Evans (2016) the author of “Health Records: Then, Now, and in the Future” explains what drove

demand to utilizing EHR systems on greater scale.

Sicuranza, Esposito, and Ciampi (2014) authors of an article “A Patient Privacy Centric Access
Control Model for EHR Systems” unveils who becomes vulnerable when using HER system and
what actions must be taken to ensure the continentality and patient’s privacy.
Ferran (2015) the author of “Don’t Confuse HER HIPAA Compliance with Total HIPAA
Compliance” discusses HIPAA security policies which protect Personal Health Information.

Herman, Flite, and Bond (2012) authors of “Electronic Health Records: Privacy, Confidentiality,
and Security” answers the question of what actions are taken to by health organizations to keep
employees in check with HIPPA rules.

Bowman (2018), the author of “Coordination of SNOMED-CT and ICD-10: Getting the Most
out of Electronic Health Record Systems? Discusses a solution to what can facilitate evidence-
based medicine.

Kho et, al’s (2013) authors of “Practical Challenges in Integrating Genomic Data into the
Electronic Health Records” explain why EHRs systems are not fully capable of retrieving data
for research.

Ross, Wei, and Ohno-Machado (2014) authors of ““Big Data” And the Electronic Health
Record” come up with solution to improving EHR system and who must start to raise awareness
to promote the change.

Example of electronic citing source

According to Smith (1997), ... (Mind Over Matter section, para. 6).

New Research on Google Schalr

1
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5171496/
Yearb Med Inform. 2016; (Suppl 1): S48–S61.
Published online 2016 May 20. doi: 10.15265/IYS-2016-s006
R. S. Evans

Electronic Health Records: Then, Now, and in the

Future
Evans, R. S. (2016, May 20). Electronic Health Records: Then, Now, and in the Future.
Retrieved from https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5171496/.

The increased demand by patients to access their healthcare data has led to more personal
use of the EHR [92]. Personal Health Records (PHRs) are now interfaced with applications
within EHRs and are used by most large facilities and vendors [93]. Many patients are taking a
more active role in managing their medical data which is essential for patient-centered care [94].
Patient-centered-care allows patients to add personal stories of key life events both medical and
non-medical that enable clinicians to better understand what matters and is important to patients,
and what are their personal health goals and care preferences [95, 96]. Recent reports have
highlighted the need for efforts to better understand the collection and use of this information in
the EHR [97] and there is a lack of consensus on how PHR success will be determined [98, 99].
There are no comprehensive laws or procedures regarding patients’ access rights to EHRs [100].
Another problem may be that the use of PHRs may be challenging for some older adults or those
of lower socioeconomic status and with low health literacy [101].

2
https://academic.oup.com/jamia/article/15/3/272/727503
James M. Walker, MD, Pascale Carayon, PhD, Nancy Leveson, PhD, Ronald A. Paulus, MD,
MBA, John Tooker, MD, MBA, Homer Chin, MD, Albert Bothe, Jr, MD, Walter F. Stewart,
PhD, MPH
Journal of the American Medical Informatics Association, Volume 15, Issue 3, May 2008, Pages
272–277, https://doi.org/10.1197/jamia.M2618
Published:01 May 2008

EHR Safety: The Way Forward to Safe and Effective Systems 

Design and Implement Safe EHRs
Health care organizations should understand their EHR-related safety needs and require vendors
to address those needs. At its most basic, this means asking what software safety personnel and
practices the vendor uses. Larger health care organizations will need to develop consulting
relationships or in-house resources in software safety and human factors engineering to guide
EHR purchasing, implementation, and continuous improvement.14,15 Smaller organizations will
need access to augmented EHRs and to impartial, actionable information on the safety
characteristics of specific products and implementation options.
EHR vendors should make safety a primary goal from the earliest stages of specification and
design. Methods developed in other industries will need to be adapted to health care.14 The
Certification Commission for Healthcare Information Technology
(CCHIT; http://cchit1.webexone.com) should translate software safety principles and practices
into criteria for certification.14 Leapfrog

3
https://www.researchgate.net/profile/Mario_Ciampi/publication/265380094_A_patient_privacy_
centric_access_control_model_for_EHR_systems/links/55097c8d0cf27e990e0ea463.pdf
A patient privacy centric access control model for EHR systems
Mario Sicuranza*, Angelo Esposito and Mario Ciampi

Sicuranza, M., Esposito, A., & Ciampi, M. (2014, November 2). A patient privacy centric access
control model for EHR systems . Retrieved from
https://www.researchgate.net/profile/Mario_Ciampi/publication/265380094_A_patient_privacy_
centric_access_control_model_for_EHR_systems/links/55097c8d0cf27e990e0ea463.pdf.
So for EHR systems, it is necessary to ensure the confidentiality of data and patient’s privacy,
and to guarantee the quality of the data and the integrity that leads the user (doctor) to have
confidence in the data and in the information contained. To meet these needs (integrity,
confidentiality, and quality), a widely used mechanism is access control (AC), which is a
fundamental security barrier for securing data in a healthcare information system. The AC is a
mechanism that limits the access to the documents in an EHR system, to who can operate
them and how.
1 the patient whom the documents refer to
2 the healthcare organisations holding the data
3 the international, national and local directives and norms.
More in detail follow the link.
Requirements of patients The patients’ needs are related to the confidentiality and integrity of
their data in the EHR systems. Patients should trust the system and they should be able to specify
the level of privacy they want to associate to their documents. P1 Patients should have the right
of control over their own clinical documents. They must be able to specify who can do what with
their own documents. P2 Patients should have the ability to change at any time the rights of
access to their documents. 168 M. Sicuranza et al. P3 Patients should be able to hide their
documents from specific healthcare practitioners. P4 Patients should to have the ability to see
how and when their documents are accessed by the users who have access rights on them and for
which purpose. This will be possible through the property of disclosure, which is indicated in the
EU directives (General Data Protection Regulation, 2012). The patients should be able to provide
access to healthcare practitioners that are not entitled to access the patients’ documents. 3.2
Requirements of healthcare organisations Healthcare organisations must provide protection to
the data they hold. Every healthcare organisation can manage security policies with a certain
level of autonomy. H1 Every healthcare organisation should be able to design its own security
policy and to enforce it. The definition of the access policies must be implemented in total
freedom and through a highly flexible mechanism. H2 The healthcare organisations should be
able to change quickly and easily the access policies of a given document. H3 The Access
control should not add a significant administrative overhead. 3.3 Requirements arising from
international norms and directives In 2012, the European Commission unveiled a draft European
General Data Protection Regulation based on the following properties and principles: D1
Informed consent, every processing of personal data will require the provision to the concerned
individuals of clear and simple information, as well as obtaining specific and explicit consent.
Users must be informed about how their personal data are handled, and they must be able to
consciously agree on the processing of said data. This property corresponds to the 4th property
(P4) mentioned above. D2 The property of ‘right to be forgotten’, with which a patient is able to
delete the history of his documents. D3 The property of ‘purpose’, whereby the data must be
used for the indicated purposes. D4 The property of ‘disclosure’, which suggests that patients
should know how their data are used. D5 The management of access control must be easy to
access in case a document is accessed for emergency purposes. Table 1 in the next section shows
how the listed requirements are satisfied in our model. A patient privacy centric access control
model for EHR systems
3B
https://www.healthcareitnews.com/blog/don%E2%80%99t-confuse-ehr-hipaa-compliance-total-
hipaa-compliance

Don't confuse EHR HIPAA compliance with

total HIPAA compliance
Many healthcare entities don’t fully understand that EHRs are
just one piece of the vast HIPAA compliance puzzle.
By Tod Ferran
March 11, 2015

Ferran, T. (2015, March 11). Don't confuse EHR HIPAA compliance with total HIPAA
compliance. Retrieved from https://www.healthcareitnews.com/blog/don’t-confuse-ehr-hipaa-
compliance-total-hipaa-compliance.

Ferran (2015) the author of “Don’t Confuse HER HIPAA Compliance with Total HIPAA
Compliance” discusses HIPAA security policies which protect Personal Health Information.

Maintaining a secure EHR system

The newly revised HIPAA Security Rule requires providers to assess the security of
their databases, applications, and systems that contain patient data against a list of 75
specific security controls. These controls include specific safeguards to be in place for
the purpose of protecting PHI.

3b
https://journalofethics.ama-assn.org/article/electronic-health-records-privacy-confidentiality-
and-security/2012-09

Electronic Health Records:

Privacy, Confidentiality, and
Security
Harman, L. B., Flite, C. A., & Bond, K. (2012, September 1). Electronic Health Records:
Privacy, Confidentiality, and Security. Retrieved from https://journalofethics.ama-
assn.org/article/electronic-health-records-privacy-confidentiality-and-security/2012-09.
Herman, Flite, and Bond (2012) authors of “Electronic Health Records: Privacy, Confidentiality,
and Security” answers the question of what actions are taken to by health organizations to keep
employees in check with HIPPA rules.

Laurinda B. Harman, PhD, RHIA, Cathy A. Flite, MEd, RHIA, and

Kesa Bond, MS, MA, RHIA, PMP
Sep 2012

Audit trails. With the advent of audit trail programs, organizations

can precisely monitor who has had access to patient information.
Audit trails track all system activity, generating date and time
stamps for entries; detailed listings of what was viewed, for how
long, and by whom; and logs of all modifications to electronic
health records [14]. Administrators can even detail what reports
were printed, the number of screen shots taken, or the exact
location and computer used to submit a request. Alerts are often
set to flag suspicious or unusual activity, such as reviewing
information on a patient one is not treating or attempting to
access information one is not authorized to view, and
administrators have the ability to pull reports on specific users or
user groups to review and chronicle their activity. Software
companies are developing programs that automate this process.
End users should be mindful that, unlike paper record activity, all
EHR activity can be traced based on the login credentials. Audit
trails do not prevent unintentional access or disclosure of
information but can be used as a deterrent to ward off would-be
violators.

4
http://library.ahima.org/doc?oid=106578#.XY1xx-dKgUs
Coordination of SNOMED-CT and ICD-10: Getting the Most out of Electronic Health Record
Systems

by Sue Bowman, RHIA, CCS, director of coding policy and compliance, AHIMA
 2018

Bowman, S. (2018). Coordination of SNOMED-CT and ICD-10: Getting the Most out of
Electronic Health Record Systems. Retrieved from http://library.ahima.org/doc?
oid=106578#.XY1xx-dKgUs.

Bowman (2018), the author of “Coordination of SNOMED-CT and ICD-10: Getting the Most
out of Electronic Health Record Systems? Discusses a solution to what can facilitate evidence-
based medicine.

A standard electronic health record (EHR) and a national health information infrastructure
require the use of standardized medical language and terminologies to transmit clinical data
across diverse information systems. Data must be collected and maintained in a standardized
format, using uniform definitions, in order to link data within an EHR system or share health
information between systems.

The full value of the health information contained in an EHR system will only be realized if both
systems involved in the map are up to date and accurately reflect the current practice of
medicine. Therefore, it makes no sense to map a robust terminology such as SNOMED-CT to an
outdated classification system such as ICD-9-CM. AHIMA believes the following steps are
essential:

 The federal government must initiate the regulatory process for the adoption of ICD-10-
CM and ICD-10-PCS.
 The healthcare industry must incorporate terminology standards in their EHR
development initiatives.
 Robust rules-based maps, designed for different use cases, must be developed from
SNOMED-CT to ICD-10-CM and ICD-10-PCS in order to maximize the value of the clinical
data and the benefits of an EHR system.
 These maps should be made publicly available through the Unified Medical Language
System and should become a standard component of any EHR system.

These steps are among the first the industry should take toward maximizing the power of
healthcare data and, in doing so, building a better healthcare system for the 21st century

A standard EHR will allow for interoperable health data exchange. Interoperability or the sharing
of healthcare data is an essential component of a national health information infrastructure that
will greatly improve the effectiveness of clinical care (through improved availability and access
to patient-specific health information and use of decision support models), cost-effectiveness and
value of research, the safety of patient care, public health monitoring, bioterrorism response,
reimbursement, and healthcare policy decisions. Interoperability requires the use of uniform
health information standards. The lack of standards for health information has been a key barrier
to electronic connectivity in healthcare.
 Incorporation of clinical terminologies into EHR systems is an important step in the creation of
information systems capable of monitoring quality and driving the practice of evidence-based
medicine. A standard clinical terminology provides standardization of clinical terms, thus
supporting easy transmission of patient data across information systems.1 The use of clinical
practice guidelines and other decision support tools to enhance the quality of healthcare depends
on the use of common terms and concepts in health records and knowledge resources. Adoption
and use of standards for clinical terminologies will facilitate significant improvements in the
quality of patient care, promote patient safety, control rising healthcare costs, enhance the
productivity of clinical research, and strengthen the ability of the US to identify and respond to
health emergencies.2 A standard clinical terminology interacting within an EHR system enables:

 Access to complete and legible clinical data with links to medical knowledge for real-
time clinical decision support
 Information exchange between providers thereby speeding care delivery and reducing
duplicate testing and prescribing
 Information retrieval to produce practitioner alerts (e.g., allergy alerts, reminders for
preventive medicine screening tests, notifications of potential drug interactions or abnormal test
results)
 Access to standards of care for benchmarking, measuring and interpreting effectiveness,
improving quality of care, measuring outcomes, developing and monitoring pay-for-performance
programs, and measuring performance.3

Classification systems allow granular clinical concepts captured by a terminology to be

aggregated into manageable categories for secondary data purposes. These purposes include:

 Measuring the quality, safety (or medical errors), and efficacy of care
 Making clinical decisions based on output from multiple systems
 Enabling the connectivity of information systems for continuity of care
 Designing payment systems and processing claims for reimbursement
 Conducting research, epidemiological studies, and clinical trials
 Setting health policy
 Designing healthcare delivery systems
 Monitoring resource utilization
 Improving clinical, financial, and administrative performance
 Identifying fraudulent or abusive practices
 Managing care and disease processes
 Tracking public health and risks
 Providing data to consumers regarding costs and outcomes of treatment options.
Together, standard clinical terminologies and classifications represent a common medical
language that allows clinical data to be shared between EHR systems. Therefore, standard
clinical terminologies and classifications, with maps linking them, must be incorporated into
EHR systems in order to achieve system interoperability and the benefits of a national health
information infrastructure.

https://academic.oup.com/jamia/article/21/6/984/789355
Sequencing of EHR adoption among US hospitals and the impact of meaningful use 
Julia Adler-Milstein, Jordan Everson, Shoou-Yih D Lee
Journal of the American Medical Informatics Association, Volume 21, Issue 6, November 2014,
Pages 984–991, https://doi.org/10.1136/amiajnl-2014-002708
Published:22 May 2014
Adler-Milstein, J., Everson, J., & D, S.-Y. (2014, May 22). Sequencing of EHR adoption among
US hospitals and the impact of meaningful use. Retrieved from
https://academic.oup.com/jamia/article/21/6/984/789355.

In 2009, the federal government passed the Health Information Technology for Economic and
Clinical Health (HITECH) Act to spur widespread adoption of health information technology.
The centerpiece of HITECH is a financial incentive for doctors and hospitals to implement
electronic health records (EHRs) and use them in ways expected to improve the safety,
effectiveness, and efficiency of care—known as the meaningful use criteria

6
https://www.nature.com/articles/gim2013131
Practical challenges in integrating genomic data into the electronic health record

2013

 Abel N. Kho MD, MS, 

 Luke V. Rasmussen BS, 

 John J. Connolly PhD, 

 Peggy L. Peissig MBA, 

 Justin Starren MD, PhD, 

 Hakon Hakonarson MD, PhD & 

 M. Geoffrey Hayes PhD 

 Kho, A. N., Rasmussen, L. V., Connolly, J. J., Peissig, P. L., Starren, J., Hakonarson, H.,
& Hayes, M. G. (2013, September 26). Practical challenges in integrating genomic data
into the electronic health record. Retrieved from
https://www.nature.com/articles/gim2013131.

Kho et, al’s (2013) authors of “Practical Challenges in Integrating Genomic Data into the
Electronic Health Records” explain why EHRs systems are not fully capable of retrieving data
for research.

Data in EHRs can be structured or unstructured (free text). Structured data are often a
requirement to enable current EHR systems to readily generate reports or trigger clinical decision
support tools, such as computerized reminders, because they are in a format that may be
processed unambiguously by the computer. The use of free-text clinical notes supplements
structured data by using the richness of language to describe a patient’s clinical condition. Up to
80% of the value in data may be locked up in free text, requiring so-called natural language
processing (NLP) to derive structured data elements from clinician notes.2,15 Table 1 outlines
the common data categories in EHRs, most common data format (structured versus unstructured
versus mixed) and commonly applied data standards. Each of these concepts, structured versus
unstructured data, use of widely accepted data standards, and attention to workflow, have
parallels in the storage and use of genetic data, and it is at this interface that much recent work in
the eMERGE network focuses.

7
https://www.nature.com/articles/nrg3208

 Published: 02 May 2012

Mining electronic health records: towards better research applications and clinical care

 Peter B. Jensen, 

 Lars J. Jensen & 

 Søren Brunak 

 Electronic health record (EHR) systems are increasingly being implemented all over the
world, but represent a vast, underused data resource for biomedical research.
 Structured EHR data, such as encoded diagnosis and medication information, are the
easiest data sources to process, but advances in text-mining methods has made it possible
to also use the narrative parts of patient records.
 Statistical studies of the distribution and co-occurrence of clinical features in large
collections of patient records enables identification of correlations between, for example,
diseases (comorbidities) or between medications and adverse drug reactions.
  Knowledge-discovery and machine-learning methods can be used both for discovering
novel patterns in patient data and for classification and predictive purposes, such as
outcome or risk assessment. This has the potential to extend current EHR decision
support systems, which integrate available patient data with clinical guidelines to provide
assistance to the physician at the point of care.
 Research platforms built on EHR data, alone or coupled to genotype data, provide an
inexpensive and timely way to sample relevant case and control cohorts based on relevant
clinical features. As EHR and DNA databases become increasingly interlinked,
genotype–phenotype association studies may be designed and conducted by re-using
existing data.
 The growing political focus on the adoption of EHR systems must be accompanied by
funding and strategic research into data standards, interoperability and security. Legal
matters such as data ownership, privacy and consent need to be addressed to find the right
balance between public demands for autonomy and privacy, and manageable procedures
for researchers to access data.
 Fulfilling the full potential of electronic health data for scientific discovery and improved
public health will require collaboration across stakeholders and research groups.

8
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5171496/
Yearb Med Inform. 2016; (Suppl 1): S48–S61.
Published online 2016 May 20. doi: 10.15265/IYS-2016-s006
PMCID: PMC5171496
PMID: 27199197

Electronic Health Records: Then, Now, and in the

Future
R. S. Evans

EHR data generated in the care of patients are also widely used to support clinical research and
quality improvement [141]. The enormous amount of data being collected by EHRs has
generated additional value when integrated and stored in enterprise data warehouses (EDWs).
The EDW allows all data from organizations with numerous inpatient and outpatient facilities to
be integrated and analyzed [142]. These data are not only an essential tool for management and
strategic decision making, but also for enhanced data exploration, cohort identification,
population management, and patient specific CDS. Patient data that was previously stored on
removable disk packs or tape are now stored online; birth to death.

9
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4287068/
Yearb Med Inform. 2014; 9(1): 97–104.
Published online 2014 Aug 15. doi: 10.15265/IY-2014-0003
PMCID: PMC4287068
PMID: 25123728
“Big Data” and the Electronic Health Record
M. K. Ross,* Wei Wei,* and L. Ohno-Machado
Utilizing the EHR system to answer healthcare questions differs from the traditional research
approach of collecting data after a question is asked. Although EHRs have been in existence for
many years (and so has the idea of secondary use of the data), the process is currently not
streamlined and many challenges exist. Main challenges include limitations of processing
ability[15], interoperability and lack of standardization [3, 18, 19, 28], accuracy and
completeness of records [29], cost [30], security and privacy concerns [21], and inability to
extract the needed information [31]. In regard to information completeness, Weiskopf et
al. estimate that, if stringent definitions are utilized, less than a quarter of all records are
considered complete. These authors encourage the scientific community to raise awareness about
this issue and call for researchers to define completeness by four criteria: documentation,
breadth, density, and predictive ability [29]. Steps toward improved information extraction and
analysis in the USA include the formation of alliances between companies and healthcare
institutions [18, 30, 32].

Ross, M. K., Wei, W., & Ohno-Machado, L. (2014, August 15). "Big data" and the electronic
health record. Retrieved from https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4287068/.

Ross, Wei, and Ohno-Machado (2014) authors of ““Big Data” And the Electronic Health
Record” come up with solution to improving EHR system and who must start to raise awareness
to promote the change.