Slashdot Mirror
Medical Professionals Aren't Leaping For E-Medicine
theodp writes "Despite all the stimulus money being directed toward developing electronic medical records, surprisingly few doctors, hospitals and insurers are using Google Health and other sites like it. One reason, Newsweek suggests, may be that Web-based personal-health records like the ones being compiled on Google Health don't appear to be covered under HIPAA, which requires that health care providers and health plans protect patient confidentiality. 'We don't connect that information to other aspects of Google,' explains Dr. Roni Zeiger, product manager for Google Health. Still, the federal government is in the process of drafting privacy recommendations that would apply to Google Health, as well as the makers of consumer apps that perform tasks like monitoring blood pressure."
I wasn't even aware Google produced a product called Google Health.
I can understand their other technology developments, but this is one area where it's blatantly apparent that they just want to know a scary amount about each of their users...
Mixing Google and my medical records would give a whole new meaning to the word 'Buzz'.
Google health and the stimulus money are 2 very different things. They have no relationship.
That it is OUR health data... and not theirs. If *I* want to post my health info to google, I should be able to. I should be able to obtain my own data relatively easily and painlessly (aside from whatever the doctor did to me, I mean!) and I shouldn't have to go through the whole battery of duplicate tests everytime I go to a different doctor.
I don't exactly want just anybody to be able to get to MY data either... But I trust google with it a lot more than I trust my insurance company!
No matter how this all pans out... I just want to have access to all of it myself, not locked up in some doctor's storage shed, or some insurance company's tape archive..
It's MY data... give it to ME, and let ME decide what to do with it. If I leave it out in the open, and the insurance company decides to charge me more because of something *I* allowed them to read, or if *I* lose info, and have to duplicate a bunch of tests.. at least it will be *MY* fault...
12. Limitation of Liability NEITHER YOU NOR GOOGLE OR ANY OF ITS LICENSORS MAY BE HELD LIABLE UNDER THIS AGREEMENT FOR ANY DAMAGES OTHER THAN DIRECT DAMAGES, EVEN IF THE PARTY KNOWS OR SHOULD KNOW THAT OTHER DAMAGES ARE POSSIBLE OR THAT DIRECT DAMAGES ARE NOT A SATISFACTORY REMEDY. THE LIMITATIONS IN THIS SECTION APPLY TO YOU ONLY TO THE EXTENT THEY ARE LAWFUL IN YOUR JURISDICTION. NEITHER YOU NOR GOOGLE OR ANY OF ITS LICENSORS MAY BE HELD LIABLE UNDER THIS AGREEMENT FOR MORE THAN $1,000. The limitations of liability in this Section do not apply to breaches of intellectual property provisions or indemnification obligations. it appears the slashdot spam filter doesn't like all the above caps.it appears the slashdot spam filter doesn't like all the above caps.it appears the slashdot spam filter doesn't like all the above caps.it appears the slashdot spam filter doesn't like all the above caps.it appears the slashdot spam filter doesn't like all the above caps.it appears the slashdot spam filter doesn't like all the above caps.
How will they go about ensuring that the Chinese don't steal American medical data? I mean, we've already seen that they have some pretty significant problems with the Chinese government getting access to what should be private information hosted by Google.
I'd like to know some very techincally-specific details about how they're ensuring this sort of a breach can never happen. For instance, I'd need to know that they're using OpenBSD rather than Linux on their various servers before I'd ever consent to my information going to them. I'd need to know that they're not messing around with NoSQL databases or anything insecure like that. I'd need to know that they're using OpenBSD's secure Apache HTTP daemon. I'd want to know about the encryption they're using to protect the data. I'd like to know where the data centers are located. We need these sort of details if they're getting into this line of work.
Don't get me wrong, i do think Google is one of the best, if not the best, company to trust my data with (not that is something to brag about) but my health records are a complete no-no. I don't want anyone except the doctor I'm using at the time to see them. Not that I'm some sort of gimp with all sorts of shit oozing from my body but my health records are *the* most private thing to me imo.
I'll happily expose my genitals online but not my health records.
I work for a company that produces various types of medical records management software (credentials management, PHI document exchange, EMR); and I've spent a lot of time talking to a number of doctors, both tech-saavy and not so much. That disclaimed...
Let me tell you what the key problem is with electronic medical records: they are legally the property of the patient, but no doctor can (or will) trust the important details of such records unless they come from another doctor, and have a verifiable history leading back to that doctor. Not that they don't believe the part that lists a patient's allergies, but when the medical record says the patient has a debilitating disease which *requires* they be given morphine and lots of it, the doctor has to be able to verify the patient didn't just fake a record for a quick drug fix.
This leads to an interesting state electronically: if data records are to be centralized, a public key system must be set up, tied to each doctor, allowing them to both contribute & authenticate records, and allowing the patient to do the same (but the patient contributions will have to remain "untrusted" medically). You can have centralization without a public key system, but then you're just trusting the gatekeeper to never mess up, get hacked, or paid off. And even if you'd set up such a system which you know (as a programmer/cryptographer) can be made to work... you have to get the doctors to trust it as well; as given how seriously most of them take the responsibility to safeguard their patient's records, that's a hard sell even to a tech-saavy doctor.
Which is why the only major movement we've had in adoption of electronic records has been a decentralized one... doctors are converting their offices to use electronic systems internally, exchange information electronically; but always records are transmitted in a p2p fashion (whether by email, fax, courier, etc); allowing the receiving doctor to trust the veracity of the information (at least as far as they trust the originating doctor); without requiring them to trust the patient.
Google Health is merely one of the most prominent "my PHR online" projects out there, but the problem they are faced with solving is not merely legal or luddite based, but a issue of cryptographic trust in it's truest sense.
And that's not to mention that centralization of medical records creates a much more attractive point of failure for all kinds of things (such identity theft, if merely for the purposes of using some else's insurance),
and even if a public key system is implemented, the doctor (and staff) are handing off part of their trust to a central database... and given the mess of outdated information the NPI registry contains, they are loath to believe in such a system.
disclaimer: my company has a number of ongoing projects in this field, but my assessment here is pretty well unbiased architecture and adoption-wise as far as I know, we have a number of pokers in the fire fitting most of the above scenarios.
while the idea of online health records I think is good, I am opposed to one company/gov't agency having it all stored in their care. The more data you have in one place the more valuable that database is and greater incentive to steal it. Admittedly this does go somewhat against the idea of e-health records that is an expense I am willing to pay.
every anarchist is a baffled dictator. Benito_Mussolini
Where buying into a public option requires your health records to be filed electronically in a government secured database. The privately insured can also use the file-system, with consent of the patient and willingness of the Dr, but not mandated. That should keep everyone happy... No?
I am a physician.
The only way doctors are going to go to EMR systems is when they improve the bottom line.
The people that create many EMR systems understand that, and build the systems in a way so that physicians can increase the billing rate above what they can do with paper systems.
I currently do my patients records on paper. I bill much lower than I could, because I'm scared about penalties associated with being caught over-billing.
My office is going EMR within the next year. I am positive that the amount I will bill for just about everything will increase, and I will (hopefully) offset the cost of going electronic at that point.
Is EMR going to reduce the cost of health care? Almost certainly not. It will likely allow physicians to drill down into their database of patients to see:
1. which ones haven't been seen in a while and bring them in.
2. which ones are eligible for a procedure but haven't had it yet.
Will this decrease patient morbidity (illness) and mortality (death)? Probably, but that can only be determined by (likely retrospective) studies.
Help! I'm a slashdot refugee.
There still are large amounts of paper necessary for day to day operations and getting Doctors and clinics to effectively use secure online services has been nothing short of a nightmare. It costs more to do day to day operations and many say they would find going back to simple reliable terminal based systems more efficient and cost effective! The costs of supporting, securing and system training for PC based software is over the top and is a tremendous burden on any essential service.
If Google isn't getting their money's worth from all that campaigning with Obama, why should I care?
There are other corporations that understand HIPAA, the value of privacy, and willing to enter an agreement that makes them risk liability and criminal penalties for accidental disclosure.
I can't understand the irrational willingness to give all data to Google. Of course, this is Slashdot so a lot of comments are from people predisposed to like and trust Google. This is despite comments from Google executives that say otherwise. I guess Google's position would be that if you have something embarrassingly wrong with you then don't go to the doctor...
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
Why can our health records be secure?
I actually worked at a medical online company that sent me through hippa and I dnd't see a single medical record while I was there. How could google miss that?
Only 'flamers' flame!
Does slashdot hate my posts?
There is no such thing as data ownership.
Pity the law doesn't agree with you. Not on medical records at the very least.
do you want a google for preexisting conditions?
Where you can a google search a way from being TOLD NO HEALTH CARE FOR YOU!
No idea if these terms of service apply to the doctors themselves or if this was intended for some other kind of user, but from the developer ToS http://www.google.com/intl/en/health/about/devpp.html :
So, some guy does up his health record to show that he's allergic to just about every painkiller but Oxycontin. Then he goes to Dr. Techie, who has all this fancy electronic record stuff, and complains about some pain. Dr. Techie's computer pulls the Google Health record in, and tells him to prescribe Oxycontin. Mr. D. Seeker then puts an order through Google Health to delete his record. When he gets caught selling the drugs, he fingers Dr. Techie as his supplier, who says "that's funny, I remember the computer telling me that this was the only drug he could take, but now I've got nothing on him."
FTA:
California defines gross negligence as either a "want of even scant care" or "an extreme departure from the ordinary standard of conduct." In contrast, ordinary negligence consists of a "failure to exercise the degree of care in a given situation that a reasonable person under similar circumstances would employ to protect others from harm."
The "traditional skepticism" concerning agreements to release liability for future torts is expressed, the court said, in a California statute providing that all contracts with the purpose of exempting anyone from their "own fraud, or willful injury to the person or property of another, or violation of law, whether willful or negligent, are against the policy of the law."
I'd be interested if a lawyer (or other slashdotter) knew of a case where someone was denied remedy in a negligence case because they waived liability.
meep
If Google Health isn't covered under HIPAA, it's illegal for any of these healthcare providers to enter any protected information into the system without the written consent of the individual patient. There are serious fines attached to this breach, per patient.
Please stop pluralizing words with an apostrophe. That is not what it is there for.
E medicine is like laptops in schools. It seems like a good idea but adds nothing to the interaction of doctor and patient. But it is great innovation for the government bureaucracy busy bodies and other do-gooders who feel the need to insert themselves between my doctor and my colonoscopy.
an ill wind that blows no good
There are big saving is electronic records and nobody is talking about saving the postage. A primary motivation is rationing although it will be called "best practices". The best practices will prescribe the number of visits authorized per complaint per time period, the amount and type of medication per diagnosis, the switch - beyond the substitution of generics - to "therapeutically equivalent" medications and other cost saving initiatives. On the other hand the data can be massaged to reveal total cost per diagnosis by doctor. The less done/prescribed the better. Same thing with hospitals. There are big savings to be had and the push will increase.
It's hard to hide preexisting conditions anyway, as long as there is a record somewhere they'll dig it up. And if you lie they can and will cancel your entire policy when you need it the most
Negative moral value of force outweighs the positive value of good intentions.
From my experience (employed @ a hospital for some years now) this whole EMR issue has nothing to do with HIPAA or Google. Their greatest fear is disclosure & the threats that it represents:
Doctors are hanging on with a death grip to the fragmented remains of their monopoly on medical information & the patriarchy that went along with it. They long for the pre-Internet days of patient ignorance & lower liability insurance premiums. We're working on some pre-EMR stuff now & @ least 10% of the doctors onsite have vowed to retire rather than deal with the sea change in how they do their work & the potential for increased visibility into their practices. They want to be treated like mystics who can pontificate on all things health-related without any practical accountability.
Hospitals & Insurers fear transparency of any kind. The hospital I work @ has an average markup of 190% on its services. For things like imaging diagnostics & lab work the markup is close to 300%. They fear a time when patients can "shop around" for their healthcare services. In fact my hospital is having meetings now about reducing services to only those which provide the best revenues, & scrapping plans for things like cancer treatment (too much overhead) & drug rehab services (not enough PR value).
I can't wait to see what happens if/when the Feds make any decisions regarding fee disclosure & standardizing costs regardless of insurer.
And therefore covered by HIPAA.
"Those who would give up essential liberty for temporary safety deserve neither liberty nor safety" - Benjamin Franklin,
When a physician has to use a computer interface to replace the good old paper charts, the result is INSANELY slower usage than with the paper charts. Productivity hits may reduce the physician's ability to see numbers of patients by 10 to 50 per cent. And even a few percent can be a disaster for a primary care practice. Why is it so much slower? If IT types (disclaimer: I am one) actually WATCHED a physician "interact" with the paper chart one would see that a great deal of info, of many differing types, can be reviewed in MOMENTS. Maybe input (notes) added too, also quickly. A typical EMR may require LOTS of clicks and selections and oodles of page views and scrolls etc etc etc etc. to gain acess to a variety of needed info. Physicians are also are often reduced to being clumsy data entry clerks to get data into an EMR. (And since so many physicians are employees these days, the whole EMR thing was probably done without doctor input (typical Dilbert situation), and on the cheap . . .meaning the servers are getting overloaded and each screen of the many needed is taking 10 to 30 seconds to display. While everyone is aware of the wonderful benefits of having data computerized, someone who needs to get a wide variety of data in & out of an EMR may be for big trouble. Most interface technologies are WAY inadequate to this task; biggest shortterm help may be FAST response time, and giving the EMR app the ability to have MANY windows into the data ("windows"? wow!) at once, shown on a BIG monitor (although few exam rooms would have room for one anyway). Some real creativity, new ideas, are desperately needed. (Microsoft's touch-screen table?? i-Pod technologies improved / adapted ??) Better info at two EXCELLENT links: "Why docs hate EMRs": http://www.healthcareguy.com/?p=663#comments and a really good downloadable (free) paper from the Journal of Usabilty Studies at: http://www.usabilityprofessionals.org/upa_publications/jus/2009february/smelcer1.html
(Pls forgive inexperienced post, don't think have posted here before although been reading for years.)
It should be pointed out that Google Health is not an Electronic Medical Record, it is an online Personal Health Record, with patient entered data. It may be handy in some cases, such as if you travel a lot and want a common place to keep your allergies and medications, and some basic information may be able to interface with existing EMR systems on a read only basis, but it is in no way equivalent to an Electronic Medical Record.
If your EHR doesn't allow diagram annotation (as you described for coronary blockage(s)), they're doing it wrong. Not a difficult problem to solve. At least one package handles this stuff well. It shall remain nameless because it does other things poorly. Sad, sad world.
I have no idea why the summary says "surprisingly few" are using this. People don't want it, even the people who don't normally realize how much data they're giving away don't want this. It's not easy for the medical profession to use and it doesn't really provide anything of great value to the patients either. First, try getting your medical records from a doctor or dentist some time-- every doctor I've ever talked to about it (I move a lot) always gives me a hard time when I request copies of everything. It's ridiculous.. We all know those are "our" records, but doctors are required to keep them for insane periods of time (at least they were in the 80s and 90s here in the USA) even after no longer seeing patients and that responsibility seems to make doctors believe the records are theirs. Now, the e-records or whatever would actually make that easier, but I've yet to see a system that doesn't require manual data entry, which is often slower than the pen and paper alternative, especially in a busy office.
"Growing old is inevitable; growing up is optional."