Electronic Medical Records, the Story So Far

StupidPeopleTrick writes "After the executive order signed in 2006, states are making strides with privacy breach notification but are struggling with enacting privacy laws and finding funding.
With looming deadlines to move to e-records and e-prescribing, where will the money and the privacy standards come from?"

Microsoft has done some good work on this so far

[solder_fox]

Their Health Services are actually very well done conceptually, and they've managed to put the patient in the loop. That's impressive given the degree to which patients are usually out of the loop on their own files. They're also a lot more security-conscious than your average hospital.

My father called the hospital the other day and gave them his name, and they asked "Is your social security number XXX-XX-XXXX?"

(Most medical records today aren't things that patients get--MS is taking the position that patients should be able to see their own records, and even correct their own medical records. (But with digital signatures to keep track of who is updating the record.))

Microsoft still have some work to do, but they've put a lot of good talent into the area.

One thing about electronic records in general--patient accessible ones--is that it should make a difference in accountability. Normally, at many hospitals in the US, if a doctor makes a significant mistake the records disappear. If patients have direct access to their own records, that will become a less common practice.

What privacy?

[Wowsers]

I will tell you about the UK experience of computerised medical records.

The government wants everyone's medical records on a database, searchable by who knows who for whatever fishing expedition they want (including giving this private data to drug companies and the EU), no justification of their actions is required. The records are not secure, we already know that because the government lost 26 million taxpayers records in one go, and that's supposed to be a secure system.

So far the scheme has burnt through £16bn (about $24bn), it still mostly does not work, is years behind schedule, and is expected to burn through another £8bn.

If like me you object to your medical records being computerised and being available to any member of the state for their fishing expeditions, your doctor will tell you to get lost.

Like it or not, the state will do whatever it takes, and will not care what laws are already in place (like data protection laws) to stop such schemes.

Re:What privacy?

[pmarini]

and in the meantime, any "insurance" company will also have full access to your your complete medical history, should you apply for a mortgage or the like...
(not to mention that the broker will "candidly" suggest not to review them before passing them on to insurer... and checks the option box for you)

Electronic Prescriptions

[anorlunda]

In the 1980s, a Scientific American article by David Chaum, and an article from Germany on electronic prescriptions (sorry, no links, it predated the web), educate me about the possibility of electronically secured prescriptions.

Basically, by creative use of encryption, it is possible to create an electronic prescription that
(1) lets the pharmacy know that the prescription is authorized, and how it is paid for without revealing the name of the patient or the doctor. (2) similarly allow the insurer, the patient, the doctor and government, access to information they are authorized to have without disclosing anything more.

The same can be applied in all areas involving privacy and access to electronic records. Encryption can be used to actively limit access to authorized purposes without depending on the lack of human error.

Isn't is about time that we started using technology in these creative ways to achieve privacy levels as high as technology allows? How about an open source effort to publish papers and algorithmic examples showing how this can be done in an attempt to influence policy?

Re:Electronic Prescriptions

[thogard]

The problems aren't technical so its helpful to follow the money.
Consider how the payment of an average prescription for a cheap antibiotic in the US. The customer will give the pharmacist the prescription and their "pharmacy card" which will often have a $25 co-pay and they think they are getting a great deal. The pharmacy sends the detail to the medical buying club who may reject it or send back 3 numbers. The 1st number is how much the customer is to pay, the second will be the price to put on the invoice and the 3rd number is how much money gets transfered from the pharmacy to the insurance company or the other way around. The result is the $4 bottle of pills cost the patient $25 yet the price on the invoice says $43 so they think they are getting a good deal and the pharmacy has to send $22 of the money collected back to the insurance company. If you want a good deal, check the prices online and let your pharmacist know you will be paying cash..

Re:Microsoft has done some good work on this so fa

[markdavis]

Um, yeah. Social Security numbers are not universal ID numbers. They should be used solely for, get this, Social Security.

Unfortunately, the medical industry uses SS# on just about everything. In most facilities, they even try to use it as the Medical Record Number! Try to get appropriate care without giving them your SS# and see what happens (I have tried... good luck). And now just about every industry has some excuse as to why they *have* to have access to your SS#. Credit of any kind. Drivers license. Movie rental. Home insurance. You name it.

Anyway, SS#'s are the #1 way that information about you is tracked, "shared", associated, identified, etc. It is a huge security and privacy problem. There is a reason that when the Social Security Number was invented, it included laws about it was *NOT* to be used for any other purpose but Social Security. You can see just how effective those laws were.

Re:Scary how people don't care

[ColdWetDog]

I happen to work as a sysadmin for a company that works with medical records. Just last Friday I had to attend a 90 minute training session about FOIA and HIPAA and other matters relating electronic filing of medical records. I was left with the impression that they are actually increasing privacy.

There is privacy and then there is limiting the distribution of data. While HIPAA in many ways is a step ahead, the 'loopholes' that give insurance companies, the police, the various bits and pieces of government widespread non negotiable and often non accountable access to pretty darn near everybody has lots of people very concerned. Until and unless Congress really gets clean on 1) ensuring that medical data, including genetic information, is used only by medical personnel for medical reasons and 2) entirely changing the way that health care is paid for in the US this won't happen.

The strong desire of this society to punish suspected bad people - in this context anyone with an identifiable medical condition that has anything to do with patient lifestyle choices - is going to trump privacy and choice every time. As a physician, it's a very troubling issue. On one hand, I'm sick and tired of the disaster that is the individual paper chart. On the other hand, if you think the problem is bad now, just wait until we've fixed it.

I'm going back to bed.

Re:VistA - VA Open Source

[lysergic.acid]

1.) who cares what it's written in as long as it's available for popular platforms. and MUMPS is still commonly used in the healthcare industry because it was specifically developed for managing medical databases. it's highly scalable, low maintenance, and much faster than conventional (relational) databases.
2.) why should a system meant to share medical records across a national medical network generate bills?

adding non-essential functionality to a medical database and forcing all hospitals to change their billing system would drive up costs and make the system unnecessarily complex. each hospital should be able to choose their own billing system. it's better to have a handful of systems that each perform a single role really well rather than have a single system that tries to serve 20 purposes and does it in a mediocre fashion.