives from legal counsel, the Compliance Program, the privacy and security officer, Human Resources, Risk Management, Health Information Management and Information Technology.