Privacy rules, separation of systems hamper behavioral healthcare
Technology is helping close the gap between physical and behavioral healthcare, but professionals say there’s a long way to go in integrating information from the two disciplines.
As patient data becomes more easily accessible—by both physicians and hackers—in the age of electronic health records and health information exchanges, privacy concerns have outweighed the benefits for the continuum of care.
For patients with behavioral health problems, the levels of security within health information exchanges and records are so high that one of two things tends to happen to sensitive information—either all of it is released, or none of it is.
This is a major problem that Massachusetts General Hospital, ranked by U.S. News & World Report as the best psychiatric hospital in the country, is experiencing. The Boston hospital recently implemented Epic, an EHR software commonly used in large hospitals, a process that took about two to three years to roll out. While most behavioral health information is easily searchable and accessible to treating physicians, information about patients with substance abuse is tightly monitored.
“The wrinkle for us is the people who are being seen in our addiction unit,” says Martha T. Kane, a psychologist who is clinical director of the Center for Addiction Medicine at Mass. General. “Nothing can be viewed through electronic medical records. It really makes care difficult.”
Records for the hospital’s three addiction treatment programs are behind a special firewall, where access to records for the psychiatry unit has higher levels of restriction; however, medical specialists treating the patient do not have access to those electronic records, says Kane.
Instead, they are forced to use paper copies, which is “slow and about as old school as you can get,” she says. “Even if the patient signs over their records, there’s still no electronic way to send it over.”
Federal regulations, although stringent, were designed to not deter substance abuse patients from seeking help.
But for overall mental health policies, there is a lot of confusion over what is allowed, says Peyton Isaac, senior policy analyst at the Office of the National Coordinator for Health Information Technology.
“HIPAA actually enables the sharing of protected health information, including mental health data,” she says. “There really is no federal bar to sharing this protected health information electronically.”
However, states often enact more privacy protection laws in addition to the baseline HIPAA law, says Isaac. Within each facility, providers determine their own procedures under those guidelines.
For Johns Hopkins University School of Medicine, those in the psychiatry department believed it is important for inpatient records to remain open.
“We still have to afford our patients privacy for sensitive issues,” says Patrick Triplett, MD, clinical director and physician adviser for the Department of Psychiatry and Behavioral Sciences at Johns Hopkins University School of Medicine. “It’s natural for them to have concerns that people could be snooping in their records.”
Johns Hopkins’ psychiatry department had its first foray into electronics in 2008, transitioning from paper and pen to Epic, and the system enables physicians to see if a patient had been admitted for psychiatric treatment. Like Mass General, Johns Hopkins’ substance abuse programs are not part of the EHR system.
“With the rollout of Epic for the outpatient setting, we have to make decisions for the levels of security we have to have in place,” Triplett says. “I have case-by-case discussions of the level of security they want to put on their records.”
While security concerns remain a prominent aspect of behavioral health policies, law enforcement can obtain records, says Dina Passman, acting team lead for Health and Information Technology at Substance Abuse and Mental Health Services Administration (SAMHSA). As a result, hospitals are purchasing software in an effort to ease those concerns.
Software companies are developing programs that will run in the background to see if people are misusing an EHR. For example, an unauthorized hospital employee could access a celebrity’s EHR or, more mundanely, a friend’s information. Any odd patterns would be flagged.
While this seems like a great solution for providers, patients don’t get that peace of mind. Patients can tell their doctor what information they want to stay private, but there is no way for them to see if that information is being shared, says Steve Daviss, MD, chair of the Committee on Mental Health Information Technology at the American Psychiatric Association.
“Patients should also be able to enjoy the care coordination benefits provided by EHRs and health information exchanges (HIEs) without having to share all or none of their information; they should be able to identify classes of data for more restricted access,” according to the American Psychiatric Association’s position on confidentiality on electronic health information. “At the very least, computerized records should give patients as much control over their information as they have with paper-based records.”
This fundamentally poses a problem for patients who are consenting to open records yet don’t have the means to see exactly what information is shared. Daviss says implementing a system where patients can have “some sense of control” over where their information goes would foster a greater level of trust.
A technological solution would allow HIPAA-protected patient notes, which are already protected from disclosure, to be updated but not shared; most EHRs don’t have this type of capacity, says Daviss.
Kane also shares her frustrations with the current technological options and believe that the EHR system should have the capacity to turn on and off privacy based on signed consent.
“Frankly, I find it hard to believe it doesn’t exist,” she says. “It’s so obvious. They don’t have to change the federal law.”
SAMHSA has been working on data segmentation, the concept Kane envisions for her patients, through ONC to make that a reality. As of 2014, only 11 percent of behavioral health providers share information electronically, according to the National Electronic Health Record Survey.
“People are looking for ways to solve the technological challenges that is compliant with [42 CFR] Part 2,” Passman says. “Segmentation needs to happen at the HIE level.”
It’s not only the regulations that hinder how behavioral health patients get care, but also current payer models. The Affordable Care Act extended the impact of the Mental Health Parity and Addiction Equity Act so that many health plans must offer coverage for mental health or substance use disorders with at least an equal level of benefits as the plans offer for the treatment of physical health problems, according to SAMHSA. This law applies to organizations with more than 50 employees, which allowed smaller companies to find a way around the regulations, says Daviss.
Now that the payment model is shifting toward value-based reimbursement, payers are using analytics to determine which patients are at risk for readmission because of behavioral-health related causes.
Health research organization Hilltop Institute at University of Maryland, Baltimore County, reported the risk of respiratory-related hospital admission for patients with a mental health disorder and substance use commodity is 15 times higher than those without, according to the state’s Medicaid data. The increase in risk for patients with diabetes, along with a mental health disorder and substance use, is 12 times higher.
Hospitals like Mass General and Johns Hopkins are starting to get creative with proactive approaches to prevent readmissions.
At Johns Hopkins, Triplett is leading the first wave of a new consultation model to identify patients with an undiagnosed disorder; a small psychiatric team, generally a psychiatrist, social worker and nurse practitioner, are embedded on the medical floors and look for people who might need a psychiatric consult.
Mass General, meanwhile, is developing and paying for programs for its substance abuse patients. The current payment model doesn’t reflect what providers know about efficient addiction care, says Kane, who adds, “There are a lot of people who can benefit from levels of care that are not traditional and not utilized.”
Mass General pays for recovery coaches, a non-traditional method to keep substance abuse patients engaged with their recovery, in the hopes of minimizing relapse and subsequent readmission. The hospital also funded video sessions with physicians to help patients, an effort that was not reimbursed by payers. Kane says it currently has one contract with Horizon-Blue Cross Blue Shield.
Efforts like these rely heavily on data and analytics, which is where the private sector has really found its niche in not only assisting hospital systems, in addition to primary care physicians, who are often the first medical professionals to come in contact with an undiagnosed behavioral health disorder.
“Primary care physicians know there’s a high level of burden,” says David Wennberg, MD, chief data scientist at Quartet Health. “They can’t take care of the need. They’re not trained well in managing patient need.”
Despite the obvious need for mental health screening, primary care physicians are already overextended and generally don’t have the time or capacity to treat anything beyond physical problems. “They really do want their patients to thrive, but haven’t been able to offer their patients care or support,” says Wennberg.
Many of the population health tools popping up for mental health patients stem from this place of care. These tools offer analytic capabilities for primary care physicians while connecting patients to specialists in an integrative, virtual atmosphere.
The app connects physicians, patients and providers to develop shared goals and treatment plans in a virtual collaborative setting, which gives patients access to the best care despite geographical locations.
The data is supplemented with third party data, such as census and public data, to help identify hot spots of burdens in the area, which normally fall on primary care physicians, the most commonly-seen doctors, says Wennberg.
“The data sources we use are both from the payer side, like traditional health claims data, facility data, pharmacy data and network information,” he says. “We want to get access to providers’ notes.”
From the standpoint of healthcare and the frequent use of the healthcare system, he says, primary care physicians have the greatest need for this type of technology and are working with the private sector to develop a better product.
Similarly, technology company Mindyra recently launched a platform that gives providers access to a comprehensive diagnostic assessment test for patients with behavioral health disorders.
The diagnostic test, which is offered for adults or adolescents, takes about 10 minutes and gives providers a summary of the top three treatments, pharmaceuticals and side effects of each drug for the newly-diagnosed disorder. Providers also have access to a full-time support staff of psychiatrists through the platform for a second opinion.
The platform also enables patients to track their progress, which can be compared by individual, peer group or illness based on clinical data, says Mindyra CEO Bill Battey.
“When you can measure outcomes in therapeutic care, wow that’s so cool,” he says. “Think of the data we’re collecting.”
Mindyra uses a database to store the information on the cloud and is HIPAA compliant, says Battey.
When the company was developing the platform, it asked for input from doctor groups and hospital systems to create the population health tool that works in real time. Information from the platform can also be moved to a patient’s EHR.
“There was a crying need among practitioners,” Battey says. “Give me something automated. We need to be automated.”