Sharing Protected Health Information (PHI)

Dude, where’s my flying car Electronic Medical Record/Electronic Health Record (EMR/EHR)?

The year is 1989, and the panel discussion focuses on electronic medical records. One panelist expresses concern about the vulnerability of such a system: imagine if someone walked by with a high-powered magnet. A more forward-thinking panelist remarks that the same thing would happen to all that paper if someone walked by with a match.

The year is 1993, and ground-breaking for a new “hospital of the future” is taking place in an urban center in the northeast. At the inaugural gala, following a montage set to the Beatles song Revolution, the CEO of the hospital organization boasts that when the facility opens in 1999, it will be completely paperless. As of yet, it is not quite there.

The year is 2003, a managed care organization launches a paperless referral system for case management only to learn months later that staff print the electronic referrals to present at medical review.


Sharing Protected Health Information (PHI) is a major concern for all health plansThirty years hence, the dream of a paperless health care delivery system remains over-promised and under-delivered. In the 21st century, with modern encryption techniques, why isn’t it possible for health care entities to share protected health information (PHI) swiftly and safely? We haven’t even advanced to 20th century technology like faxes, instead relying on 19th century methods — the United State Postal Service and hand pickup and delivery. Here are two true personal anecdotes that illustrate this fact:

  1. I was experiencing pain in my left ankle. I went to my doctor for a referral to an orthopedist. They willingly agreed, scheduled an appointment with a physician in a larger city some miles away, and performed an X-ray. I assumed they would send the results to the specialist, but when I arrived for my appointment, I was asked for the disc that had the X-ray on it, which I did not have. “It’s just a file,” I said. “Can’t you have them send it to you electronically?” “Impossible,” I was told. I should have brought it with me.
  2. While planning a trip to India, I scheduled a series of vaccinations with a travel clinic. The clinic requested my current vaccination record. I called my PCP and asked them to send the list to the clinic. I was shocked when they said they could not do that, even using 20th century technology like faxing or scanning, and instead offered two options: have the list mailed to me so I could bring it to my appointment (USPS); or go to their office to pick it up (hand-delivery).

Why not have a system with robust encryption and protected servers that would allow any health care entity to share PHI?

How valuable would it be, for example, for someone from Massachusetts having a medical emergency in Kansas to have the treating physician be able to access their entire medical history? How cool – and potentially life-saving – would it be to have a single global Electronic Medical Record/Electronic Health Record (EMR/EHR) system that is an international, accessible, highly secure database?

None of this is pie in the sky. It’s 21st century technology available today but simply not widely in use. Why?

For one thing, people in general fear that their PHI could be exposed or compromised. This is a reasonable concern, especially considering the many data breaches that have been in the news recently. But the healthcare industry is already held to a higher standard, with the penalties for breaches of confidentiality seemingly high enough to render such compromises economically unjustifiable.

Another reason for the lack of implementation of a national medical database (that is what it would be) is the competition between differing systems, and the concomitant lack of defined standards for such a database – think back to the JVC VHS and Sony Betamax wars; or today’s squabble between car manufacturers over a standard for devices at battery recharging stations.

At CODY, we have a solution!

We are SOC 2 compliant, with rigorous policies and procedures in place to assure total confidentiality of PHI. Our Allied Services division has worked with health plans to implement ePresentment of member materials online. Our on-line software is compatible with multiple systems across multiple platforms.

An industry-wide next-step could be to adopt a set of standards for sharing data such as MRI, X-Ray, CT Scan, ultrasound, or any imaging results that can be saved and sent as an electronic file. A logical progression would then involve extending that sharing to include a patient’s entire medical history, so that no matter where the patient needs care, that data is available to the attending physician. This is not science fiction. This is technology available today and simply not standardized or implemented. It’s time for the healthcare industry to move into the 21st century, we know the way, we just need the will.

For more information on how CODY can help your health plan navigate the ever-changing healthcare landscape, contact us today.