Slashdot Mirror

← Back to Stories (view on slashdot.org)

Medical Professionals Aren't Leaping For E-Medicine

Posted by timothy on from the our-menu-options-have-recently-changed dept.

theodp writes "Despite all the stimulus money being directed toward developing electronic medical records, surprisingly few doctors, hospitals and insurers are using Google Health and other sites like it. One reason, Newsweek suggests, may be that Web-based personal-health records like the ones being compiled on Google Health don't appear to be covered under HIPAA, which requires that health care providers and health plans protect patient confidentiality. 'We don't connect that information to other aspects of Google,' explains Dr. Roni Zeiger, product manager for Google Health. Still, the federal government is in the process of drafting privacy recommendations that would apply to Google Health, as well as the makers of consumer apps that perform tasks like monitoring blood pressure."

29 of 98 comments (clear)

  1. Sketchy. by Anonymous Coward · · Score: 4, Interesting

    I wasn't even aware Google produced a product called Google Health.

    I can understand their other technology developments, but this is one area where it's blatantly apparent that they just want to know a scary amount about each of their users...

    1. Re:Sketchy. by sonicmerlin · · Score: 4, Insightful

      Or maybe it's just Google's way of serving the public good while increasing their mindshare among medical professionals?

    2. Re:Sketchy. by ColdWetDog · · Score: 2, Insightful

      It doesn't serve as much of a help to medical professionals. It's only used by a few institutions, it isn't in a universally recognized format and it's not automatically populated. The people using this are likely the same group of patients that keep track of various medical issues on a spreadsheet with the utility that you don't have to remember to take the spreadsheet with you.

      Fine and dandy, but not earth shattering nor will it ever amount to much. To be really useful, it needs to input data automatically from all providers, pharmacists, hospitals, etc. That has a number of significant privacy and organizational issues that I don't think even the Great Google can overcome.

      --
      Faster! Faster! Faster would be better!
    3. Re:Sketchy. by carlzum · · Score: 3, Insightful

      If they solve the privacy concerns, CCR is the next obstacle they need to clear. They can use CCR and offer it as an option, but HL7, X12, and NCPDP are a must for hospitals, insurers, and pharmacies. They're transactional, but that's how health care organizations communicate.

      In fact, Google should focus on coordinating and aggregating transactions, it could revolutionize the industry. Coordination of benefits between insurers would reduce paperwork and speed up payment. Services that don't generate claims (paid out of pocket, provided by a non-profit, etc.) wouldn't be missing like they often are in insurers' systems today. Fraud and abuse would be much easier to spot.

      The challenge has been organizing and correlating the data. Google may be the perfect company to solve that problem.

    4. Re:Sketchy. by dougisfunny · · Score: 3, Funny

      Forget MS, an Apple a day keeps the doctor away.

      --
      This is not the funny you're looking for.
  2. Googlectomy by WrongSizeGlass · · Score: 2, Interesting

    Mixing Google and my medical records would give a whole new meaning to the word 'Buzz'.

    1. Re:Googlectomy by jjoelc · · Score: 3, Insightful

      SO you would rather the insurance companies be the only ones with unfettered access to your information?

      I think the REAL reason Dr.s aren't too keen on the E-records is lawyers and liability. Every person who sees that data is another risk of a malpractice suit in their eyes.

      And let's get over this E-Records" thing already... Face it.. you doctor is already using computers, and storing your information on them... The real issue is data portability. Info from Dr. A should be accessible to Dr. B when needed, and we should ALWAYS have access to our own data...

    2. Re:Googlectomy by onionman · · Score: 2, Insightful

      SO you would rather the insurance companies be the only ones with unfettered access to your information?

      I think the REAL reason Dr.s aren't too keen on the E-records is lawyers and liability. Every person who sees that data is another risk of a malpractice suit in their eyes.

      And let's get over this E-Records" thing already... Face it.. you doctor is already using computers, and storing your information on them... The real issue is data portability. Info from Dr. A should be accessible to Dr. B when needed, and we should ALWAYS have access to our own data...

      My doctors, and my kids' doctors, certainly are NOT using sophisticated computer storage. In fact, the last time I was in the pediatrician's office, the Dr. was complaining that she couldn't read the other Dr.'s handwriting, so she called him at home and asked him what he had written. They take all their notes by hand and refer to the hand written notes rather than anything computerized. I'm sure that the office secretaries have to compile some sort of computer-based reports for the insurance companies, but the Dr.'s are using handwritten notes.

      Oddly enough, I'm glad that the Dr.'s I see are using hand written notes and direct conversations. I've done enough software development in my time that I'm not comfortable with applications written in the "standard method" for the "market-leading OS" to keep track of vital health information for my family.

      If we could have some sort of quality assurance for the applications, OS, and hardware that are keeping track of these records, then I'd be more comfortable.

    3. Re:Googlectomy by demonlapin · · Score: 4, Informative

      Physicians are not (necessarily) technophobes. Allow me to explain.

      One of the many oddities of medicine in the US is the payment model. There are two ways in which physicians can earn money: by doing procedures, or by applying their learning. Now, procedures are fairly straightforward; if you do it, you can bill for it. But how do you get paid to think? You prove how much thinking went into the process by your documentation. On a paper chart, this is straightforward: you see a patient, talk to them, formulate a plan, and scribble out a note. The paper is easy to pull out and read, or copy, or whatever. You can take it with you on a clipboard into the room. Unless you get laptops with carts, you can't do that with EMR.

      When you're in a hospital with EMR, you have to remember your username and password (and every password system has a different expiry cycle). In the one hospital in which I work, I have SIX systems with different usernames and passwords - the general EMR system (which has labs and dictations), the radiology system, the pharmacy dispensing system, the OR EMR system, the OR scheduling system, and email. Those who admit patients to two or three hospitals have this problem at each and every one.

      In other words, physicians have two jobs - one as a physician, and one as a data-entry clerk. Not surprisingly, we are incredibly averse to spending time and effort on the second of these jobs, and anything that causes that data entry to take more time is costing us money. Not only that - the electronic records are often inferior to the paper ones they replace. In particular, many branches of medicine use drawings or diagrams. It's nice not to have to deal with handwriting, but a heart diagram with coronary blockages marked by location and percentage blocked is superior to a verbal description of those blockages.

  3. nothing in common by Anonymous Coward · · Score: 2, Informative

    Google health and the stimulus money are 2 very different things. They have no relationship.

  4. They can't get it into their heads... by jjoelc · · Score: 4, Insightful

    That it is OUR health data... and not theirs. If *I* want to post my health info to google, I should be able to. I should be able to obtain my own data relatively easily and painlessly (aside from whatever the doctor did to me, I mean!) and I shouldn't have to go through the whole battery of duplicate tests everytime I go to a different doctor.

    I don't exactly want just anybody to be able to get to MY data either... But I trust google with it a lot more than I trust my insurance company!

    No matter how this all pans out... I just want to have access to all of it myself, not locked up in some doctor's storage shed, or some insurance company's tape archive..

    It's MY data... give it to ME, and let ME decide what to do with it. If I leave it out in the open, and the insurance company decides to charge me more because of something *I* allowed them to read, or if *I* lose info, and have to duplicate a bunch of tests.. at least it will be *MY* fault...

    1. Re:They can't get it into their heads... by jav1231 · · Score: 2, Insightful

      "I don't exactly want just anybody to be able to get to MY data either... But I trust google with it a lot more than I trust my insurance company!"

      You are frightening!

    2. Re:They can't get it into their heads... by scamper_22 · · Score: 2, Insightful

      And what planet have you been living in?
      If you want a prescription, can you just get one yourself?

      Do you know why you aren't allowed to? Because you're not responsible. You need to expertise of a doctor to diagnose and prescribe things for you. You can't be responsible with prescriptions. And you certainly can't be trusted with your own health data.

      Of course that's what the medical associations tell us... to maintain their strangle hold monopoly over health care.
      That's the real reason they are against any of this. So much of the medical diagnosis could be automated. Everything from image analysis to the various charts they read off.

    3. Re:They can't get it into their heads... by demonlapin · · Score: 4, Interesting

      So much of the medical diagnosis could be automated. Everything from image analysis to the various charts they read off.

      I am aware that I may be pissing up a rope here. However.

      I'm a physician, and I'd be happy to let every drug (except antibiotics) be over-the-counter. Kill yourself, make yourself better, get high - it's really no skin off my back. But good diagnosis is hard, and it's definitely not automatable except in the most trivial of situations. After all, if it were automated, you'd have a great product to sell to physicians who could then hire a vast cadre of nurses to do the patient interviews and generate the diagnoses, which they could then swoop in and bill for.

  5. I trust no one with my health records by thetoadwarrior · · Score: 3, Interesting

    Don't get me wrong, i do think Google is one of the best, if not the best, company to trust my data with (not that is something to brag about) but my health records are a complete no-no. I don't want anyone except the doctor I'm using at the time to see them. Not that I'm some sort of gimp with all sorts of shit oozing from my body but my health records are *the* most private thing to me imo.

    I'll happily expose my genitals online but not my health records.

    1. Re:I trust no one with my health records by Anonymous Coward · · Score: 2, Funny

      Pics or your full of it...

  6. The real problem with centralized records by slackergod · · Score: 5, Insightful

    I work for a company that produces various types of medical records management software (credentials management, PHI document exchange, EMR); and I've spent a lot of time talking to a number of doctors, both tech-saavy and not so much. That disclaimed...

    Let me tell you what the key problem is with electronic medical records: they are legally the property of the patient, but no doctor can (or will) trust the important details of such records unless they come from another doctor, and have a verifiable history leading back to that doctor. Not that they don't believe the part that lists a patient's allergies, but when the medical record says the patient has a debilitating disease which *requires* they be given morphine and lots of it, the doctor has to be able to verify the patient didn't just fake a record for a quick drug fix.

    This leads to an interesting state electronically: if data records are to be centralized, a public key system must be set up, tied to each doctor, allowing them to both contribute & authenticate records, and allowing the patient to do the same (but the patient contributions will have to remain "untrusted" medically). You can have centralization without a public key system, but then you're just trusting the gatekeeper to never mess up, get hacked, or paid off. And even if you'd set up such a system which you know (as a programmer/cryptographer) can be made to work... you have to get the doctors to trust it as well; as given how seriously most of them take the responsibility to safeguard their patient's records, that's a hard sell even to a tech-saavy doctor.

    Which is why the only major movement we've had in adoption of electronic records has been a decentralized one... doctors are converting their offices to use electronic systems internally, exchange information electronically; but always records are transmitted in a p2p fashion (whether by email, fax, courier, etc); allowing the receiving doctor to trust the veracity of the information (at least as far as they trust the originating doctor); without requiring them to trust the patient.

    Google Health is merely one of the most prominent "my PHR online" projects out there, but the problem they are faced with solving is not merely legal or luddite based, but a issue of cryptographic trust in it's truest sense.

    And that's not to mention that centralization of medical records creates a much more attractive point of failure for all kinds of things (such identity theft, if merely for the purposes of using some else's insurance),
    and even if a public key system is implemented, the doctor (and staff) are handing off part of their trust to a central database... and given the mess of outdated information the NPI registry contains, they are loath to believe in such a system.

    disclaimer: my company has a number of ongoing projects in this field, but my assessment here is pretty well unbiased architecture and adoption-wise as far as I know, we have a number of pokers in the fire fitting most of the above scenarios.

    1. Re:The real problem with centralized records by slackergod · · Score: 4, Informative

      It occurs to me I used a bunch of industry specific acronyms in the above post; let me define 'em...

      PHR - patient health records

      PHI - protected heath information - mostly equivalent to PHR, but sometimes with private doctor-to-doctor discussions (such as a patient's drug seeking habits)

      EMR - electronic medical records - "EMR" software as a class basically is the eletronic equivalent of the wall of paper charts in your doctor's office. most PHR exchange will happen between these types of systems, or be printed out, edited, and faxed (sometimes to another EMR).

      credentialling / credentials management - tracking of doctor licenses, certifications, etc... this stuff is personal information about the doctors (ssn, etc) that's flying around between their office, the govt, and insurance companies.

      NPI / NPIDB - National Practitioner Data Bank - government database of the public parts of a doctor's credentials; that's trying to unify and replace all the others that are out there (UPIN, Medicaid, Medicare, DEA). It's in use, but the information frequently is years out of date, even with the best intent of all involved.

    2. Re:The real problem with centralized records by CrashandDie · · Score: 5, Informative

      Hey sg,

      The thing is that a decentralised system isn't a bad thing at all. PKI was designed, from the start, to be usable as a non-centralised system (non-pyramid). Realistically speaking, using the same example as the one you offered, where a doctor needs to validate medical records provided by the patient to be truthful, you only need to verify the other doctor's credentials and a signed file.

      Now we get back to the old "How do I trust another doctor's certificates?", well, we use a centralised service. Each doctor needs to enroll (Google cache of the same document) to get his certificates, and they are delivered by a central authority, possibly governmental (or whatever authority governs doctors in your country). It's not a very hard thing to do, and can be implemented for roughly a couple million dollars -- the whole system.

      How many doctors are there in the US? A laughable amount if you compare how many certificates are issued for the DoD. Heck, you could even implement it to be fully PIV-C compatible, and get cross-certification from the US government, and would allow doctors' credentials to be easily validated during a crisis.

      Heck, nobody even needs to own the PKI solution in the US. The government can do it for you, if you are a valid organisation, an excellent project provides certificate management for you. Outside the US it gets a bit more difficult, as interoperability is not quite as great as in the US, however PIV is starting to have quite a lot of traction in Europe as well (I can't remember off the top of my head if it's PIV-I or PIV-C that is being implemented with the UK police forces). A pretty good read (Google cache as it doesn't seem to be loading from here) about how data is provided on a PIV smartcard.

      That being said, maybe the health care professionals ought to have raised their voice at the same time the engineers and scientists did (Google cache)?

    3. Re:The real problem with centralized records by slackergod · · Score: 2, Informative

      I agree with you: decentralized is fine; and decentralized + PKI would be even nicer security wise. And as a patient, I'd trust it over a central system for all the reasons mentioned elsewhere in this discussion.

      My main point was that while PKI is optional for decentralized PHR, in order to develop a centralized PHR system like Google Health, you pretty much *have* to have PKI before the doctors will use your system. The lack of trust is a design flaw which, somehow, I don't think any of the centralized phr developers have even realized that they have, much less that PKI would fix it... otherwise they'd be hawking it at the forefront of their advertisements to doctors. I'm not really sure how they missed the trust issue, because it's the first thing the doctors I work with mentioned after they heard about Google Health.

      BTW, those are some nice links regarding PKI, thanks for them! Going to have to look into how I can put that stuff to use.

  7. Re:Chinese stealing American medical data? by Anonymous Coward · · Score: 2, Informative

    You must be incredibly naive if you think existing EMR companies are going through this much trouble to keep data secure. I worked as a contractor for a leading EMR site, and it was an ASP.NET/MSSQL hack-job littered with SQL injection holes and easy-to-guess backdoors (think admin/admin). I don't hold out much hope that we were the exception to the rule.

  8. EMR is much more than record keeping. by MMC+Monster · · Score: 3, Insightful

    I am a physician.

    The only way doctors are going to go to EMR systems is when they improve the bottom line.

    The people that create many EMR systems understand that, and build the systems in a way so that physicians can increase the billing rate above what they can do with paper systems.

    I currently do my patients records on paper. I bill much lower than I could, because I'm scared about penalties associated with being caught over-billing.

    My office is going EMR within the next year. I am positive that the amount I will bill for just about everything will increase, and I will (hopefully) offset the cost of going electronic at that point.

    Is EMR going to reduce the cost of health care? Almost certainly not. It will likely allow physicians to drill down into their database of patients to see:
    1. which ones haven't been seen in a while and bring them in.
    2. which ones are eligible for a procedure but haven't had it yet.

    Will this decrease patient morbidity (illness) and mortality (death)? Probably, but that can only be determined by (likely retrospective) studies.

    --
    Help! I'm a slashdot refugee.
    1. Re:EMR is much more than record keeping. by MMC+Monster · · Score: 2, Informative

      Before you complain about number 2:

      There are certain guidelines that, if followed, are supposed to improve mortality. The problem is some patients are just lost to followup, therefore miss out on the procedures that may potentially save their lives (such as colonoscopies).

      If the database is not drilled for these procedures, I can see a lawsuit happen from the family members of someone who got lost to followup and then died of metastatic cancer (due to a missed colonoscopy) or sudden death (due to not getting a defibrillator when they were eligible).

      --
      Help! I'm a slashdot refugee.
    2. Re:EMR is much more than record keeping. by Anonymous Coward · · Score: 3, Interesting

      BTW, as a developer of an EMR (or as it's currently called, EHR - Electronic Health Record. Gotta keep up with the buzzword bingo) and friends with a number of doctors using our EMR, competitors' EMRs, and plain paper, the number one problem with using electronic records to get more money is that the insurance companies are on to us.

      One doctor started getting regularly audited by Medicare because their E&M code "bell curve" shifted upwards - they were doing more level 4 and 5's than before, all because their medical record software told them "you're so close to the next level, add x and you'll have sufficient documentation for it!" Of course, this isn't limited to electronic records (I've got an HPI textbook that tells me that smoking status, whether smoking or not, is always pertinent medical history), but when all of the "x"s are just checkboxes, it's pretty easy to go down the list and hit them all.

    3. Re:EMR is much more than record keeping. by Anonymous Coward · · Score: 2, Interesting

      I recently did consulting for a practice going from paper encounter forms/computer billing to EMR/computer billing. With the old system, when audited, they just pull the encounter forms with a bunch of checkboxes and circles. With the EMR, if they get audited.... they're fucked because their EMR notes do not support what they're trying to bill for. I'm sure it's only a matter of time before doctors are told to optimize their billing (or they figure out how to game it to get in their required RVUs).

  9. More costs than you would think! by Old+Flatulent+1 · · Score: 3, Interesting
    The reality of going to an all digital system is not as clear cut as many on /. would believe. Vancouver Island Canada has to a large extent undergone a huge change over to E-film and E-records, and has perhaps the most advanced systems around. The costs of making all this work has not been reflected in reduced numbers of staff needed to handle data instead of paper.

    There still are large amounts of paper necessary for day to day operations and getting Doctors and clinics to effectively use secure online services has been nothing short of a nightmare. It costs more to do day to day operations and many say they would find going back to simple reliable terminal based systems more efficient and cost effective! The costs of supporting, securing and system training for PC based software is over the top and is a tremendous burden on any essential service.

  10. Why should I care about Google? by Bill_the_Engineer · · Score: 2, Insightful

    If Google isn't getting their money's worth from all that campaigning with Obama, why should I care?

    There are other corporations that understand HIPAA, the value of privacy, and willing to enter an agreement that makes them risk liability and criminal penalties for accidental disclosure.

    I can't understand the irrational willingness to give all data to Google. Of course, this is Slashdot so a lot of comments are from people predisposed to like and trust Google. This is despite comments from Google executives that say otherwise. I guess Google's position would be that if you have something embarrassingly wrong with you then don't go to the doctor...

    --
    These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
  11. Medical data has owners by law by sjbe · · Score: 4, Informative

    There is no such thing as data ownership.

    Pity the law doesn't agree with you. Not on medical records at the very least.

  12. Can you waive liability? by beakerMeep · · Score: 2, Informative
    Seems to me there are some rights you shouldn't be able to waive in any agreements. A bit of (ironic) Googling turned up an article saying that waiving rights to gross negligence is unenforceable in California.

    FTA:

    California defines gross negligence as either a "want of even scant care" or "an extreme departure from the ordinary standard of conduct." In contrast, ordinary negligence consists of a "failure to exercise the degree of care in a given situation that a reasonable person under similar circumstances would employ to protect others from harm."

    The "traditional skepticism" concerning agreements to release liability for future torts is expressed, the court said, in a California statute providing that all contracts with the purpose of exempting anyone from their "own fraud, or willful injury to the person or property of another, or violation of law, whether willful or negligent, are against the policy of the law."

    I'd be interested if a lawyer (or other slashdotter) knew of a case where someone was denied remedy in a negligence case because they waived liability.

    --
    meep