Slashdot Log In
Electronic Medical Records, the Story So Far
Posted by
kdawson
on Sun Jan 18, 2009 05:24 AM
from the work-in-progress dept.
from the work-in-progress dept.
StupidPeopleTrick writes "After the executive order signed in 2006, states are making strides with privacy breach notification but are struggling with enacting privacy laws and finding funding.
With looming deadlines to move to e-records and e-prescribing, where will the money and the privacy standards come from?"
With looming deadlines to move to e-records and e-prescribing, where will the money and the privacy standards come from?"
Related Stories
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
VistA - VA Open Source (Score:5, Informative)
The VA hospitals and clinics have an open source package called VistA (Veterans Health Information Systems and Technology Architecture). Veterans can walk into any facility and have their medical records available.
And we already paid for it!
http://www.va.gov/VISTA_MONOGRAPH/ [va.gov]
Re: (Score:3, Funny)
Unfortunate name :p
Re: (Score:2, Insightful)
There also is(was?) a window manufacturer called vista. They used to be the top result in google, but I have trouble finding there site now...
Re: (Score:3, Funny)
Behold the power of the minus operator! [google.com]
Re: (Score:3, Interesting)
So, they switched to VistA about 10 years or so ago, and look what Microsoft did.
Re: (Score:2)
It is not that simple.
Once you get the medical records electronic at the hospital, you have to make them available to the private practice doctors as well. and Those Doctors have to get the software to make their records electronic, but also have it work with all the hospitals that they work with.
Re: (Score:2)
Unfortunately, from what I can tell, VistA is horribly written, is huge, and in an ancient/obscure language (MUMPS). It also appears to be difficult to implement under only open-source tools and even *requires* the use of proprietary MS-Windows for all the desktop front ends (unless you really think WINE is a solution). Plus, it is only acute-care oriented yet seems to have no centralized patient record.
EMR is a good goal, but only as it helps a facility reduce paper, prevent mistakes, and provide faster
Re:VistA - VA Open Source (Score:5, Interesting)
1.) who cares what it's written in as long as it's available for popular platforms. and MUMPS is still commonly used in the healthcare industry because it was specifically developed for managing medical databases. it's highly scalable, low maintenance, and much faster than conventional (relational) databases.
2.) why should a system meant to share medical records across a national medical network generate bills?
adding non-essential functionality to a medical database and forcing all hospitals to change their billing system would drive up costs and make the system unnecessarily complex. each hospital should be able to choose their own billing system. it's better to have a handful of systems that each perform a single role really well rather than have a single system that tries to serve 20 purposes and does it in a mediocre fashion.
Parent
Re: (Score:2, Interesting)
It shouldn't. The problem is, the fact that the program is open source doesn't help the other 99.9% of US hospitals that need to generate bills to stay alive. Unless the Feds (i.e. taxpayers) pay for the new system, the hospital needs a way to finance the purchase. Integration of the EMR with the billing system is often the only way for most hospitals to justify the expense. (You'll capture every procedu
Re: (Score:3, Informative)
Scary how people don't care (Score:2, Insightful)
I wonder why?
Re: (Score:2, Insightful)
Re: (Score:2)
May i see the medical records of soon ex-President Bush?
I bet that when they are in the public, "They" will care about Joe-The-Plumber privacy!
Re: (Score:2)
I seem to missing your point. As far as I know, privacy will still exist. I know of no proposal to make medical records wide open.
I happen to work as a sysadmin for a company that works with medical records. Just last Friday I had to attend a 90 minute training session about FOIA and HIPAA and other matters relating electronic filing of medical records. I was left with the impression that they are actually increasing privacy.
Re:Scary how people don't care (Score:5, Interesting)
There is privacy and then there is limiting the distribution of data. While HIPAA in many ways is a step ahead, the 'loopholes' that give insurance companies, the police, the various bits and pieces of government widespread non negotiable and often non accountable access to pretty darn near everybody has lots of people very concerned. Until and unless Congress really gets clean on 1) ensuring that medical data, including genetic information, is used only by medical personnel for medical reasons and 2) entirely changing the way that health care is paid for in the US this won't happen.
The strong desire of this society to punish suspected bad people - in this context anyone with an identifiable medical condition that has anything to do with patient lifestyle choices - is going to trump privacy and choice every time. As a physician, it's a very troubling issue. On one hand, I'm sick and tired of the disaster that is the individual paper chart. On the other hand, if you think the problem is bad now, just wait until we've fixed it.
I'm going back to bed.
Parent
Re: (Score:2)
because they're not stupid.
if i ever get injured while out of town, i want the hospital that i'm admitted to to have my medical records immediately. they need to know my medical history, my allergies, and what medication(s) i take. medical records are something that most people recognize the need to share with their physicians.
this isn't the sanctioning of warrantless wiretapping, a national ID card system, the monitoring of travel activity, or the handing over of library records to law enforcement. the pro
The "Story" So Far (Score:2)
I find it rather amusing that "Electronic Medical Records, the Story So Far" is a complete non-story.
Microsoft has done some good work on this so far (Score:4, Interesting)
Their Health Services are actually very well done conceptually, and they've managed to put the patient in the loop. That's impressive given the degree to which patients are usually out of the loop on their own files. They're also a lot more security-conscious than your average hospital.
My father called the hospital the other day and gave them his name, and they asked "Is your social security number XXX-XX-XXXX?"
(Most medical records today aren't things that patients get--MS is taking the position that patients should be able to see their own records, and even correct their own medical records. (But with digital signatures to keep track of who is updating the record.))
Microsoft still have some work to do, but they've put a lot of good talent into the area.
One thing about electronic records in general--patient accessible ones--is that it should make a difference in accountability. Normally, at many hospitals in the US, if a doctor makes a significant mistake the records disappear. If patients have direct access to their own records, that will become a less common practice.
Re:Microsoft has done some good work on this so fa (Score:5, Insightful)
My father called the hospital the other day and gave them his name, and they asked "Is your social security number XXX-XX-XXXX?"
Ummm anyone else see a problem with this?
Parent
Re:Microsoft has done some good work on this so fa (Score:5, Interesting)
Um, yeah. Social Security numbers are not universal ID numbers. They should be used solely for, get this, Social Security.
Unfortunately, the medical industry uses SS# on just about everything. In most facilities, they even try to use it as the Medical Record Number! Try to get appropriate care without giving them your SS# and see what happens (I have tried... good luck). And now just about every industry has some excuse as to why they *have* to have access to your SS#. Credit of any kind. Drivers license. Movie rental. Home insurance. You name it.
Anyway, SS#'s are the #1 way that information about you is tracked, "shared", associated, identified, etc. It is a huge security and privacy problem. There is a reason that when the Social Security Number was invented, it included laws about it was *NOT* to be used for any other purpose but Social Security. You can see just how effective those laws were.
Parent
Re: (Score:2)
Ooops, they shouldn't ask that.
Social Security (Or national insurance number in the UK) is a privileged piece of info. It's a great loophole to acquire someone's number given you know their name and address (phone up hospital, give the name and address, and voila, they give you back the person's Social Security number).
If you ask for name and date of birth, you can confirm with address. In other words, you're asking for more privileged information than you give back, the combination of all three is suffic
Re: (Score:2)
If the medical records disappear under the supervision of the stated hospital, then it's the hospital responsibility.
I don't think that the hospitals will want that liability!
An audit trail is what counts (Score:2, Insightful)
My father called the hospital the other day and gave them his name, and they asked "Is your social security number XXX-XX-XXXX?"
You mean that if you call that hospital and pretend to be person X (known to have have been in there sometime), the hospital will happily give you the SSN that's recorded for person X ? Over the phone, with no further checks or guarantee(s) on the identity of the caller?
Not that SSN's are well protected anyway, but if the above is true you should definitely take it up with higher management of that hospital (to adjust procedures / staff education etc. hospital-wide), because that's a serious privacy leak.
Re: (Score:2)
>From what I've seen myself, and heard from family members etc. that appears to be the default - to keep patient, and medical data on that patient, in separate places. But why ??? Can anyone from the medical profession enlighten us what's wrong with patients studying their own X-rays, reviewing lists of drugs to be used in the course of a (planned) operation, or re-reading a diagnosis?
The patient has the absolute RIGHT to see anything they want in the record. But the provider also has an OBLIGATION to e
Re:Microsoft has done some good work on this so fa (Score:4, Informative)
(Most medical records today aren't things that patients get--MS is taking the position that patients should be able to see their own records, and even correct their own medical records. (But with digital signatures to keep track of who is updating the record.))
IANAD (but I will be one in 5 months or so). If that is Microsoft's position, that is the stupidest fucking thing I have ever heard. Worse than Clippy. Worse than Bob. Look, a patient's medical record is supposed to be an OBJECTIVE documentation of a patient's health status and treatment. How, exactly, is a patient qualified to make an objective assessment of their medical problems, diagnostic workups and treatment regimens?
One thing about electronic records in general--patient accessible ones--is that it should make a difference in accountability. Normally, at many hospitals in the US, if a doctor makes a significant mistake the records disappear. If patients have direct access to their own records, that will become a less common practice.
Well, that's just complete BS. I don't know where you get your information, but altering a patient's medical record is illegal and, at the very least, will result in a physician's suspension of privileges from a hospital... and most likely, a revocation of their medical license.
Btw, your patient record is completely accessible. You just have to make a request to the medical records office. No, it's not available on the web, but it's not as if your MR is a secret like your FBI file.
Parent
Re: (Score:3, Insightful)
I AM A DOCTOR. 11 years medical informatics. 16 in medicine in general, 6 years medical devices.
And you need an attitude check, if for no other reason than your experience is insufficient to the matter at hand.
(1) The patient record IS owned by the patient (and the hospital/provider)
(2) All 50 states mandate access to the record by the patient
(3)Hospital records are routinely lost and routinely we do not enter crucial data because of liability reasons. A fact-on-the-ground, if you will. Never mind it is
Re: (Score:3, Insightful)
"Look, a patient's medical record is supposed to be an OBJECTIVE documentation of a patient's health status and treatment."
You are kidding, right?!? It's a record. Generally a crappy one. That has lots of errors in the best case. Hell, some things aren't even written down any longer for legal reasons.
"How, exactly, is a patient qualified to make an objective assessment of their medical problems, diagnostic workups and treatment regimens?"
Some of us know more than most doctors about their specific issues
Here in The Netherlands... (Score:5, Insightful)
Every citizen to which it applied got a letter in their home, from the government, asking if they wanted to object. For this they had to reply using the included form and a copy of their ID.
Until now, approximately 500.000 objections have been sent in.
Just last week, the government proposed hard actions against those who violate the "EPD", such as high penalties. Insurance companies are not allowed access to the EPD and doing so would give the patient an immediate right to go to a different insurance company.
Let's be frank - these 500.000 people understand the one and only true thing about EPD : once information is out in the open, you never going to get it back in.
Just a while ago I got my own medical file from my physician - I am in my 30s - which contained 6 pages of text...
That's not a huge load of information, and makes it very easy to copy. Once out, anyone knows my complete medical record from my birth onwards. A penalty against misuse would thus not work, it would simply be used to blame any messengers that stand up and find flaws in the security.
One such flaw was already found last year: most hospitals (yes - publicly accessible hospitals) don't password protect their terminals.
Argument ? In an emergency, they do not want to put up the physician with all those tough things like entering passwords.
I respect the ideas of your new president, but I think he should definitely think again when implementing this - information wants to be free.
Solutions ? Maybe give only the patient the private key to unlock the medical database. It was an argument here, but was quickly thrown away on grounds of "much too difficult" and "what in an emergency" etc. Until that solution is seriously looked upon, or at least until the security of it all is completely looked after, my vote against this would be a big fat "no way".
Insurers EXCITED about EMR's potential to.. (Score:3, Insightful)
Basically, EMRs are very dangerous in countries that don't have free universal healthcare, like ours, because they promise to make it far easier for insurance companies to identify medical risks (their euphamism for sick patients) so they can be avoided or dumped.
Obama pledged to lower costs a tiny amount for normal families. Obama has a huge amount of support from the insurance industry on this because they have been pushng EMRs for years as a a way to eliminate the assymetric information held by patients
Re: (Score:2)
What privacy? (Score:5, Interesting)
I will tell you about the UK experience of computerised medical records.
The government wants everyone's medical records on a database, searchable by who knows who for whatever fishing expedition they want (including giving this private data to drug companies and the EU), no justification of their actions is required. The records are not secure, we already know that because the government lost 26 million taxpayers records in one go, and that's supposed to be a secure system.
So far the scheme has burnt through £16bn (about $24bn), it still mostly does not work, is years behind schedule, and is expected to burn through another £8bn.
If like me you object to your medical records being computerised and being available to any member of the state for their fishing expeditions, your doctor will tell you to get lost.
Like it or not, the state will do whatever it takes, and will not care what laws are already in place (like data protection laws) to stop such schemes.
Re:What privacy? (Score:5, Interesting)
(not to mention that the broker will "candidly" suggest not to review them before passing them on to insurer... and checks the option box for you)
Parent
Re:What privacy? (Score:4, Informative)
>If like me you object to your medical records being computerised and being available to any member of the state for their fishing expeditions, your doctor will tell you to get lost.
You have not told anyone about "the UK experience of computerised medical records", you've informed them of your own (appaling) experience. Make a formal complaint about your doctor and then change him for one who will respect your right to medical confidentiality (something which electronic records rides a coach and horses through).
I simply gave my doctor a letter, informing him of my wish to opt out, and he accepted it. There's a form letter on www.nhsconfidentiality.org which I will paste here in it's entirety:
Dear Doctor,
Exercising right to opt out
As you are probably aware, the Government is intending to ask you to transfer
the electronic medical records of your patients onto a national database called
the "spine". They intend you to do this without first seeking the consent of
your patients. It is BMA policy that patients should give their individual
consent prior to their information being transferred on to the national
database.
There are substantial concerns about the privacy and confidentiality of
information transferred onto the national database, not least because promised
software security safeguards called "sealed envelopes" will not be in place
and because the patient's instructions with regard to who may access the
records can be overridden. I do not believe that such a large database, with so
many staff users, can be regarded as secure.
I would be grateful if you would ensure that none of my records held by you are
entered onto the national system. Would you please also file or scan a copy of
this letter in my records and also record my dissent by entering the "Read
code" - '93C3. --- Refused consent for upload to national shared electronic
record.' into my computer record. I am aware of the implications of this
request and will notify you should I change my mind.
This request is itself confidential. Please do not divulge my decision, in an
identifiable manner, to anyone other than to clinicians who are providing care
to me and who might otherwise place information about me on the national care
records service.
Further information for GPs is available online at www.TheBigOptOut.org/for_GPs
Yours sincerely,
Parent
Electronic Prescriptions (Score:4, Interesting)
In the 1980s, a Scientific American article by David Chaum, and an article from Germany on electronic prescriptions (sorry, no links, it predated the web), educate me about the possibility of electronically secured prescriptions.
Basically, by creative use of encryption, it is possible to create an electronic prescription that
(1) lets the pharmacy know that the prescription is authorized, and how it is paid for without revealing the name of the patient or the doctor. (2) similarly allow the insurer, the patient, the doctor and government, access to information they are authorized to have without disclosing anything more.
The same can be applied in all areas involving privacy and access to electronic records. Encryption can be used to actively limit access to authorized purposes without depending on the lack of human error.
Isn't is about time that we started using technology in these creative ways to achieve privacy levels as high as technology allows? How about an open source effort to publish papers and algorithmic examples showing how this can be done in an attempt to influence policy?
Re:Electronic Prescriptions (Score:5, Interesting)
The problems aren't technical so its helpful to follow the money.
Consider how the payment of an average prescription for a cheap antibiotic in the US. The customer will give the pharmacist the prescription and their "pharmacy card" which will often have a $25 co-pay and they think they are getting a great deal. The pharmacy sends the detail to the medical buying club who may reject it or send back 3 numbers. The 1st number is how much the customer is to pay, the second will be the price to put on the invoice and the 3rd number is how much money gets transfered from the pharmacy to the insurance company or the other way around. The result is the $4 bottle of pills cost the patient $25 yet the price on the invoice says $43 so they think they are getting a good deal and the pharmacy has to send $22 of the money collected back to the insurance company. If you want a good deal, check the prices online and let your pharmacist know you will be paying cash..
Parent
You are getting ripped off (Score:2)
In those cases the pharmacist just says "You are better off skipping the card this time."
Pocketing over-payments and kick-backs like you describe are probably illegal in most jurisdictions.
Re: (Score:2)
Crypto guys have known how to create secure, customer-verifiable, anonymized transactions for decades.
I wish that I understood where the cypherpunks went wrong.
Re: (Score:2)
The issue with e-prescribing in the United States is that, although NCPDP SCRIPT (the standard) is more or less free, there's a horrible system where providers have to pay per transaction to send prescriptions to pharmacies through a cartel of companies. For examples, check out surescripts [surescripts.com] or rxhub [rxhub.net], who run the "Pharmacy Health Information Exchange."
Like everything else in the past eight years, a monopoly on something has been sold out to one or more companies, then codified into law. Several states have se
A video from 1961 (Score:2)
The video I have linked in the post below will give you an idea of how quickly we'll solve this problem...
http://osrin.net/2008/12/the-rapid-deployment-of-electronic-health-records/ [osrin.net]
Executive Orders and unconstitutional (Score:2)
I can not lay my hand on the part of the Constitution that grants such a power to the Executive. And for good reason. The power to make laws was given to the People's and the States' Representatives in Congress, where the law may be debated and the people's support (or non-support) elicited.
The power to make law should never lie with just a single man, especially one who does not listen.
This is untenable (Score:2)
I am talking, of course, of private health-insurance companies.
The obvious cost-effective solution is to get rid of them, and implement an universal, single-payer insurer that would cover absolutely everyone (no opting-out) with exactly the same coverage (no more time wasted to figure out if some procedure is covered or n
Re: (Score:2)
The reason for the requirement of stringent privacy requirements for health-record keeping is solely due to the sheer number of unregulated, unaccountable organizations dealing with them.
I am talking, of course, of private health-insurance companies.
The obvious cost-effective solution is to get rid of them, and implement an universal, single-payer insurer that would cover absolutely everyone (no opting-out) with exactly the same coverage (no more time wasted to figure out if some procedure is covered or not).
Since coverage of everyone will be compulsory, there will be no more need to discriminate for pre-existing conditions, thus removing the need for intrusive record snooping in the first place.
In fact, such a solution is currently in place in **ALL** the industrialized countries, except in the USA.
There shall be no more pussyfooting around the bush with this issue, the bull's apple need to be bitten by the horns right now.
In addition to finally covering everyone, the USA will no longer be a turd-world country and a laughingstock in respect to health-care, and in bonus, all the rotten parasites that fester in and around private health-insurance companies will be forced to find an honourable way of paying the bills.
First off, I just don't understand why people insist that universal health care == single payer. The two are completely separate; you can certainly have the former without requiring the latter.
There are MANY reasons to argue against single payer health care.... and that is beyond the scope of this /. discussion. I do, however, have to object to your dumbing down of the issue. While one of the main goals of HIPAA was to insure privacy of health care with respect to portability of insurance (the H, I, and
Re: (Score:2)
That's because only a compulsory single payer is able to avoid discriminating for pre-existing conditions.
"Dumbing down", as o
EMR Debate. (Score:2)
Well there's an interesting debate [arstechnica.com] on EMR, including some physicians.
With added power comes the risk of abuse (Score:3, Interesting)
I'm a psychologist and work for a large clinic (93 clinicians, 25 support staff, five clinic locations and a lot of "out in the field" services). My specialty is nursing home services; there are about 15 of us in the nursing home division and we work in about 150 nursing homes. Often a client is referred to me and it turns out they were seen by a colleague in another nursing home. If we had an EMR that I could query remotely, I could find that out and streamline the delivery of services and provide better care. This would be the "added power" part of the discussion and the rosy picture that EMRs present
The flip side is that computer security is not reliable. Any system connected to the outside world can be hacked remotely one way or another. We have thousands of clients with a lot of sensitive data sitting in our files, currently in locked cabinets behind two locked doors with limited access to maximize security as much as we can. The risk of data exposure is minimal and happens as a result of sloppiness by practitioners (e.g. leaving a file sitting on a desk unwatched). With an EMR, however, the risk of exposure is potentially much higher (e.g., downloading *all* the files instead of swiping or reading just one).
We have made no provisions for using an EMR in our clinic. We have a computerized billing system which contains insurance information and diagnostic codes- only the information required to send out a bill- but none of our clinical records are in an EMR. AFAIK we are not required to do so.
What is an executive order? (Score:2)
After the executive order signed in 2006,
And from the article...
President Bush issued an executive order that requires certain federal programs (including Medicare) to develop interoperable HIT systems.
What the heck is an executive order, and from what does the president derive this mystical power?
Re:HL7 CDA document follows... (Score:5, Funny)
<?xml version="1.0"?>
<ClinicalDocument xmlns="urn:hl7-org:v3" xmlns:voc="urn:hl7-org:v3/voc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:hl7-org:v3 CDA.ReleaseTwo.CommitteeBallot03.Aug.2004.xsd" templateId="2.16.840.1.113883.3.27.1776">
<title>Consultation notes</title>
<body>Patient is an incorrigible troll. Recommend medevac to an appropriate jurisdiction and performance of lobotomy. Note: This procedure may or may not result in reduced intelligence or motor skills, as levels between this patient and previously lobotomized patients proved comparable.
</ClinicalDocument>
Parent
Re: (Score:2)
Patient is an incorrigible troll. Recommend medevac to an appropriate jurisdiction and performance of lobotomy.
I watched a documentary some time back on the problems associated with the dire shortage of primary care physicians in the US. One of the more interesting conclusions it offered was that patients who see a primary care physician on a regular basis are both healthier (frequent visits encourage healthy lifestyles), and cheaper (preventative measures are invariably cheapier than after-the-fact treatm
Re: (Score:2, Insightful)
If Obama does this, then it's a wonderful cost saving measure that will bring health care to everyone.
If Bush did this, then it's an evil plot by the insurance companies to deny coverage to poor, deserving people.
Re: (Score:2)
I understood Obama's spokespeople to making a big deal about moving to electronic records. Are you telling me that it was actually Bush who made it happen?
Obama's health care plans includes an emphasis on evidence based medicine, preventive medicine, and improved efficiency and safety.
In other words, a pretty much verbatim duplication of the CURRENT requirements of JCAHO - the accreditation body that Medicare uses to certify hospitals as compliant and eligible for Medicare funds.
Change we can believe in, indeed.