Medical alert: Pa. health eliminates paper
- By Trudy Walsh
- Oct 07, 2003
Pennsylvania Health Department CIO Mary Benner and Bureau of Epidemiology director Joel Hersh set out to eliminate paper at the point of diagnosis and speed up notification of disease outbreaks.
'Unless you're registered and verified, you can't get into' the system, Michelle S. Davis says.
Henrik G. de Gyor
One of the first things Joel Hersh noticed in 1993 when he became director of Pennsylvania's Bureau of Epidemiology was its dependence on paper.
It was practically an epidemic.
Almost every part of the disease reporting process was on paper. Hersh wondered if there was a way to do it electronically.
Laboratories, clinics, hospitals and physicians would mail or fax reports of the state's 110 reportable diseases to their local health departments, which would forward the information to the state.
Reportable diseases are serious or infectious diseases or conditions that health care providers must report to local health departments. Under Pennsylvania law, the reports usually must be made within a few days'sometimes within hours'of diagnosis. Reportable diseases include anthrax, cholera, food poisoning, lead poisoning and tetanus.
But in disease outbreaks, time is a luxury that public health officials cannot afford. Many diseases have incubation periods of a week or less from the time of infection to the appearance of symptoms.
So to wait for disease reports to come through the mail or to require hospitals to fill out lengthy forms was not only frustrating, it was potentially dangerous to the public. An integrated electronic reporting system wouldn't just save trees; it could save lives.
Several electronic systems were in place, but they were all standalone, stovepipe systems, said David Andrews, project manager for Pennsylvania's National Electronic Disease Surveillance System.
One was an MS-DOS system from the Centers for Disease Control and Prevention, called NETSS'for National Electronic Telecommunications System for Surveillance'a public health surveillance system that provides CDC with weekly data on cases of communicable diseases.
Another was for tuberculosis, and another was for reporting blood levels of lead in children.
Hersh and his team wanted Pennsylvania's National Electronic Disease Surveillance System to eliminate paper at the point of diagnosis. Physicians, hospitals and other health care workers could send reports over the Internet, Hersh said. Disease investigators would no longer have to wait seven to 10 days to get a piece of paper in the mail.
Led by Hersh, Health Department officials decided to integrate these disparate data silos into one electronic disease surveillance and reporting system and put it on the Internet. Health Department officials began working on PA-NEDSS in 2000, which was loosely modeled after an initiative begun by CDC in 1998.Multiple funding sources
The department got a planning grant from CDC. Hersh applied to then-Gov. Tom Ridge's office for funds under an e-commerce program and received $700,000 to fund PA-NEDSS. At that point, Hersh began to search for 'every pot of money I could stick my fingers in at the Health Department.' Money began trickling in from grants and other sources.
Then came the terrorist attacks of Sept. 11, 2001, and the anthrax scares that followed.
Suddenly, disease surveillance and reporting was front-page news. Hersh and his team 'had all kinds of bioterrorism grant money available to us,' he said.
Now the heat was on. Gov. Mark Schweiker, who assumed the governorship after Ridge left for Washington, asked Hersh and the Health Department to have PA-NEDSS up and functioning by the first anniversary of Sept. 11, in case there was a subsequent terrorist attack.
'That really got our adrenaline going,' said Mary Benner, Health Department CIO. The deadline helped the team to focus, she said. By July 2002, PA-NEDSS was up and running.
The aggressive timetable imposed by the governor posed challenges, too. 'Sometimes I felt like I was holding a handful of helium balloons,' Andrews said. 'The more you have to hold, the less tight of a grip you can have on any one balloon string. If one escapes, you have to go fetch that one, and then a few more escape.'
The idea of putting health information on the Web made some in Pennsylvania's health community nervous. Would patient information be safe from prying hacker eyes?
Also, public health disease reports can't be completely scrubbed of identifying data, as can some other kinds of health data. Investigators need the names and addresses of someone with meningitis, for instance, in order to follow up.
For this reason, public health reporting is exempt from Health Insurance Portability and Accountability Act privacy requirements.
The one exception is the PA-NEDSS data that is sent to the CDC each week to be included in the Morbidity and Mortality Weekly Report. Since this is for statistical use, the data is scrubbed of personal identifiers.
Users of the Web system are carefully screened before they are given access to the system, Benner said. Hersh assigns the user rights.
'Unless you're registered and verified, you can't get into it,' said Michelle S. Davis, deputy secretary for health planning and assessment.
The department has licensing information on every physician in the state. PA-NEDSS staff sends them a user ID and password in the mail. The physicians use their ID to get a digital certificate through the site at https://www.nedss.state.pa.us
. The digital certificate must be installed on each computer from which a registered user accesses PA-NEDSS.
User names and passwords are never stored in the same place, said Debbie Sills, public-sector partner with Deloitte Consulting of New York, the prime contractor for PA-NEDSS. The site uses Microsoft PKI to issue and manage digital certificates.Compartmentalized data
Hersh assigns access to users for very specific roles. For example, a health researcher for the Luzerne County tuberculosis program is only allowed to see the parts of PA-NEDSS that pertain to tuberculosis in Luzerne County. By the same token, a state epidemiologist would be allowed a larger view of PA-NEDSS.
As an extra layer of security, PA-NEDSS automatically logs off a user after 20 minutes of idle time. The site also uses Secure Sockets Layer encryption.
PA-NEDSS data resides in two databases. One is an Oracle8i database for transactional data, the other an Oracle9i data warehouse. The site uses software from Informatica Corp. of Redwood City, Calif., to extract, translate and move data from the transactional database to the data warehouse.
Once the data is in the data warehouse, the system uses analytical tools from Cognos Inc. of Ottawa to slice and dice the data into reports.
The servers that support the PA-NESS Web site run on Microsoft Windows 2000 Advanced Server and Internet Information Services. The department this summer finished testing a geographic information systems component using ArcInfo from ESRI of Redlands, Calif. Investigators will be able to call up digital maps that will pinpoint the locations of disease outbreaks.
Because so much of the work of PA-NEDSS is preventive, it's hard to quantify its impact, Hersh said. 'How can you say how many disease outbreaks you've prevented? How do you prove that? But that's a part of what we do.'