Next Generation Healthcare - Kentucky Leading the Way

Skip Navigation

Navigation: Toolkit Introduction | Why Kentucky | Get Connected | FAQs | Links

Section: Frequently Asked Questions

DR. Kibbe's Responses

Q: What is health information exchange?
A: Health Information Exchange is defined as the electronic movement of health-related information among organizations and between people according to nationally recognized standards.

Q: How can health information exchange help my practice?
A: Health information exchange can:
• Improve the quality of patient care
• Improve competitive market position
• May improve reimbursement rates, and
• Improve customer service and patient loyalty

Q: Can I comply with HIPAA and participate in health information exchange?
A: Yes. HIPAA provides security and privacy requirements for protecting the health information of your patients. Whether you have paper or electronic records, these requirements remain the same.

Q: Do I need an electronic health record to participate in electronic health information exchange?
A: No, you do not need an EHR to participate in electronic health information exchange. A provider can start using technology incrementally without purchasing an entire EHR system. For example, a provider can participate in ePrescribing by linking to a secure portal offered by health systems and pharmacy organizations. The provider can also participate in health information exchange through a local Health Information Organization that provides a community portal to access healthcare records.

Q: What basic security steps do I need to take to keep my electronic health records (EHRs) safe?
A: Many of the basic privacy and security practices that you have in place to protect your paper patient records also apply to electronic patient records. For EHRs, I suggest that you:
• Purchase a system that is certified by the Certification Commission for Healthcare Information Technology found on the Web at or any EHR system that complies with its privacy and security features and functions criteria.
• Thoroughly train staff and establish policies on what can be disclosed and what cannot be disclosed and under what circumstances.
• Assign each person in your practice a unique user ID and password for the computer. Prohibit sharing of names and passwords.
• Provide physician security for your EHR data just as you would for your paper patient records, and
• Save and back up data regularly so it can be recovered if your system crashes. Back-up media can be any media that is remote or can be removed from the practice premises and securely stored.
The Centers for Medicare and Medicaid Services offer a number of security related guidance documents at

Q: Are electronic health records more secure than paper records?
A: While no records are 100 percent secure, electronic health records are capable of providing added security measures such as an audit log that paper system generally do not have. This means that anyone accessing the records can be identified. Implementing encryption can also provide another trustworthy level of security.

Q: Will participating in electronic health information exchange increase my liability?
A: Liability issues vary from state to state. Thus, this question is best addressed through reliable legal counsel. However, the Archives of Internal Medicine published a study on November 24 2008 that suggests physicians with EHRs appear less likely to have paid malpractice claims. More study is needed and good legal advice is a must.

Q: How expensive is it to implement security and privacy safeguards in my electronic office?
A: Costs will depend largely on the technology that you adopt, the size and location of your practice, and the security and privacy risks you identify. As noted in the HIPAA Security Rule for covered entities, safeguards should be reasonable and scalable.

Q: Will participating in health information exchange give the government additional access to my patients’ medical records?
A: State and federal reporting laws already require the sharing of certain health information to agencies that monitor public health issues. These releases are not prohibited under HIPAA. Also remember that the HIPAA Privacy Rule allows for the sharing of patient health information for treatment, payment and health care operations.

Q: Do Medicaid and Medicare support health information exchange?
A: Yes, both Medicaid and Medicare support health information exchange.

Q: Do Stark laws prohibit me from participating in health information exchange?
A: No, Stark laws do not prohibit you from participating in health information exchange. Amendments to Stark now allow hospitals to invest in software and certain other services such as training for physicians without invoking Stark.

Q: What rights do my patients have under HIPAA privacy standards?
A: The HIPAA Privacy Rule gives patients the right to access their health information, restrict access by others, request changes and learn how their health information has been accessed. For additional information, see the HIPAA Basic: Privacy and Security Issues at

Dr. Mongiardo's Responses

Q: How can health information exchange help my patients?
A: Health information exchange benefits patients through improved quality of care, less chance of medical errors and better outcomes.

Q: Can I afford to install health information technology in my practice?
A: The term health information technology covers a broad range – from implementing ePrescribing to going to an entirely electronic health record (EHR). Ultimately, I’d tell you that you can’t afford not to embrace health information technology because of its many benefits.

Q: Do I have to change everything to implement technology in my practice?
A: You most likely will not have to change everything, but any changes will depend on what technology you implement – whether you start small and add functionality in incremental steps or implement a full EHR system. Your goal should be to have a continuous flow of information throughout your office and improve overall workflow.

Q: With all the changes in the healthcare industry, shouldn’t I wait to invest in technology?
A: No, you should not wait. Technology will continue to advance, and it is important for physicians to begin using available technology now.

Q: What technology do I need in my practice to participate in health information exchange activities?
A: At a minimum, you will need an internet connection, preferably high speed broadband. You also will need a computer, electronic notepad or PDA.

Q: How can an electronic health record help my practice?
A: Adopting a fully functional electronic health record (or EHR) can help improve the efficiency of your practice in many ways, including:
• Electronic charts are easy to find and data is accessible at the point of care.
• You can easily track who looked at patient charts.
• Electronic charts simplify quality tracking and reporting.
• EHR systems improve workflow by providing treatment alerts and drug interaction alerts.
• Digital messaging among staff helps provide better continuity of care for your patients, and
• An EHR system improves billing accuracy and payment turn around time by ensuring complete documentation.
Get a free 2008 Physician’s Guide at
For EHR lessons and practice transformation models, visit

Q: How do I find a system that meets my needs?
A: The first step to selecting a system is to clarify your expectations about how the technology will work in your practice. Conducting a practice and staff-level assessment helps you understand your office from the inside out, build a vision for using EHR and expectations for benefits. You’ll want to consider your patient population, practice workflow and structure, current information technology and staff skill level. Next, you’ll want to consider systems certified by the Certification Commission for Healthcare Information Technology (C-C-H-I-T) found at Your peers and professional organizations are another great source on EHR systems and vendor information. For example, members of the American Academy of Family Physicians can talk to peers and take advantage of group purchasing discounts.

Q: Do doctors need patient consent to share medical records electronically?
A: Consent requirements vary from State to State and unless a State’s consent laws specify otherwise it generally will not treat health information differently because of its form or format. It’s important to be aware, however, that most states also have laws which single out certain classes of protected health information such as HIV, mental health and substance abuse which may require additional patient consent.

Q: Why should electronic health record software in a doctor’s office be interoperable with other electronic health record systems?
A: The doctor’s electronic health records automate patient care within a single care setting. The benefit of interoperability between EHRs and electronic health record systems is that the EHRs provide a longitudinal patient record that connects data from multiple care settings. Simply put: interoperability means that systems at different points of care can exchange data.

Q: Do I need an electronic health record to participate in health information exchange?
A: No, you do not need an electronic health record to participate. You can start slowly and add functionality as you go. You can simply start by receiving lab results electronically and not on paper, or start with ePrescribing. There may be other options available by healthcare partners, such as Web-based portals from hospital systems.

Q: Are there other physicians willing to help me learn more about electronic health records and health information technology?
A: Yes, there are a number of professional associations that offer peer assistance. I recommend that you check out the Physicians Electronic Health Record coalition at

Q: How does HIPAA affect my office staff’s access to electronic health information?
A: The HIPAA Security Rule requires an organization to determine who has access to patient information by job title and what information needs to be accessed to carry out each job. Individual states also have laws governing access. For more information, see the HIPAA Basic: Privacy and Security Issues at