The patient record, whether it is paper-based or computer-based, serves different users for different functions:

  • It records all medical processes in a patient-doctor encounter (clinicians);

  • It is a valuable document for teaching (educators);

  • It constitutes a database for research (researchers);

  • It is invaluable for third parties (insurers, government, etc …)

  • It provides acute-term and long-term information for in-house quality management (CEO, hospital administrator).

  • The electronic form of the patient record brings these functions to a higher level of functionality. In addition, the electronic patient record (EPR) raises concern about privacy, confidentiality and security. In this paper, I will discuss the database needs and functional components of the EPR in terms of different users and the state of the art of health care delivery. I also will include a discussion of potential conflicts between information access and confidentiality.

    Before describing user needs of the EPR in details, a quick look at the design criteria of an ideal EPR is helpful. These prerequisites are drawn from the experience of clinical applications developers at the Brigham and Women’s Hospital in Boston over the last 20 years:

    Patient care information systems must be available whenever users need them to manage patient care.

    Patient care information systems must be available wherever decisions about care are made.

    Patient care information systems must provide quick and value-added access to information.

    Patient care information systems must be designed to fit actual patient care processes and work situations.

    Patient care information systems must be so easy to use that they require little (or no) learning.

    Involving physicians with direct entry requires minimizing time and maximizing incentives.


    Clinicians, whose job is to take care of patients, require from the EPR the same data elements that appear in the paper-based patient record. These include such items as:

  • A format to register the encounter, such as SOAP;

  • A problem list, acute and chronic;

  • A list of major procedures and events;

  • A list of health maintenance routines;

  • A list of family history;

  • A list of social history;

  • A list of current medications with allergy and side effects notes;

  • In addition, they also want easy access to results of laboratory tests and imaging studies and consultation reports. A reminder of incoming medical activities (immunization schedule, for example) is a must. Clinicians greatly appreciate the presence of an expert system for diagnosis and treatment and the access to Medline for evidence-based medicine practice. Physicians, when asked which characteristics they expect from the EPR, almost always answer: speed, ease of use and performance.

    The role of the CEO has been vastly expanded in this new era of electronic health information (Adapted from Tan):

  • obtain accurate, timely, and relevant health data that are needed for effective decision making

  • view management of health information resources as part of their managerial goals

  • To position and advance his institution in a very competitive market, the CEO must have strategic information about his/her own institution, his/her competitors and the industry itself. This strategic information is not derived from the OLTP (online transaction processing) system of daily activities, but is drawn from the clinical data repository. This kind of data warehouse is the pool of long-term data which is "data filtered" and "data mined." The CEO needs to have access to these decision-support systems (DSS) (Table 1. Adapted from DeLuca).



    Type of Data Required

    Data Uses


    v Revenue/Expense

    v Volume-adjusted projections

    v Historical revenue/expense data

    v Case-mix data

    v Budgeting

    Cost Accounting

    v Produce data for cost per procedure, case DRG, AVG

    v Determine per procedure, case, DRG profit

    v Labor hours

    v Supply costs

    v Number, types of procedures performed by departments

    v Cost identification

    v Measure variable cost-control technique effectiveness

    Reimbursement Modeling

    v Project revenue/expenses (by facility, service, payer)

    v Compare actual/expected reimbursement

    v Predict financial impact of changes

    v Revenue

    v Expense (cost per case, service line)

    v Case mix

    v Economic modeling assumptions

    v Establish appropriate pricing strategies

    v Contract negotiation and management

    Market Analysis

    v Identify market share by case mix or product line

    v Identify areas of unmet demand

    v Diagnosis and procedures codes from all departments/points of service

    v External third party databases

    v Service planning

    v Facility planning

    Productivity Management

    v Management of labor hours

    v Labor hours

    v Labor costs

    v Patient acuity data

    v Staffing requirements and projections

    v Labor cost management

    According to Sennet, the business of health insurance comprises three separate, core activities:

  • claims processing. It is meant to describe those activities that are directed toward the reimbursement of providers or patients for health care services delivered to beneficiaries of an indemnified group.
  • health care management. It is meant to describe those activities which attempt to facilitate the delivery of medical care that is appropriate and to discourage the delivery of medical care that is not.
  • risk pooling. It is meant to describe those activities that relate to the management of the financial resources necessary to guarantee adequate reserves to cover the anticipated costs of care for a group.
  • The EPR can be used either as a transaction document or a verification document, for claims processing. At the present time, data include ICD-10 and CPT 4 codes, the provider’s name and the patient’s name. Third party payers have been longing for data for health care management and risk pooling. How deep the insurance company can dig into the patient record depends on legal issues regarding privacy and confidentiality. A claims and reimbursement management application, with electronic claims submission and reimbursement will facilitate the process.

    Research is a main activity at large health care institutions. Different uses of patient data can be categorized as follows:

  • disease studies
  • quality of care evaluation
  • utilization studies
  • outcome analysis
  • Most of these uses employ detailed data from the EPR. Desired data elements include identifiers, characteristics, dates, codes, clinical indicators, process of care, disposition, outcomes, and more. Two most important characteristics of data for research are standardization and accuracy. Standards are needed if one has to compare data across different institutions. Data accuracy is difficult to achieve, although it can be increased by direct data entry, avoidance of double data entry.

    Managed care has become important in the everyday business of health care organizations: eligibility verification, authorization, contract management. Governmental agencies monitor morbidity and mortality, compliance with regulations, population health. They need data for Medicare, Medicaid patients. These database elements and functional activities in term of managed care administrators and governmental agencies are presented in Table 2 (Adapted from DeLuca3).



    Type of Data Required

    Data Uses

    Eligibility and Authorization

    v Member status verification

    v Support for multiple contract, health plans

    v Authorization requirements and status

    v Referral tracking

    v Patient membership contract terms, dates

    v Patient demographics

    v Capitation rosters

    v Payer procedures and requirements for verification

    v Initiate care

    v Reimbursement

    v Case-mix analysis

    Claims and Reimbursement Management

    v Electronic claims submission

    v Electronic reimbursement

    v Claim auditing

    v Payment status tracking and verification

    v Clinical data (diagnosis, complications and comorbidities, services performed

    v Patient insurance coverage

    v Contract terms

    v Paper-specific claim submission procedure format

    v Contract negotiation support

    v Reimbursement verification

    v Financial analysis


    v Aggregate information for Medicare/ Medicaid, managed care payer reporting

    v Electronic report submission

    v Revenue streams from multiple reimbursement models

    v Reimbursement history and patterns by health plan and payer

    v Patient clinical data

    v Reimbursement data by payer/patient type

    v Contract terms

    v Management reporting

    v Contract management and negotiation support

    Contract Management

    v Support for multiple contract "carve-out" terms and limits

    v Automated reimbursement/contract calculations

    v Contract auditing

    v Negotiation support

    v Contract terms and limitations

    v Claim audit

    v Patient/member clinical data, by contract

    v Determine profitability by contract

    v Support future negotiations

    v Enforce current contract provisions

    Outcome Management

    v Severity of illness classification

    v Health status evaluation

    v Aggregate data grouping for quality "report cards"

    v Patient financial, clinical, and administrative data

    v Internally or externally defined quality indicators

    v Quality evaluation and maintenance

    v Clinical protocol development

    v Regulatory, state reporting

    UR and Case management

    v Actual vs. expected/contracted utilization

    v Case mix by provider/contract

    v Contract terms/fee schedules/authorizations

    v Initial and final patient diagnoses; procedures performed

    v Patient demographic and historical data

    v Monitor ongoing compliance with contract terms

    v Provider profiling

    v Utilization control

    v Contract profitability analysis


    The changes in the health care delivery system-integrated delivery systems, managed care and new users of electronic health information-has made the public concern about privacy, confidentiality and security. The paradox between easy access and confidentiality can only be solved by trade-off. Privacy itself is relative. Privacy and public interest have always been at odds. Let look at airport security measures, for example. Airline passengers must relinquish some of their privacy in order to feel safe against sabotage by terrorists. This phenomenon was unacceptable three decades ago. Another example is the need of the public to know about the health of their leader. Some public figures hold their health status (Boris Yelsin of Russia for example) to their advantage. Another concern of data integration is also raised as transmission over networks is commonplace nowadays.

    A threat model is helpful in planning and implementing countermeasures to breaches of confidentiality and security. Most of the time, the culprit is the authorized user within the organization, who voluntarily or involuntarily divulges a patient’s data, compromising his/her privacy and confidentiality. The outsider, who is interested in a particular patient’s data usually acquires them through traditional means (bribery, extortion). As the price of hardware falls down every day, interested parties can set up a dedicated computer to intercept transmission of data.

    All the above being said, the EPR cannot move along until the public has been reassured of the capability and reliability of those measures destined to protect privacy and confidentiality of patients’ data. Two kinds of measures are needed: organizational approaches and technical approaches. Organizational policies must lead the technical measures and not vice versa.


    Formal policies regarding information uses and flows are needed. They must define first which data are sensitive and which are not, and in what circumstances. Guidelines for releasing health information will protect from secondary dissemination by third parties. Security policies and confidentiality policies are also included.

    On the patient part, he/she must know his/her right to privacy and confidentiality. Most recent surveys showed that the patient was not told fully about these rights. No information should be released without the consent of the patient. As the owner of the content of the EPR, the patient is entitled to access his/her EPR, his/her audit logs at anytime, at anywhere and he/she can ask the institution to correct errors or omissions. This total and easy access to his/her EPR will put the patient at the helm of his/her health care, put him/her accountable for his/her lifestyle.

    Education and training about privacy, confidentiality and security problems must be organized for every new employee and renewed several times a year for established employees. This campaign must be pursued continuously and is accompanied with penalties and rewards. Most employees will act professionally.


    The essential features of a secure system and network may be categorized as: authentication, authorization, integrity, audit trails, disaster prevention/recovery, and secure data storage and transmission5.

    Authentication refers to providing assurance regarding the identity of a subject or object. For example, ensuring that a particular user is who the user claims to be (authentication of user) and corroboration that the source of data is received as is claimed (authentication of data origin).(ASTM E1762)5. Authentication technologies in healthcare industry use either a physical device (smart card) or passwords, or a combination of both. All passwords should be scheduled to expire at routine intervals.

    Authorization is the granting of rights, which includes granting of access based on access rights. (ISO 7498-2) 5. Authorization controls allow users to physically access the system and to get the legitimate information needed for patient care. A second layer of passwords can be used.

    Integrity is the property that information is changed only in a specified and authorized manner. Data integrity, program integrity, system integrity, and network integrity are all relevant to consideration of computer and system security. (National Research Council, 1991) 5. To ensure the integrity of data, unauthorized deliberate or accidental modification or entry of data must be prevented. Program integrity refers to the stability of the program, free of bugs. System integrity and network integrity are also important because a breakdown of these elements will cause data inaccessible and/or corrupted.

    An audit trail is the result of monitoring each operation on information. (National Research Council, 1991) 5. All current healthcare information systems have some sort of audit trail integrated in the design of the systems. An audit trail will record who accesses which patient for what kind of data, at what time and date.

    Disaster recovery is the process whereby an enterprise would restore any loss of data in the event of fire, vandalism, natural disaster, or system failure. (CPRI, July 1996) 5. All critical operations must have backup systems. The emergency team must be available 24 hours a day, 7 days a week. Mockup disaster exercises must be practiced on a regular basis.

    Data storage refers to the physical location and maintenance of data. (CPRI, September 1996) Transmission of data is the exchange of data between person and program, or program and program, when the sender and receiver are remote from each other. (Longley, 1987) 5. The simplest way to secure data storage is to use physical measures, such as locks with combination keys, curfew hours at the central area. Transmission of data must be secured by encryption.


    The EPR promises easy access, no duplication of data, more integration of different components of the record. At the same time, it raises concern about confidentiality and privacy. Unless reliable security measures are built in every system and unless the public has total trust in these measures, the implementation of the EPR will still be impeded.

    1. Drazen EL, Metzger JB, Ritter JL and Schneider MK: Patient Care Information Systems. Successful Design and Implementation. New York: Springer-Verlag, 1995.

    2 Tan JKH: Health Management Information Systems. Theories, Methods, and Applications. Gaithersburg: Aspen, 1995.

    3 DeLuca JM and Cagan RE: The CEO’s Guide to Health Care Information Systems. Chicago: AHA Publishing, Inc, 1996.

    4. Sennett C: The Computer-based patient Record: The Third Party Payer’s Perspective. In Ball MJ and Cohen MF: Aspects of the Computer-based patient Record. New York: Springer-Verlag, 1992.

    5 Computer-based Patient Record Institute: Security Features for Computer-based Patient Records Systems. http://www.cpri.org/docs/features.html.

    Huỳnh Quốc Hiếu - Phẫu thuật robot: các ứng dụng, hạn chế, và ảnh hưởng trong đào tạo phẩu thuật.
    Huỳnh Tấn Tài - Bảo hiểm sức khỏe (PDF)
    Huỳnh Tấn Tài - Bồi hoàn thể tích máu mất.
    Huỳnh Tấn Tài - Healthcare Information Management and the CIO
    Huỳnh Tấn Tài - Hệ thống bệnh án điện tử dưa trên Web
    Huỳnh Tấn Tài - Lại bàn về Sport
    Huỳnh Tấn Tài - Nhu cầu giảng dạy thông tin học y khoa tại Viêt nam
    Huỳnh Tấn Tài - Nhân lực y tế, phân tích và chính sách (PDF)
    Huỳnh Tấn Tài - Nhầm lẫn y khoa
    Huỳnh Tấn Tài - The Electronic Patient Record: user needs versus privacy and security concerns
    Huỳnh Tấn Tài - Trị số P (PDF)
    Huỳnh Tấn Tài - Tản mạn về sức khỏe
    Huỳnh Tấn Tài - Xung đột quyền lợi trong y tế
    Huỳnh Tấn Tài - Y học thực chứng và vắc-xin phòng chống cúm gia cầm H5N1
    Huỳnh Tấn Tài - Y đức và đạo đức học y khoa (PDF)
    Huỳnh Tấn Tài - Đặc điểm của xét nghiệm và quyết định lâm sàng định lượng
    Hà Nguyên - Quyền riêng tư và được bảo mật thông tin của bệnh nhân
    Hải Ngọc - Vấn đề sinh viên tốt nghiệp đại học y tại Trung Quốc: Quản lý Nhà nước chưa theo kịp sự phát triển xã hội?
    Hố Đắc Duy - Xáo trộn trên thị trường thuốc trị bệnh liệt dương
    Hồ Đắc Duy - "Tainted Egg Syndrome" - Hoi chung hiem thay o nuoc ta.
    Hồ Đắc Duy - Các Khía Cạnh Tình Dục Trong Truyện Kiều
    Hồ Đắc Duy - Những dấu ấn về tình dục trong cuộc đời của nạng Kiều
    Hồ Đắc Duy - Đêm qua là cái đềm gì
    Lâm Quốc Anh - Chất béo
    Lê Dương Hà - Giáo sư - phó giáo sư Việt Nam, họ là ai?
    Lê Quang Thông - Chẩn bệnh Tam Quốc Version 2
    Lê Quang Thông - Phiếm luận tiểu thuyết Võ hiệp Kim Dung và Y học
    Lê Quang Thông - Vì sao chữ “Sĩ” trong ngành y bị xuống cấp?
    Lê Quang Thông - Y khoa trong Chiết tự chữ Hán
    Lê Đình Phương - Y khoa buồn
    Nguyễn Bá Thiện - Dầu mè và nước muối trong điều trị khô niêm mạc mũi
    Nguyễn Hoài Nam - Vi tínnh hóa phòng khám - tại sao không?
    Nguyễn Minh Mẫn - Y tế Việt Nam nên bắt đầu từ định nghĩa sức khỏe!
    Nguyễn Quý Ninh - Bức thư của một bác sĩ về hưu
    Nguyễn Quý Ninh - Chiều - Thơ
    Nguyễn Quý Ninh - Nguyễn Nhân trường hợp một bác sĩ bị đâm chết ở Thái Bình
    Nguyễn Quốc Vọng - Máy ozone khử trùng rau quả: Con dao hai lưỡi
    Nguyễn Thiện Hùng - Siêu âm và bụng cấp tính
    Nguyễn Thị Tâm Thuận - 5 loại thực phẩm có hại với não
    Nguyễn Thị Tâm Thuận - Lô hội – vị thuốc quý
    Nguyễn Thị Tâm Thuận - Những điều cần lưu ý khi uống sữa đậu nành
    Nguyễn Thị Tâm Thuận - Nước – yếu tố dinh dưỡng cơ bản nhất
    Nguyễn Thị Tâm Thuận - Đậu tương-thực phẩm có giá trị dinh dưỡng cao
    Nguyễn Trọng Bình - Bệnh tay chân miệng và lở mồm long móng
    Nguyễn Đức Minh - Thử tìm một vế của “Sức khoẻ”
    Phạm Văn Linh - Đâu phải là thiếu cơ sở khoa học
    Trần Văn Giang - Năm Hợi Nói Chuyện Thịt Heo
    Trần Văn Huy - Bệnh tim mạch ở phụ nữ
    Trần Văn Huy - Hãy hiểu đúng về cây xáo tam phân
    Trần Đình Bình - EVIDENCE-BESED MEDICINE (EBM) - y học thực chứng
    Trần Đình Bình - Mối liên quan giữa hệ thống kháng nguyên bạch cầu người
    Võ Đức Chiêu - Điều trị thành công 1 trường hợp tràn dịch màng phổi do Toxocara với Egaten liều duy nhất.
    Vĩnh Phương - Tác giả khách mời & người viết mướn trong nghiên cứu y học
    Độc giả

    Trang nhiều tác giả
    Trang riêng của Lê Ngọc Dũng
    Trang riêng của Lương Lễ Hoàng
    Trang riêng của Nguyễn Bảo Trung
    Trang riêng của Nguyễn Hoài Nam
    Trang riêng của Nguyễn Hữu Đức
    Trang riêng của Nguyễn Văn Tuấn
    Trang riêng của Nguyễn Ý Đức
    Trang riêng của Nguyễn Đình Nguyên
    Trang riêng của Phan Xuân Trung
    Trang riêng của Đỗ Hồng Ngọc
    Trang riêng của Đỗ Minh Tuấn