EHR Privacy Debate Heats Up

CurtMonash writes "The New York Times reports on President-Elect Obama's continued commitment to electronic health records (EHRs), which on the whole are a great idea. The article cites a number of legislative initiatives to deal with the privacy risks of EHRs. That's where things start to go astray. The proposals seem to focus on simply controlling the flow of information, but from a defense-in-depth standpoint, that's not enough. Medical care is full of information waivers, much like EULAs, only with your health at stake. What's more, any information control regime has to have exceptions for medical emergencies — but where legitimate emergencies are routine, socially-engineered fake emergencies can blast security to smithereens. So medical information privacy will never be adequate unless there are strong usage-control rules as well, in areas such as discrimination, marketing, or tabloid-press publication. I've provided some ideas as to how and why that could work well."

Dangers of EHR

[gravos]

The danger of an Electronic Health Record is that it may perpetuate mistakes which of course do happen and any mistakes can carry on and lead to more problems. Sometimes for people with mental health problems, a diagnosis is made and then subsequently it's discovered that that was not the actual diagnosis. Having this kind of an electronic trail to follow you around forever could be extremely dangerous, in my opinion.

Re:Dangers of EHR

[Wormholio]

The danger of an Electronic Health Record is that it may perpetuate mistakes which of course do happen and any mistakes can carry on and lead to more problems.

It cuts both ways. With electronic records some cross-checks are possible, such as checking prescribed drugs for interactions, or perhaps even checking that the symtoms and/or treatment really match the diagnosis.

Re:Dangers of EHR

[db32]

It also provides accurate records of those mistakes. The lack of medical information following you is going to be FAR more dangerous than a mistake in that record. Picked up on emergency? Can't talk? I hope you don't have any allergies or you could be killed by the response team. Heart condition, diabetes, etc... The number of circumstances where NOT having this information readily available is extremely dangerous outnumber your circumstances by a large factor. Nevermind that EHRs can be corrected and probably far easier than the existing mess of paper records.

In other news, going outside your house is extremely dangerous. For that matter, just staying inside your house is extremely dangerous. Driving to the store for food is extremely dangerous.

Re:Dangers of EHR

[jbolden]

The thing is there is likely embarrassing stuff on most people's medical records.

A used to use drugs
B had a horrible depression
C has a fatal disease that kill them over the next 10 years
D got an STD at a sex party

etc...

Right now people freely talk about physical injuries they got from reckless behavior. It could be that with leakage mental disorders stop being something that people have more embarrassment about discussing.

Re:Dangers of EHR

[aethelrick]

you are assuming that an EHR can be delivered to the emergency care professional in a form that actually helps them in an emergency. The key to this is patient identification which is hardest when your patient is sufficiently injured to be unable to tell you who they are, this coincidentally is also when they are least likely to be able to tell you about their allergies. In short, if your patient is able to tell you enough information about themselves to safely ID them in your EHR, my bet is that they can mention their "thingymycin" allergy. Where the patient is not conscious you have to go a long way to beat a bracelet attached to their arm with this detail on it. (no I don't work for medic-alert or similar, I'm an IT professional that spent the last seven years working on EHR systems)

Re:Dangers of EHR

[FredFredrickson]

having a record of "nope, not that" helps any other doctor know what has already been ruled out.

Apparently you watch enough house to quote it, but not enough to know that a chart with records of what it's not will only make doctors less thorough! What if the test was done wrong? Do it again! "But we already did the test." Test again!

Re:Dangers of EHR

[jbolden]

The thing is that everyone is an A,B a C or a D.... You have to hire someone.

Re:Dangers of EHR

[commodore64_love]

Read the stories who have had their Credit Records hijacked with false information, and their inability to get loans due to that.

Now imagine the same thing with Medical records, but instead of just inability to get a loan, now you cannot get a job because your employer thinks you suffer from paranoia ("it's right there in your record Mr. Smith, it must be true. I'm sorry but we can't hire you."). For that matter the employer might not even tell you the reason. They might just never call back.

You may think this sounds absurd, but the same thing is happening now with the internet, where employers are digging-up 10-15-20-year old posts or photos from the net, and using them as justification to not hire someone. ("We found this photo of you drinking beer in a frat party in 1995. It's at the psu.edu/alphadelts website. We can't hire you as a teacher. Sorry.")

Re:Dangers of EHR

[zappepcs]

I absolutely agree. The point of getting a second or third opinion is not to have them use the first opinion in their diagnosis. Not even your auto mechanic should do that. If you take your car in and say it sounds like the transmission and all your mechanic does is check the transmission, he's a shitty mechanic.

Records are good, but they are of limited use for most people, most of the time. Sure that medica-alert bracelet is almost ALWAYS useful in medical emergencies, so would a bracelet with USB/MicrSD card attached, but the ER nurse really doesn't need to know you had crabs last year to set your broken bone.

Imagine you are walking across a big bridge during a rainstorm and get swept over the railing through wind and clumsiness. As you are being wheeled into the ER, that is exactly the wrong time for them to read that you once tried to overdose on aspirin 25 years ago, as a 14 year old. I know, bizarre example, but there are others. I want medical staff diagnosing my problem, not my record.

How long before DNA sequencing becomes cheap enough to quickly add it to your records? What are the dangers of that?

Re:Dangers of EHR

[db32]

I can't even begin to the imagine the fun of catching a company using healthcare information in such an unbelievably illegal fashion. Now, I agree there are security things to be addressed. But, medical records already exist in a fairly extreme state of paranoia even if some of the IT pieces are lagging. If anything, I would want the credit industry held to the same standards that medical records are. If you are a nurse and you access a record that isn't one of your patients you can be expected to be called out on it and likely lose your job. Shit like that is actually tracked in an EMR system. It is actually more secure against snooping than the current paper copies given that there is no per access tracking that happens when you thumb through a paper record.

The problem with the credit industry is that they are not held accountable for the losses of information, so it is more profitable for them to play fast and loose with it and hand out loans and credit in the hopes of profit. Hospitals ARE held accountable for lost information, and their model of profit doesn't even begin to resemble the credit industry. In fact, hospitals LOSE money when the records aren't accurate because insurance/medicare/medicaid/etc refuse to pay out. Hospitals invest a tremendous amount of resources in making sure all of their records are as accurate as humanly possible for that very reason.

Re:Dangers of EHR

[commodore64_love]

HR managers (or bosses or small business owners) already violate all kinds of laws against discrimination. What makes you think they'll just suddenly stop when they learn you have heart problems? They'll discriminate then, just as they discriminate now in regards to color, sex, religion, and so on.

Over in my local university, Millersville PA, they refused to hire an adjunct teacher because she posted a photo on her myspace.com where she was drinking beer. She tried to sue, but the court determined they can refuse to hire for whatever reason. If you can refuse to hire someone over a stupid photo, or because they have bad credit ratings (companies are checking that too), there's nothing to stop the Corporate masters from denying access for medical reasons.

Wake up! The corporations have access to the information, and they will use the internet to uncover facts and deny jobs.

Re:Dangers of EHR

[!coward]

While I would agree with you on most points, as it matches my personal experience with EHR systems (ie. that the systems I've seen in place so far tend to be more secure than the equivalent paper-trail), I think the point most people are trying to get across is that, for the most part, those systems exist as completely separate entities and what little interaction exists between the DBs of those different entities is easy to monitor.. For now.

In my country the majority of health services are provided by the State through State-funded (or public) Medical Institutions. Most of them have, in recent years, deployed their own versions of flow-control, occupation-rates monitoring, stock accounting, resource allocation and (more to the point) patient medical information systems. There are, as you might expect, several vendors out there for these integrated systems and even though most of these institutions are funded primarily by the State, even Medical Institutions that "belong"/operate/form the very same healthcare network (ie, they serve the same population, each on different levels with a small degree of services overlap), you don't usually find them using the same vendor's product. Which basically means they don't usually play well with each other (for example, trying to convert one system's DBs to another because the hospital switched vendors can be a freaking nightmare, don't even get me started on bad DB design!).

To tackle this, interoperability standards were set forth (although I don't exactly know how well _that's_ working).. But the truth is, very few information is actually shared through the systems themselves. There simply isn't a centralized way, much less a centralized database, that can give _anyone_ (doctors, nurses, the patient him/herself or the State) access to all your medical information. You're usually limited to what that particular institution has on file, the file they've built from every visit to their facilities, and whatever files/tests you've brought with you.

This means that you need to supply the rest or (re)do all sorts of tests.. And I agree that in many cases this is the best way to go. It's the way doctors are trained to operate. Blind faith in charts can kill your patient as fast as completely disregarding them.

Back on topic, though, what I believe has most people worrying about this is the whole notion of near-free information flow, and who actually gets to access it, security policies notwithstanding. With a population of a couple hundred million people (far larger than my country's), the volume of information would be gigantic, as would be the flow of information back and forth between medical institutions. To the point where monitoring, let alone investigating, every single apparent breach in data transmition/sharing policy would become impractical. We've seen that happen in other supposedly high-security systems (credit card info, anyone? -- and the corporations actually HAVE an interest in keeping these private!). Add to that the many greedy corporations just itching to make money/sell all sorts of services off of that information (I mean, it's just too good to pass), or to use it to simply refuse you service, and you have a potentially very dangerous situation. I don't think it's a matter of "if" the system is going to be gamed but more of a "when". There's just too much money involved.

Even if there aren't currently any plans to actually centralize the information (even in a "cloud-like" system), or facilitate the hassle-free sharing of information, I'm pretty sure the "special interest groups" would soon find a way to push that through.. It's to their advantage, after all, and it would be just a small change in actual policy. I don't dispute the many benefits that might come of this, but I'm also a cinic and have very little faith in any corporation's "don't be evil" pledges. The further erosion of patient-doctor privilidge, more than anything else, scares the begeezus out of me.

Re:Dangers of EHR

[ColdWetDog]

I absolutely agree. The point of getting a second or third opinion is not to have them use the first opinion in their diagnosis.

You're doing it wrong, then. You seem to think that you're third opinion doc is supposed to think up everything de novo? Repeat all the tests the other docs did? Repeat all the other drug trials the other docs did? You would end up in a room with many corridors, all alike. You would go back and forth. And never get out.

While there are certainly times that the second / third / x+1 opinion really looks at things in a totally new and different light and comes up with the one absolutely unusual little tidbit that everyone else has overlooked, the much more usual scenario is that 1) either the problem goes away 2) the problem now is so obvious that even your teenage daughter can figure it out or 3) the other docs have tried several reasonable things and by a process of elimination (rather than deduction or induction), the answer becomes more apparent. You want to keep re inventing the wheel?

Imagine you are walking across a big bridge during a rainstorm and get swept over the railing through wind and clumsiness. As you are being wheeled into the ER, that is exactly the wrong time for them to read that you once tried to overdose on aspirin 25 years ago, as a 14 year old. I know, bizarre example, but there are others. I want medical staff diagnosing my problem, not my record.

You just might want to let the nice trained medical professional skim an accurate and complete history and then let him or her decide what parts of it are useful to the current encounter, perhaps? Maybe?

How long before DNA sequencing becomes cheap enough to quickly add it to your records? What are the dangers of that?

Well, the danger, if you will, would be that you would have an enormous amount of information in the chart that we would have no idea WTF to with it. I don't think the danger lies in the sequence information - it's the data interpretation which would give you risking data for various ailments. It would likely help you and your primary care doc carefully review what you should be doing in your life, although the conversation likely would be on the order of "get more exercise, eat something healthy occasionally, quit smoking" that we can do quite nicely without your gene sequences. However, you don't want insurance companies to get a hold of it.

That said, the biggest problem with promulgating medical information into the "fog / cloud / Wikipedia" is that OTHER (evil, nasty) people besides medical professionals will get a hold of it. And use the information in ways that doesn't really help you. But not to worry. It's going to happen anyway.

Now, roll up you're sleeve and bend over....

Re:Dangers of EHR

[KeithConover]

First off it's a good idea to define terms, as the risks for the various flavors of medical record differ. And, given that for the USA, at least, we now have some terms that are official, here's a summary from the document I recently put together for a medical IT conference, referenced at the end of this post.

EMR vs. EHR vs. PHR?

Many people use the terms electronic medical record (EMR), electronic health record (EHR) and personal health record (PHR) interchangeably. But arguably they mean very different things.

There are also a great variety of other terms used to describe electronic records, but EMR and EHR and PHR are now more-or-less accepted as the three real terms. In fact, the US ONCHIT commissioned the NAHIT to develop definitions and so, at least in the USA, these are official.

An EMR is just that - an electronic record of an episode of medical care, whether inpatient or outpatient or ED. The EHR is both more and less than the EMR - it is those parts of the EMR that are appropriately shared with stakeholders outside the hospital, doctor's office or other EMR source. Parts of the EMR are shared, as the EHR insurance companies, government agencies, patients themselves, and employers. An article in Medical Economics, quoting an Institute of Medicine report, defines the elements of an EHR thusly:

Health information and data. The system holds what's normally in a paper chart - problem lists, medication lists, test results.

Results management. An EHR lets you receive lab results, radiology reports, and even X-ray images electronically.

Order entry. No more prescription pads. All your orders are automated.

Decision support. An EHR is smart enough to warn you about drug interactions, help you make a diagnosis, and point you to evidence-based guidelines when you ponder treatment options.

Electronic communications and connectivity. You can talk in cyberspace with patients, your medical assistant, referring doctors, hospitals, and insurers - securely. And your system interfaces with everyone else's. Interoperability is the key word.

Patient support. Patients can receive educational material via the EHR and enter data themselves through online questionnaires and home monitoring devices.

Administrative processes. The system lends a hand with practice management. Patients can schedule their own appointments and staffers can check on insurance eligibility.

Reporting and population health management. How many patients did you treat for tuberculosis in 2003? How many of your diabetics have their HbA1c under 7? An EHR will spit out the answers, thanks to a searchable database.

A Personal Health Record is just that: personal. It is those parts of the EMR/EHR that an individual person "owns" and controls. Google and Microsoft want to help you with this. (Really.)

If these definitions seem a bit vague, well, yes, they are, because we're just getting started with this stuff, you know?

A more complete tutorial on Healthcare IT, with a diagram that might make the above actually make sense, as well as links, may be found in a PDF named

Healthcare IT in a Nutshell.pdf

at:

http://ed-informatics.org/healthcareit/ [ed-informatics.org]

(BTW, as a practicing ER doc, when I need EHR info, I need it NOW, often 10 minutes later is useless.)

Re:Dangers of EHR

[db32]

Well, actually there ARE standardized ways for those databases to share information and it is a huge money maker for most of the various healthcare related vendors. HL7 is a standard that medical systems use to communicate patient data back and forth. When you get checked in and they say you need a MRI, the EMR sends a message to the MRI machine that fills out all of the information about you the MRI machine will need to build the study. Then the MRI tech selects your name (rather than handjaming all of it in based on paper records that may or may not get there in a timely fashion) and proceeds to scan away. The images get sent on to the imaging storage thing and the machine sends messages back to the EMR "ok done". Then the EMR shows the Doctors that will be reading the images say "Hey, Patient X has their images done", they go in and dictate what they see. Then it tells the transcriptionists "Hey, Doctor X finished dictating" so they go listen and type up the report into the EMR. Then it send BACK to the Doctor "Hey, transcriptionists are done, read it and verify then electronically sign that it is correct". THEN! It send a message to the ordering doctor "Hey, your tests are complete". Now In most cases at a minimum the EMR had to communicate with a MRI machine, a Dictation system, and more than likely a PACS (image storage) system all made by different vendors to achieve all of this.

Now...as far as it being "Easy" or "Standard", yeah it gets a little fuzzy. Vendors tend to "Well we support HL7 v3, but not v2, and we need field 57 to have a value of X" and other strangeness, but ultimately, the pieces required are indeed there to make it all happen and vendors are more than happy to charge a kings ransom for these "interfaces" as they call them.

I think hospitals have a long way to go to improve IT security, however, on the behavior end I think they are leaps and bounds ahead of the credit industry. I doubt that it is entirely altruistic and "don't be evil", but the penalties for screwing up with medical information are MUCH higher than screwing up with credit info. I can tell you from (rather frightening experience) that most of the US docs I have dealt with have NO love for the money grubbing insurance companies.

Re:Dangers of EHR

[jbolden]

Once everyone's records are out there everyone ends up having bad stuff.

EHR from a software testing point of view

I saw this the other day. Basically, a pair of professors, one in law and another in computer science (specializing in software testing) are trying to bring the problems with EHR to a wider audience.

They call for testing and certification of EHR systems (Though thankfully not through the FDA).

It'll be interesting whether anyone listens to them.

i can see it now

[ionix5891]

$emails = $DB->get('SELECT email FROM records WHERE records.dysfunction LIKE "%erectile%"');

foreach( $emails as $email ){

      mail($email, 'hello i hear you are in need of herbal via....');
}

Re:i can see it now

[swillden]

LOL.

Exactly one of the things I suggested be made illegal.

Spam is already illegal, so that problem is taken care of.

Re:i can see it now

[swillden]

Might not be spam. ALL marketing based on medical information should be illegal, with only the narrowest of carve-outs for your actual healthcare providers.

Which will work just fine with respect to traditional marketing channels, but will be as effective against much Internet-based advertising as CAN-SPAM is against spam.

I have no objection to legal protections, but laws are insufficient. Actually, I do have one objection: laws often provide a false sense of security, and occasionally even work against the interests of the people they're supposed to protect.

What we need to assure the privacy of medical information is technological means to place the control of the data squarely in the hands of its rightful owner -- its subject. My doctor shouldn't have my file, I should. What information from that file is available in emergency situations should be under my control. Whether or not any of my data is available for use by researchers should be my decision.

The first step is to legally bar medical providers from storing patient data at all, and require them to give it to the patient. Unlike random distributed marketing organizations, health care providers are very easy to regulate and control. To make that work, we need solid, implementable standards for health care information exchange, not the convoluted, under-specified crap that HL7 et al have thus far developed. We also need a standardized FREELY AVAILABLE coding system, rather than the balkanized for-fee code sets we have now (ICD9, etc.).

Of course, after you put peoples' medical data under their control, there's a risk that they'll do stupid things and release stuff they shouldn't. To some extent, that's on them, but it's probably a good idea to back it up with legislation of the sort you propose, but as a backup, a safety net, rather than the primary privacy/security mechanism. Defense in depth is a key feature of any trustworthy security scheme.

The temporal framework

[Thanshin]

One of the problems with EHR is that it potentially follows you your entire life.

If information about your economic status, familiar situation, physical location, customs, etc. Usually becomes unreliable after some time. A leak on those informations slowly loses effect.

Medical information, however, is permanent in many cases. A single leak of a person's data can have fresh information for, literally, a lifetime.

Re:The temporal framework

[MadKeithV]

To counteract that problem, I change my DNA and fingerprints every few weeks, together with my windows login and password.

Seperate nationwide network

[modmans2ndcoming]

banking has a network for wire transfers that is not accessible from the internet. Make electronic medical records transferable and accessible only from within a closed off network. Then information can not be stolen from an outside attacker and you are left with the same risk you had before, insiders stealing data.

Re:Seperate nationwide network

[modmans2ndcoming]

I think the medical system warrents it as well.

As part of the EMR legislation, there is no reason that a network connecting hospitals over an air-gap netowrk could not be included with funding. If they want to go as far, they can even fund dr's offices getting connected.

Re:Seperate nationwide network

[EdIII]

The idea of a separate network is a great idea actually. The best I have heard so far. However, it does not need to be air-gapped.

This can be created with funding and some strict certification programs for manufacturers and service providers. I see no reason that access to these networks cannot be accomplished through VPN circuits offered by local ISPs. The idea being to make it suitably difficult for someone outside the network to hack it. Not so ludicrously difficult it requires Tom Cruise and Ving Rhames to get around the security.

VPN already offers this. Compromising a properly setup enterprise VPN is no trivial task. If all access goes over these VPN's then that is a fairly high level of security. Air-Gapped is just over board in my opinion here.

Most theft and unauthorized disclosure of medical records is an inside job anyways. I have never heard of an organized attack to steal medical records as they are pretty hard to sell since the penalties for using them are fairly high. Just who are they going to sell to anyways? Marketers? Great. A marketing campaign that puts everybody in prison.

A protected nation wide network that results in a paperless environment is a good thing. It does make it more efficient. However, you need to separate this into two distinct areas:

1) The rules and regulations regarding the infrastructure itself. How it is created, what levels of encryption, authorized providers, etc.

2) The rules and regulations regarding the information residing on that network. When can data be accessed by terminals. Access records and employ authentications required for every single viewing and modification of the records. Data segregation so that certain parts of a medical record need to be accessed by only certain types of users. Abortion records, VDs', AIDS, HIV, etc. can all have a higher privilege level so that only a doctor can view it.

I think the real problem with an idea like this is that is a complete overhaul of EVERYTHING. No more paper records, filing cabinets, etc. No more standard PC's operating the interfaces. Every hospital and doctor's office from the smallest to the largest will have to change by federal law.

That is a huge project. Creating the information system itself is one thing. Populating it with medical records is entirely different. There will be billions spent just on hiring the companies that will convert paper records to electronic ones and they will have to treat it like its asbestos. You can't expect a private practice to undertake this themselves. They will have enough on their hands just adjusting to the new terminals and how you operate them. Doctors will have to take around tablets to enter data.

Now we face the real problem. Where most of the disclosures occur. It's the end users in the offices themselves and that environment that leads to most of the incidents in the first place. Creating the infrastructure is trivial compared to actually changing that environment on the ground in hospitals and private practices. Population of the data and changing the environment are vastly more difficult steps than creating the infrastructure, but it will have some interesting requirements in order to work.

Data backups, fail over, and load balancing. There will HAVE to be nodes distributed across the entire US. The whole network itself will have to be redundant. Not impossible. Yahoo, Google, MS, Facebook, they all do it now. However, nobody died because they could not get Google to come up on a browser. In events like Katrina, there will have to be redundant pathways to access a regional node.

The scope of this project is starting to sound like going to the Moon.

Welcome to the 20th Century, USA.

[tygerstripes]

This has been in place in many other countries for years, including the UK where - for all the bureaucracy and wastage of the NPfIT initiative - it's been largely successful.

The system isn't perfect, and human error is the main source of problems and breaches (as ever), but the benefits have so vastly outweighed the risks that I'm surprised this is even being debated.

Most importantly, all the problems envisaged by critics have already been anticipated, encountered and (largely) overcome in other countries. Take a look outside your borders and learn a few things. Find out what works and what doesn't, and use the mistakes of others to build a better system. Just don't start panicking over nothing. This is not a pioneering initiative, in global terms.

Re:Welcome to the 20th Century, USA.

[gad_zuki!]

The difference being that Americans have been fed so much corporate propaganda about healthcare and political propaganda about expansion of government services, that they just dismiss successful programs overseas as impossible or astroturf right-wing talking points about "how they dont really work." You'll see this in replies to your post in 3...2...1...

Re:Welcome to the 20th Century, USA.

[tygerstripes]

There is a private health-care industry in the UK - and it's growing all the time, out of sheer necessity. It's just prohibitively expensive for the proles, especially given that we already pay for the NHS, which is chartered to provide for every person's health-care needs.

"From the cradle to the grave" used to be an unofficial slogan, back in its more socialist hey-day. Now it's more of a grim prediction...

DRM based OSes

[jbolden]

Essentially what you need is DRM. The data is only available on a limited number of machines and then strictly limited in what you can do with it, with strong audit trails. Not using general purpose computers but rather devices might help.

But in the end I don't think this is likely to work, the incentives for hacking are too strong and the distribution has to be too wide. EHRs mean that there will be substantially less medical privacy in exchange for better medical care and lower costs (70b-300b / year). That doesn't seem like a bad trade.

Re:Logged in computers

[commodore64_love]

USA TODAY, circa 2015:

"It has reported that a laptop has been stolen, allowing thieves to gain access to over 1 million patients' records. Officials lied.... er, reassured the public that no harm has been caused."

Unlikely

[professorguy]

OK, I run a hospital network, so I see medical data whizzing around more than most people. Here's a typical example:

.

A doctor dictates his diagnosis into a microphone on a PC. It becomes a data file. It sits in his output queue. It is then sent to a server to be electronically signed (a Word Macro is run). It sits on it's input queue until done then sits in its output queue. Then it gets sent to an HL7 routing engine where it sits on queues. Then on to our medical database. This generates some billing info which goes to the HL7 router then on to a private company in Tennessee, which sends results to a website....

Now I'm sure there will be controls on who can get at the medical database. But what about the data whizzing around the network? Tell me about the audit trail that lets me know who saw some of the info generated by that one encounter. Because it sat on at least 7 machines in 3 states for some amount of time.

And now you want each of those machines to check to see if the patient has signed off on that machine getting the info? Good luck with that.

And if someone shows up unresponsive in the ER, how do we send the X-ray to the remote radiologist if the patient can't release the data? And if 'emergencies' override that control, expect to see EVERY encounter be an emergency.

Re:Unlikely

[krenaud]

The experience I have with electronic journals is the Swedish drug prescription system. All my prescriptions are stored electronically. I can logon to a website and use my electronic-ID issued by my bank to access information about my scrips and when they have been accessed. I can use the website to order drugs to a chosen pharmacy or get them sent by snail-mail (restrictions apply on which meds can be sent)

If I want to order by telephone the operator cannot access my records before I have entered a pin-code. At the pharmacy I need to present a drivers license or other valid ID and the pharmacist(?) must scan the barcode in order to access my records. This access is also logged.

Electronic medical records can be handled in a similar way where audit trails are present. One could limit access to health providers that the patient has authorized.

Having a privatized health care system presents a problem since it probably is impossible to create a central system for handling records. This means that synchronization and securing that data is handled in a safe manner is very difficult. Using oublic key encryption on all data makes it easier as only the private keys need to be handled safely. Requiring that keys must be requested each time the data is to be accessed is perhaps a good way to be keep access auditable and lessening the risk that lost data can be read by unauthorized persons.

The case you mention with unresponsive patients is easy. All data can be added to the e-journal using the public key. The data can also be sent the normal electronic way internally within the hospital to be deleted after the patient has checked out. Emergency procedures can be implemented so a notification is sent to the patient via snail mail if they are used thus limiting misuse. Or simply stop non-authorized care givers to access the data. Sure, ERs will not have access to all info, but that is not any different from the situation today.

I'm sure experts on public key encryption can device a system which works well if they are consulted.

Great idea?

[Mr.+Slippery]

Funny this should come up, considering what I just read last night in the RISKS Digest:

Software glitch causes incorrect medication dosages
Jeremy Epstein jeremy.j.epstein@gmail.nospamnospamnospam.com
Fri, 16 Jan 2009 11:51:46 -0500

``Patients at VA health centers were given incorrect doses of drugs, had needed treatments delayed and may have been exposed to other medical errors due to the glitches that showed faulty displays of their electronic health records, according to internal documents obtained by The Associated Press under the Freedom of Information Act. The VA's recent glitches involved medical data -- vital signs, lab results, active meds -- that sometimes popped up under another patient's name on the computer screen. Records also failed to clearly display a doctor's stop order for a treatment, leading to reported cases of unnecessary doses of intravenous drugs such as blood-thinning heparin. According to interviews and the VA's internal memos, the glitches began after the VA distributed its annual software upgrade last August [2008].''

The proposition that EHR are a good idea remains as unproven as the idea that touchscreen voting machines with no paper trail are a good idea. Sometimes electronic documents and records introduce brave new failure methods that outweigh any benefit.

Many people have private insurance.

[jotaeleemeese]

I am by no means rich and have been privately insured all my working life in the UK.

When I need to be treated quickly I go for private insurance, for long term treatment I rely on the NHS.

Why does the information need to be centralized?

[jotaeleemeese]

Whose information is that?

The patient's.

Who should control it?

The patient.

Any other solution should not be allowed to prevail.

An intelligent card, easy to back up at home and protected by well thought of security mechanisms is all what is needed.

There is no need for massive centralized databases, you just send the encrypted information to the person that needs to see it in an "as needed basis", perhaps by swapping your card in terminals connected to a private network that allows the sharing of this data.

 

Re:Why does the information need to be centralized

[joocemann]

I completely agree. I do not understand, whatsoever, how it is burdensome for a patient to bring their medical records to their doctor. The doctor and/or hospital keep those records privately; access and review/add to them when necessary--- and if the patient needs to see another doctor, they can get a copy and carry them on over to the new doctor.

This is how it already works; this is NOT a big deal.

Solution to a problem that a patient doesn't have

[winwar]

Have you ever read your records?

They ALL have errors. And omissions. Lots of them. Often important ones. There is even relevent information that is not included with them.

It won't get better with electronic records. It will probably get worse (one universal input format). The (unwilling) doctor will be expected to enter the information into the computer. As a result, the information will be notated on paper or recording device (more errors) and transcribed (yet more errors). Then any information that does not fit into a standardized category will be lost. Wow, what an improvement!

Not to mention the fact that my records will now be public for all intents and purposes. At least with paper records you have to know what doctors I have seen and have to physically find and access them.

Re:Why does the information need to be centralized

[zuperduperman]

Unfortunately life is never that simple.

Medical records may contain information that the patient should not see - or to put it better - doctors constrained by the restriction that the patient sees everything will not provide optimal health care. For example, if a doctor suspects a patient is an alcoholic, but letting the patient know that will cause them to stop seeing the doctor ... how should that be documented? If we say the patient owns their records and can see everything then doctors simply won't document these things at all, which is not an optimal outcome.

Also - can we hold doctors legally liable for information in the health record if they themselves do not have access to it? This is a thorny issue. I would not like to be held responsible for information that I cannot even myself view. What happens if a doctor thinks of a complication after the patient left?

Re:Why does the information need to be centralized

[mattwarden]

> What if the patient loses his/hers card?

What if the government or insurance company loses the card?

> What if his in an emergency and happens not to walk with that card in the pocket?

Gee, I don't know. What do they do now?

> Also, these information is not relevant only when the patient is in front of a
> doctor - sometimes, the case is reviewed by a board, or acessed for preventive
> care... or for scientific research or juridical purposes.

Did I consent to my medical records being public or semi-public? I don't care what the purpose is. My medical information is private and no one has the right to that information unless I (not the government) gives it to them. Ok?