MHAV was launched in 2005 to improve communication between patients and healthcare providers. There were few patient portals and limited experience to guide system development at that time. Thus, our team designed governing procedures and policies to prevent privacy and security threats, ensure HIPAA compliance, and address common barriers to adoption. Stakeholders contributing to the design included healthcare providers, patients, privacy and security officers, legal representatives, and system developers.
The core functions of MHAV are similar to those of other patient portals5–10
- Secure messaging
- Access to electronic health record (EHR) data
- Delivery of personalized health information
- Appointment scheduling
- Bill management
illustrate these functions. In the sections below, we describe the procedures and policies governing each function and the associated usage statistics.
Figure 1 Screenshot of the MyHealthAtVanderbilt login homepage. Note: Figure 1 shows the login page for senior author, Gretchen Jackson. Gretchen was pregnant in the last year, and the login screen thus shows information about pregnancy, as well as links to age-specific (more ...)
Screenshot of the MyHealthAtVanderbilt secure messaging page. Note: Figure 2 shows messaging communications between Gretchen Jackson and her cardiologist, Dr Markham regarding her echocardiogram.
Screenshot of the MyHealthAtVanderbilt reports page. Note: In Figure 3, Gretchen Jackson accesses the results of echocardiogram done during her pregnancy to evaluate the effect on her congenital heart disease.
Patient registration and access
Privacy and security are the most common concerns of portal users,17
but complex authentication procedures may limit use. MHAV has two types of access to address these issues. Users may register for limited access online by providing their name, social security number, and birth date. Limited access users may exchange secure messages with established healthcare providers. Full access allows viewing of EHR information and requires the patient provide legal proof of identification in person.26
MHAV initially provided accounts for adult patients, and in August 2007 expanded access to pediatric patients.
User accounts, delegates, and guardians
New MHAV users must electronically sign an online user agreement before establishing a MHAV account (see online appendix). Adult patients may authorize one delegate to access their information through MHAV on their behalf. Delegates must register for a separate MHAV account with a unique username and password. Delegates do not need to be VUMC patients. Patients may authorize delegates to use selected MHAV functions including secure messaging, bill paying, and access to EHR data. The patient accepts full responsibility for granting or removing these permissions. These policies discourage patients from sharing their usernames and passwords, and document when another person acts on behalf of a patient.
For pediatric patients, the procedures and policies for access were designed to respect both the legal rights of the parents and the developmental state of the child. Parents or legal guardians must complete an application for access to MHAV and show a proof of identification to establish an account. For patients under 13 years of age, parents or guardians may create a MHAV account with controlled access for their child and may also assign a delegate. For patients 13–17 years of age, MHAV requires one parent or legal guardian to consent before a MHAV account can be established, unless a healthcare provider agrees the patient has conditions preventing participation in MHAV. As children enter adolescence, there is a shift from dependence on the parents to independent thinking, and it is important for teenagers to be able to exercise independence and communicate individual concerns.27
Patients who are 13–17 years old must also complete an agreement to allow parental participation in MHAV and may communicate with healthcare providers independently. When a patient reaches the age of 18 years or establishes emancipated status, parental or guardian access is terminated.
The secure messaging system of MHAV emerged as an extension of VUMC's EHR provider to provider messaging capabilities with additional procedures to maintain patient privacy. MHAV users are required to have a valid electronic mail (email) account for communication. When a VUMC provider sends a message to a user through MHAV, a notification is sent to the user's email address. However, the user must login to the secure MHAV system to view the message. Protected health information is not sent directly through email as these systems may not be secure or answered reliably. If the user does not open a message within a specified time period, the message bounces back to the provider, who can contact the recipient in another manner. The default time for returning a message is 5 days, but may be adjusted depending on the time-sensitivity of the message. This closed-loop system ensures that healthcare providers are notified when messages have not been received.
MHAV messaging procedures formalize a series of institutional best practices around messaging workflows. Patients can send messages to healthcare providers with whom they have an established relationship, defined by a scheduled appointment or having received care from that provider within the past 4 years. To maximize provider productivity,28
messages are sent to clinical groups and are often answered by a staff member (eg, nurse, administrative assistant, or allied health professional).15
Clinically relevant messages are forwarded to the patient's physician or another provider within a closed-loop system. Because messages are handled by clinical groups rather than by individuals, a provider's absence does not impose a delay on message response. Providers may initiate messages to MHAV users and specify that responses be sent directly back to them. All provider or staff member initiated messages contain a message date, time, and name of sender with degree information, thereby notifying the recipient of who sent the message. There have not been any MHAV user complaints about the message triage system.
MHAV messages may only be viewed and answered in the context of the VUMC EHR. This policy ensures that providers have seamless access to patient information and are responding to messages in the context of how they typically interact with protected health information. Using other types of communication, a provider might process a message in a less secure or private environment.
The messaging function overcomes several limitations of email and telephone communications, such as allowing users and providers to communicate sensitive information asynchronously, and after hours, so both parties may be in a private and secure environment.29
Messages sent through MHAV are submitted through a secure web-based form, and the EHR-based communications protocols make it difficult for messages to be intercepted. Users may communicate without exposing or accessing personal email accounts or telephone numbers. These procedures promote a sense of privacy and respect for personal boundaries. In addition, MHAV automatically stores all messaging threads to the EHR, providing a permanent documentation of correspondence; in some systems, this record is optional.10
Retaining messages in the EHR encourages MHAV users to send messages for appropriate concerns and encourages providers to generate thoughtful responses. This process differs from the documentation of telephone calls, which usually consists of an interpretation of an interaction rather than the complete communication.
Message audit processes
Unanswered messages may potentially compromise patient safety and quality of care. In 2006, a review of MHAV messages identified approximately 19 000 unopened messages—some marked urgent—from virtually every department. New processes to identify and prevent unattended messages were developed. They included tallying unattended messages on a weekly basis, hiring a designated person to respond to this audit, notifying department administrators of unanswered messages, and training providers and clinic managers on safe messaging practices. In addition, two new provider messaging functions were implemented: an ‘out-of-office’ function that allows healthcare providers to inform patients and colleagues of absences, and an ‘email alert’ function that delivers email notifications to providers when they have an incoming message. The latter function was designed for part-time clinicians who might not regularly access the EHR. Answering messages in the EHR is a required clinical responsibility at Vanderbilt; both individual healthcare providers and clinical administrators are notified when responses are significantly delayed.
Electronic health record data
Access to EHR data through a patient portal creates concerns about privacy for patients and fears of misunderstanding from healthcare providers. However, MHAV policies address these issues through limitations on the types and timing of available test results. Only full access users are allowed to view information from their EHR. All test results are organized into three groups according to acuity, sensitivity, and need for healthcare provider interpretation. Group A contains approximately 300 blood test results that have high value for immediate user viewing with a low risk of untoward reaction to the information (eg, cholesterol levels). Group A test results are displayed in MHAV as soon as they become available. Group B includes approximately 6700 test results that with standard radiographic reports, are available through MHAV after a 7-day delay, which allows providers to review these results and contact the patient directly. Group C contains highly sensitive results that are never released through MHAV (eg, HIV test results and cancer pathology reports).
The accessibility of certain test results differs between pediatric and adult user accounts as the sensitivity of information may be age dependent (eg, pregnancy test results). MHAV users may also view vital signs, immunization information, and medication and allergy lists.
Personalized health information
A personalized patient portal experience is likely to promote adoption and encourage active participation in one's health management. After logging into MHAV, full access users are presented with information specific to their health conditions and demographic profile. This information is derived from the International Classification of Diseases, 9th Revision, Clinical Modification (ICD-9-CM) diagnostic and the free-text problems section of the EHR,35
which (unlike the ICD-9-CM codes used for billing) is actively maintained by VUMC providers.25
Codes derived from the patient's problem list, combined with the ICD-9-CM codes are automatically matched via computer algorithms to the ICD-9-CM codes assigned by VUMC library staff to each disease topic. When a match is made, the appropriate disease topic is displayed in the portal, allowing patients to see links to information directly relevant to their care.25
Preventive health topics are also linked by patient-specific demographic characteristics and US Preventive Services Task Force recommendations.36
For example, a 65-year old, female MHAV user will receive information on screening for breast cancer, osteoporosis, and colorectal cancer.25
All MHAV users may use the messaging function to schedule an appointment with an established VUMC provider. Full access users may also view upcoming appointments and request appointments with a new provider by completing an online form.
Full access users may also view and pay their VUMC medical bills, access patient insurance information, and submit billing questions through a standardized form.