Slashdot Mirror
Electronic Medical Records, the Story So Far
StupidPeopleTrick writes "After the executive order signed in 2006, states are making strides with privacy breach notification but are struggling with enacting privacy laws and finding funding.
With looming deadlines to move to e-records and e-prescribing, where will the money and the privacy standards come from?"
With looming deadlines to move to e-records and e-prescribing, where will the money and the privacy standards come from?"
The VA hospitals and clinics have an open source package called VistA (Veterans Health Information Systems and Technology Architecture). Veterans can walk into any facility and have their medical records available.
And we already paid for it!
http://www.va.gov/VISTA_MONOGRAPH/
"There are more things in heaven and earth, Horatio, than are dreamt of in your philosophy." Hamlet (I, v, 166-167)
Their Health Services are actually very well done conceptually, and they've managed to put the patient in the loop. That's impressive given the degree to which patients are usually out of the loop on their own files. They're also a lot more security-conscious than your average hospital.
My father called the hospital the other day and gave them his name, and they asked "Is your social security number XXX-XX-XXXX?"
(Most medical records today aren't things that patients get--MS is taking the position that patients should be able to see their own records, and even correct their own medical records. (But with digital signatures to keep track of who is updating the record.))
Microsoft still have some work to do, but they've put a lot of good talent into the area.
One thing about electronic records in general--patient accessible ones--is that it should make a difference in accountability. Normally, at many hospitals in the US, if a doctor makes a significant mistake the records disappear. If patients have direct access to their own records, that will become a less common practice.
--- Thousands are enslaved every day.
...we are already starting with the "EPD" (Electronic Patient Record) this year.
Every citizen to which it applied got a letter in their home, from the government, asking if they wanted to object. For this they had to reply using the included form and a copy of their ID.
Until now, approximately 500.000 objections have been sent in.
Just last week, the government proposed hard actions against those who violate the "EPD", such as high penalties. Insurance companies are not allowed access to the EPD and doing so would give the patient an immediate right to go to a different insurance company.
Let's be frank - these 500.000 people understand the one and only true thing about EPD : once information is out in the open, you never going to get it back in.
Just a while ago I got my own medical file from my physician - I am in my 30s - which contained 6 pages of text...
That's not a huge load of information, and makes it very easy to copy. Once out, anyone knows my complete medical record from my birth onwards. A penalty against misuse would thus not work, it would simply be used to blame any messengers that stand up and find flaws in the security.
One such flaw was already found last year: most hospitals (yes - publicly accessible hospitals) don't password protect their terminals.
Argument ? In an emergency, they do not want to put up the physician with all those tough things like entering passwords.
I respect the ideas of your new president, but I think he should definitely think again when implementing this - information wants to be free.
Solutions ? Maybe give only the patient the private key to unlock the medical database. It was an argument here, but was quickly thrown away on grounds of "much too difficult" and "what in an emergency" etc. Until that solution is seriously looked upon, or at least until the security of it all is completely looked after, my vote against this would be a big fat "no way".
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
I will tell you about the UK experience of computerised medical records.
The government wants everyone's medical records on a database, searchable by who knows who for whatever fishing expedition they want (including giving this private data to drug companies and the EU), no justification of their actions is required. The records are not secure, we already know that because the government lost 26 million taxpayers records in one go, and that's supposed to be a secure system.
So far the scheme has burnt through £16bn (about $24bn), it still mostly does not work, is years behind schedule, and is expected to burn through another £8bn.
If like me you object to your medical records being computerised and being available to any member of the state for their fishing expeditions, your doctor will tell you to get lost.
Like it or not, the state will do whatever it takes, and will not care what laws are already in place (like data protection laws) to stop such schemes.
Take Nobody's Word For It.
<?xml version="1.0"?>
<ClinicalDocument xmlns="urn:hl7-org:v3" xmlns:voc="urn:hl7-org:v3/voc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:hl7-org:v3 CDA.ReleaseTwo.CommitteeBallot03.Aug.2004.xsd" templateId="2.16.840.1.113883.3.27.1776">
<title>Consultation notes</title>
<body>Patient is an incorrigible troll. Recommend medevac to an appropriate jurisdiction and performance of lobotomy. Note: This procedure may or may not result in reduced intelligence or motor skills, as levels between this patient and previously lobotomized patients proved comparable.
</ClinicalDocument>
I hate printers.
In the 1980s, a Scientific American article by David Chaum, and an article from Germany on electronic prescriptions (sorry, no links, it predated the web), educate me about the possibility of electronically secured prescriptions.
Basically, by creative use of encryption, it is possible to create an electronic prescription that
(1) lets the pharmacy know that the prescription is authorized, and how it is paid for without revealing the name of the patient or the doctor. (2) similarly allow the insurer, the patient, the doctor and government, access to information they are authorized to have without disclosing anything more.
The same can be applied in all areas involving privacy and access to electronic records. Encryption can be used to actively limit access to authorized purposes without depending on the lack of human error.
Isn't is about time that we started using technology in these creative ways to achieve privacy levels as high as technology allows? How about an open source effort to publish papers and algorithmic examples showing how this can be done in an attempt to influence policy?
My father called the hospital the other day and gave them his name, and they asked "Is your social security number XXX-XX-XXXX?"
Ummm anyone else see a problem with this?
Basically, EMRs are very dangerous in countries that don't have free universal healthcare, like ours, because they promise to make it far easier for insurance companies to identify medical risks (their euphamism for sick patients) so they can be avoided or dumped.
Obama pledged to lower costs a tiny amount for normal families. Obama has a huge amount of support from the insurance industry on this because they have been pushng EMRs for years as a a way to eliminate the assymetric information held by patients about their own health status.
Currently, patients know more than insurance companies leading dangerous customers who represent medical risks to be more likely to buy insurance.
To lower costs for "normal families", they must raise costs for the chronically ill or reduce the number of them who receive coverage. (Triage)
The Obama's priority is improving the statistical "coverage" of the healthy employed. The dark side is that the 20% or so of Americans who have any kind of chronic illness, and to a lesser extent, first degree relatives of them (children, siblings, parents) will still find it harder and harder - next to impossible - to get insurance outside of a large medical group, (small employers will see huge price rises if they cover a medical risk) Eventually, finding any kind of employment for medical risks will become very difficult, and they and their families will become a marginalized underclass, not unlike the film "Gattaca".
We price insurance by risk. That is the one most non-negotiable part of Obama's healthcare platform.
People who are known to be sick or are related to them are known risks. The so called "fair price" to insure known risks is high.
The only solution possible that would preserve our current 1/3 cut insurance model (very important to those in Washington today) might be to offshore the care of the sick. Medical emigration and marriage out of medical insurance necessity are already skyrocketing, a recent nationwide study found. (17% of Americans have a close friend or family member in that situation)
Um, yeah. Social Security numbers are not universal ID numbers. They should be used solely for, get this, Social Security.
Unfortunately, the medical industry uses SS# on just about everything. In most facilities, they even try to use it as the Medical Record Number! Try to get appropriate care without giving them your SS# and see what happens (I have tried... good luck). And now just about every industry has some excuse as to why they *have* to have access to your SS#. Credit of any kind. Drivers license. Movie rental. Home insurance. You name it.
Anyway, SS#'s are the #1 way that information about you is tracked, "shared", associated, identified, etc. It is a huge security and privacy problem. There is a reason that when the Social Security Number was invented, it included laws about it was *NOT* to be used for any other purpose but Social Security. You can see just how effective those laws were.
(Most medical records today aren't things that patients get--MS is taking the position that patients should be able to see their own records, and even correct their own medical records. (But with digital signatures to keep track of who is updating the record.))
IANAD (but I will be one in 5 months or so). If that is Microsoft's position, that is the stupidest fucking thing I have ever heard. Worse than Clippy. Worse than Bob. Look, a patient's medical record is supposed to be an OBJECTIVE documentation of a patient's health status and treatment. How, exactly, is a patient qualified to make an objective assessment of their medical problems, diagnostic workups and treatment regimens?
One thing about electronic records in general--patient accessible ones--is that it should make a difference in accountability. Normally, at many hospitals in the US, if a doctor makes a significant mistake the records disappear. If patients have direct access to their own records, that will become a less common practice.
Well, that's just complete BS. I don't know where you get your information, but altering a patient's medical record is illegal and, at the very least, will result in a physician's suspension of privileges from a hospital... and most likely, a revocation of their medical license.
Btw, your patient record is completely accessible. You just have to make a request to the medical records office. No, it's not available on the web, but it's not as if your MR is a secret like your FBI file.
There is privacy and then there is limiting the distribution of data. While HIPAA in many ways is a step ahead, the 'loopholes' that give insurance companies, the police, the various bits and pieces of government widespread non negotiable and often non accountable access to pretty darn near everybody has lots of people very concerned. Until and unless Congress really gets clean on 1) ensuring that medical data, including genetic information, is used only by medical personnel for medical reasons and 2) entirely changing the way that health care is paid for in the US this won't happen.
The strong desire of this society to punish suspected bad people - in this context anyone with an identifiable medical condition that has anything to do with patient lifestyle choices - is going to trump privacy and choice every time. As a physician, it's a very troubling issue. On one hand, I'm sick and tired of the disaster that is the individual paper chart. On the other hand, if you think the problem is bad now, just wait until we've fixed it.
I'm going back to bed.
Faster! Faster! Faster would be better!
I AM A DOCTOR. 11 years medical informatics. 16 in medicine in general, 6 years medical devices.
And you need an attitude check, if for no other reason than your experience is insufficient to the matter at hand.
(1) The patient record IS owned by the patient (and the hospital/provider)
(2) All 50 states mandate access to the record by the patient
(3)Hospital records are routinely lost and routinely we do not enter crucial data because of liability reasons. A fact-on-the-ground, if you will. Never mind it is actually counter-productive and the best documents are the best defense, with the majority of docs actually winning the lawsuits.
(4) Larry Weed's arguments on patient's owning and understanding their record have never been refuted (You might know him differently, as he invented the SOAP note)
(5)Many patients have a better and more intimate understanding of their condition (and the tests they underwent) than you give them credit for. You might want to learn to properly listen to your patients and credit them for being more than stupid cattle.
(6) And your MedRec SHOULD be more secret than your FBI file. As a man suffering from condition that routinely cripples him once a year, if that info was known to Tom Dick or Harry Employer I would unemployable even though I only lose a day or two of work a year, they would freak. Just think of the HIV stigma that AIDS *testing* brings to the fore. Never mind I have had to have 3 of those tests for various reasons, NONE having to do with exposure.