a Kansas City, Mo.-based health IT provider whose Tennessee Medicaid management system became a model for the Texas Health Passport.
Cody said the biggest challenges Superior faced were data interface management and handling transactions between the passport and the 12 medical data sources. Superior's data warehouse and experience with similar problems were key to building the system. "It took a lot of design sessions," Cody said, "but we're lucky we were able to leverage a lot of processes and exchange methods we already had in place."
The display for each passport begins on a demographics page that displays basic personal data, such as name and date of birth. Crucial for foster children, it also includes listings for medical contacts, such as physicians, guardians, caseworkers and medical consenters. "This is one way we can clearly document who is involved with these children's lives across the board," Cody said. "It's really a good way to be sure those behavioral health and physical health providers know their counterparts. That's one piece that's unique."
A foster child may also have state-required assessment forms in areas such as behavior and dental health. Each child's Health Passport includes a screen listing the assessment forms, which give detailed information doctors can't glean from other areas of the system. Medicaid claims, immunization records, prescriptions filled, office visits, lab results and vital signs - such as height, weight and blood pressure - are all additional passport modules.
Passport Security Addressed
Controlling access to the passports was another major undertaking, Cody said. Superior recognized that as children move from one home and set of guardians and doctors to another, it becomes difficult to secure front-end access.
Front-end system security is handled by a login process with a unique PIN. The DFPS gives each authorized individual a unique identifier, and larger providers are allotted a certain number of staff members who can access the Health Passport.
Another step in the security-building process was to assign various access levels to 19 distinct user roles, to keep, for example, foster parents from changing data on a child's office visit history. Each time users log into the system, Cody said, their identity is checked against Superior's daily updated list of people who have access to the system. All that is just to log on to Superior's secure, private site - users must supply another login and password to reach the passport itself.
Cody said the security measures comply with the Health Insurance Portability and Accountability Act, which requires discretion when handling patient health records - whether physical or electronic. Normally an individual must sign off on every release of their medical information, but Cody said because the DFPS is legally responsible for all Texas foster children, the department is responsible for access to the Health Passport.
In addition, Superior and the HHSC track usage and flag unusual activity. "I have staff fully dedicated to auditing and doing security measures, and we send the HHSC weekly and daily reports on usage," Cody said. Superior has guidelines for normal activity on the system and checks the actual usage against them. "Our criteria set for that is actually pretty low, so we haven't had any breaches that turned out to be real," Cody said.
The Health Passport came online stocked with two years of insurance claims and medical data for more than 30,000 foster children. Officials said problems have been minor and were to be expected. "We've had a really successful implementation," said Marisa Luera, project manager of the HHSC. "Providers, in particular, are pleased with it because before, when children moved, we really didn't have any medical history. The Health Passport does that with two years of claims data to start with."