Editorial: A good push by government

As new health information technologies are introduced, reliable auditing and verification are becoming more critical.

The course to develop an effective electronic health record system has a big hurdle near the finish line. An EHR can be workable and even secure from electronic intruders, but without a way to prove who’s doing — or did — what in the system, it cannot stand up to administrative or legal scrutiny. Nor can the people whose information is stored in those files be confident that they have not been viewed or tampered with.

As new health information technologies are introduced (wireless), as new forms of health care delivery and payment are tested (Wal-Mart), and as the entire health care industry goes electronic (National Health Information Network), reliable auditing and verification are becoming more critical.

Our cover story this month by Senior Editor Nancy Ferris reinforces that notion. Audit trails, which track changes in the status of a network file, are fairly common in U.S. hospitals. Yet presenting that information in a way that hospital administrators, insurance investigators or patients can understand is not so easy.

Auditing systems could also be crucial to another possible health care policy trouble spot highlighted in this issue: the potential for health care practitioners to game emerging pay-for-performance systems. The first national pay-for-performance Medicare program starts this month, and a similar program for Medicaid is on the horizon. But as contributing writer Brian Robinson points out in his story, “Gaming the system,” where there is an incentive program, there is often fraud. Consequently, auditing might be the only way to spot instances when physicians report that they spent more time with patients than they actually did.

Can health care providers and payers come together to write the policies or agree on the technologies that will help solve the problems outlined in these stories? Not without a strong push by government. As our cover story points out, the Certification Commission for Healthcare Information Technology, which is working to ensure the interoperability of electronic records, is making auditing functions a certification requirement. That will help ensure that companies develop better solutions to those problems.

The news that the Office of the National Coordinator for Health IT is developing a framework for a national privacy policy, which it expects to have ready later this year, will only strengthen those efforts. Although a good privacy framework does not guarantee good security or data-retrieval policies, it can set ground rules for how technologies are implemented and used.

That news is an example of government doing what it does best: applying economic incentives and setting guidelines. Using that approach, the government can allow the players to find the best way over seemingly insurmountable hurdles.