NPQR Lets Health Systems Harness Data to Improve Patient Care While Protecting Privacy

October 22, 2019

The storage of electronic data has been a game changer in modern health care. It has given rise to the field of informatics, in which large quantities of data help providers manage the health and wellness of populations as well as improve the quality and safety of patient care. The National Pathology Quality Registry (NPQR)—a national quality and benchmarking program established in 2017 by ASCP—allows pathologists and laboratory professionals to harness laboratory information system (LIS) data to measure and improve patient care.

“The NPQR is a flexible, dynamic tool designed by those of us in the laboratory, for us. With the NPQR, ASCP and our members are able to improve the quality of what we do, demonstrate the value we add, and elevate the care we provide our patients,” said Ali Brown, MD, FASCP, Chief Officer, Medical Quality, ASCP.

However, as electronic health records (EHRs) collect vast amounts of data, protecting patient privacy and healthcare data with strict adherence to Health Insurance Portability and Accountability Act (HIPAA) regulations are paramount.

Securing Data

Through protecting patient privacy, ensuring healthcare data security, and adherence to HIPAA regulations, the NPQR offers an opportunity to safely and securely drive improvement. The NPQR platform utilizes technology developed by leaders in clinical data exchange and analytics. Data that ASCP collects can include a patient’s name, date of birth, zip code, laboratory order and result dates, medical record number, payer, and other case-level treatment and outcome data. Data collected do not include phone number, street address, fax, email address, medical claim number, or other information regarding payment.

Restricting Access

When working with a registry, potential exposure can be reduced by ensuring the registry restricts access and uses encryption and regular security audits. The NPQR utilizes the following industry best practices for securing access control:

  • User access is managed by role-based permissions.
  • Access rights are restricted to the least privileges necessary to perform the job, which are determined by the participating site.
  • Users from participating laboratories who have a user account for the registry can only view the patient-level data from their own laboratory.
  • For benchmarking purposes, laboratories only have access to de-identified aggregate data without protected health information (PHI) from other sites.

Encrypting Data

Encryption of data is important when sensitive data are sent across open networks. Data encryption prevents data visibility in the event of unauthorized access or theft. It is commonly used to protect data in motion and is increasingly promoted for protecting data at rest. The NPQR utilizes the following best practices for encrypting data:

  • Identifying sensitive data, and ensuring encryption at all times—in transit and at rest.
  • Only including strong encryption methods in encryption of data at rest.
  • Using best practices to properly authenticate a person’s identification and authorize features of the software.
  • Creating audit logs that can be scanned for suspicious behavior.

Using Audits

Auditing who accesses data and what they do with it is an important step in protecting patients. The following are important details to keep in mind relating to the use of audits:

  • HIPAA requires having an audit trail, although the degree of detail kept in audit logs can vary by what the organization considers useful.
  • Patients have the right to request additional protection for their information, so the system used for auditing access must be flexible enough to take that into account.

The NPQR’s vendors submit to regular security audits by third parties.

Complying with HIPAA Regulations

Healthcare providers who electronically transmit any health information in connection with transactions for which the U.S. Department of Health and Human Services has adopted standards are required to adhere to HIPAA Rules. The NPQR complies with HIPAA regulations by implementing safeguards to protect sensitive personal and health information.

Keeping Your Data Safe

Safeguarding patient information is a top priority for the NPQR. Protecting patient data is essential in retaining trust between a healthcare system and its patients. Actionable data analytics are critical to health care, and registries are a vital resource for quality improvement data. Registries enable hospitals, health systems, and physicians to assess the effectiveness of their practices and advance efforts to deliver data-driven, evidence-based care.

The NPQR aggregates data from both clinical and anatomic pathology LIS to provide timely reports, as well as provide interactive dashboards that allow laboratories to analyze their performance while ensuring privacy and security.

To learn more about ASCP’s NPQR click here.

ADVERTISEMENT