Guest Column | April 13, 2018

New Best Practices In Patient Data Transfer For EMTALA Support

By Marianna Prodan, Accellion

The Emergency Medical Treatment & Labor Act (EMTALA) stipulates that if an individual comes to an emergency treatment facility in need of care, the hospital must either treat the individual to stabilize the medical condition or transfer the individual to a facility that can treat the condition. In any event, a hospital must provide medical care, regardless of the individual’s insurance status or ability to pay.

For any emergency medical treatment to be effective, it is absolutely critical for medical staff to have a complete view of a patient’s medical history. Insufficient knowledge about existing medications, pre-existing conditions and allergies can lead to incorrect, unsafe or delayed treatment. The challenge is twofold: collecting all of a patient’s medical history, which is likely to be stored in different systems, and getting this information securely and promptly to the hospital providing emergency medical treatment.

Consider the challenges that emergency rooms face. The patients themselves may be unable to supply reliable medical history. An EMT staff can address symptoms, but a full view of a patient’s medical history would often improve outcomes. And while emergency medical cards, bracelets or necklaces may help first responders in understanding their specific health conditions, these may not be sufficient for unrelated but still critical situations.

Take, for example, a woman in an advanced pregnancy. During her 30th week, she goes into premature labor while on vacation. Most medical facilities could deliver the baby, but at 10 weeks premature, the baby is a high-risk patient and will need neonatal intensive care unit (NICU) services. The patient must be stabilized and the receiving medical facility must have access to critical records, including records maintained by the patient’s OB-GYN, records recently generated by the first responder during the stabilization process, and finally records from the patient’s primary care physician or other specialists – for example a cardiologist if the patient has been treated for high blood pressure.

All these different providers may be in the same health organization, such as an ACO, and therefore all of the patient’s records are (ideally) located in one EMR/EHR system. If however the patient is not part of an ACO, the hospital will now have to collect multiple sets of records from different providers. Collecting all of a patient’s information from a variety of different providers can take a lot of time. Naturally, time is often a luxury the patient or hospital cannot afford.

Electronic transfer of these records is highly desirable but complicated by the number of different systems, lack of standard records formats, and basic EMR/EHR incompatibilities. Providers still must log in to each system, access and download the data, and reload it into other systems. By their very nature, emergency services require speed and agility in response, yet the process of providing access to critical healthcare records through all of these incompatible storage systems is slow and cumbersome.

The requirement for hospitals to comply with HIPAA adds another layer of complexity to this process. A hospital’s emergency services department necessarily collects a large volume of files and patient records, hindering efforts to track and maintain audit trails, understand who accessed what file and when, and accurately document the chain of custody. In the event of a potential HIPAA violation, the hospital’s privacy officer and security officer will be challenged with collecting the data necessary to document the security incident, understand if a reportable data breach occurred, exactly how it happened, and take necessary steps to prevent it from occurring again.

Hospital networks have started to implement new best practices designed to facilitate secure data sharing with external doctors, specialists and health organizations to improve patient outcomes. These new best practices center around the use of file sharing platforms to support the secure and compliant interchange of information from different sources. The imperatives for these new technologies are driven by the use cases that emergency medical facilities face every day.

Adopting these platforms and incorporating them into staff workflows can improve healthcare facility operations by providing an agnostic view to all the records stored in the organization, whether they’re stored on-prem or in the cloud. And because patient data can be accessed and transmitted efficiently, the receiving hospital can make better informed decisions with patients and ultimately provide a higher quality of care in a shorter period of time.

It cannot be over-stressed that these file sharing platforms must be secure in addition to easy to use. File encryption, anti-virus and DLP capabilities, two-factor or multi-factor authentication are just some of the capabilities that should be required of a solution. Similarly, they must support the file governance requirements necessary for HIPAA compliance. Full visibility into where patient records are stored, as well as who has accessed, viewed and downloaded those records are absolutely critical to audit teams in order to demonstrate both compliance with HIPAA and provide support for investigations in the event of a security incident.

In summary, it is imperative – and possible – for healthcare organizations to share patient records, efficiently, securely and in a compliant manner with medical and administrative staff on the front lines of emergency medical treatment. Having timely access to patient records enables emergency medicine professionals to diagnose patients more accurately, target the treatment protocol more reliably, improve patient outcomes, and ensure the success of EMTALA.