EHR Privacy Debate Heats Up

CurtMonash writes "The New York Times reports on President-Elect Obama's continued commitment to electronic health records (EHRs), which on the whole are a great idea. The article cites a number of legislative initiatives to deal with the privacy risks of EHRs. That's where things start to go astray. The proposals seem to focus on simply controlling the flow of information, but from a defense-in-depth standpoint, that's not enough. Medical care is full of information waivers, much like EULAs, only with your health at stake. What's more, any information control regime has to have exceptions for medical emergencies — but where legitimate emergencies are routine, socially-engineered fake emergencies can blast security to smithereens. So medical information privacy will never be adequate unless there are strong usage-control rules as well, in areas such as discrimination, marketing, or tabloid-press publication. I've provided some ideas as to how and why that could work well."

Logged in computers

[BadAnalogyGuy]

Every receptionist who leaves her PC logged in at the clinic will be a risk factor.

Either you get over yourselves and take the good with the bad, or you shut yourself in and never gain the benefits of the technology.

This isn't even specific to medical records. There will be bumps in the road for any technology.You can make sure your car or bike never hits a pothole by never driving it. But then you will need to walk to where you're going.

Re:Logged in computers

[htnmmo]

Same can be said for leaving files unattended while the receptionist goes to flirt with the new doctor.

We can't let that be a reason to use technology to help people be healthier.

Nice the dems are back in charge. Continuing on Gore's invention of the internet, Obama invented http://www.usaspending.gov/

.

Re:Logged in computers

[krenaud]

It depends on the design of the system. A base requirement would be to limit access depending on the roll of the person reading the journal. A receptionist should only see limited information such as which doctors the patient has and other need to know stuff.

A properly designed system should also have an audit trail so it is possible to see who has accessed the journal and this information should be easily accessed by patients.

It should also be possible to have information which requires special access rights which can be used for extra sensitive information such as mental diagnoses.

I've seen systems where information cannot be accessed by medical personel unless they receive a code from the patient. Having such a component in place seems like a good idea.

Re:Logged in computers

[morgan_greywolf]

Nice the dems are back in charge. Continuing on Gore's invention of the internet, Obama invented http://www.usaspending.gov/ [usaspending.gov]

Actually, Obama was one of the inventors of that site.

Welcome to USASpending.gov
The Federal Funding Accountability and Transparency Act of 2006 (Transparency Act) requires a single searchable website, accessible by the public for free that includes for each Federal award

If we look a the Wikipedia article for that Act:

The bill was introduced by Senator Tom Coburn, for himself and Senators Barack Obama, Tom Carper and John McCain on April 6, 2006.[1] After two "secret holds" placed by Senators Ted Stevens, a Republican, and Robert Byrd, a Democrat were revealed and removed[4][5], it was passed unanimously in the Senate on September 7, 2006 and by the House on September 13, 2006. The bill was signed into law by President George W. Bush on September 26, 2006.[6]

Note that this bill is a bi-partisan initiative: Coburn-R, Obama-D, Carper-D and McCain-R introduced this bill.

Re:Logged in computers

[h4rm0ny]

Patients should have their health records under their control. They can then allow people to look at them (e.g. their doctor) or not as they choose. Some records will have to be kept on the doctor's side, e.g. prescriptions for controlled medications such methadone, but many records need not be.

Re:Logged in computers

[n1ckml007]

Thanks for that Bad Analogy Guy. The PC being logged is both address from a domain policy and application level. Bigger areas of concern include protection againist removeable media, and uptime. You really need 99.999% uptime if someone's life depends on having their medical history available.

Re:Logged in computers

[n1ckml007]

One of the features of some of the implementations of EHR is the ability for patients to review their own records, via the tubes.

Re:Logged in computers

[htnmmo]

Actually, Obama was one of the inventors of that site.

That's what I said.

Re:Logged in computers

[CurtMonash]

I'm glad to see so much emphasis on audit trails.

I called out that point in an early post re government data use, but you guys are right that it applies in the medical case as well.

Re:Logged in computers

[commodore64_love]

>>>you shut yourself in and never gain the benefits of the technology.

Last I checked that's not even an option. You can't tell a doctor to erase your medical records from his PC, because he's reuired by Obama's new laws to keep it stored electronically.

Re:Logged in computers

[commodore64_love]

USA TODAY, circa 2015:

"It has reported that a laptop has been stolen, allowing thieves to gain access to over 1 million patients' records. Officials lied.... er, reassured the public that no harm has been caused."

Re:Logged in computers

[aethelrick]

what does a national EHR do for the doctor and the patient that a local GP system doesn't already do? Most people having this discussion have not considered this. Try listing the benefits and penalties and then decide whether you'd spend your cash putting it in place. While you consider this... note the following: Most people do not migrate, they are born, live and die in the same place. So local systems work well for these people. Emergency medical staff do not have time to correctly identify a patient in order to find the correct medical record for them on a central system in an emergency. This requires quizzing the patient and for the most part, if the patient is well enough to tell you who they are, they are well enough to tell you what they are allergic to and their existing medical conditions, if not, then you're flying blind no matter what. Would it not be better for the government to spend their time setting a standard for data exchange between the existing local systems? The closest thing that exists to this is called HL7 but it's so slack and non-standard in every implementation I've seen that it's no more useful than generic XML.

Re:Logged in computers

[aethelrick]

It's best to limit access by role *AND* location thus making sure that staff at the reception desk (even doctors) cannot open sensitive records on such public terminals

Re:Logged in computers

[aethelrick]

great idea, but it does not work well in practice. The most vulnerable patients are the ones you are most like to injure with the wrong medication or similar. These vulnerable patients include the very old, the very young and the badly injured. These people are often not able to be their own medical book keeper.

Re:Logged in computers

[Timberwolf0122]

Perhaps some kind of inactivity time out is in order?

Re:Logged in computers

[Golddess]

GP probably thought you were being sarcastic since you mentioned the internet as Al Gore's invention.

Re:Logged in computers

[krenaud]

The benefits are several. One can catch drug addicts which consult several doctors in order to get enough drugs. Also patients, especially elderly which have several different specialist doctors will benefit because drug interactions will lessen. Dr Greg House is correct in saying all patients lie :-) so there is a risk that the treating doctor won't have access to all necessary information in order to give the patient the best treatment.

Also, if I for instance visit a cancel doctor and a dietist they have to take their own duplicate blood tests. With a unified journal they may only need one set of the standard blood work tests.

Re:Logged in computers

[Hordeking]

Last I checked that's not even an option. You can't tell a doctor to erase your medical records from his PC, because he's reuired by Obama's new laws to keep it stored electronically.

Not like you can get them to delete medical records as it is. I've requested it multiple times, and I'm always told "the hospital/clinic/etc owns those records, but we can put a flag on them to require your permission to look at them".

Re:Logged in computers

[okhra]

Medical Records are owned by Patients. Your doctor/hospital may act as custodian but patient owns it.
Look at indivo.org for an implementation where patient is in control and the patient has to give permission before any entity have access.Of course, fear plays a greater part and typically, patients give access to any one in the chain. Insurance companies are notorius in that they can scare you into not covering you.

Re:Logged in computers

[Hordeking]

Well, that's all good and well, unless one wishes himself to be the sole owner and custodian of all medical records pertaining to himself.

For my part, if I'm asked for information pertaining to X by insurance company Y, I may decide to provide it. However, true to how FOIA works, any and all info pertaining to Z will be blacked out (hey, they asked for X, not Z), which I may not have the opportunity to do if someone else is the custodian.

Re:Logged in computers

[aethelrick]

but this does not require a national EHR! this requires local systems integration, which is already commonplace in many health trusts. my own experience tells me that even when a doctor has access to recent test results, they prefer to get their own because they have to stake their reputation on the diagnosis they give and want up-to-date information to base that diagnosis on. regarding drug addicts, they are driven by their addiction to acquire drugs or money for them and we should probably look at stopping them from mugging the elderly before we worry about them getting double prescriptions. While neither of these scenarios are pleasant I don't think a national EHR will effect the treatment of drug addicts at all. I suppose my point is that we (in the UK at least) have poured millions of tax payers money into the National program for IT for the NHS and it's had hardly any positive impact on patient care and outcomes. Someone should ask the doctors what they need to do a better job rather than cooking up yet another government IT scheme heralded as the "one true way". Sadly promising the NHS reform is one of the best ways to win votes for British politicians and as such we'll continue spending money and messing about with it much to the frustration of the people who work in the front line of patient care.

Re:Logged in computers

[Peeteriz]

Even the people who do not migrate often visit different medical facilities. It does not matter if the ER where you are taken with a heart attack is in a building right next to your GP - they don't get your records in time now.
It does not matter if your knee surgery gets performed in a hospital three blocks away from your previous GP visit - the paperwork to get medical history is mindboggling.

The whole point here is to centralise information to allow access between various medical institutions. Currently they cooperate poorly, and it looks like they won't get things done if left to their own business.

Re:Logged in computers

[aethelrick]

I can't say that this is how it works here, but I only have experience of health care systems in the UK where local electronic patient records exist.

Dangers of EHR

[gravos]

The danger of an Electronic Health Record is that it may perpetuate mistakes which of course do happen and any mistakes can carry on and lead to more problems. Sometimes for people with mental health problems, a diagnosis is made and then subsequently it's discovered that that was not the actual diagnosis. Having this kind of an electronic trail to follow you around forever could be extremely dangerous, in my opinion.

Re:Dangers of EHR

[Wormholio]

The danger of an Electronic Health Record is that it may perpetuate mistakes which of course do happen and any mistakes can carry on and lead to more problems.

It cuts both ways. With electronic records some cross-checks are possible, such as checking prescribed drugs for interactions, or perhaps even checking that the symtoms and/or treatment really match the diagnosis.

Re:Dangers of EHR

This will sort out pretty quickly when Obama's family and friends, or supermodels/celebs have their details splashed about.

So easy to dig around STD /Pregnancy tests, or when little daughter sought the pill.

Paper is vastly superior, privacy wise.

As stated, the minimum wage secretary, or virus infected machine, will ensure wholesale disclosure if there is a buck to be made.

Obviously life insurance and HMO's will be interested buyers.

Re:Dangers of EHR

As I see it, as long as the correction is in the chart too, that's a pretty good idea. Especially if you have one of those diseases that look like every other disease in the book ("It's not Lupus!") having a record of "nope, not that" helps any other doctor know what has already been ruled out.

Re:Dangers of EHR

[db32]

It also provides accurate records of those mistakes. The lack of medical information following you is going to be FAR more dangerous than a mistake in that record. Picked up on emergency? Can't talk? I hope you don't have any allergies or you could be killed by the response team. Heart condition, diabetes, etc... The number of circumstances where NOT having this information readily available is extremely dangerous outnumber your circumstances by a large factor. Nevermind that EHRs can be corrected and probably far easier than the existing mess of paper records.

In other news, going outside your house is extremely dangerous. For that matter, just staying inside your house is extremely dangerous. Driving to the store for food is extremely dangerous.

Re:Dangers of EHR

[jbolden]

The thing is there is likely embarrassing stuff on most people's medical records.

A used to use drugs
B had a horrible depression
C has a fatal disease that kill them over the next 10 years
D got an STD at a sex party

etc...

Right now people freely talk about physical injuries they got from reckless behavior. It could be that with leakage mental disorders stop being something that people have more embarrassment about discussing.

Re:Dangers of EHR

[n1ckml007]

Auditing of access of medical records would actually improve. If someone looks at your paper files, how would anyone know? If someone looks at your EHR documents, sure it might potentially be easier to access, depending on your position, but you likely will be promptly fired.

Re:Dangers of EHR

[Thanshin]

A used to use drugs
B had a horrible depression
C has a fatal disease that kill them over the next 10 years
D got an STD at a sex party

A - I'm not hiring drug addicts in my company.
B - I'm not hiring him. He may have a depression during some important project.
C - I'm not hiring him. What if he dies before finishing the project?
D - I'm not hiring perverts in my company.

No, I don't think people will freely discuss their medical records.

(replace hiring with promoting for post interview discussion)

Re:Dangers of EHR

This is not true, at least in America, where a mental illness diagnosis can remove a number of your (remaining!) rights...

Re:Dangers of EHR

[CurtMonash]

Exactly why we need anti-discrimination legislation in ADDITION to privacy protections.

Re:Dangers of EHR

[aethelrick]

you are assuming that an EHR can be delivered to the emergency care professional in a form that actually helps them in an emergency. The key to this is patient identification which is hardest when your patient is sufficiently injured to be unable to tell you who they are, this coincidentally is also when they are least likely to be able to tell you about their allergies. In short, if your patient is able to tell you enough information about themselves to safely ID them in your EHR, my bet is that they can mention their "thingymycin" allergy. Where the patient is not conscious you have to go a long way to beat a bracelet attached to their arm with this detail on it. (no I don't work for medic-alert or similar, I'm an IT professional that spent the last seven years working on EHR systems)

Re:Dangers of EHR

[FredFredrickson]

having a record of "nope, not that" helps any other doctor know what has already been ruled out.

Apparently you watch enough house to quote it, but not enough to know that a chart with records of what it's not will only make doctors less thorough! What if the test was done wrong? Do it again! "But we already did the test." Test again!

Re:Dangers of EHR

[Thanshin]

Exactly why we need anti-discrimination legislation in ADDITION to privacy protections

Anti-discrimination laws aren't working, right now. What makes you think they'll start working if we make discrimination much easier and much (really, very much) more profitable?

P.S.: I speak from the PoV of Spain; maybe in the states anti-discrimination laws really work and saying you're two month pregnant during a job interview wouldn't alter the result in the least.

Re:Dangers of EHR

[FredFredrickson]

anti-discrimination legislation

Anti-discrimination legislation will never work.

"Your honor, I did not not hire him because of his genetic defects, it's simply because he wasn't a perfect fit for the job. We found somebody who types faster."

Problem solved.

Re:Dangers of EHR

[jbolden]

The thing is that everyone is an A,B a C or a D.... You have to hire someone.

Re:Dangers of EHR

[CurtMonash]

Exactly why we need anti-discrimination legislation in ADDITION to privacy protections

Anti-discrimination laws aren't working, right now. What makes you think they'll start working if we make discrimination much easier and much (really, very much) more profitable?

P.S.: I speak from the PoV of Spain; maybe in the states anti-discrimination laws really work and saying you're two month pregnant during a job interview wouldn't alter the result in the least.

Fair enough. But I was talking about discrimination for smaller factors, such as mere statistical risks of ill health.

You're right that anti-discrimination for gross disabilities is only partially successful. In the US it's the Americans With Disabilities Act.

Re:Dangers of EHR

[CurtMonash]

anti-discrimination legislation

Anti-discrimination legislation will never work.

"Your honor, I did not not hire him because of his genetic defects, it's simply because he wasn't a perfect fit for the job. We found somebody who types faster."

Problem solved.

Anti-discrimination legislation is, in general, partially successful. Your extreme position adds more humor than insight.

Re:Dangers of EHR

[commodore64_love]

Read the stories who have had their Credit Records hijacked with false information, and their inability to get loans due to that.

Now imagine the same thing with Medical records, but instead of just inability to get a loan, now you cannot get a job because your employer thinks you suffer from paranoia ("it's right there in your record Mr. Smith, it must be true. I'm sorry but we can't hire you."). For that matter the employer might not even tell you the reason. They might just never call back.

You may think this sounds absurd, but the same thing is happening now with the internet, where employers are digging-up 10-15-20-year old posts or photos from the net, and using them as justification to not hire someone. ("We found this photo of you drinking beer in a frat party in 1995. It's at the psu.edu/alphadelts website. We can't hire you as a teacher. Sorry.")

Re:Dangers of EHR

[commodore64_love]

What makes you think that will work???

"We can't hire him because he has repeating bouts of depression."
"You're not allowed to hack into medical records!"
"So? Do YOU want to hire a manic depressive?"
"Good point. ..... Well the damage is done, but we can't let anybody know what we did."
"Um..."
"Let's make up a false reason."
"He doesn't know how to use a Macintosh, and we have Macs in our labs."
"Yeah that sounds good. I'll send off the rejection letter immediately."

Watch the movie GATTACA to see how laws are completely ineffective in stopping corporations from using medical history to disqualify employees.

Re:Dangers of EHR

[CurtMonash]

And HR managers will risk jail over the hacking to play out your scenario?

Re:Dangers of EHR

[Comboman]

Picked up on emergency? Can't talk? I hope you don't have any allergies or you could be killed by the response team.

That's why people with those conditions generally have a bracelet stating it (which EMTs are trained to look for). Compare that to the EHR: The guy can't talk? Check his wallet for a name. John Smith? Let me type that into the computer. Too many responses, what's his driver's license I.D.#? JSMITH234084329. Let me type that into the computer. Opps, we're in a dead zone for wireless internet coverage, we'll have to wait until we get the hospital.

Now, I'm not saying the EHR has no merit, I believe it does, I just don't think it is very useful in the situation you suggest (unless your EHR is stored on a subcutaneous RFID tag, but that raises even more privacy/security issues).

Re:Dangers of EHR

An HR manager would have no clue in that scenario. You interview a candidate and make the decision to hire or not. Many times I've heard things like "Just got a hunch this guy won't work out". What's HR going to say?
 

Re:Dangers of EHR

[zappepcs]

I absolutely agree. The point of getting a second or third opinion is not to have them use the first opinion in their diagnosis. Not even your auto mechanic should do that. If you take your car in and say it sounds like the transmission and all your mechanic does is check the transmission, he's a shitty mechanic.

Records are good, but they are of limited use for most people, most of the time. Sure that medica-alert bracelet is almost ALWAYS useful in medical emergencies, so would a bracelet with USB/MicrSD card attached, but the ER nurse really doesn't need to know you had crabs last year to set your broken bone.

Imagine you are walking across a big bridge during a rainstorm and get swept over the railing through wind and clumsiness. As you are being wheeled into the ER, that is exactly the wrong time for them to read that you once tried to overdose on aspirin 25 years ago, as a 14 year old. I know, bizarre example, but there are others. I want medical staff diagnosing my problem, not my record.

How long before DNA sequencing becomes cheap enough to quickly add it to your records? What are the dangers of that?

Re:Dangers of EHR

[LingNoi]

How long before DNA sequencing becomes cheap enough to quickly add it to your records? What are the dangers of that?

uh.. being able to see you might have a high risk of heart disease so checking that out first if you have such symptoms? possibly checking you for signs of cancer if you have a specific gene know to cause it so they will find it in early stages?

oh no, the horror?

Re:Dangers of EHR

[LingNoi]

I don't know about the US, but in England I had a pain in the ass of a time trying to get my medical history on paper records from one clinic to another 300 miles away.

Re:Dangers of EHR

[db32]

EMTs are trained to look for those. However, is it still there? Did they even wear one? In the situation I suggest I probably wasn't clear enough, but initial emergency response isn't the same as the following hospital treatment. I doubt EMTs are going to pull up your medical record on the spot to care for you even if they could. Every second counts n all that. However, once stabilized and sitting in a hospital bed those medical history questions start becoming more important. Even more so for the elderly n such. When you go to the hospital they will ask you the same series of questions a dozen times. It isn't because they are stupid, or think you are stupid, its because there is a HIGH rate of "oh yeah, I forgot about..." happening the 2nd or 3rd time the question is asked.

Re:Dangers of EHR

[db32]

I agree. I think we have a long way to come on that portability piece. I work in healthcare IT and I don't think a day goes by that I don't want to do horrible things to our vendor reps just so they wind up in our hospital and suddenly have a vested interest in their systems behaving EXACTLY as advertised. That said, having been around elderly patients (which is probably the majority of any patient population), they tend to be far more likely to remember personal identification material rather than medical history stuff.

Re:Dangers of EHR

[db32]

I can't even begin to the imagine the fun of catching a company using healthcare information in such an unbelievably illegal fashion. Now, I agree there are security things to be addressed. But, medical records already exist in a fairly extreme state of paranoia even if some of the IT pieces are lagging. If anything, I would want the credit industry held to the same standards that medical records are. If you are a nurse and you access a record that isn't one of your patients you can be expected to be called out on it and likely lose your job. Shit like that is actually tracked in an EMR system. It is actually more secure against snooping than the current paper copies given that there is no per access tracking that happens when you thumb through a paper record.

The problem with the credit industry is that they are not held accountable for the losses of information, so it is more profitable for them to play fast and loose with it and hand out loans and credit in the hopes of profit. Hospitals ARE held accountable for lost information, and their model of profit doesn't even begin to resemble the credit industry. In fact, hospitals LOSE money when the records aren't accurate because insurance/medicare/medicaid/etc refuse to pay out. Hospitals invest a tremendous amount of resources in making sure all of their records are as accurate as humanly possible for that very reason.

Re:Dangers of EHR

It would be no different than people who use Google now to determine who to disqualify, without even considering the age and/or validity of the information they are using. HR doesn't tell anyone specifically they were disqualified based on a Google search, so that the information used can be cross-checked for accuracy, so HR certainly won't tell them that they were disqualified due to a peek at their medical records. Plus won't even have to hack people's records--many will just start requiring electronic medical records access as part of their background check process.

Either that, or someone will "lose" a laptop full of medical information (read: intentionally leave it in a high risk theft area and then call it lost when they knew it would be stolen), and someone will now have millions of medical records for their own use.

Oh, and one more thing... don't forget that when (note: not if, but when) advertisers do get their text ads, banner ads, Flash-based ads, etc. in the medical records systems, they will already have sneak-a-peek access to everyone's medical records, even if just in (yeah right) aggregate form. Without a doubt, I think that Google/Doubleclick will probably be the first in line for that.

Always predict the worst when deploying a new technology, never assume people are inherently good and wait for the problems to actually occur before fixing them.

Re:Dangers of EHR

Last I checked, GATTACA is a fictional movie? Correct me if I'm wrong.

Re:Dangers of EHR

[commodore64_love]

HR managers (or bosses or small business owners) already violate all kinds of laws against discrimination. What makes you think they'll just suddenly stop when they learn you have heart problems? They'll discriminate then, just as they discriminate now in regards to color, sex, religion, and so on.

Over in my local university, Millersville PA, they refused to hire an adjunct teacher because she posted a photo on her myspace.com where she was drinking beer. She tried to sue, but the court determined they can refuse to hire for whatever reason. If you can refuse to hire someone over a stupid photo, or because they have bad credit ratings (companies are checking that too), there's nothing to stop the Corporate masters from denying access for medical reasons.

Wake up! The corporations have access to the information, and they will use the internet to uncover facts and deny jobs.

Re:Dangers of EHR

[jbolden]

It is almost impossible to get a complete medical history in the US. The system is too decentralized.

Re:Dangers of EHR

[!coward]

While I would agree with you on most points, as it matches my personal experience with EHR systems (ie. that the systems I've seen in place so far tend to be more secure than the equivalent paper-trail), I think the point most people are trying to get across is that, for the most part, those systems exist as completely separate entities and what little interaction exists between the DBs of those different entities is easy to monitor.. For now.

In my country the majority of health services are provided by the State through State-funded (or public) Medical Institutions. Most of them have, in recent years, deployed their own versions of flow-control, occupation-rates monitoring, stock accounting, resource allocation and (more to the point) patient medical information systems. There are, as you might expect, several vendors out there for these integrated systems and even though most of these institutions are funded primarily by the State, even Medical Institutions that "belong"/operate/form the very same healthcare network (ie, they serve the same population, each on different levels with a small degree of services overlap), you don't usually find them using the same vendor's product. Which basically means they don't usually play well with each other (for example, trying to convert one system's DBs to another because the hospital switched vendors can be a freaking nightmare, don't even get me started on bad DB design!).

To tackle this, interoperability standards were set forth (although I don't exactly know how well _that's_ working).. But the truth is, very few information is actually shared through the systems themselves. There simply isn't a centralized way, much less a centralized database, that can give _anyone_ (doctors, nurses, the patient him/herself or the State) access to all your medical information. You're usually limited to what that particular institution has on file, the file they've built from every visit to their facilities, and whatever files/tests you've brought with you.

This means that you need to supply the rest or (re)do all sorts of tests.. And I agree that in many cases this is the best way to go. It's the way doctors are trained to operate. Blind faith in charts can kill your patient as fast as completely disregarding them.

Back on topic, though, what I believe has most people worrying about this is the whole notion of near-free information flow, and who actually gets to access it, security policies notwithstanding. With a population of a couple hundred million people (far larger than my country's), the volume of information would be gigantic, as would be the flow of information back and forth between medical institutions. To the point where monitoring, let alone investigating, every single apparent breach in data transmition/sharing policy would become impractical. We've seen that happen in other supposedly high-security systems (credit card info, anyone? -- and the corporations actually HAVE an interest in keeping these private!). Add to that the many greedy corporations just itching to make money/sell all sorts of services off of that information (I mean, it's just too good to pass), or to use it to simply refuse you service, and you have a potentially very dangerous situation. I don't think it's a matter of "if" the system is going to be gamed but more of a "when". There's just too much money involved.

Even if there aren't currently any plans to actually centralize the information (even in a "cloud-like" system), or facilitate the hassle-free sharing of information, I'm pretty sure the "special interest groups" would soon find a way to push that through.. It's to their advantage, after all, and it would be just a small change in actual policy. I don't dispute the many benefits that might come of this, but I'm also a cinic and have very little faith in any corporation's "don't be evil" pledges. The further erosion of patient-doctor privilidge, more than anything else, scares the begeezus out of me.

Re:Dangers of EHR

[ColdWetDog]

I don't know about the US, but in England I had a pain in the ass of a time trying to get my medical history on paper records from one clinic to another 300 miles away.

You guys don't have fax machines? Wow.

Re:Dangers of EHR

[ColdWetDog]

I absolutely agree. The point of getting a second or third opinion is not to have them use the first opinion in their diagnosis.

You're doing it wrong, then. You seem to think that you're third opinion doc is supposed to think up everything de novo? Repeat all the tests the other docs did? Repeat all the other drug trials the other docs did? You would end up in a room with many corridors, all alike. You would go back and forth. And never get out.

While there are certainly times that the second / third / x+1 opinion really looks at things in a totally new and different light and comes up with the one absolutely unusual little tidbit that everyone else has overlooked, the much more usual scenario is that 1) either the problem goes away 2) the problem now is so obvious that even your teenage daughter can figure it out or 3) the other docs have tried several reasonable things and by a process of elimination (rather than deduction or induction), the answer becomes more apparent. You want to keep re inventing the wheel?

Imagine you are walking across a big bridge during a rainstorm and get swept over the railing through wind and clumsiness. As you are being wheeled into the ER, that is exactly the wrong time for them to read that you once tried to overdose on aspirin 25 years ago, as a 14 year old. I know, bizarre example, but there are others. I want medical staff diagnosing my problem, not my record.

You just might want to let the nice trained medical professional skim an accurate and complete history and then let him or her decide what parts of it are useful to the current encounter, perhaps? Maybe?

How long before DNA sequencing becomes cheap enough to quickly add it to your records? What are the dangers of that?

Well, the danger, if you will, would be that you would have an enormous amount of information in the chart that we would have no idea WTF to with it. I don't think the danger lies in the sequence information - it's the data interpretation which would give you risking data for various ailments. It would likely help you and your primary care doc carefully review what you should be doing in your life, although the conversation likely would be on the order of "get more exercise, eat something healthy occasionally, quit smoking" that we can do quite nicely without your gene sequences. However, you don't want insurance companies to get a hold of it.

That said, the biggest problem with promulgating medical information into the "fog / cloud / Wikipedia" is that OTHER (evil, nasty) people besides medical professionals will get a hold of it. And use the information in ways that doesn't really help you. But not to worry. It's going to happen anyway.

Now, roll up you're sleeve and bend over....

Re:Dangers of EHR

[billcopc]

So easy to dig around STD /Pregnancy tests, or when little daughter sought the pill.

And why is privacy such a big deal in this situation ? What's so embarrassing about a person being mindful of diseases and/or unwanted demon spawn ?

The more secrets a person has, the more stress they carry with them. That's quite directly how you've wound up with so much crime and violence - the more you repress, the uglier it is when it finally comes out, and it ALWAYS comes out.

Re:Dangers of EHR

[LingNoi]

Data protection act, etc..

Re:Dangers of EHR

[winwar]

"Anti-discrimination legislation is, in general, partially successful."

But only against the extremely stupid or incompetent. Employers discriminate all the time against legally protected classes. They just use a legally protected reason.

Re:Dangers of EHR

[KeithConover]

First off it's a good idea to define terms, as the risks for the various flavors of medical record differ. And, given that for the USA, at least, we now have some terms that are official, here's a summary from the document I recently put together for a medical IT conference, referenced at the end of this post.

EMR vs. EHR vs. PHR?

Many people use the terms electronic medical record (EMR), electronic health record (EHR) and personal health record (PHR) interchangeably. But arguably they mean very different things.

There are also a great variety of other terms used to describe electronic records, but EMR and EHR and PHR are now more-or-less accepted as the three real terms. In fact, the US ONCHIT commissioned the NAHIT to develop definitions and so, at least in the USA, these are official.

An EMR is just that - an electronic record of an episode of medical care, whether inpatient or outpatient or ED. The EHR is both more and less than the EMR - it is those parts of the EMR that are appropriately shared with stakeholders outside the hospital, doctor's office or other EMR source. Parts of the EMR are shared, as the EHR insurance companies, government agencies, patients themselves, and employers. An article in Medical Economics, quoting an Institute of Medicine report, defines the elements of an EHR thusly:

Health information and data. The system holds what's normally in a paper chart - problem lists, medication lists, test results.

Results management. An EHR lets you receive lab results, radiology reports, and even X-ray images electronically.

Order entry. No more prescription pads. All your orders are automated.

Decision support. An EHR is smart enough to warn you about drug interactions, help you make a diagnosis, and point you to evidence-based guidelines when you ponder treatment options.

Electronic communications and connectivity. You can talk in cyberspace with patients, your medical assistant, referring doctors, hospitals, and insurers - securely. And your system interfaces with everyone else's. Interoperability is the key word.

Patient support. Patients can receive educational material via the EHR and enter data themselves through online questionnaires and home monitoring devices.

Administrative processes. The system lends a hand with practice management. Patients can schedule their own appointments and staffers can check on insurance eligibility.

Reporting and population health management. How many patients did you treat for tuberculosis in 2003? How many of your diabetics have their HbA1c under 7? An EHR will spit out the answers, thanks to a searchable database.

A Personal Health Record is just that: personal. It is those parts of the EMR/EHR that an individual person "owns" and controls. Google and Microsoft want to help you with this. (Really.)

If these definitions seem a bit vague, well, yes, they are, because we're just getting started with this stuff, you know?

A more complete tutorial on Healthcare IT, with a diagram that might make the above actually make sense, as well as links, may be found in a PDF named

Healthcare IT in a Nutshell.pdf

at:

http://ed-informatics.org/healthcareit/ [ed-informatics.org]

(BTW, as a practicing ER doc, when I need EHR info, I need it NOW, often 10 minutes later is useless.)

Re:Dangers of EHR

[db32]

Well, actually there ARE standardized ways for those databases to share information and it is a huge money maker for most of the various healthcare related vendors. HL7 is a standard that medical systems use to communicate patient data back and forth. When you get checked in and they say you need a MRI, the EMR sends a message to the MRI machine that fills out all of the information about you the MRI machine will need to build the study. Then the MRI tech selects your name (rather than handjaming all of it in based on paper records that may or may not get there in a timely fashion) and proceeds to scan away. The images get sent on to the imaging storage thing and the machine sends messages back to the EMR "ok done". Then the EMR shows the Doctors that will be reading the images say "Hey, Patient X has their images done", they go in and dictate what they see. Then it tells the transcriptionists "Hey, Doctor X finished dictating" so they go listen and type up the report into the EMR. Then it send BACK to the Doctor "Hey, transcriptionists are done, read it and verify then electronically sign that it is correct". THEN! It send a message to the ordering doctor "Hey, your tests are complete". Now In most cases at a minimum the EMR had to communicate with a MRI machine, a Dictation system, and more than likely a PACS (image storage) system all made by different vendors to achieve all of this.

Now...as far as it being "Easy" or "Standard", yeah it gets a little fuzzy. Vendors tend to "Well we support HL7 v3, but not v2, and we need field 57 to have a value of X" and other strangeness, but ultimately, the pieces required are indeed there to make it all happen and vendors are more than happy to charge a kings ransom for these "interfaces" as they call them.

I think hospitals have a long way to go to improve IT security, however, on the behavior end I think they are leaps and bounds ahead of the credit industry. I doubt that it is entirely altruistic and "don't be evil", but the penalties for screwing up with medical information are MUCH higher than screwing up with credit info. I can tell you from (rather frightening experience) that most of the US docs I have dealt with have NO love for the money grubbing insurance companies.

Re:Dangers of EHR

[kcornia]

Think of a company deciding whether to hire person A or person B. If they were able to get hold of health records and find out that person B has a higher cardiac index than person A, and therefore hire person A, how would you feel if YOU were person B? What if the cardiac index is due to genetics and not life choices? There was a stupid movie that dealt with this, maybe had Ethan Hawke in it?

Would you like a diagnosis on your chart preventing you from being employed?

This is just one of many examples. The last paragraph in the article has more.

Re:Dangers of EHR

[Hordeking]

Death is a natural part of life. Don't fear the reaper.

Re:Dangers of EHR

The thing is that everyone is an A,B a C or a D.... You have to hire someone.

Do you hire the ones for whom ABCD has been made a matter of record, or the ones for whom ABCD is a matter of unsubstantiated speculation?

Re:Dangers of EHR

[jbolden]

Once everyone's records are out there everyone ends up having bad stuff.

Re:Dangers of EHR

[Arterion]

Are they revoking HIPPA along with this, or what? AFAIK, it will still be confidential information.

Re:Dangers of EHR

[jbolden]

HIPPA ain't close to what you would need to keep this information secure. The thing that is really working is that the records are so fragmented now they have very little value.

Re:Dangers of EHR

[js_sebastian]

I can't even begin to the imagine the fun of catching a company using healthcare information in such an unbelievably illegal fashion.

You won't, cause they won't tell you why you're not being hired.

Re:Dangers of EHR

[Arterion]

I thought the value of something like HIPPA wasn't necessarily so that you could protect you data so much as that you could sue the pants off of someone who didn't. That is the incentive people who control your records have to keep the secure.

Re:Dangers of EHR

[jbolden]

You can be HIPPA complaint and insecure. So it may end up doing the opposite.

Re:Dangers of EHR

[!coward]

Nice description, +1 Informative.

I know the article was about EHRs in the US, but I was giving my take based on my non-US experience. Remember I talked about interoperability standarts being put forth? I never got to see those in action because I had moved on to another field by then, but the systems I knew of the kind you described were usually provided by the same vendor and did it all..

Most of those products were also developed in-house by the vendor. And even then, sometimes some parts had trouble playing nice with other parts. Transitioning to a different (more modern) system tended to be a serious pain, especially so if you were also switching vendors. I'm assuming that hasn't really changed. Yes, the standards may facilitate the way each system shares information with the others, but the way they STORE the information is critical when you're switching products/vendors and need to convert all the stored data, and the people you're ditching aren't usually very cooperative in that process.

I know doctors over there have many reasons to dislike insurance companies, malpractice insurance premiums being one of them. They also see patients being consistently screwed out of treatments because it's either "not covered" or "experimental" or simply "our doctors don't feel it's necessary", and I'm sure they don't like it. My problem isn't with (most) doctors as they, more than anyone else, understand how critical doctor-patient confidentiality (and the trust it generates) is to their profession.

But if I've kept up with the topic correctly, the plan also contains provisions to have some sort of way to compile data from all possible sources and then proceed to mine it. Now, even if the information that would allow patient identification is removed, this still means that a huge swath of information will be available to anyone who qualifies.

Sure, a whole score of great things can come from this, but I still worry about all that info bouncing around. Doctors may be very good at keeping patient's privacy and have no interest in screwing that up on behalf of, as you put it, "money grubbing (insurance) companies", but at this point, it won't just be them doing the whole privacy-keeping. It'll be the system and its security model. And I just have very little faith that a system that needs to be so widespread will be more secure than other systems that also deal with sensitive information: credit card info, social security records, tax records, etc.. All of which have been consistently cracked/hacked into.

Re:Dangers of EHR

[db32]

The data storage certainly leaves things to be desired. While HL7 is a "standard" for sending 'messages' back and forth among systems, it isn't exactly a fully agreed upon standard, and you are still absolutely correct in terms of dealing with vendors, storage methods, and conversion.

I'm not entirely sure how concerned to be on the data mining piece if they truely do eliminate personal info. The Insurance and Pharm companies can burn burn burn burn BURN! for all I care, they won't stop doing dirty shit until they are beaten sensless anyways. The statistical research that could be done with a database like that is just staggering. Risk vs Reward really. It makes me a tad nervous, but imagine being able to trend out the spread of a strain of disease through lab results with such rapid accuracy.

The real trouble as I see it is not the existance of these massive databases of information, but the tremendous lack of oversight in their use. Everyone complains about governments doing nefarious things with these databases and suggests that we somehow stop them from being created. The idea that you can somehow stop the march of technology in that manner is pretty laughable. The idea that we should even be attempting that rather than fixing the REAL problem of having governments that can do nefarious things is stunning. It is a treating the symptom instead of the cause kinda problem. You can treat the symptoms of cancer, but if you don't fix it you still die.

Re:Dangers of EHR

[!coward]

My sentiments exactly.. Look, I wasn't advocating against the whole thing, and I'm definitely not what you'd call a luddite. Rather, I was pointing out the many caveats that need to be seriously addressed before any major data mining starts.

Keep in mind that ouside of data-mining, there will still be full transmition of EHRs between medical institutions. Say you're on vacation in DC, for a future President's inauguration, for example. You get hit by a car and get admitted to a hospital. Now, aside from all the urgent measures that need to be taken to ensure your survival, there might be vital information that both the EMTs and the doctors need to provide you with treatment that won't kill you (allergies and pre-existing conditions come to mind). They'll need to pull up YOUR records from the system. These records are obviously the whole enchilada and thus, full of personal info, and as such, they'll circulate through the system in its full form. Encrypted or not, for such a widespread system (just counting hospitals, how many points of access would that make?), there would be great deal of "points of entry" for attacks. Just think of what's happened to the DoJ, the DoE, the DoS and the whole thing about malware potentially syphoning sensitive information. Think that won't happen in hospitals?

For the data-mining purposes, the data may well be anonimized, sure.. But at what point will that happen? This is critical. Also, the same patient's medical records need to be traceable for future reference studies. For a lot of purposes, you wouldn't really need to keep track of individual patients, global numbers would more than suffice. But for many other studies, there needs to be a way, a slashdot-like UID, that is unequivocally tied to the same person's medical history. Without that ability to track progress on a per-patient basis, many good things will not be possible.

Now, of course this doesn't mean that you're tracking that _patient_ or even that you'd know who the person was, but for such a system, there would have to be either a method for consistently creating those IDs, such that the same person would be assigned the same number everytime, regardless of all the things that can change throughout one's life, or a DB with an assignment table that kept track of who's who.

This second method would obviously be a major security risk and being that that DB would be in constant use, stripping new data of personal info and slapping that person's UID on it, I just don't think you'd be able to secure it. Not tightly enough.

The smart way to go about it would be to create those UIDs using something like an MD5 hash of the portion of personal data that never changes. The trouble is, when you get right down to it, there's not much data that _isn't_ subject to change. Name, any geographical info, even driver's license can't reliably be used. You'd be stuck with the same stuff that has given so many headaches in the past: SSNs and the like. In other words, the amount of data to be hashed would be small, and the smaller the input, the more exploitable the hash method would be and the more susceptible to brute-forcing the whole thing would become.

In fact, given a simple combination of SSN, and little more info, if you could get your hands on the hash method employed in generating the UIDs, you'd probably be better off just generating all the possible data (after all, you'd know which SSNs are possible, which ones no longer interest you [ie, dead people], and the same could be said of the rest of the data) and then matching the hashes with actual EHRs and voila.. No more patient anonimity.

The problem in my mind isn't the progress of science or society. I do worry about the ever-increasing erosion of privacy, and even moreso with the growing disregard for how important that privacy is. But this also isn't my "beef" here. My problem here is that the people who'll be making the final decisions won't be knowledgeable enough to understand all the potential problems, and unless their (hopefully more knowledgeable) advisors do their jobs, I see this thing being rushed out the door with a security model worse than even the ill-fated Diebold machines.

Re:Dangers of EHR

[db32]

The thing that really drives me nuts is that for all of the complaints about personal information being readily available...Why the hell is that even a problem?! Now, the medical piece I understand is a different game, but just personal information in general. The REAL problem here is that I can gather up a few bits of your personal information and then other companies will start letting me open accounts in your name. The real solution would be to fix the problem of it being so simple to use trivial amounts of information to get away with this shit rather than try to protect the ocean of information being exposed.

Now, I do agree that on the IT end of things hospitals need to tighten up big time. Unfortunately, I think that is a trial by fire process. The various government institutions started locking down once the powers that be lost their asses or were otherwise shamed into finally listening to the IT security guys screaming bloody murder.

Re:Dangers of EHR

It also provides accurate records of those mistakes.

The hell it does. When I was a kid my dad once took me to the doctor. Unsure of my allergies, the nurse played it safe and put 'shellfish' down.

I eat shellfish all the time, I love it. Yet every time I visit the Dr. or hospital, they say "I see you have a shellfish allergy" & I say "No I don't you need to correct that" to which they respond "we can't".

The best way to get security in our medical records is this:

Hack as many records as possible, and add the proper information that will allow someone to receive Medical Marijuana (in the states which allow it. Then 'blow the whistle'.

The government couldn't care less about your personal information, but if the hippies are allowed to smoke more pot it'll be the biggest issue since 9/11.

Re:Dangers of EHR

[GargamelSpaceman]

I'm OK with EHR as long as the patient gets to redact what is stored. Sure, redacting things might be dumb, but it should be one's right nonetheless. In fact, Ideally there would be one master private medical record the patient has the option to redact and keeping any other medical records would be illegal.

Re:Dangers of EHR

[billcopc]

If a company bases its recruiting practices on health instead of aptitude, person A should be thankful they don't have to work for such imbeciles. There will always be work to be done, and people to do the work, thus there will always be employers willing to hire the right person for the job.

For everything else, there's labour laws.

Re:Dangers of EHR

[Will+M+Smith]

Its not like these politicians care for anyone. They are most likely spending taxpayer money on Wagaami. We are always running around in circles.

EHR from a software testing point of view

I saw this the other day. Basically, a pair of professors, one in law and another in computer science (specializing in software testing) are trying to bring the problems with EHR to a wider audience.

They call for testing and certification of EHR systems (Though thankfully not through the FDA).

It'll be interesting whether anyone listens to them.

Re:EHR from a software testing point of view

[winwar]

"Basically, a pair of professors, one in law and another in computer science (specializing in software testing) are trying to bring the problems with EHR to a wider audience."

And the problems essentially reduce to: do you want easy access or security. The best type of EHR is one that doesn't exist. I can't think of a good system that outweighs the negative. Although I would accept an opt-in system.

i can see it now

[ionix5891]

$emails = $DB->get('SELECT email FROM records WHERE records.dysfunction LIKE "%erectile%"');

foreach( $emails as $email ){

      mail($email, 'hello i hear you are in need of herbal via....');
}

Re:i can see it now

[CurtMonash]

LOL.

Exactly one of the things I suggested be made illegal.

Re:i can see it now

[swillden]

LOL.

Exactly one of the things I suggested be made illegal.

Spam is already illegal, so that problem is taken care of.

Re:i can see it now

[CurtMonash]

Might not be spam. ALL marketing based on medical information should be illegal, with only the narrowest of carve-outs for your actual healthcare providers.

Re:i can see it now

[swillden]

Might not be spam. ALL marketing based on medical information should be illegal, with only the narrowest of carve-outs for your actual healthcare providers.

Which will work just fine with respect to traditional marketing channels, but will be as effective against much Internet-based advertising as CAN-SPAM is against spam.

I have no objection to legal protections, but laws are insufficient. Actually, I do have one objection: laws often provide a false sense of security, and occasionally even work against the interests of the people they're supposed to protect.

What we need to assure the privacy of medical information is technological means to place the control of the data squarely in the hands of its rightful owner -- its subject. My doctor shouldn't have my file, I should. What information from that file is available in emergency situations should be under my control. Whether or not any of my data is available for use by researchers should be my decision.

The first step is to legally bar medical providers from storing patient data at all, and require them to give it to the patient. Unlike random distributed marketing organizations, health care providers are very easy to regulate and control. To make that work, we need solid, implementable standards for health care information exchange, not the convoluted, under-specified crap that HL7 et al have thus far developed. We also need a standardized FREELY AVAILABLE coding system, rather than the balkanized for-fee code sets we have now (ICD9, etc.).

Of course, after you put peoples' medical data under their control, there's a risk that they'll do stupid things and release stuff they shouldn't. To some extent, that's on them, but it's probably a good idea to back it up with legislation of the sort you propose, but as a backup, a safety net, rather than the primary privacy/security mechanism. Defense in depth is a key feature of any trustworthy security scheme.

Re:i can see it now

[Dolphinzilla]

Spam being illegal certainly has curbed its proliferation - NOT !

Re:i can see it now

[swillden]

That's my point.

Re:i can see it now

[CurtMonash]

Spam being illegal certainly has curbed its proliferation - NOT !

All kidding aside, I think you're wrong about that.

http://edge.networkworld.com/community/node/36965

Re:i can see it now

LOL.

Exactly one of the things I suggested be made illegal.

Spam is already illegal, so that problem is taken care of.

yes. of course. no one receives spam since it was made illegal.

Re:i can see it now

[dmr001]

This would be a fascinating study of evolution in action. As a physician, barring me from storing medical records would result in a host of epiphenomena: people purposefully withholding histories of mental illness, drug and alcohol addiction, and even high blood pressure diagnoses they didn't agree with. Moreover, population control could be augmented while untangling how we'd implement getting ahold of critical information in emergencies, or when people forgot their passwords or access keys. For what it's worth, in the developing world, where I worked for a while, people do carry their own medical records - typically on index cards or other scraps of paper they would bring to their appointments, as clinics could not be expected to bear the expense or trouble of maintaining them. This went for immunization records, logs of taking your TB medicine, and records of diagnosis and treatment of chronic diseases. Notwithstanding medical records being lost in open sewers when my disabled patients lost their balance on their crutches, the system didn't work very well. The sicker people tend to be, the more difficult it is for them to manage basic affairs. This strikes me as a solution looking for a problem. Just how often do people truly find their medical records being used against them?

Re:i can see it now

[swillden]

In the developed, networked world, there are simple and obvious solutions to all of the problems you mention. I disagree that people choosing to withhold information from their physicians is a problem. Yes, it endangers their health, but that's their prerogative, or should be.

Re:i can see it now

[swillden]

You're basing your argument on some random prediction that spam will stop being a problem during the next year, in spite of previous similar predictions which have been spectacularly wrong?

Spam is semi-controlled at the moment through purely technical means -- filtering. Unfortunately, filtering has made e-mail unreliable and reduced its value.

Re:i can see it now

[dmr001]

People withholding information from their physicians is already a problem. Forbidding me from maintaining any medical records is likely to make this worse. Why, just recently, in my own clinic:

• Mentally ill patient willing to see me, but declining to see a psychiatrist or allow me access to their old psychiatrist's records. Talks to bicycles and believes dogs are reporting his/her extrasensory perception abilities to FBI. History of threatening people on public transit, but hasn't actually done anything violent yet, so not eligible for the thoughtful intervention of law enforcement.
• Pregnant patient likely addicted to mind-altering substances but prefers not to get CPS involved in imminent childbirth; cagey about previous diagnoses and treatments.
• Odd hypothyroid patient thinks they really may have an astrological problem and not a malfunctioning gland, takes medication only at certain times, seeing alternative providers but prefers they don't share information so we don't get pre-conceived notions. As the thyroid gets more out of whack, the patient's clarity and judgment worsen.

You will note in 2 out of 3 cases, these people aren't only endangering their own health but that of innocents around them. The 3rd is just reinforcing his/her own downward spiral.

Re:i can see it now

[swillden]

And how does you keeping records help with any of those problems?

Re:i can see it now

[Jherek+Carnelian]

And how does you keeping records help with any of those problems?

Lets take that one step further - if these people know that the system is keeping records on them, then they probably aren't even going to come in for any treatment until its too late to help them any more.

It's all fine and dandy to argue that putting control of the system in the hands of benevolent professionals will end all kinds of bad behaviour, but the real world is never so simple. You take control away from people and they will do their utmost to assert it by any means they can, even if it is ultimately self-destructive - especially people for whom there is not much else left in their lives.

Re:i can see it now

[grimarr]

What we need to assure the privacy of medical information is technological means to place the control of the data squarely in the hands of its rightful owner -- its subject. My doctor shouldn't have my file, I should.

I don't see any way to make that work without adding a HUGE drag on all aspects of providing health care. All the participants in the process need to access the patient's data even after the patient has gone home to complete the care.

Imagine that my health care record was stored on something like a USB flash drive that I carried with me (when I wanted to), and ONLY there. I think that's what you're proposing. Here's how a typical 6 month checkup would work for me:

Go to doctor's office, let doctor view record so he knows what to check about me, get examined, let doctor load instructions to lab for some tests into the medical record. Pay doctor in full for visit. (See below) Go to lab, let lab tech see record so he can draw blood, etc. Go home. Lab calls, results are ready. Go to lab, let lab load results onto my medical record. Pay lab in full. Go to doctor's office, wait, let doctor see lab results, compare to previous results, etc. Doctor adds a new prescription (or changes existing dose) to medical record. Pay doctor for second trip in full unless included in first payment. Take record to pharmacy, let pharmacist see prescription. Wait for it to be filled. Pay pharmacy in full. Go to local office of my health insurance company, let claims person see record so they know how much to pay me. Insurance company agrees to send me the money, but it will be mailed from the home office in SlowMail, Nebraska. I go back to work, having missed work for at least three occaisions.

If no one is allowed to have medical records on you except you, the system devolves back to sneakernet -- your sneakers. And no one can bill your insurance company without some record of what they did or why, which they aren't allowed to have. I can only imagine what their financial auditor would think about having such sparse records of where their income came from. And when the DEA visited the pharmacy, and asked where all the Percoset went? They'd have no records!

I'm not a fan of any EHR proposal I've seen yet. But your health care providers need to keep records of what they have done to/for you. That's not to say that you shouldn't have access to them, but they need them, too.

The temporal framework

[Thanshin]

One of the problems with EHR is that it potentially follows you your entire life.

If information about your economic status, familiar situation, physical location, customs, etc. Usually becomes unreliable after some time. A leak on those informations slowly loses effect.

Medical information, however, is permanent in many cases. A single leak of a person's data can have fresh information for, literally, a lifetime.

Re:The temporal framework

[freedumb2000]

I wish I had mod points. I feel the same way about my fingerprints and DNA.

Re:The temporal framework

[MadKeithV]

To counteract that problem, I change my DNA and fingerprints every few weeks, together with my windows login and password.

Re:The temporal framework

[commodore64_love]

>>>A single leak of a person's data can have fresh information for, literally, a lifetime.

Go watch GATTACA for an example. Yeah sure they had laws to forbid discrimination against employees who had bad medical records, but since when do corporations follow the law? It is easy to make-up other excuses:

"This guy has a high history of heart problems according to his government file, so let's not hire him."
"We need a better excuse then that."
"Um... he doesn't know how to program Cobol."
"Yeah that will work."

And of goes a brilliant guy who, due to heart problems can't get a high-wage job, and is therefore trapped being just a lowly janitor or McDonalds burger flipper.

Re:The temporal framework

[gd23ka]

What most people don't realize is that this will not only be medical information such as your levels of triglycerides in your blood or
what prescriptions you have been subscribed to. It will also contain socio-economic information, anything from your income
and what you do for work to whether you are living alone or with a spouse, sexual orientation, number of children, psychological
assessments, etc. etc.

  Information will flow freely from in and outside the medical domain, as the scope and access to the data broadens. You may find
hospitals automatically drug testing your blood and placing the results online.. where it can again be accessed by the government, for example
for the purposes of parole / probation violations, child protective services (haha), revocation of professional licenses, revocation of
driver licenses.. in the end even notifying your employer all in the name of work safety and accident prevention.. and of course
raising the insurance premiums your employer has to pay which will ensure you being fired first thing the next morning.

Other than that, outside socioeconomic and judicial information will - even more so than it does today - affect your treatment as
well. Patients are already de-facto being categorized according to their perceived value to society (bio-ethics at its best) with the
level and amount of health-care doled out proportionally. With socioeconomic data readily available the decision can be made to
implant a 40 year old patient with an inferior artificial joint or even to withhold treatment he would otherwise receive according to bioethics
at his age and level of health.

In the end you will find yourself and your family come under scrutiny by various entities in and outside of healthcare whenever your profile deviates from
the norm over a certain threshold.

Re:The temporal framework

[EdIII]

Information will flow freely from in and outside the medical domain, as the scope and access to the data broadens. You may find
hospitals automatically drug testing your blood and placing the results online.. where it can again be accessed by the government, for example
for the purposes of parole / probation violations, child protective services (haha), revocation of professional licenses, revocation of
driver licenses..

This happens already in certain information systems.

Just look at the DMV and insurance as an example in the US. The insurance companies are required to notify the DMV when they are no longer insuring you, and are also required to notify the DMV of new policies. After a certain time period (i forget what) your registration status is changed automatically. This may be entirely electronic or may have human beings involved. Never the less, the same outcome occurs as there seems to be no verification of data being performed by anyone or anthing. Get pulled over by the police and your registration card and proof of insurance are meaningless. The officer is allowed to trust the data at his terminal and disregard the data you have in your own hands. The officers are of course empowered to make judgment calls, but most will just issue a "fix it" ticket. In their minds they have not harmed you at all. However, you are the one that needs to take your time (time is money--ALWAYS) and absorb the travel costs to go down to the local city building and then prove to them the ticket was incorrect. Of course to do that, you will need something from the insurance agency showing that you have had insurance (without interruptions) during the period of your registration.

If the officer does not believe you.... well then you are truly screwed. According to the law in most places, you are at risk for ticket after ticket after ticket after ticket until your vehicle is placed on private property. This is why the officer will not even let you drive away on your own. They demand the vehicle gets towed. That did happen to me once already. I had to have my vehicle towed to my drive way.

This happens all the time. My friend has had this happen to him without fail for the last 2 years. Every 2-3 months like clock work he gets another letter from the DMV saying that he will lose his registration for not being insured. He was insured. Has been insured. Not even one second without insurance his entire adult life and while driving as a teenager was insured by his parents policies. All the conversations with the insurance agency and DMV supervisors have been pointless. Nobody has ever compensated him for time he needs to take off work, and to borrow a friends car, gas, etc. No apologies. Just blind faith in the miraculous box that sits on their desk. I mean how can you compete with an electronic box on a desk? They are never wrong... right?

The DMV and insurance is just one example where automated procedures are wreaking havoc on the end users. Systems DO FAIL. All the TIME. Thankfully most of time the damage can be mitigated and most people are compensated. As an example, Verizon screws up on my account and bills the crap out of me due to some error that did not apply the appropriate data plan. One phone call later and a supervisor apologizes and then even gives me a $10 credit for the hassle. At least it was isolated the increase in my bill (which was multiple zeros) did not automatically propagate to other information systems and automatically affect my debt ratio leading to an increase on my interest rate on my loans.

What you are talking about is a HUGE NIGHTMARE. Can you even imagine a lab technician incorrectly switching the labeling on your test with some habitual drug addicts test? Next thing you know, your boss is saying that you are fired, protective services meets you at home where they are taking your kids (crying), you cannot legally work in your trade or EVEN DRIVE A CAR

Re:The temporal framework

[gd23ka]

Good to see you for the most part on the same page with me man. Here with this system we're not talking about
people "just" losing their credit and their transportation, this goes much further. Assume with the new system
your physician is required to report your weight and a "nutritional profile" you filled out while at the office. The
nurse entering the data is taking it off a hand-written list the doctor hands her each evening.. and she's sloppy
sometimes, because she needs to be at the day-care before 6pm to pick up her child or they will charge her
extra and she can't afford that. So she will sometimes just look at the patient id number and then enter arbitrary
weights going from what previous weight was listed a few months ago and she'll click the nutritional profile
choices randomly.

You however - having been ordered to lose 30lbs over six months - may have actually lost that weight and you
have checked the "right" "sustainable" "eco-friendly" answers on the the profile.. and still you get a letter in the
mail telling you you are in violation of whatever health code, you're now facing a misdemeanor charge and you're
being fined for it. Your employer is receiving a fine as well in the guise of having to pay more insurance for you
(i.e. potentially making you unemployable) and you have forfeited 15% of your yearly carbon allotment for the
criminal offense. On top of that now you're under medical supervision which means you will have to see a
physician every month now and they will compliance monitor you with unannounced testing to see that you're
really taking that cocktail of prescriptions (statin drugs, blood pressure drugs, "anti-depressants") that are now
mandatory to take if you are prescribed them. Your marijuana habit needs to be put on hold too btw it goes without
saying.

What's more segments of the population can be declared "unhealthy" with a stroke of the pen. Just think of people
with certain genetics, such as an inability to produce a certain protein or they produce a slightly different version of
a protein. They could be prescribed (dubious to outright dangerous) treatments with a mouse-click. How about
women agegroup 45+ with the BRCA1 cancer gene. They could be prescribed "prophylactic" radiation and a "soft"
form of chemotherapy even though they show no signs of cancer... just as a "precaution". No doubt that would give
the health/oncology industry a lot more bodies to process. Or if you're a guy, how does the prophylactic removal of
your prostrate after your 40th birthday fetch you, say because you've been identified with a "risk gene". And there is
nothing you can do about it, as treatment has become mandatory. If you don't go, they'll come and get you. If they
have to get you, there are consequences before, during and after. These prophylactic treatment drives of course will
never affect larger segments of the population, just every once in a while a segment of say 200,000 - 500,000 people
the more invasive and painful the treatment the smaller the segment, the "easier" treatment is administered, for
example a "treatment" with lower dosed AZT for say 20 days, the larger the segment. In any event, if those treatments
go "horribly wrong" the victims will never be heard or be brushed off as "hyper sensitive", "hypochondriacs", unfortunate
exceptions or even prosecuted outright for libel.

Hehe call me a kook all you want :-) but I'll be in your face telling you "I told you so". Enjoy.

Seperate nationwide network

[modmans2ndcoming]

banking has a network for wire transfers that is not accessible from the internet. Make electronic medical records transferable and accessible only from within a closed off network. Then information can not be stolen from an outside attacker and you are left with the same risk you had before, insiders stealing data.

Re:Seperate nationwide network

[fulldecent]

except that... banks have an incentive not to get hacked, their money is at stake. hospital do not have an incentive to prevent information leaks.

Re:Seperate nationwide network

[DMoylan]

not sure that would really work. was in hospital 5 weeks last year over 3 occassions.

most of the pcs containing records were generic compaqs that we sell at work. i was left on many an occassion in cubicles with these machines with a curtain giving a fair chunk of privacy to any attempt i should want to attempt. and the medical staff are not i.t. people thinking of security or fast typists so i was able to see a few of the passwords been typed in. out of curiosity more than any other reason this was interesting as we have customers in the security industry and i'm used to seeing staff be cautious with passwords/logging in.

with the doctors permission i took pictures of my mri scans from the screen and the small text was perfectly readable on my nokia e71. so it didn't need a usb drive or connection to copy the data.

this was in ireland so i'm sure that there are better more secure systems out there. however unlike a bank many of these terminals will be in semi private areas so that medical staff can refer to them while dealing with a patient in confidentiallity.

Re:Seperate nationwide network

Actually, HIPAA and various other regulations have penalties unauthorized disclosure. So they do have some financial incentive to protect the information.

There are also laws that require notification of people whose information has been compromised (you frequently hear about these in the news). These have financial costs as well as being bad for the reputation of the companies involved.

Re:Seperate nationwide network

You are correct. There are incentives to prevent disclosure.

An air gapped network is a significant expenses, currently only justified by defense and banking.

Re:Seperate nationwide network

[modmans2ndcoming]

I think the medical system warrents it as well.

As part of the EMR legislation, there is no reason that a network connecting hospitals over an air-gap netowrk could not be included with funding. If they want to go as far, they can even fund dr's offices getting connected.

Re:Seperate nationwide network

[modmans2ndcoming]

it is more about remote attacks. Even with a paper record, someone can get in and take it. most of the time, paper charts are at the end of a bed, or outside a door, or on the front desk, etc.

Re:Seperate nationwide network

[EdIII]

The idea of a separate network is a great idea actually. The best I have heard so far. However, it does not need to be air-gapped.

This can be created with funding and some strict certification programs for manufacturers and service providers. I see no reason that access to these networks cannot be accomplished through VPN circuits offered by local ISPs. The idea being to make it suitably difficult for someone outside the network to hack it. Not so ludicrously difficult it requires Tom Cruise and Ving Rhames to get around the security.

VPN already offers this. Compromising a properly setup enterprise VPN is no trivial task. If all access goes over these VPN's then that is a fairly high level of security. Air-Gapped is just over board in my opinion here.

Most theft and unauthorized disclosure of medical records is an inside job anyways. I have never heard of an organized attack to steal medical records as they are pretty hard to sell since the penalties for using them are fairly high. Just who are they going to sell to anyways? Marketers? Great. A marketing campaign that puts everybody in prison.

A protected nation wide network that results in a paperless environment is a good thing. It does make it more efficient. However, you need to separate this into two distinct areas:

1) The rules and regulations regarding the infrastructure itself. How it is created, what levels of encryption, authorized providers, etc.

2) The rules and regulations regarding the information residing on that network. When can data be accessed by terminals. Access records and employ authentications required for every single viewing and modification of the records. Data segregation so that certain parts of a medical record need to be accessed by only certain types of users. Abortion records, VDs', AIDS, HIV, etc. can all have a higher privilege level so that only a doctor can view it.

I think the real problem with an idea like this is that is a complete overhaul of EVERYTHING. No more paper records, filing cabinets, etc. No more standard PC's operating the interfaces. Every hospital and doctor's office from the smallest to the largest will have to change by federal law.

That is a huge project. Creating the information system itself is one thing. Populating it with medical records is entirely different. There will be billions spent just on hiring the companies that will convert paper records to electronic ones and they will have to treat it like its asbestos. You can't expect a private practice to undertake this themselves. They will have enough on their hands just adjusting to the new terminals and how you operate them. Doctors will have to take around tablets to enter data.

Now we face the real problem. Where most of the disclosures occur. It's the end users in the offices themselves and that environment that leads to most of the incidents in the first place. Creating the infrastructure is trivial compared to actually changing that environment on the ground in hospitals and private practices. Population of the data and changing the environment are vastly more difficult steps than creating the infrastructure, but it will have some interesting requirements in order to work.

Data backups, fail over, and load balancing. There will HAVE to be nodes distributed across the entire US. The whole network itself will have to be redundant. Not impossible. Yahoo, Google, MS, Facebook, they all do it now. However, nobody died because they could not get Google to come up on a browser. In events like Katrina, there will have to be redundant pathways to access a regional node.

The scope of this project is starting to sound like going to the Moon.

Welcome to the 20th Century, USA.

[tygerstripes]

This has been in place in many other countries for years, including the UK where - for all the bureaucracy and wastage of the NPfIT initiative - it's been largely successful.

The system isn't perfect, and human error is the main source of problems and breaches (as ever), but the benefits have so vastly outweighed the risks that I'm surprised this is even being debated.

Most importantly, all the problems envisaged by critics have already been anticipated, encountered and (largely) overcome in other countries. Take a look outside your borders and learn a few things. Find out what works and what doesn't, and use the mistakes of others to build a better system. Just don't start panicking over nothing. This is not a pioneering initiative, in global terms.

Re:Welcome to the 20th Century, USA.

[commodore64_love]

I hear a lot of UK citizens complain about Parliament's healthcare. One guy said, "We're treated as just another cog in the machine, and if the bill costs too much the politicians have decided to send us home without care so they can save money. This happened to me several times."

Re:Welcome to the 20th Century, USA.

[tygerstripes]

Fair comment, but that's because our health-care system is knackered and has been run into the ground by the government for years. Nothing to do with the information systems, everything to do with under-funding and heavy-handed, bureaucratic micro-management, usually based on political knee-jerk responses to the latest media orgy.

Any UK resident who's had dealings with the NHS (National Health Service) will tell you the same: no problems with records, information management or any of that. It's just the provision and availability that's a post-code (zip-code) lottery. Don't even get me started on trying to find a dentist in this country...

Re:Welcome to the 20th Century, USA.

[aethelrick]

having worked in patient care software for the NHS for the last seven years with many other vendors and 3rd party systems. I can honestly say that national program for IT is largely useless (from a clinical perspective). The project has been cut back so many times that all it amounts to now is a patient master index that contains no clinical information (e.g. a big list of names and addresses). Useful clinical data is locked in departmental systems where no-one can get access to it because no decent minimum national standards exist for storage and transmission of data from one system to another. Issues around data privacy have not been addressed, some recommendations have been made but none of which cater for what is to be done with the bulk of clinical data in legacy systems and how this data is practically going to be migrated.

Re:Welcome to the 20th Century, USA.

[commodore64_love]

>>>our health-care system is knackered and has been run into the ground by the government for years.

Wouldn't it be nice if you had CHOICE? i.e. If the Parliament-run hospital sucks, you could switch to a different hospital, like Apple or Linux or even (shudder) Microsoft Hospital? Choice is better than a monopoly. If the monopoly sucks (it does), you're stuck with it.

Re:Welcome to the 20th Century, USA.

[gad_zuki!]

The difference being that Americans have been fed so much corporate propaganda about healthcare and political propaganda about expansion of government services, that they just dismiss successful programs overseas as impossible or astroturf right-wing talking points about "how they dont really work." You'll see this in replies to your post in 3...2...1...

Re:Welcome to the 20th Century, USA.

[tygerstripes]

There is a private health-care industry in the UK - and it's growing all the time, out of sheer necessity. It's just prohibitively expensive for the proles, especially given that we already pay for the NHS, which is chartered to provide for every person's health-care needs.

"From the cradle to the grave" used to be an unofficial slogan, back in its more socialist hey-day. Now it's more of a grim prediction...

Re:Welcome to the 20th Century, USA.

[tygerstripes]

I feel for you, I really do. Just wait and see what happens with ContactPoint, the new all-embracing central child database. Home Secretary's dream come true, I tell you...

Re:Welcome to the 20th Century, USA.

[N1AK]

including the UK where - for all the bureaucracy and wastage of the NPfIT initiative - it's been largely successful.

I don't work with and haven't used any of the NPfIT systems, however I have read a lot of coverage regarding this including recent material in IT and Medical news sources. I certainly haven't gotten the impression the system is remotely successful. I'm not saying it isn't, but I'm yet to see anything that doesn't make it sound like a gigantic project failure, that has completely lost site of its objectives and isn't finished even though it is massively over-budget and past-deadline.

If anyone can link to some decent sources that have a positive opinion on the services to come out of NPfIT then I genuinely would like to read them.

Re:Welcome to the 20th Century, USA.

[commodore64_love]

That sounds a lot like the U.S. School System. We have private schools, but since the school tax is ~$3000 a year, people simply lack the money to choose the private option.

I'd like to see a system were, if parents send their kids to private school, they would be exempt from paying school tax for that year. It would give people the extra money they need to "escape" the government school.

Re:Welcome to the 20th Century, USA.

[plasmacutter]

Most importantly, all the problems envisaged by critics have already been anticipated, encountered and (largely) overcome in other countries. Take a look outside your borders and learn a few things. Find out what works and what doesn't, and use the mistakes of others to build a better system. Just don't start panicking over nothing.

the importance of doing things right the first time in the US is paramount.

Unlike other nations, special interests will quickly man the barricades and block any and all attempts to remove "beneficial" loopholes from laws.

See: Medical insurance rate hike work-around for policy cancelleation, DMCA section 1201, Internet neutrality, and much much more.

Re:Welcome to the 20th Century, USA.

>take a look outside your borders and learn a few things

I am originally from outside the U.S. borders, from a country with social medicine and the thought of having my medical records in an unprotected form, or a form that is dictated by the medical industry for their own gain scares the hell out of me.

Why? The level of corruption and collusion between elected officials and industry is staggering. Look at the past eight years and if you think that those kinds of politicians and the government official they put in charge would not release the information contained in medical records for their own gains, then you're an idiot.
 

DRM based OSes

[jbolden]

Essentially what you need is DRM. The data is only available on a limited number of machines and then strictly limited in what you can do with it, with strong audit trails. Not using general purpose computers but rather devices might help.

But in the end I don't think this is likely to work, the incentives for hacking are too strong and the distribution has to be too wide. EHRs mean that there will be substantially less medical privacy in exchange for better medical care and lower costs (70b-300b / year). That doesn't seem like a bad trade.

Re:DRM based OSes

[CurtMonash]

the incentives for hacking are too strong and the distribution has to be too wide.

Hence the need for strong laws to add to the DISincentives for hacking.

Re:DRM based OSes

[jbolden]

I don't see that as likely working. The main problem is the only crimes the US law enforcement seem to really care about are speeding and murder.

A produces a legit machine which can access records
B produces a machine that spoof being a machine of type A but also copies the records off via email.
C owns a medical office
D get a job in C's office as a receptionist. and replaces A's machines with B's machines over a period of a week. D then quits and gets a job at another office....

E lives outside the US and receives the records. Each machine of type B has pushing through say 500 records / week on average. Placement is currently costing about $1500 per machine and they work for say 20 weeks on average before the scam is discovered.

That works out to 7 records for a $1.

Re:DRM based OSes

[russotto]

Hence the need for strong laws to add to the DISincentives for hacking.

There's only so strong you can make the laws. You can make the penalty death and forfeiture of all property to the state, but if the incentives FOR it are strong enough, and the chance of getting away with it perceived to be good enough, it'll happen anyway.

Re:DRM based OSes

[CurtMonash]

And those records will illicitly be used -- how? Spam? We all get plenty of medical spam anyway. Non-spam? Legitimate businesses can be seriously penalized. Discrimination? Too much of a "paper" trail for discrimination to use that vector.

Re:DRM based OSes

[CurtMonash]

Hence the need for strong laws to add to the DISincentives for hacking.

There's only so strong you can make the laws. You can make the penalty death and forfeiture of all property to the state, but if the incentives FOR it are strong enough, and the chance of getting away with it perceived to be good enough, it'll happen anyway.

No argument. But my point is that the incentives FOR using people's medical records against them aren't really that high, especially if the what the records show is merely elevated probabilities of some unfortunate outcome(s).

Re:DRM based OSes

[jbolden]

Oh I see. You mean make it illegal to receive the records not create them. That means you have to hit extracts from, derived works from the records regardless of source. I have some serious questions about the constitutionality of laws like that. Remember you have to be able to prove beyond a reasonable doubt a law was broken.

Try and write one up that gets around all the ways the data can me modified and then sold.

Re:DRM based OSes

[CurtMonash]

Oh I see. You mean make it illegal to receive the records not create them. That means you have to hit extracts from, derived works from the records regardless of source. I have some serious questions about the constitutionality of laws like that. Remember you have to be able to prove beyond a reasonable doubt a law was broken.

Try and write one up that gets around all the ways the data can me modified and then sold.

Now you're on the right track!

I'm sure I haven't thought of everything that's necessary. But I'm game for as many rings of defense as it takes. You mustn't transfer the info illicitly. You mustn't sell it. You musn't buy it. You musn't use it for the purposes people would want to buy it for. And you surely mustn't do hacking to get it.

Re:DRM based OSes

[jbolden]

OK I can see that working. With a dozen rings of defense you get rid of most of the incentives to puncture 5 of them since the majority are still left. The conspiracy just takes too many people.

Unlikely

[professorguy]

OK, I run a hospital network, so I see medical data whizzing around more than most people. Here's a typical example:

.

A doctor dictates his diagnosis into a microphone on a PC. It becomes a data file. It sits in his output queue. It is then sent to a server to be electronically signed (a Word Macro is run). It sits on it's input queue until done then sits in its output queue. Then it gets sent to an HL7 routing engine where it sits on queues. Then on to our medical database. This generates some billing info which goes to the HL7 router then on to a private company in Tennessee, which sends results to a website....

Now I'm sure there will be controls on who can get at the medical database. But what about the data whizzing around the network? Tell me about the audit trail that lets me know who saw some of the info generated by that one encounter. Because it sat on at least 7 machines in 3 states for some amount of time.

And now you want each of those machines to check to see if the patient has signed off on that machine getting the info? Good luck with that.

And if someone shows up unresponsive in the ER, how do we send the X-ray to the remote radiologist if the patient can't release the data? And if 'emergencies' override that control, expect to see EVERY encounter be an emergency.

Re:Unlikely

It's true that most people aren't aware of the complexities related to the movement of medical data.

However, your argument implicitely assumes that the system can only work the way it works today, which is not true. I've seen the same thing in various fields, and the net effect is always the same: The subject matter experts, instead of working with those building the new system to make sure the requirements are fully understood, insist that the latter "just don't get it". The system gets built and deployed anyway, everyone lives with an inferior finished product, and nobody particularly cares when the old guard say "I told you so".

"expect to see EVERY encounter be an emergency"

Maybe. If abusing emergency overrides is illegal, probably not. Most people won't deliberately put their professional futures at risk just to take a short-cut.

Re:Unlikely

I agree 100%. It is clear that most commentators here have never worked in healthcare IT, or on medical software. For all the hospitals I have worked with all the HL7 data is sent unencrypted over their networks. Hell, I bet the 15 year old ADT or Lab system they have can't do anything else.
From what I have seen HIPAA compliance is more about audit trails then security that stops you from seeing something. If a doctor at the hospital needs to see your records and you are in the ER, they will get to see them.

I think the big problem with universal EHR is getting the data. There is no real standard for all these reports and notes. Every vendor and hospital does it their own way. I know many hospitals that have had EHR for years and still just scan in TIFFs of tons of documents like DNRs, EEGs, etc.

Re:Unlikely

[krenaud]

The experience I have with electronic journals is the Swedish drug prescription system. All my prescriptions are stored electronically. I can logon to a website and use my electronic-ID issued by my bank to access information about my scrips and when they have been accessed. I can use the website to order drugs to a chosen pharmacy or get them sent by snail-mail (restrictions apply on which meds can be sent)

If I want to order by telephone the operator cannot access my records before I have entered a pin-code. At the pharmacy I need to present a drivers license or other valid ID and the pharmacist(?) must scan the barcode in order to access my records. This access is also logged.

Electronic medical records can be handled in a similar way where audit trails are present. One could limit access to health providers that the patient has authorized.

Having a privatized health care system presents a problem since it probably is impossible to create a central system for handling records. This means that synchronization and securing that data is handled in a safe manner is very difficult. Using oublic key encryption on all data makes it easier as only the private keys need to be handled safely. Requiring that keys must be requested each time the data is to be accessed is perhaps a good way to be keep access auditable and lessening the risk that lost data can be read by unauthorized persons.

The case you mention with unresponsive patients is easy. All data can be added to the e-journal using the public key. The data can also be sent the normal electronic way internally within the hospital to be deleted after the patient has checked out. Emergency procedures can be implemented so a notification is sent to the patient via snail mail if they are used thus limiting misuse. Or simply stop non-authorized care givers to access the data. Sure, ERs will not have access to all info, but that is not any different from the situation today.

I'm sure experts on public key encryption can device a system which works well if they are consulted.

Re:Unlikely

[zuperduperman]

> And if someone shows up unresponsive in the ER, how do we send the X-ray to the remote radiologist if the patient can't release the data? And if 'emergencies' override that control, expect to see EVERY encounter be an emergency.

I think in cases like this it's the audit trail that is important, not the release. In other words, a physician should merely need to declare that it is medically necessary and authorize it with a digital signature (which may be a thumb print or swipe of a smart card or something extremely simple in practice). Then data flows freely to whoever you authorize and the important thing is not where the data goes but that the audit trail is sufficient to document it - and that the trail is open and visible to everyone including the patient (when they wake up). If everyone knows the audit trail is visible and their actions are public then they are far less likely to abuse the information.

Re:Unlikely

[Evanisincontrol]

Most people won't deliberately put their professional futures at risk just to take a short-cut.

Apparently you don't know any doctors or nurses. Doctors and nurses take "short-cuts" every day, because if they didn't they would never get to see all of their patients.

You don't believe me? Tell me that you honestly believe that doctors read every word of a legal document that they put their signature on, or that nurses always ask every procedural check-up question of every patient that comes into a hospital. Believe me, they are putting their professional futures on the lines every time they ignore one trivial piece of a trivial process, yet if they actually followed those precesses to the letter, no one would ever see a doctor in a hospital.

Your health is not at stake

[thereimns]

"Medical care is full of information waivers, much like EULAs, only with your health at stake."

This is sloppily worded, but let's be clear that medical privacy is not the same thing as "your health". If someone sees my private medical records, it doesn't make me sicker. If anything, more eyeballs would tend to make me less sick, as medical errors would be more likely to be caught.

Re:Your health is not at stake

[CurtMonash]

"Medical care is full of information waivers, much like EULAs, only with your health at stake."

This is sloppily worded, but let's be clear that medical privacy is not the same thing as "your health". If someone sees my private medical records, it doesn't make me sicker. If anything, more eyeballs would tend to make me less sick, as medical errors would be more likely to be caught.

What I meant is that if you want to reject the EULA, you can't use the software. If you want to reject the waiver, you can't get healthcare.

Great idea?

[Mr.+Slippery]

Funny this should come up, considering what I just read last night in the RISKS Digest:

Software glitch causes incorrect medication dosages
Jeremy Epstein jeremy.j.epstein@gmail.nospamnospamnospam.com
Fri, 16 Jan 2009 11:51:46 -0500

``Patients at VA health centers were given incorrect doses of drugs, had needed treatments delayed and may have been exposed to other medical errors due to the glitches that showed faulty displays of their electronic health records, according to internal documents obtained by The Associated Press under the Freedom of Information Act. The VA's recent glitches involved medical data -- vital signs, lab results, active meds -- that sometimes popped up under another patient's name on the computer screen. Records also failed to clearly display a doctor's stop order for a treatment, leading to reported cases of unnecessary doses of intravenous drugs such as blood-thinning heparin. According to interviews and the VA's internal memos, the glitches began after the VA distributed its annual software upgrade last August [2008].''

The proposition that EHR are a good idea remains as unproven as the idea that touchscreen voting machines with no paper trail are a good idea. Sometimes electronic documents and records introduce brave new failure methods that outweigh any benefit.

That actually happened to me

that you once tried to overdose on aspirin 25 years ago, as a 14 year old

I tried to kill myself by taking 500 aspirin. But after the first two I felt better.

It's just as simple as...

...Making your information no longer valuable. What use are medical records to a script kiddie if we're in a single-party payer system? Not that I'm a fan of either one...Obama's friends on the left seem to favor this approach..not that he necessarily does. Just sayin..

Underfunding? You are joking, right?

[jotaeleemeese]

The amount Labour has thrown to the NHS is almost obscene.

There is a lot of mismanagement to be sure (if it is worst than a bank would be open to debate, at least most people get relatively decent health service) but to say the NHS is underfunded is not a serious point, as can be quickly checked.

Many people have private insurance.

[jotaeleemeese]

I am by no means rich and have been privately insured all my working life in the UK.

When I need to be treated quickly I go for private insurance, for long term treatment I rely on the NHS.

Re:Many people have private insurance.

[commodore64_love]

Private insurance is okay, but still gives power to somebody else to make decisions.

The only way to have true control over your health is to pay the bills yourself. I don't have any insurance. By choice. Every time I look at the annual enrollment, I decide it's cheaper to pay my dental bills (~$300 a year) or medical bills (zero) using my own cash. If I had insurance I'd be paying-out ~$5000 a year. For virtually nothing.

I see no reason why I should make the insurance CEOs richer.

Re:Many people have private insurance.

[Ihlosi]

The only way to have true control over your health is to pay the bills yourself. I don't have any insurance. By choice. Every time I look at the annual enrollment, I decide it's cheaper to pay my dental bills (~$300 a year) or medical bills (zero) using my own cash.

Just wait until you get hit with that six-figure medical bill and a few months of not being able to work ("Yeah, right, that's never, ever gonna happen to me."). What will you do then, stick your doctor (and that means all the other patients) with the bill?

Why does the information need to be centralized?

[jotaeleemeese]

Whose information is that?

The patient's.

Who should control it?

The patient.

Any other solution should not be allowed to prevail.

An intelligent card, easy to back up at home and protected by well thought of security mechanisms is all what is needed.

There is no need for massive centralized databases, you just send the encrypted information to the person that needs to see it in an "as needed basis", perhaps by swapping your card in terminals connected to a private network that allows the sharing of this data.

 

The biggest difference.....

[DigitalReverend]

between the U.S. and the rest of the world is the rest of the world gives up their rights readily and freely without a fight. You claim to welcome us to the 21st century simply because it's based on technology, and I say, enjoy the your life in 16th century based on the rights your government protects for its citizens.

Re:Why does the information need to be centralized

[joocemann]

I completely agree. I do not understand, whatsoever, how it is burdensome for a patient to bring their medical records to their doctor. The doctor and/or hospital keep those records privately; access and review/add to them when necessary--- and if the patient needs to see another doctor, they can get a copy and carry them on over to the new doctor.

This is how it already works; this is NOT a big deal.

The market takes care of that

[mangu]

employers are digging-up 10-15-20-year old posts or photos from the net, and using them as justification to not hire someone

Unless you were remarkably more stupid than everybody else, those old posts or photos will be much like everybody else's, and that employer will have a severe difficulty in finding *anyone* to hire.

The main difference between credit records, personal blogs, and health records is that you and nobody else was responsible for what you did in you personal and financial life. If you find it difficult to get credit or a job because you acted more stupid than average in the past, that's a problem you created for yourself. But health records are a different matter, they depend mostly on genes your ancestors gave you, it would be rather unfair if you were blamed for that.

Re:The market takes care of that

[commodore64_love]

I've seen a couple U.S. teachers get fired for posting family parties in which drinking occurred. I don't consider drinking to be wrong, or any different than how other people act, but the teachers still lost their jobs.

I know one girl who posted her trip to a Penn State Football game, and no surprised everyone was drinking because that's what people do when tailgating. I can't help wondering if some future HR ___hole will discover those photos and fire her.

Re:The market takes care of that

[mangu]

I can't help wondering if some future HR ___hole will discover those photos and fire her.

Could be. But if that HR ___hole is consistent, s/he/it should be equally meticulous with everybody else, and fire everyone, because everyone has been at a party some day. Or else, s/he/it will dig stuff at random and fire somebody at random, at which point it doesn't really matter if the stuff came from the internet, from an old blog, from a health record, whatever.

A true asshole of a manager will fire someone because he eats a salad for lunch or because she drives a Pontiac, and invent some valid pretext for the firing. But, in the end, that manager will suffer because the team will be formed entirely by assholes and assholes cannot bring a profit for the company as consistently as a competent team will.

Re:Why does the information need to be centralized

Because sometimes, shit happens to the patient and the exact nature of how they're taken to the hospital may prevent them from carrying their EHR with them. In that case it'd really suck for the hospital if they didn't have the record on file or access to another hospital that did. Maybe the patient is severely allergic you're about to give him. Added to whatever current condition the patient has, you might kill him.

Re:Why does the information need to be centralized

[winwar]

"In that case it'd really suck for the hospital if they didn't have the record on file or access to another hospital that did."

Which is the current default. I don't see a huge outcry about this.

"Maybe the patient is severely allergic you're about to give him."

Also the current default. Which is why they make medalert bracelets. If you have a severe medical problem, you already have the info on you. At least if you give a damn. Problem solved.

EHR's are a solution to a problem that patients don't have. It would be great for employers, insurance companies, the government, software companies, etc. But not really for the patient (or the doctors).

Solution to a problem that a patient doesn't have

[winwar]

Have you ever read your records?

They ALL have errors. And omissions. Lots of them. Often important ones. There is even relevent information that is not included with them.

It won't get better with electronic records. It will probably get worse (one universal input format). The (unwilling) doctor will be expected to enter the information into the computer. As a result, the information will be notated on paper or recording device (more errors) and transcribed (yet more errors). Then any information that does not fit into a standardized category will be lost. Wow, what an improvement!

Not to mention the fact that my records will now be public for all intents and purposes. At least with paper records you have to know what doctors I have seen and have to physically find and access them.

No, that's not what's necessary.

[plasmacutter]

Develop a new network port completely different from cat5. (this network will be separate from the internet just like bank transactions are today)

Make regulations requiring any computer with this new network port not be allowed to carry cat5 or wireless, and that the computers be kept in a feraday caged room with no cat5 plugs or wireless.

Limit electronic storage of medical records to those computers, with transfer to paper required for every other use.

Then institute hefty criminal and civil penalties for anyone caught in possession or use of illegally obtained criminal records.

No need for orwellian systems, no need to burden individuals with hefty costs for new equipment, and minimized leakage.

Re:No, that's not what's necessary.

[jbolden]

The medical record system has to be integrated with the rest of the business, like insurance claims processing. Further the machines have to not support standard networking otherwise anyone of them could be a relay point.

You are talking about millions and millions of machines here.

Re:Why does the information need to be centralized

[plasmacutter]

There is no need for massive centralized databases, you just send the encrypted information to the person that needs to see it in an "as needed basis", perhaps by swapping your card in terminals connected to a private network that allows the sharing of this data.

Wait what?

Re:Why does the information need to be centralized

[cdrguru]

Unfortunately, patients are not trusted with medical records. Any possibility of alteration or forgery cannot be permitted, because this would invalidate the concept of those records being reliable.

Why would a patent alter their records? Malpractice for one. Insurance scams. Drug seeking parients. Basically anything you can imagine.

This is why you can have a copy and not the original of any records today in the US. And every provider is responsible for their own records.

Re:Why does the information need to be centralized

[Jherek+Carnelian]

Unfortunately, patients are not trusted with medical records. Any possibility of alteration or forgery cannot be permitted, because this would invalidate the concept of those records being reliable.

Easily solved with a system of digital signatures that enforce an audit trail.

Re:Why does the information need to be centralized

[zuperduperman]

Unfortunately life is never that simple.

Medical records may contain information that the patient should not see - or to put it better - doctors constrained by the restriction that the patient sees everything will not provide optimal health care. For example, if a doctor suspects a patient is an alcoholic, but letting the patient know that will cause them to stop seeing the doctor ... how should that be documented? If we say the patient owns their records and can see everything then doctors simply won't document these things at all, which is not an optimal outcome.

Also - can we hold doctors legally liable for information in the health record if they themselves do not have access to it? This is a thorny issue. I would not like to be held responsible for information that I cannot even myself view. What happens if a doctor thinks of a complication after the patient left?

Where's your tinfoil hat?

[js_sebastian]

To counteract that problem, I change my DNA and fingerprints every few weeks, together with my windows login and password.

You're that paranoid, and you use windows? You should be underground somewhere in a faraday cage running some obscure BSD variant no one has heard about, and posting to the internet using a telepathic connection to the lynx-enabled terminal just outside the faraday cage...

Re:Where's your tinfoil hat?

[MadKeithV]

No, don't you see? That's what THEY expect. They're red-flagging all the strange holes in electromagnetic radiation and all the people that aren't doing file sharing.
Using Linux?! That's practically a ticket to Guantanamo Beach right there!

Inherent Impossibilities in EHR

The problems of implementing EHR privacy are actually similar to the problems of implementing DRM. You attempting to hide information from the very people who control the system. So it is a losing battle.

And why are we in this absurd battle? Because health care payees - insurance companies, have a financial incentive to abuse whatever knowledge they have of a person's health conditions.

So essentially, we doomed to have more insane, self-defeating systems as long as we have a private health care system.

Re:Why does the information need to be centralized

[joocemann]

Because sometimes, shit happens to the patient and the exact nature of how they're taken to the hospital may prevent them from carrying their EHR with them. In that case it'd really suck for the hospital if they didn't have the record on file or access to another hospital that did. Maybe the patient is severely allergic you're about to give him. Added to whatever current condition the patient has, you might kill him.

I'd prefer to OPT-IN by making my records available to any local hospitals; or at least to opt-in to a national health database system.

The current plans seem to leave no option available other than---your records, made public. Yes, they pretend the records will be private, but how many large databases of information get compromised every single day? I'm not even 30 yet and I've received at least 5 (that I can remember) notices from places that keep my information private, alerting me that it has been compromised.

Let me spell this out for you real simple. Insurance and medicine are still generally private in the US. With most anyone who deals with records at hospitals having access to the centralized database, your records are now available to and resting within the responsibility of thousands and thousands of people; none of which are perfect, or even necessarily 'good' people.

Your medical history is as private as your anus, your porn favorites, and that little thing your wife loves you to do. Would you like thousands of people to have the ability to make your anus public with the click of a mouse? What about your history of alcoholism and drug abuse?

Privacy must be protected. Given a centralized system that is accessed or even developed by humans, we will not have any privacy. Even if all but one of those with access is a good person, that one person, acting on deliberate interests, or possibly manipulative interests (medical espionage) like needing money, drug abuse, companionship, etc, can make anything in that database available to anyone who asks them for it.

Think about that for a minute... If it doesn't bother you yet, you're too young to have any medical history worth keeping private.

Re:Why does the information need to be centralized

[slartibartfastatp]

What if the patient loses his/hers card? What if his in an emergency and happens not to walk with that card in the pocket? Also, these information is not relevant only when the patient is in front of a doctor - sometimes, the case is reviewed by a board, or acessed for preventive care (like, your parents had cancer and you haven't showed up in 6 months), or for scientific research or juridical purposes. Usually, the information kept by the institution is different from the one given to the patient. In Brazil, the patient has the right to get reports on anything he wants, but not the originals.

Re:Why does the information need to be centralized

[mattwarden]

He didn't mention anything at all about the patient being able to read the record.

Re:Why does the information need to be centralized

[mattwarden]

Red herring. It is a requirement to prevent unauthorized alterations to the record, no matter who stores the record. Additionally, no one I've seen has said anything about the patient even being able to read the record, let alone write to it. It's simply a question of who has responsibility for the record.

I know, I know. You believe individuals can't do anything without the government as a safety net.

Re:Why does the information need to be centralized

[mattwarden]

> What if the patient loses his/hers card?

What if the government or insurance company loses the card?

> What if his in an emergency and happens not to walk with that card in the pocket?

Gee, I don't know. What do they do now?

> Also, these information is not relevant only when the patient is in front of a
> doctor - sometimes, the case is reviewed by a board, or acessed for preventive
> care... or for scientific research or juridical purposes.

Did I consent to my medical records being public or semi-public? I don't care what the purpose is. My medical information is private and no one has the right to that information unless I (not the government) gives it to them. Ok?

Re:Why does the information need to be centralized

[CurtMonash]

> What if his in an emergency and happens not to walk with that card in the pocket?

Gee, I don't know. What do they do now?

What they do now is get inferior treatment to that which they would/will get with good EHRs, sometimes dying as a result.

Re:Why does the information need to be centralized

[CurtMonash]

"In that case it'd really suck for the hospital if they didn't have the record on file or access to another hospital that did."

Which is the current default. I don't see a huge outcry about this.

"Maybe the patient is severely allergic you're about to give him."

Also the current default. Which is why they make medalert bracelets. If you have a severe medical problem, you already have the info on you. At least if you give a damn. Problem solved.

EHR's are a solution to a problem that patients don't have. It would be great for employers, insurance companies, the government, software companies, etc. But not really for the patient (or the doctors).

Please get out of the 1980s, and start heading for the 2020s. Personalized medicine is coming. Everything in the record will actually be relevant to treatment.

Part of this is already underway

There is a January 1, 2010 deadline for all pre-hospital (EMS) providers to be entering reports in electronic form. My service is already on computer, and my rescue squad starts next month. Great idea, unfortunately they went nuts with it. It takes 15-20 minutes to write a report for someone that scratched their elbow. A complex trauma or medical patient is a nightmare to write up. The national requirement is for around 400 pieces of information, and more can be required at the state level. This is even before insurance and other things are added. See www.nemsis.org to get an idea. Pre-hospital providers are appalled.

Re:Why does the information need to be centralized

Um, if you're concerned about inferior treatment, just wait until universal health care starts kicking in. Lack of documentation during emergency situations is the least of your problems

Been there, done that

Been there, done that - EU financed EHR-S project (Project ID: EuropeAid/117681/D/SV/YU) executed within 3 years, taking all aspects into the account (legal, system, technology, privacy, medical, procedural, insurance, ...) we made a multy-lingual, standards - compliant system on JEE5, and integrated it with the number of existing local vendors systems (ranging from J2EE to FoxPro to VisualBasic to Clipper). Not easy, but can be done within 4 years for the US size country if managed and executed properly. Integration risks and the approach are described at 6th ICICTH Samos 2008 conference (APPROACH AND RISKS OF EHR-S INTEROPERABILITY AND INTEGRATION WITH THE LEGACY HEALTHCARE ICT SYSTEMS)

sbs from Advanced Systems Guild

Please work for us.

[professorguy]

I agree that if an audit trail really is required almost all the communications currently done would have to be redesigned. This would be a GOOD THING. Just don't expect it to be easy since it requires REPLACING ALL CURRENT SYSTEMS.