HIM and Health IT

Discovering Common Ground in an Electronic Healthcare Environment

Health information management and health information technology are disciplines with completely different functions; however, the two disciplines are striving to find common ground with the emergence of increasing volumes of electronic data. HIM and health IT are finding that the scope and responsibilities of individual job functions are increasingly crossing department domains.

This convergence is occurring at different rates in different healthcare facilities, based on a variety of factors such as organizational size, culture, infrastructure, and degree of electronic health record (EHR) adoption. However, there is a universal need for alignment between the two disciplines to ensure that both business processes and technology are in place to advance successfully toward a fully functional EHR. This practice brief outlines how HIM and health IT can find common ground in an electronic healthcare environment.

HIM and Health IT Functions

Close communication and formal relationships are critical in managing an EHR lifecycle. HIM professionals are the custodians and business owners of patient health information and the principal experts at managing healthcare data; IT professionals provide and maintain the technology infrastructure that supports electronic data use.

A functionally and technically sound EHR, one capable of supporting efficient delivery of care and improved management of data, requires the combined expertise of both disciplines. As guardian of the data, HIM can identify the functionality required to meet legal and regulatory guidelines, provide knowledge of various documentation standards, and give assurance that compliance needs are met. Convergence between HIM and health IT begins during the work of the design team or the development of a request for proposal for purchase of a system.

IT professionals require input from data and business process owners to ensure that system functionality supports business requirements. For example, HIM professionals should provide the necessary functional requirements of a legal health record, considering such issues as e-discovery, amendment and correction functionality, versioning, and authentication rules.

E-discovery’s significance cannot be overstated. A recent survey that included healthcare and other IT industry representation found that more than 39 percent of executives felt their company’s data were becoming increasingly unmanageable.¹ Close to 12 percent of companies surveyed had not yet established policies to share e-discovery guidelines with IT departments and other employees responsible for retaining and destroying electronic documents.

Reporting Structure

In some organizations, the HIM-IT connection is already strong, while in others, there are opportunities for greater alignment. Factors that influence how HIM and health IT work together include reporting structure, skills and roles, and hiring patterns. Each organization will decide how formal the convergence should be.

Traditionally HIM departments have reported to chief financial officers or chief operating officers. However, technological advances are making existing HIM and health IT management structures outdated.

One emerging trend is a reporting structure in which HIM and IT professionals report to the same senior executive, such as a chief information officer or a patient care executive such as a chief medical officer.² Some organizations are creating new positions with titles such as EHR administrator or EHR program manager, whose roles are to guide, coordinate, and manage projects and initiatives surrounding the EHR and interfacing systems.^3,4,5 Appendix A, “Roles and Job Elements That Support EHR Management,” provides more information on the various HIM and IT roles and responsibilities required for EHR implementation, management, and use. Appendix B offers critical success factors for fostering convergence. All appendixes are included in the online version of this brief, available in the FORE Library: HIM Body of Knowledge at www.ahima.org.

Regardless of an organization’s structure, the convergence of HIM and health IT provides countless opportunities for professionals and organizations to bring together required and complementary skill sets to further the development of the EHR. This convergence of people, processes, regulations, structure, standards, and systems design is vital to the organization. This practice brief reviews three specific domains that highlight the need for collaboration.

Domain 1: Maintaining Confidentiality and Security of Patient Information

HIM professionals have the responsibility of maintaining the integrity of patient health information and enforcing privacy regulations. Traditionally, IT has been responsible for the security areas in the HIPAA security rule (administrative, physical, and technical).⁶ However, with the move to EHRs, HIM professionals are taking on larger roles in support of their organization’s security efforts, particularly in the area of administrative security (see “e-HIM Privacy and Security Responsibility Matrix” in appendix C, available in the online version).

Privacy and Security Officer Roles

Privacy and security officer roles may be filled by one person or two, depending on organizational size, culture, and the state of collaboration between HIM and IT. In most facilities, the privacy officer has an HIM background, while the security officer has an IT background. When the roles are split, each officer is able to focus on his or her specific area of expertise and create robust programs based on this expertise.

Communication and collaboration between the two are vital to ensure that privacy and security programs complement one another. When the roles are managed by one person, it is generally an HIM professional working closely with IT.

When determining health record security roles, organizations should make certain the individual or individuals understand both HIM and IT terminology and processes. It is important to recognize and incorporate the needs of both into privacy and security programs.

Security Program Collaboration

An effective security program balances business needs with security requirements. While IT possesses technical expertise in data security, HIM understands the ways in which the data are used and distributed on a daily basis. Take for example the release of information to a third party, which is typically handled by an HIM professional who understands disclosure requirements and appropriate authorization.

HIM knowledge of these functions helps IT define a security program that meets both security and organizational goals. Once the scope of the security program is defined through a collaborative effort, IT is in a position to implement necessary security solutions. After the program is in place, these security solutions must be monitored, audited, and continually updated to ensure compliance with established security guidelines.

While IT currently owns the ongoing technical tasks, it is the responsibility of the privacy and security officers to remain up to date with current best practices and to ensure business and security processes remain in alignment.

HIM in New Security Roles

HIM professionals are becoming EHR system administrators and data content experts. As a result of EHR implementations, HIM staff have assumed a larger administrative security role.

Standard security policy designates the business process owner as the guardian of the data and the person responsible for making decisions about who has access to specific data. HIM professionals understand HIPAA’s minimum necessary standard and can contribute to decisions on data security.⁷ Taking an active role in the access control process allows HIM to fully understand the ways in which information is used by their customers and to adapt it as appropriate for business requirements.

According to the Centers for Medicare and Medicaid Systems (CMS), the most common HIPAA security complaints arise from problems with information access management and control.⁸As more HIM professionals take on larger roles in these areas, they must pay particular attention to the challenges of maintaining appropriate access controls. HIM professionals should be able to apply expertise obtained in implementing privacy safeguards to address the security aspects of information access.

Failure to meet the security awareness and training standard is another common security complaint, according to CMS. HIM and IT professionals can lend their expertise to support the security officer in making sure a plan is in place to continuously address security awareness.

Incident Response Collaboration

In the event of a security incident, HIM and IT professionals may need to collaborate to investigate the breach or complaint. One type of incident that may involve both HIM and IT is inappropriate access to health records. HIM may need an IT professional’s expertise to help generate aggregate access lists from the audit trails. The investigative process generally results in a report to the compliance officer or the human resources department, who enforce sanctions.

Recent incidents involving portable media devices have highlighted the need for strong security policies and procedures. HIM professionals have the opportunity to take on a larger role in the physical security of systems since this trend is expected to continue as EHRs become more prevalent.

Convergence of Roles

There are a wide range of privacy and security responsibilities in healthcare facilities that may be handled by either discipline or shared between them. Appendix C plots approximately 50 privacy and security roles related to EHR systems and notes whether responsibilities are shared or unique to either HIM or health IT. HIM professionals should expect to take on a larger security role in the management of EHRs, and they will require greater technical skills as they move into the technical and physical aspects of security enforcement and management.

Domain 2: Using and Maintaining Data and Information

Technology is creating a new era in which healthcare is drowning in data and starved for information. Federal, state, and private initiatives directed at improving healthcare quality, safety, and efficiency are requiring more comprehensive tracking and reporting of healthcare data and management. Given this environment, it is well understood that:

• Internal and external factors affect how information is presented and used.
• The traditional focus on structure instead of content has led to deficiencies in asserting the validity of the data.
• There is growing recognition that responsibility for information quality lies with the business client.
• Increased external pressures are beginning to influence the care that is used in managing content.

Many reports have documented an explosion of data in healthcare.⁹ Data on patients, their medical status, and the progression of their conditions are now available from new sources, in new formats, in much greater volumes, and at more regular intervals. This avalanche of data enables new practices, devices, and treatments; however, to be useful, data must first be processed into information, which healthcare professionals can then translate into knowledge and apply.

The transformation from data to information requires coordinated and collaborative efforts among knowledgeable professionals. The explosion of data has resulted in multiple audiences and reporting systems, inconsistent data, and, at times, misinterpretation of data. Leading hospitals and healthcare entities are addressing these challenges by refocusing their organizations through joint cooperation between HIM and IT professionals.

Many healthcare organizations have implemented multiple management reporting systems. However, they are still in need of improved data quality and integration to support a single source of data, decision making, and performance measurement. In order to achieve success, healthcare organizations need to implement an overall data management strategy and a streamlined governance process with corresponding policies and procedures. “An Enterprise Data Warehouse Model,” above, depicts a model that allows dynamic management and reporting of data for multiple uses.

Today individual health and medical data can be collected, collated, stored, analyzed, and distributed in unprecedented quantities and put to diverse uses. It is important that HIM professionals collaborate with IT experts to clarify issues, provide insight, and share expertise to ensure efficient and effective clinical and administrative data management and mitigate risk of liability.

Data Quality and Integrity

HIM professionals are responsible for balancing all forms and uses of healthcare data and ensuring that information contained within an EHR is accurate, complete, concise, and universally understood by data users.¹⁰ This requires that HIM work closely with IT to assess how implementation, upgrade, or modification of information systems will affect clinical workflows and automated data collection and warehousing systems.

Quality and integrity of healthcare data have broad ramifications and extend to the collection, validation, and use of data for multiple purposes. Strong collaboration among HIM and IT professionals has the potential to improve the overall design and infrastructure of internal health information systems and reduce the opportunities for new compliance and operational risks associated with poor quality data.

Data Capture and Mining

In spite of the advancements in technology, capturing and repurposing healthcare data remains a challenging and costly process. Data are typically collected from numerous paper and electronic sources using a variety of methods such as manual data abstraction, electronic data queries, and manual and electronic data manipulation. These activities require varying levels of skill, depending on the availability, complexity, and clinical nature of the data required.

In addition, many institutions still capture a majority of clinical data through manual data abstraction because the information typically is not available in structured electronic formats and data element values and definitions vary widely among requestors of data. Data sources are not fully integrated to allow for effective and efficient data-mining activities.

HIM and IT professionals can help address these issues by joining efforts to support the electronic flow and extraction of information from the EHR to support secondary data uses and reduce the time and cost associated with abstraction and data manipulation activities.

Repositories and Data Dictionaries

The standardization of healthcare data definitions is essential for data mining. Use of data that are not collected with the same intent and purpose can skew the outcome of the information being exchanged, collected, or analyzed. A data dictionary serves as a foundation and central building block for healthcare information systems and provides stability of data intent and purpose.¹¹

A clinical data repository (CDR) is also an essential tool in obtaining consistent and reliable quality measurements of healthcare information from data mining. A CDR is a single, centralized database of all possible information within an organization for any given patient.

A data dictionary provides the standardized data within the CDR, translating the information from the many disparate systems that feed into it. This allows the organization to control the data to be mined by ensuring the outcome of the inquiries will be consistent. The key, however, is the ability to standardize the definitions within the data dictionary.

HIM professionals are most familiar with legal and regulatory requirements, documentation guidelines, and healthcare administration and quality reporting requirements. Close collaboration with IT experts will support the development of an organization-wide data dictionary and lead to improved data quality and efficient and effective data capture and mining activities.

Domain 3: Terminology Asset Management

Clinical terminologies are the lifeblood of healthcare delivery because they are the medium for the internal and external communication required for patient care and business needs. Impact on the system and the amount of preparation will always depend on the use and penetration of the terminology system involved. Core terminologies such as SNOMED CT, LOINC, or the newest version of International Classification of Diseases (ICD) affect more systems than a specialized terminology used for one department or unit of an organization.

EHR systems frequently include standard terminologies and classification systems that require both information technology and information management skills. These approaches are used together to ensure availability and overall maintenance and to develop software applications that use controlled terminologies to support data requirements. Various terminologies are used to meet specific data capture and documentation requirements in electronic health records and other information management tasks.

Although many would prefer a single clinical terminology to fit all uses, it would not be sufficient to meet health information requirements for all stakeholders. Today’s terminology content resides in and is used by software applications to meet disparate needs. This complexity makes collaboration between HIM staff and IT support essential. Because uses of terminology systems may overlap and data integrity mandates that content is both current and accurate, organizations require terminology asset management. Responsibility for the role spans more than one organizational unit in most provider settings, making collaborative relationships necessary for workflow efficiency.

Ensuring Terminologies Are “Fit for Purpose”

Two common terminologies that are important, yet distinctly different, are SNOMED CT and ICD. SNOMED has a much wider range of uses and specificity for research drill-downs on individual health records. The terminology, provided by the International Health Terminology Standards Development Organization, can be used to express and collect information not available in a disease classification system, such as normal findings (absence of disease), risk factors, exposure, and physical assessment findings. ICD allows for the collection of similar diagnosis groupings, which can be used for budgeting, payment allowance, epidemiology, statistical analysis, and other uses where categorization is desirable.

Terminology asset management includes an evaluation process to determine which terminology is the “best fit” for a specific information management requirement.

Identifying, Developing, and Maintaining Data Maps

Data maps repurpose data stored in one terminology (the source) by expressing them in another (the target system). In health record software applications, this may be laboratory results stored in LOINC for clinical transport and mapped to CPT for administrative use including billing or claims submission. Mapping from one terminology to another requires the collaborative efforts of HIM and IT staff. Map needs are identified by specific business needs.

If available, it is advisable to use existing official or validated maps between the source and target terminologies as the basis for any mapping project. Starting with a map created by joint collaboration between the source terminology and the target developers is always best practice. Sources for existing maps include maps between terminology systems developed by recognized standards development organizations and commercial products developed for specific use cases. Appendix D provides a starter list of existing terminology maps that may be of interest to HIM and IT professionals.

Data mapping requires testing prior to live implementation. HIM and IT should determine a recovery plan in advance in case the mapping fails or returns inappropriate results.

Maintenance of data maps is critical in ensuring data integrity and keeping the exchange of information accurate between systems. HIM professionals are uniquely qualified to manage maintenance and updating of terminology systems and data maps with technical support from information systems staff.

New Terminology Implementation

The implementation of a new terminology requires joint planning and execution from a project team that includes all stakeholders: information management, information technology, and representation of end users. Appendix E offers a checklist for terminology implementations. Appendix F outlines possible roles and relationships of HIM and IT professionals in new implementations.

Terminology is woven through all healthcare applications, and workflow education is the most important factor in terminology asset management and data integrity support. Today’s systems have a wide spectrum of users, and each group may require a specific approach to orientation and training. Effective program planning and training for terminology implementation must include diverse groups and approaches to be useful. Appendix F describes a process for stakeholder identification and recommended educational approaches appropriate for each.

Fostering Convergence

HIM professionals must exert themselves as leaders and guide the continued convergence of HIM and IT roles within their organizations. These roles may already be formally defined or may evolve as healthcare technologies are implemented. In either case, HIM professionals can promote their knowledge and expertise surrounding confidentiality and security, workflows, terminology and classification systems, standardized data sets, and the use of health information within and outside the organization.

Although EHR implementation and use within a local healthcare organization will bring great benefit to the patient, the ability to share information with other providers across the continuum of care has the potential to bring far greater benefit.

It is critical for HIM professionals to understand the wide range of knowledge and skills brought forth by all segments of the health information work force, including IT experts, clinical informatics specialists, and end users. Forging successful relationships will not only improve communication and collaboration among all who are part of the health information work force, but it will lead to more effective management of health information and contribute to safe, high-quality patient care.

Notes

1. Qualters, Sheri. “Online Poll Shows E-Discovery Worries Persist.” The National Law Journal (Aug. 12, 2008). Available online at www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1202423693349.
2. “2008 Salary Study Delves Deeper into Factors Driving Pay.” AHIMA Advantage 12, no. 5 (Aug. 2008): 1–8.
3. Stein, Todd. “CIO Calling: How Much IT Does an IT Project Require?” Journal of AHIMA 77, no. 4 (Apr. 2006): 30–32.
4. Dimick, Chris. “HIM Manager, non-HIM Staff: Managing Staff with Expertise Beyond HIM.” Journal of AHIMA 78, no. 9 (Oct. 2007): 42–48.
5. Briggs, Bill. “Metamorphosis in the HIM Department.” Health Data Management 14, no. 10 (Oct. 2006): 44–48.
6. Health Insurance Portability and Accountability Act of 1996. Public Law 104-191. 45 CFR §§160, 162, and 164. August 21, 1996.
7. HIPAA 45 CFR §§164.502(b) and 164.514(d).
8. Centers for Medicare and Medicaid Services. “HIPAA Enforcement Statistics.” September 2008 report. Available online at www.cms.hhs.gov/Enforcement/Downloads/EnforcementData0908.pdf.
9. UC Berkeley School of Information Management and Systems. “How Much Information?” October 27, 2003. Available online at www2.sims.berkeley.edu/research/projects/how-much-info-2003/execsum.htm.
10. AHIMA e-HIM Workgroup on Assessing and Improving Healthcare Data Quality in the EHR. “Assessing and Improving EHR Data Quality.” Journal of AHIMA 78, no. 3 (Mar. 2007): 69–72.
11. AHIMA e-HIM Workgroup on EHR Data Content. “Guidelines for Developing a Data Dictionary.” Journal of AHIMA 77, no. 2 (Feb. 2006): 64A–D.

Appendixes

Appendixes are available with the online version of this brief in the FORE Library: HIM Body of Knowledge at www.ahima.org.

• A: Roles and Job Elements that Support EHR Management
• B: Critical Success Factors for Fostering Convergence
• C: e-HIM Privacy and Security Responsibility Matrix
• D: Terminology Map Resources
• E: Terminology Implementation Checklist
• F: Roles and Relationships of HIM and IT in New Terminology Implementation: Identifying Stakeholders for Strategic Planning and Successful Transition
• G: Suggestions for Further Reading

Prepared by

Acknowledgments

Maria Alizondo, RHIT, BBA-HA
Amy Camp, RHIA, CCS
Nancy Davis, MS, RHIA
Julie Duke, RHIA
William R. French, MBA, RHIA, CPHQ, CPHIT
Barbara Pearce, MPH, CPHQ
Karen Scott, MEd, RHIA, CCS-P, CPC
Caroline Stuart, MA, RHIA
Lorraine Toderash, RN
Allison Viola, MBA, RHIA
Brenda A. Williams, RHIA