related to health information exchange (HIE), he says. For the
purposes of HIE, ONC defines “diagnostic test results” and
“clinical information” as “all data needed to diagnose and
treat disease, such as blood tests, microbiology, urinalysis,
pathology tests, radiology, cardiac imaging, nuclear medicine
tests, and pulmonary function tests.”
When deciding what to include in the portal, it’s helpful
to understand what information is—and isn’t—separately
protected under HIPAA and other state and federal regulations,
says McElroy. For example, not all types of communicable
diseases require additional protection. However, an
organization may choose to be more restrictive depending on
its patient population, she adds.
“The document security set-up within the portal drives what
would be visible to patients without their having to provide
additional information,” says McElroy. “Ensure that your legal
counsel and compliance department are on the same page as
to how the portal will work.”
Organizations must also address other potential HIM
challenges, says McLendon. For example, EPs and EHs must
address how they will handle the three-day meaningful
use time frame requirement for electronic copies of health
information as it relates to the 30-day time frame that
physicians have to complete records. Patients shouldn’t have
access to information that physicians haven’t completed and
signed off on, he says.
“I think what’s going to happen is that patients will get access
to items as they’re completed and available,” he adds.
x Is certain information made visible and other information
x How does a corrupted document flow to the portal and
display for viewing?
Note Important Data Standards
ONC specifies that any information provided to patients in an
electronic medium must be in human readable format and in
accordance with Continuity of Care Document or Continuity
of Care Record standards.
Portal vendors should be able to articulate how data in your
clinical systems—which are typically stored in a discrete
format—can be exported to an image for patient viewing,
Other data standards referenced in the stage 1 meaningful
use final rule primarily refer to readying data for HIE down
the line, says McElroy. Choosing a certified portal vendor or
certified EHR vendor that offers similar functionality will
ensure that these data standards are met, she adds.
“All of the certifying bodies ensure that portal vendors meet
the privacy and security requirements as well as the data
standards required by meaningful use,” adds Charlton.
HIM professionals should work with their IT departments to
test the portal’s functionality and perform a mock readiness
review to ensure the portal can meet each relevant meaningful
use objective, says McElroy. During the review, send patient
data out of a test system to the portal. Questions to consider
when reviewing the data include:
x How does it display?
x Can information easily be downloaded?
Portal Issues to Consider
Organizations should ask the following questions when
implementing a patient portal:
If your organization is contracting directly with an
independent portal vendor, is the vendor certified in
terms of the specific functionality your organization is
seeking? Certification will ensure that data standards are
met. For example, on the Certification Commission for
Health Information Technology Web site ( www.cchit.org/
products/onc-atcb), providers can check off various applicable
certification criteria (e.g., timely access and electronic copy of
health information) to find a vendor that suits their needs.
What’s the vendor’s process for patient activation (i.e.,
patient adoption)? “Even if a vendor is certified, it doesn’t
mean that it can give you the type of utilization you need in
order to get [incentive] payments,” says Charlton. Vendors
should be able to articulate a process for recruiting patients
as well, he adds.
Providers should also have a plan in place to market the
portal, McElroy says. Advertising on your Web site, sending
out a mailing, and asking members of the discharge planning
team to encourage patients to sign up for the portal are each
viable options, she adds. Organizations should also identify
what role HIM will play in terms of raising patient awareness
of the portal.
What is HIM’s involvement with the overall portal
initiative? “The HIM leadership team needs to be actively
involved in the portal design and serve as the gatekeeper for
enrollment,” says McElroy. Important questions that HIM
should ask include:
x What information will the portal show?
x What measures will be put in place to ensure user
authentication, privacy, and security?
x How do meaningful use requirements compare with
those related to record completion, HIPAA, and other
x Does the portal include the proper release of information
and HIPAA disclosures about what patients can—and
can’t—expect to access via the portal?
x Which department (e.g., HIM or IT) will handle portal-
related inquiries? ¢
Editor’s note: For general information and to check whether
a particular patient portal vendor is certified, access the
certified health I T product list on ONC’s Web site at http://onc-chpl.force.com/ehrcert/CHPLHome.
Lisa A. Eramo ( firstname.lastname@example.org) is a freelance writer and editor in
Cranston, RI, specializing in healthcare.