Slashdot Mirror
Arguing For Open Electronic Health Records
mynameismonkey writes "openEHR guru Tim Cook, writing in a guest blog at A Scanner Brightly, discusses why Electronic Health Record developers should use open standards. Why are so few doctors using EHR systems? And, as more and more hospital EHR systems come online across the country, what do we have to fear from proprietary databases? It's one thing to find out your social security number was stolen. Now add your mental health and STD results to those records."
Companies selling the systems make a killing from the converting of the old, proprietary database to the new, proprietary database that does not look that much different than the old one.
First rule of holes; When in one, stop digging.
This is Slashdot. An STD would practically be a trophy here.
Frink: Nice try floyd, but you were designed for scrubbing, and scrubbing is what you shall do.
I am an IT director working for a Billing / EMR delivery company. I can tell you it is much easier to work with EMRs vs paper since it can be "coded" by people who work remotely. It also kills less trees and is a significant reduction on costs.
The IT perspecive is even better because any EMR can be "scanned" for key information and automatically "coded".
However, the end user experience is pretty darn rough. The doctors have to decide which one is best, obtain support for the EMR product, and then train themselves and others on it. Of course this is a large up front investment and they may not be happy with it in the end.
I think this is where our company comes in, we are kind of the middle man and work on creating the best environment for the doctor. We train them and field support questions and also work with the EMR companies we use to make their product better. Some EMR companies are more responsive than others, for sure.
All in all, I would expect to see more companies like mine pop up and provide the assistance that Doctors need and want. Lets face it, the Doctors are too busy with their patients to be concerned about their MR system.
Primahealth: How are they secure with open standards? You can't have security without obscurity! THIS IS MADNESS!!!
Stallman: This is GNU/SPARTAAAAA!!!!
doctors keep your health records rather than yourself.
If the consumer could keep their own health records, they could perhaps choose which digital format to have it in, which online service, etcetera. The patient could choose after each visit to have the doctor email the information to his address or to a central repository.
I have every expectation that electronic health records will be abused. And I don't mean simple cases of identity-theft. I mean systemic abuse by organizations which have 'legitimate' access. Call me paranoid. Go ahead and make jokes about my tin-foil hat. But with history as a guide, I believe that such abuses are inevitable.
So, from my point of view, the harder it is to integrate electronic health records from disparate systems, the better. The more proprietary and undocumented these systems are, the less opportunity for abuse. I have no illusion that a lack of common and open standards for these records will prevent ALL abuse. But I do believe they are at least as much of an impediment to abuse as they are to valid uses. And frankly, I don't think there is as much value in interoperability as its proponents make it out to be.
When information is power, privacy is freedom.
A better question is who owns your record?
An unsettling issue is that the doctor or hospital generally considers that THEY own your record. Think about that for a second...detailed records of you and your peccadilloes and someone else thinks they own and have the right to do what they want with your data.
In a world where that little vulnerability were straightened out open standards based ways of working with your personal data would come by default. You should be able to store and deploy your data, under your control, will any medical professional only being allowed to access and add to those records with your permissions. The only way to make that work is for hospital systems to use open standards, no more proprietary systems and no corporate data caches.
OpenEHRs are a sideshow next to that.
1. I don't get the article summary. Are my STD results somehow more vulnerable to theft if they are in a proprietary database format rather than an open one?
2. In my practice, we use an EHR (electronic health record) because I'm an employee of a big enough group that has the resources to purchase one of these expensive, bloated, not very well-maintained systems. (They're still working on making cut and paste work, and the group has to pay a bucket of money every month for ongoing support.) When I was a medical student in Ireland, I marveled how the GP I worked with in West Clare had a simple system he paid something like $300 which did everything he needed it to do, like track progress notes and lists, and keep track of drugs. That amount here covers about 30 seconds of use of our current software. Which is barely interoperable even with itself - if we see a patient from an affiliated private group using the same software, interoperability means they can email us a progress note, and then I can spend my afternoon hand-entering the medications and problems from their chart into my state of the art software's database to make sure grandpa doesn't crump over the holiday from a drug interaction with the cardiologist's new pills.
There isn't much incentive to make this software as easy to use as iTunes - the players seem to make plenty of money already with their proprietary storage formats and circa 1991 interface. There is no viable open source alternative (http://oemr.org/ doesn't look quite ready for prime time) - though I think there's an opportunity here for some enterprising Linux loving propellerheads.
Shall we not computerize the health care industry, then?
We can keep our data very safe if they never input it into computers. After all, there would be no benefit to correspond with the risk, yes?
expandfairuse.org
At the bottom of the
The UK has spent the last 5 years trying to build a common Health Record Database for all NHS patients. Those of you that are aware, the HNS is a public run service that covers the health needs of the entire population, although Private medical Insurance is available if required at extra cost. So far this "Database" has cost the UK Taxpayer £12 billion ($24 US Dollars) and has delivered nothing but chaos, confusion and a lack of investment in frontline databases that are currently in use, meaning that records go missing, data discs with confidential data get lost etc... http://news.bbc.co.uk/1/hi/uk/7158498.stm
The fundamental problem is that politicians think that databases are the answer to everything, being handy for issuing speeding fines, holding criminal records and identity details of everybody in the country, but they haven't quite got round to the concept that the accuracy the data within a database is the most important aspect and it is often the data processing factor that often falls down. They forget the basic fundamental questions like:-
How long does the data take to propagate into the system properly? If I tax my car late on Friday will the computer database not be updated until Monday, meaning that I'm going to be constantly pulled over by the Police and threatened with my transport being impounded for the weekend, even though it is perfectly legal?
What happens if the data is incorrect? Our beloved UK government wants an all encompassing ID card system, which will reference a number of different databases. How can they be absolutely sure that the data is at least 6 sigma (3.4 defects per million records) if not 100% correct (note that the old saying 99.9% doesn't even being to recognise the real accuracy required).
If the data is incorrect who is responsible? If there are many bodies involved, you can guarantee that none of them will agree who is at fault until lawyers get involved, especially if they are civil servants and/or politicians.
Who ensures that the data is secure? We in the UK had ZIP encrypted discs containing details of 25 million people (about 2/5 of the UK population) lost by the HRMC recently. http://news.bbc.co.uk/1/hi/uk_politics/7117291.stm
One the face of it using an open system for designing a database is a good idea in principle, but it is the people that are responsible for these databases that need to know exactly why they are important and why reliance on such databases is a recipe for disaster if proper considerations are not made. Part of the problem is that many of the people choosing these databases probably don't have a first clue in how a database works, that is the problem we face.
I did notice that this week the new Australian Prime Minister Kevin Rudd cancelled a National ID card system that was planed by the Howard Administration. This move appears to come from somebody that appears to understand the complex nature of such a system, its cost and its lack of benefit. There are many ways that can be used to determine somebodies identify (bank cards, passport, birth certificate) and having all of them referenced at the same place isn't the most cost effective solution.
Look up "HL7" (Health Level 7). Unfortunately, in practice, everyone uses a slightly different flavour of HL7, which is a pain in the backside when developing.
don't do it.
Security and theft are not the same as open or not. You can steal my data on closed format, like Word and everybody can see it. You can steal my plaintext gpg files and have no idea what they contain.
Security must be an extra layer. The main difference mostly between open and closed is that closed formats handles mostly with security through obscurity.
Use encryption!
Don't fight for your country, if your country does not fight for you.
It's impossible to store in a structured manner health information because it's so complex and individualized. Think about how to store the following.
1) "My arm hurts right here!" "Show me?" "Here!" "Wait, it's here now" "No no, it's here now"
2) "It itches sometimes" "when?, where?, duration? during aligment of planets!?"
3) "You need to take xyz, twice a day for two weeks. Come back in 3 month, and let's do another check up."
If anyone wants to know how complex it is, try reading the DICOM standard which is just for medical *image* storage and exchange. It's about 3500 pages. The code for medical billing, which the article mentions, is already the size of a dictionary. And all it contains is entries for a simple code and a one or two sentence description.
Realistically, the best approach may be PDF's and full text search. Anything else is just not going to capture the full extent of the medical history.
Personally, I prefer closed standards instead of the open pursued by government under the lie of being "for your benefit" http://news.bbc.co.uk/1/hi/uk/7158498.stm
Or the non-existant opt-out for your confidential medical records being know to millions of bribeable public sector workers... private investigators, crooks etc..
http://www.nhsconfidentiality.org/?page_id=3
Take Nobody's Word For It.
You probably know that big IT projects often fail. But for some reason patient record projects tend to fail more than other projects. Administrative systems for setting appointments work. Automation for lab tests works. But projects for actual patient records keep failing.
I have a friend in the healthcare IT business who claims that they are actively sabotaged. Many more are derailed before they ever get started. Doctors prefer paper records that cannot be efficiently mined for malpractice lawsuits. Paper records that can be conveniently lost.
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
Whether successful or not, the openEHR standard discussed in the article attempts to solve this problem by creating a kind of meta-standard where descriptions of data and documents are used in a flexible way. This manner of organizing storage is extremely open ended. There is a graphic overview covering this that can be downloaded from the "Quick links for ... IT professionals" link on the right side of the main page (PDF HTML. The design is object oriented and general such that it could be applied to other contexts as well, especially repair and upkeep of buildings and equipment. This level of generality bears a significant cost in complexity, yet the standard itself is extremely simple relative to monsters like DICOM and is not constrained to any particular document representation or database.
That some kind of solution other than paper records is needed is obvious to anyone. Most existing systems have limitations, but compared to paper records which take up large volumes of space, are highly vulnerable to loss and theft, and can't be easily indexed almost anything is an improvement.
The main obstacle to adoption pointed out by the article is responsibility. Systems would most likely be put in place by providers who would have the most to loose from the costs and the least to gain from the improvements in service. Others here have pointed out that one possible solution to this is allowing people to manage their own records. This raises some important issues about correctness and trust, but potentially puts the costs and benefits where they are most appropriate.
Another issue that comes up is security of computer records. Any system is vulnerable, but keeping records encrypted is an obvious good first start. Another option that comes to mind is to implement any such system such that all access of records is logged. This would not necessarily prevent abuse, but it could provide information to allow abuse to be investigated, tracked, and eventually stopped at the source.
Up until, well, the last year or so, medical software went like this:
An entire hospital payed over twenty million to one organization. That organization provided an integrated solution for all the hospital's needs. It took five years to get it installed and working, and no part of it worked particularly well. All the staff that might interact with it is also required to attend training sessions for the software. The individual departments have no say in the purchase, and a lot of them refuse to use it.
And there are only a few such organizations, and since they charge so much, hospitals are reluctant to admit defeat and switch to someone else.
Really, it's prime time to start offering subscription-based software to these hospitals, starting with individual departments and working your way up. Of course, if you're holding their essential data, they might not be so happy.
Didn't RTFA, so you take this with a grain of salt...
The system created by the Veteran's Administration is public domain software, though it is called VistA, so it can be a bit confusing now. I work for in a department within a medical school and have thought about testing it out, though IIRC it uses Delphi for the database and was created using an obscure scripting/computing language called M. Still, it's used to link all VA hospitals and clinics, so a veteran can go to a clinic across the country and the doctors there will have access to the patient's medical record. Since it's free and presumably robust (lots of clinics, hospitals and records) it seems like a good starting point for any open standards.
The docs I work with all have training on the VA's software since they each spend time at our local VA. I don't know how well it handles billings stuff, but from what I hear, it handles imaging, prescriptions, and the rest of the record fairly well.
I'm a doctor who joined a small practice a few years ago. The senior partner of the practice created his own EMR system. It's actually quite good and we use it exclusively. Our office isn't paperless, but everything coming into the office is scanned in or phoned into the virtual fax and never printed. We are able to access it from different offices and from the hospitals we go to via a VPN setup, and it significantly improves our efficiency.
Now the senior partner left. He didn't use a standard database format (but fortunately used Microsoft SQL), and we'll probably have to pay a fortune to have it converted to an open format. Fortunately he's being good about not charging the office for a license for his code, so we have time for the transfer.
Help! I'm a slashdot refugee.
The article seems hopelessly confused.
The article seems to suggest that if open standards are used, all of your medical records will be wide open. That does not make any sense at all.
The openness of the standards has nothing to do with the openness of the records.
As for why EMRs haven't spread, there are a couple tidbits:
1. The security is barely on the radar. Any office that can set up an EMR can do so securely. That's part of the setup costs.
2. There was an interesting case I heard about recently (I'm not sure if it happened in 2007): A cardiology office in one of the south-eastern states of the U.S. data-mined their patients to find out which ones would benefit from implantation of a defibrillator. (This is a fairly expensive procedure that is covered by just about all insurance plans if you meet certain criteria. The doctor can charge the insurance carrier a hefty bill and expect to get paid.) The sudden spike in defibrillator implantations lead to an investigation that revealed that it was due to data-mining of an EMR. Now the office is being sued for not data mining to make sure all their patients are on the right doses of various heart medications. This had a chilling effects that prevented a large group near me from going forward with the translation to an EMR.
3. There is a lot of inertia in paper charts. There is also a great fear in the extra time needed for entering data into an EMR. My office has dedicated transcriptionists and individuals to scan in data. That being said, the entire EMR is managed by our IT guy and we save on "runners" moving charts all over the office and hospitals.
Help! I'm a slashdot refugee.
THOSE kind of consultation. Yes, I know and understand, and show all my sympathy.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Available via a FOIA request, excepting some showstopping components, of course.
Technology -- No Place For Wimps! Grateful Dead and Jerry Garcia Chatroom -- http://www.wemissjerry.org
What do you mean by "open format"? Do you mean the database file itself (i.e. MS SQL) or the manner in which the data is stored in the database (i.e. everything has a data-type of VARBINARY or something)? If it's the former, I just can't bring myself to get upset for using Microsoft SQL over one of the open source alternatives; also, why fix something that isn't broken? If it's the latter, then the senior partner is a douche. You say yourself that the system has significantly improved your efficiency, so if the system currently works how does the senior partner leaving force you to pay a fortune to convert it to an open format? Seriously, you have piqued my interest.
EMRs are a great idea, but the medical world is poorly adapted to build them and integrate them. Its dysfunctional system where billing is becoming increasingly critical, while what you get for is divorced from what you actually do. So we wind up with schizophrenic EMRs that can't decide whether they are generating billing tickets, documenting patient care or preventing a lawsuit.
1) They are expensive for a small practice - think that a primary care docs office is rolling in cash? Think again. Most of them are barely scraping by, which is why your doc needs to see 30+ patients a day. Otherwise the rent doesn't get paid and he/she can't make payroll. If a new tool doesn't make the office more efficient, it can't be justified. Sound odd? Next time you visit your doc, ask him who determines how much he/she gets paid. Its not you, its not the market and its not actually the insurance companies. Its the federal government when they set payment guidelines for Medicare/Medicaid which the insurers follow. Free market my ass.
2) They are slower than paper - few docs can type as fast as they can dictate or write. Most of us can take notes on a piece of paper while interviewing a patient - no one I know can talk to a patient and type into a form.
3) Many are designed to maximize billing, not care - we get paid based on how many indicators of complex care we hit. How many "systems" asked about, how many organs examined etc etc - not by our time or skill. So in order to bill we have to document all of these. Some EMRs are designed to force the MDs to check many boxes for billing and audit purposes. Unpleasant and slow.
4) Many are slow and perform poorly - my hospital switched recently from a physician designed an written EMR from the 80s that was text/terminal based and blindingly fast, to a web-based system. The new system is slow, and doesn't really do much that the old system did. The difference was that the first system was built by MDs who ate their own dog-food, the second by teams of very smart, very committed programmers who don't practice medicine.
5) They are the camel's nose under the tent - my hospital based practice was recently instructed to begin doing "medication reconciliation" on all outpatients. That means at the start of the visit I have to type in all of a patient's medications into the EMR. Sounds fine for you, right? Now imagine your grandmother. As a sub-specialty consultant I see most of my patients once to twice a year and they are on 20+ medications, over the counters, vitamins and herbal supplements. It can take 6-7 minutes out of an already short 30 minute visit. Sure its great for safety, but it means we are running an additional 45 minutes late at the end of the day. Not so great for you if you have a late afternoon appointment.
+--------------------- You idiot! I told you we were facing the wrong way!
That's like asking the Amish what it's like to watch television.
for centralized medical records: reducing fraud. Unless you have some central repository of records that doctars can connect to - there is nothing stopping Joe Schmoe from going to 5 doctors and getting perscriptions at 5 pharmacies. The fucked up way billing works is he could bill some to his insurance company, some to medicade, some to medicare, and never pay a dime - none would even know about it. The cost of fraud is a HUGE percentage of healthcare costs - far more than malpractice insurance.
Then there is item #2. Chew on this: 34% of healthcare cost in the US clerical... this percent should come as no shock to anyone involved in the process - but most people think it's far more automated than it really is. I don't know if centralization will reduce that much... but it's certainly an argument for computerization of healthcare records in some form.
http://www.coderoshi.com/
LOL. I suppose this is progress, that someone is apparently incapable of realizing that data can be stored in anything other than a major DBMS product. Although I don't know what the OP was talking about, here are some other options: The data could be stored in:
I could come up with several more if you'd like.
This sort of think is *extremely* common in the medical industry. Doctors are generally smart, often somewhat geeky, people with lots of leisure time, plenty of money to spend on gadgets and little to no exposure to the world of real IT. That means that in the 80s and early 90s, there were lots of doctors with PCs, problems that would clearly benefit from automation, and no off-the-shelf solutions. What they did was predictable: they built their own, using whatever tools they happened to know about.
Unfortunately, not being CS guys, they had no notion of elegance, no clue about the importance of maintainability and no knowledge whatsoever of the many tools available. I made a little money years ago by converting spreadsheet-based "systems" to Foxpro/dBase solutions. The docs thought I was a genius for being able to create a much more usable solution; I thought they were (twisted) geniuses for being able to figure out how to make the stupid thing work in the spreadsheet in the first place. I'm not sure I could have.
Anyway, not using an open source DBMS, or just botching the implementation of the schema, are the least of the problems that you'll commonly find in small-office EMR and PMS systems.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Why would /. geeks be worried about their STD histories falling into the wrong hands? A prerequisite to that would be first a case of a virus jumping from online chat or a hentai pic to human host, then /. readers would be worried about it.
Politics is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly and applying the wrong fix.
Most patients like the idea of having their doctor be able to easily access their records. Except for when they don't. I work in internal medicine and we like to know everything we can about a patient's history. Routinely, patients withhold information that they think the doctor doesn't need to know. I think it is a bad idea, but it is their right.
Here is an example - one of my HIV infected patients came in to get his blood pressure checked. Our nurse entered that data in our EHR. Our particular system displays a summary list of the patient's diagnosis down the right side. The patient was pissed. "Why does the nurse need to know?" You could argue it either way.
Ideal situation is when the treating medic has the patient's details in hand and *can* readily read them. Put them on USB pen round the patient's neck 24/7 in a truly open format - then 90% is achieved.
The other 10% - like external exams and reports - need the network up and running and the interoperable database world. Backup could be on any encrypted cloud disk.
Come on guys this isn't rocket science, its human lives, "stupid".
Artificial intelligence is the study of how to make real computers act like the ones in the movies.
I work for a state health dep. We have lots of computer thingys. All the health records are stuffed inside and sometimes
we get health records from other people like hospitals, hmo, insurance, etc. All are different, none talk to each other without
huge amounts of tax money being efficiently administered by program managers that know various health fields, but alas,
have many unknown computer thingys and equate electronic health records with a spreadsheet. So they contract the money out
to proprietary software thingys that do not talk to the other thingys. Sometimes these systems work, many times they don't,
but if they do work, then it is time to propose a new standard so they won't work.
There is no leadership from the Feds in standards, just lobby guys. So no real standards, unless it is an attack on someone else's
product. Kind of like MS and standards.
Say the patient has been diagnosed with schizophrenia, but doesn't believe that diagnosis is valid because he knows the real problem is that its really that the video game industry in an unholy alliance with the DoD and is out to get him?
Or many other diagnoses or bits of information that patients do not want providers to access but which are important to their care. Like drug abuse, blood born or sexually transmitted disease, or other mental health problems. A pregnant woman with pelvic pain with a history of chlamydia PID is at much greater risk for having an ectopic pregnancy that will kill her, however that may not be divulged by the individual if she's able to manage her medical records.
There are other rights as well to consider. If I am suturing your laceration and you move suddenly and cause me to stick myself with the bloody needle I was suturing you with, do you think its unreasonable for me to want to know whether you are HIV or Hep B or C positive?
In addition, what if you arrive to the ER after a motor vehicle crash and cannot give the critical information that you are on a strong blood thinner.
So its not that simple.
Nick
"My arm hurts right here!" "Show me?" "Here!" "Wait, it's here now" "No no, it's here now"
The patient's finger is broken.
One big problem is the VA system is designed for and by the VA. I went to the VA Vista booth at HIMSS and asked the attendant what they did to fix or handle the single payer mechanism in VA Vista, he said "uh, what's a single payer system?"
That's the problem. It is built for a military hospital, not a real world hospital, and shows in all aspects of the system (not just it's severely limited billing module).
But the OP explicitly stated that the senior parter used MS SQL, so none of your options really apply. He makes it sound like everything works fine as is, then after the senior parter left he complains that he will have to "pay a fortune to have it converted to an open format". What does he mean by "open format", and why does the senior partner's departure require this conversion? I have worked (briefly) in a closely related industry, so I am genuinely curious. If you've got a decent schema in MS SQL that works consistently, then I don't really see the point of going to an open source database just for the sake of using "open formats". There has to be more to it than that.
"The Net" with Sandra Bullock
A socially retarded software engineer cannot tolerate intrusion.
http://www.imdb.com/title/tt0113957/
She fought back!
The only thing new in this world is the history that you don't know.[Harry Truman]
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Electronic health records will be a privacy disaster. It isn't about open standards, it is about the ease of access that will be created and the fact that security is *ALWAYS* an afterthought or cut/put off to "get an initial release out, but we'll fix it later". What we'll have is a hodgepodge of poorly implemented systems with a TON of security holes and NO ONE'S privacy will be safe.
What is needed is an initial focus on the security of the systems, access rules defined, complete auditing of all actions, unforgeable/unmodifiable logs of the actions, sever criminal penalties for leaking any health records WITHOUT a press shield, etc. And we need a separate organization to create tests, hacks, etc to audit the implementations and make sure the security is correctly done.
But all of this won't happen. Politicians are making promises of great efficiency and other benefits. There will be political pressure to rush something out. Software vendors and the systems integrators will reassure everyone that things will be OK because they will see a HUGE opportunity for years to come and will want to reduce fears and concerns, all the while knowing better, etc.
And, we all know that projects of this scale and scope take a long time to build and get right. The specs are never right and there is incessant haggling over the specs, the tests, the contracts, who pays, etc. The Big Dig will look like a well managed project and of high quality compared to a national EHR system in its first decade or so of life.
This is a train wreck waiting to happen. The political types are too ignorant to know what to do. The industry types want the money. You will be the victim.
This is a project chosen for it's visibility. The perfect medical software just works, and the patient never sees it. But this doesn't win you any votes when you've been lambasted in the press for spending $12B of public money on IT projects.
Patients don't WANT a choice of specialist hospital or doctor. They just want to go to the best one, and they don't have the specialist knowledge to make that choice, so they will ask their doctor.
The proper implementation of C&B is therefore to give a client to GPs that they can book appointments with. The decision to expose it to the general public is purely to say "hey, look, we made something that works".
Every week I have some patients who have come in from far away to see me with some X-rays, MRI, CT scans. Often they are on a CD with some strange proprietary program used to display the images. Often I cant open them up and look at them, and the person has made a several hour trip almost for nothing.
In that way old fashioned plain images are better.
Having open source images/records would also eliminate that problem too, as I could display the images, and not have to find/buy/ download some strange/clunky program.
Most radiologists and newer surgeons really like electronic imaging, but it can backfire on you as well.
..........FULL STOP.
Unfortunately I think the U.K. itself is part of the problem. Even more than the United States, in the UK there's a glorification of management, contempt for technical knowledge, and misplaced faith that their class-based system will somehow muddle through.
Other than Richard Branson (Virgin Air) all the UK managers and executives seem hopeless.
http://thedailywtf.com/Articles/A_Case_of_the_MUMPS.aspx
My apologies, I missed that.
What does he mean by "open format", and why does the senior partner's departure require this conversion?No idea. Perhaps he used a homegrown diagnosis/procedure coding system?
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
At least in the US, HIPAA says the contents of your medical record are yours, and the healthcare provider is a custodian of that data. That said, there are some caveats.
* Not all data in an EHR system relating to you is actually part of your medical record. There may be - probably is - some internal clinical communication attached to your chart in the course of clinical operations. Basically an EHR system usually tracks both your record and the providers' own record about you. These different classes of data are pretty straightforward to distinguish most of the time; you own the former and you don't own the latter.
* Providing you with a copy of your record has some cost, and custodians of records are allowed to recover reasonable costs from you to cover those expenses.
* Some data about your records may be disclosed as necessary for Treatment, Payment, or healthcare Operations; these disclosures are limited to the minimum necessary and (generally speaking) are also limited to other entities coveredby HIPAA.
* The government can get what it wants, when it wants, and you and your records custodians have f--k all to say about it.
Within those broad costraints, though... it's yours and your provider should treat it as such.
With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd
There are two standards called DICOM and HL7. DICOM handles binary data, and HL7 handles more of the process and is the primary integration point with EMR.
With these a PACS (Picture Archive Communication System) forms the "database" of data. The PACS is actually more work-flow based which then stores the actual data on some type of highly-reliable data storage system.
These two protocols make up the totality of your health care experience at a hospital. Your hospital certainly uses these two protocols, so why invent a new one?
The above is an argument for proprietary databases — they are harder to steal from. Well, harder for a layman. And a disclosure by an adverse-minded layman is what the vast majority of people need to fear. Unless you are a prominent politician or a businessmen, you need not fear a team of professional data-thieves capable of:
Yes, the "security through obscurity" will keep the laymen out, even if it also makes the job of those professional crooks easier.
The right argument for the open standards is their being far easier to implement. Even though this would also make them easier to break into (the break-in software developers will benefit from the open standards too), the wider variety of implementations, plugins, etc. will be a compelling argument. Being able to switch from one software vendor (open or closed source) to another without re-entering the entire patient-database will calm the doctors' strongest fear...
In Soviet Washington the swamp drains you.
So far this "Database" has cost the UK Taxpayer £12 billion ($24 US Dollars) and has delivered nothing but chaos ...
For twenty-four bucks I wouldn't sweat it.
Integrity is what you are when nobody is looking.