Data Integration: Ensuring Data Security and Assessing Completeness

November 13th, 2012 / By Jill Devrick

If you work in the health care documentation sector in any capacity, I doubt you need me to write a speech about how important security is when exchanging data between sources.  HIPAA, HIPAA, HIPAA.  You have to ensure that good security is in place when the data is moving from system to system, and you also need to ensure that the data is secure in both the sending and receiving systems.

When moving data and documents, your methodology needs to be secure so that the information cannot be intercepted en route.  Work with your information technology experts to put the tools in place to create a secure pathway, whether it be virtual private network (VPN) or other firewall access, secure encryption, etc.  In short, you should never send any patient communication anywhere unless you are certain that it cannot be intercepted and/or opened by anyone but the recipient.

Likewise, once the data reaches its destination, the technical safeguards need to be in place to make sure the databases/files can only be accessed through appropriate means by authorized parties.  Your servers, wherever they may be, need to be in a hacker-proof zone.  In addition, it is important to make sure you and those you exchange data with (especially outsourced service providers like medical transcription service organizations) are on the same page as far as authorizations, disclosures, and what constitutes a “need to know.”  The entities on both sides of a data transaction need to know who will be accessing and using the data and for what purpose.

Despite the challenges of ensuring data security, one benefit of systems integration is having all the data you need at your fingertips.  When assessing completeness, you need to decide if you are receiving all of the data you need to do your job, whether that be creating documentation, coding, distribution, etc.  You also need to make sure that data you include in your output is at the level of detail the recipient desires.  For example, does the ADT (admissions, discharges, and transfers) feed give you all of the fields needed to select the appropriate patient and visit, and is all of the information available that needs to appear on the document?

You should also look at each type of document you work with and ensure that all necessary fields are there, without going overboard.  I generally recommend that your document layout only include what is necessary to identify the appropriate patient, visit, order(s), and physician(s), as well as any fields used for sorting and distribution such as nursing unit/room/bed if you are still using paper distribution.

These days, just about everyone uses electronic distribution, and it is very important to the distribution workflow to try to verify and include the necessary demographic information when creating the document so it can be linked appropriately to the patient’s record when it is delivered to the receiving system.  Most of the time, this works well.  However, you need to have a plan in place to handle situations when a document needs to be created but a patient or visit-level record is not yet available, such as a pre-admission H&P.  The creation of these documents is usually not as much of an issue as making sure that some follow-up occurs to match the document back to the patient and visit-level records when that information is available.  This may be something you do on the transcription side, or it may be handled elsewhere, but it is important for everyone to know how it happens so those documents don’t fall through the cracks.

Jill Devrick is a Product Solutions Advisor with 3M Health Information Systems.