DHSS Home State Home Ask Us Disclaimer   
DHSS logo
     
dot Home  
dot Laws, Regulations & Manuals  
  19 CSR 10-33.040 (.pdf)  
dot Contact Us  
     
     
     
     
     
     
     
     
     
     
     
     
     
     
     
 
 
 
  

Hospital Electronic Syndromic Surveillance

Frequently Asked Questions

Introduction

Are all hospitals required to submit electronic emergency department data to DHSS?
What will the reporting schedule be based upon?
What is the purpose of this system and how is it different from HASS?
What data are collected by the HESS system and why are they used for public health surveillance?
Is this system expected to replace a physician picking up rare cases such as anthrax or the initial outbreak Pandemic Influenza?
What type of feedback and information will hospitals receive?
How frequently must data be submitted to DHSS?
Are files to be submitted on weekends?
What data are required for reporting?
How will the data be secured and transmitted?
What are my requirements for reporting under HIPAA?

More Frequently Asked Questions

Introduction
The Missouri Department of Health and Senior Services received some of the following questions during meetings and discussions with hospitals concerning the Hospital Electronic Syndromic Surveillance (HESS) system during its development. We have created this FAQ to help address some of the questions and concerns that arose concerning this system.  If you have any other specific questions, please feel free to contact us at ESSENCE@dhss.mo.gov.

Are all hospitals required to submit electronic emergency department data to DHSS?
No. Hospitals that meet the following criteria are exempted from the rule:

  • a hospital licensed as a psychiatric or rehabilitative hospital
  • a hospital without an Emergency Room 
  • hospitals in a rural area as defined in section 191.500, RSMo
  • hospitals designated by the Health Resources Services Administration as a small rural hospital will be exempted from the rule.

However, following the completion of implementation of plans submitted to and approved by the department pursuant to section (4) of the rule, the department may review the need to expand this definition to include hospitals in rural areas.

What will the reporting schedule be based upon?
Hospitals will be phased in over several years based upon location, annual number of ER patients, electronic reporting capacity, specialty, and special circumstances (i.e. installation of a new system coinciding with the proposed begin date).  DHSS plans on having all required hospitals submitting by the end of 2007.

What is the purpose of this system and how is it different from HASS?
HESS and HASS both represent syndromic surveillance systems designed to provide an early warning system of public health emergencies resulting from bioterroristic events, endemic biological outbreaks and chemical exposures using epidemiologic principles and statistical analysis.  However, HESS is different from HASS in two main ways; HESS collects data electronically from existing electronic reporting systems and is mandated by law for required hospitals whereas HASS is data is submitted manually (online or fax) by volunteering and solicited hospitals and schools.

What data are collected by the HESS system and why are they used for public health surveillance?
Current public health thought indicates syndromic surveillance analysis of chief complaints can be useful tool in the detection of an outbreak, at least in as much to heighten the awareness of public health officials and possibly warrant a further public health investigation (see CDC reports on syndromic surveillance). As a means of achieving this goal, incoming HESS data is segregated into seven surveillance-related syndromes based on the chief complaints of the individual in the ER.  This data is analyzed and monitored daily by DHSS using analysis software developed by Johns Hopkins University (ESSENCE) for aberrations in reported syndromic frequencies. 

Is this system expected to replace a physician picking up rare cases such as anthrax or the initial outbreak Pandemic Influenza?
The goals of this system are not designed or expected to replace a physician’s judgment or their direct interactions with public health agencies in reporting cases of special interest or an abnormal level of cases of related etiology. Instead, this system is designed to enhance the public health response capability by providing an earlier warning of potential events that threaten the wellbeing of the people of the State of Missouri by monitoring electronically recorded data.

What type of feedback and information will hospitals receive?
Hospitals will not receive any formal feedback from DHSS concerning the data they have submitted.  Hospitals will be granted access to ESSENCE where the will be able monitor their hospital’s data inputs and flagged syndromic levels.  Essence also has a graphing feature that will allow users to generate graphed results from the selected data at the request of the user.  Local public health agencies will also have access to these data via ESSENCE access.  

How frequently must data be submitted to DHSS?
All data should be transmitted at least once per day for the previous day’s acute care encounters.

Are files to be submitted on weekends?
Yes. DHSS will use automated processes to parse and analyze the data received daily, including weekends.

What data are required for reporting?
There are two message structures defined in the reporting rule for HESS, HL7 version 2.3.1 and a flat (ASCII) file. These structures are defined in Exhibits A & B of the rule.

Exhibit A defines the HL7 format and required data are identified by the letter “R” in the fourth column (OPT) of each segment definition.

Exhibit B defines the flat (ASCII) file structure and a letter “R” contained in the fourth column labeled “Required” identifies required data.

How will the data be secured and transmitted?
DHSS will negotiate with hospitals based upon their current capacity to secure and transmit messages or data files. At a minimum messages and files will be encrypted according to industry standards and federal guidelines such as public/private key encryption. Transmissions will occur over the Internet or DHSS intranet using TCP/IP and will be encrypted using one or more of the following:

  • Virtual Private Network (VPN)
  • Secure File Transport Protocol (SFTP)
  • Security Shell (SSH)
  • Secure Socket Layer (SSL)

What are my requirements for reporting under HIPAA?
Privacy Rule permits covered entities to disclose Protected Health Information (PHI) without individual authorization in the following situations (164.512):

  • Use and disclosures
    • Required by law
  • Uses and disclosures for public health activities:
    • Prevent or control disease, injury of disability
    • Report vital events (birth, death, etc)
    • Conduct of public health surveillance
    • Determine public health interventions
    • Report child abuse or neglect

Hospitals are still responsible for tracking disclosures to public health agencies in accordance with the reporting agency’s policies and procedures.

If you have any further concerns about HESS data submission or the analysis of HESS data by ESSENCE software, please contact DHSS at ESSENCE@dhss.mo.gov.