Medical Professionals Aren't Leaping For E-Medicine

theodp writes "Despite all the stimulus money being directed toward developing electronic medical records, surprisingly few doctors, hospitals and insurers are using Google Health and other sites like it. One reason, Newsweek suggests, may be that Web-based personal-health records like the ones being compiled on Google Health don't appear to be covered under HIPAA, which requires that health care providers and health plans protect patient confidentiality. 'We don't connect that information to other aspects of Google,' explains Dr. Roni Zeiger, product manager for Google Health. Still, the federal government is in the process of drafting privacy recommendations that would apply to Google Health, as well as the makers of consumer apps that perform tasks like monitoring blood pressure."

Re:The real problem with centralized records

[slackergod]

It occurs to me I used a bunch of industry specific acronyms in the above post; let me define 'em...

PHR - patient health records

PHI - protected heath information - mostly equivalent to PHR, but sometimes with private doctor-to-doctor discussions (such as a patient's drug seeking habits)

EMR - electronic medical records - "EMR" software as a class basically is the eletronic equivalent of the wall of paper charts in your doctor's office. most PHR exchange will happen between these types of systems, or be printed out, edited, and faxed (sometimes to another EMR).

credentialling / credentials management - tracking of doctor licenses, certifications, etc... this stuff is personal information about the doctors (ssn, etc) that's flying around between their office, the govt, and insurance companies.

NPI / NPIDB - National Practitioner Data Bank - government database of the public parts of a doctor's credentials; that's trying to unify and replace all the others that are out there (UPIN, Medicaid, Medicare, DEA). It's in use, but the information frequently is years out of date, even with the best intent of all involved.

Medical data has owners by law

[sjbe]

There is no such thing as data ownership.

Pity the law doesn't agree with you. Not on medical records at the very least.

Re:The real problem with centralized records

[CrashandDie]

Hey sg,

The thing is that a decentralised system isn't a bad thing at all. PKI was designed, from the start, to be usable as a non-centralised system (non-pyramid). Realistically speaking, using the same example as the one you offered, where a doctor needs to validate medical records provided by the patient to be truthful, you only need to verify the other doctor's credentials and a signed file.

Now we get back to the old "How do I trust another doctor's certificates?", well, we use a centralised service. Each doctor needs to enroll (Google cache of the same document) to get his certificates, and they are delivered by a central authority, possibly governmental (or whatever authority governs doctors in your country). It's not a very hard thing to do, and can be implemented for roughly a couple million dollars -- the whole system.

How many doctors are there in the US? A laughable amount if you compare how many certificates are issued for the DoD. Heck, you could even implement it to be fully PIV-C compatible, and get cross-certification from the US government, and would allow doctors' credentials to be easily validated during a crisis.

Heck, nobody even needs to own the PKI solution in the US. The government can do it for you, if you are a valid organisation, an excellent project provides certificate management for you. Outside the US it gets a bit more difficult, as interoperability is not quite as great as in the US, however PIV is starting to have quite a lot of traction in Europe as well (I can't remember off the top of my head if it's PIV-I or PIV-C that is being implemented with the UK police forces). A pretty good read (Google cache as it doesn't seem to be loading from here) about how data is provided on a PIV smartcard.

That being said, maybe the health care professionals ought to have raised their voice at the same time the engineers and scientists did (Google cache)?

Re:Googlectomy

[demonlapin]

Physicians are not (necessarily) technophobes. Allow me to explain.

One of the many oddities of medicine in the US is the payment model. There are two ways in which physicians can earn money: by doing procedures, or by applying their learning. Now, procedures are fairly straightforward; if you do it, you can bill for it. But how do you get paid to think? You prove how much thinking went into the process by your documentation. On a paper chart, this is straightforward: you see a patient, talk to them, formulate a plan, and scribble out a note. The paper is easy to pull out and read, or copy, or whatever. You can take it with you on a clipboard into the room. Unless you get laptops with carts, you can't do that with EMR.

When you're in a hospital with EMR, you have to remember your username and password (and every password system has a different expiry cycle). In the one hospital in which I work, I have SIX systems with different usernames and passwords - the general EMR system (which has labs and dictations), the radiology system, the pharmacy dispensing system, the OR EMR system, the OR scheduling system, and email. Those who admit patients to two or three hospitals have this problem at each and every one.

In other words, physicians have two jobs - one as a physician, and one as a data-entry clerk. Not surprisingly, we are incredibly averse to spending time and effort on the second of these jobs, and anything that causes that data entry to take more time is costing us money. Not only that - the electronic records are often inferior to the paper ones they replace. In particular, many branches of medicine use drawings or diagrams. It's nice not to have to deal with handwriting, but a heart diagram with coronary blockages marked by location and percentage blocked is superior to a verbal description of those blockages.