Electronic Medical Records, the Story So Far 136
StupidPeopleTrick writes "After the executive order signed in 2006, states are making strides with privacy breach notification but are struggling with enacting privacy laws and finding funding.
With looming deadlines to move to e-records and e-prescribing, where will the money and the privacy standards come from?"
With looming deadlines to move to e-records and e-prescribing, where will the money and the privacy standards come from?"
Microsoft has done some good work on this so far (Score:4, Interesting)
Their Health Services are actually very well done conceptually, and they've managed to put the patient in the loop. That's impressive given the degree to which patients are usually out of the loop on their own files. They're also a lot more security-conscious than your average hospital.
My father called the hospital the other day and gave them his name, and they asked "Is your social security number XXX-XX-XXXX?"
(Most medical records today aren't things that patients get--MS is taking the position that patients should be able to see their own records, and even correct their own medical records. (But with digital signatures to keep track of who is updating the record.))
Microsoft still have some work to do, but they've put a lot of good talent into the area.
One thing about electronic records in general--patient accessible ones--is that it should make a difference in accountability. Normally, at many hospitals in the US, if a doctor makes a significant mistake the records disappear. If patients have direct access to their own records, that will become a less common practice.
What privacy? (Score:5, Interesting)
I will tell you about the UK experience of computerised medical records.
The government wants everyone's medical records on a database, searchable by who knows who for whatever fishing expedition they want (including giving this private data to drug companies and the EU), no justification of their actions is required. The records are not secure, we already know that because the government lost 26 million taxpayers records in one go, and that's supposed to be a secure system.
So far the scheme has burnt through £16bn (about $24bn), it still mostly does not work, is years behind schedule, and is expected to burn through another £8bn.
If like me you object to your medical records being computerised and being available to any member of the state for their fishing expeditions, your doctor will tell you to get lost.
Like it or not, the state will do whatever it takes, and will not care what laws are already in place (like data protection laws) to stop such schemes.
Electronic Prescriptions (Score:4, Interesting)
In the 1980s, a Scientific American article by David Chaum, and an article from Germany on electronic prescriptions (sorry, no links, it predated the web), educate me about the possibility of electronically secured prescriptions.
Basically, by creative use of encryption, it is possible to create an electronic prescription that
(1) lets the pharmacy know that the prescription is authorized, and how it is paid for without revealing the name of the patient or the doctor. (2) similarly allow the insurer, the patient, the doctor and government, access to information they are authorized to have without disclosing anything more.
The same can be applied in all areas involving privacy and access to electronic records. Encryption can be used to actively limit access to authorized purposes without depending on the lack of human error.
Isn't is about time that we started using technology in these creative ways to achieve privacy levels as high as technology allows? How about an open source effort to publish papers and algorithmic examples showing how this can be done in an attempt to influence policy?
Re:What privacy? (Score:5, Interesting)
(not to mention that the broker will "candidly" suggest not to review them before passing them on to insurer... and checks the option box for you)
Re:Electronic Prescriptions (Score:5, Interesting)
The problems aren't technical so its helpful to follow the money.
Consider how the payment of an average prescription for a cheap antibiotic in the US. The customer will give the pharmacist the prescription and their "pharmacy card" which will often have a $25 co-pay and they think they are getting a great deal. The pharmacy sends the detail to the medical buying club who may reject it or send back 3 numbers. The 1st number is how much the customer is to pay, the second will be the price to put on the invoice and the 3rd number is how much money gets transfered from the pharmacy to the insurance company or the other way around. The result is the $4 bottle of pills cost the patient $25 yet the price on the invoice says $43 so they think they are getting a good deal and the pharmacy has to send $22 of the money collected back to the insurance company. If you want a good deal, check the prices online and let your pharmacist know you will be paying cash..
Re:VistA - VA Open Source (Score:3, Interesting)
So, they switched to VistA about 10 years or so ago, and look what Microsoft did.
Re:Microsoft has done some good work on this so fa (Score:5, Interesting)
Um, yeah. Social Security numbers are not universal ID numbers. They should be used solely for, get this, Social Security.
Unfortunately, the medical industry uses SS# on just about everything. In most facilities, they even try to use it as the Medical Record Number! Try to get appropriate care without giving them your SS# and see what happens (I have tried... good luck). And now just about every industry has some excuse as to why they *have* to have access to your SS#. Credit of any kind. Drivers license. Movie rental. Home insurance. You name it.
Anyway, SS#'s are the #1 way that information about you is tracked, "shared", associated, identified, etc. It is a huge security and privacy problem. There is a reason that when the Social Security Number was invented, it included laws about it was *NOT* to be used for any other purpose but Social Security. You can see just how effective those laws were.
Re:Scary how people don't care (Score:5, Interesting)
There is privacy and then there is limiting the distribution of data. While HIPAA in many ways is a step ahead, the 'loopholes' that give insurance companies, the police, the various bits and pieces of government widespread non negotiable and often non accountable access to pretty darn near everybody has lots of people very concerned. Until and unless Congress really gets clean on 1) ensuring that medical data, including genetic information, is used only by medical personnel for medical reasons and 2) entirely changing the way that health care is paid for in the US this won't happen.
The strong desire of this society to punish suspected bad people - in this context anyone with an identifiable medical condition that has anything to do with patient lifestyle choices - is going to trump privacy and choice every time. As a physician, it's a very troubling issue. On one hand, I'm sick and tired of the disaster that is the individual paper chart. On the other hand, if you think the problem is bad now, just wait until we've fixed it.
I'm going back to bed.
With added power comes the risk of abuse (Score:3, Interesting)
I'm a psychologist and work for a large clinic (93 clinicians, 25 support staff, five clinic locations and a lot of "out in the field" services). My specialty is nursing home services; there are about 15 of us in the nursing home division and we work in about 150 nursing homes. Often a client is referred to me and it turns out they were seen by a colleague in another nursing home. If we had an EMR that I could query remotely, I could find that out and streamline the delivery of services and provide better care. This would be the "added power" part of the discussion and the rosy picture that EMRs present
The flip side is that computer security is not reliable. Any system connected to the outside world can be hacked remotely one way or another. We have thousands of clients with a lot of sensitive data sitting in our files, currently in locked cabinets behind two locked doors with limited access to maximize security as much as we can. The risk of data exposure is minimal and happens as a result of sloppiness by practitioners (e.g. leaving a file sitting on a desk unwatched). With an EMR, however, the risk of exposure is potentially much higher (e.g., downloading *all* the files instead of swiping or reading just one).
We have made no provisions for using an EMR in our clinic. We have a computerized billing system which contains insurance information and diagnostic codes- only the information required to send out a bill- but none of our clinical records are in an EMR. AFAIK we are not required to do so.
Re:VistA - VA Open Source (Score:5, Interesting)
1.) who cares what it's written in as long as it's available for popular platforms. and MUMPS is still commonly used in the healthcare industry because it was specifically developed for managing medical databases. it's highly scalable, low maintenance, and much faster than conventional (relational) databases.
2.) why should a system meant to share medical records across a national medical network generate bills?
adding non-essential functionality to a medical database and forcing all hospitals to change their billing system would drive up costs and make the system unnecessarily complex. each hospital should be able to choose their own billing system. it's better to have a handful of systems that each perform a single role really well rather than have a single system that tries to serve 20 purposes and does it in a mediocre fashion.
Re:VistA - VA Open Source (Score:2, Interesting)
It shouldn't. The problem is, the fact that the program is open source doesn't help the other 99.9% of US hospitals that need to generate bills to stay alive. Unless the Feds (i.e. taxpayers) pay for the new system, the hospital needs a way to finance the purchase. Integration of the EMR with the billing system is often the only way for most hospitals to justify the expense. (You'll capture every procedure, even if they didn't fill out a charge slip. You can also fire all the people who collect the charge slips and key them into the current billing system...")
It would cost more to add a billing component to the VA code than it would to build a whole new system from scratch. The tragedy is that there is no viable open source system available. This is a classic example of something that should be open source, so that charity hospitals around the world can ultimately use it. It would also vastly simplify the task of integrating the EMRs of different hospitals, since in that scenario many would be using the same core system. Unfortunately, there is no "Open Office" for EMRs right now. We are in the early "AOL, Compuserve, Prodigy" era in EMR software. I'm worried we are going to go through a "Microsoft" phase before we get to a viable open source alternative. An open source VA system might have allowed us to skip the "Microsoft" stage, but the lack of an integrated billing system is a fatal flaw for the rest of us.