Slashdot Mirror

← Back to Stories (view on slashdot.org)

Medical Professionals Aren't Leaping For E-Medicine

Posted by timothy on from the our-menu-options-have-recently-changed dept.

theodp writes "Despite all the stimulus money being directed toward developing electronic medical records, surprisingly few doctors, hospitals and insurers are using Google Health and other sites like it. One reason, Newsweek suggests, may be that Web-based personal-health records like the ones being compiled on Google Health don't appear to be covered under HIPAA, which requires that health care providers and health plans protect patient confidentiality. 'We don't connect that information to other aspects of Google,' explains Dr. Roni Zeiger, product manager for Google Health. Still, the federal government is in the process of drafting privacy recommendations that would apply to Google Health, as well as the makers of consumer apps that perform tasks like monitoring blood pressure."

9 of 98 comments (clear)

  1. Sketchy. by Anonymous Coward · · Score: 4, Interesting

    I wasn't even aware Google produced a product called Google Health.

    I can understand their other technology developments, but this is one area where it's blatantly apparent that they just want to know a scary amount about each of their users...

    1. Re:Sketchy. by sonicmerlin · · Score: 4, Insightful

      Or maybe it's just Google's way of serving the public good while increasing their mindshare among medical professionals?

  2. They can't get it into their heads... by jjoelc · · Score: 4, Insightful

    That it is OUR health data... and not theirs. If *I* want to post my health info to google, I should be able to. I should be able to obtain my own data relatively easily and painlessly (aside from whatever the doctor did to me, I mean!) and I shouldn't have to go through the whole battery of duplicate tests everytime I go to a different doctor.

    I don't exactly want just anybody to be able to get to MY data either... But I trust google with it a lot more than I trust my insurance company!

    No matter how this all pans out... I just want to have access to all of it myself, not locked up in some doctor's storage shed, or some insurance company's tape archive..

    It's MY data... give it to ME, and let ME decide what to do with it. If I leave it out in the open, and the insurance company decides to charge me more because of something *I* allowed them to read, or if *I* lose info, and have to duplicate a bunch of tests.. at least it will be *MY* fault...

    1. Re:They can't get it into their heads... by demonlapin · · Score: 4, Interesting

      So much of the medical diagnosis could be automated. Everything from image analysis to the various charts they read off.

      I am aware that I may be pissing up a rope here. However.

      I'm a physician, and I'd be happy to let every drug (except antibiotics) be over-the-counter. Kill yourself, make yourself better, get high - it's really no skin off my back. But good diagnosis is hard, and it's definitely not automatable except in the most trivial of situations. After all, if it were automated, you'd have a great product to sell to physicians who could then hire a vast cadre of nurses to do the patient interviews and generate the diagnoses, which they could then swoop in and bill for.

  3. The real problem with centralized records by slackergod · · Score: 5, Insightful

    I work for a company that produces various types of medical records management software (credentials management, PHI document exchange, EMR); and I've spent a lot of time talking to a number of doctors, both tech-saavy and not so much. That disclaimed...

    Let me tell you what the key problem is with electronic medical records: they are legally the property of the patient, but no doctor can (or will) trust the important details of such records unless they come from another doctor, and have a verifiable history leading back to that doctor. Not that they don't believe the part that lists a patient's allergies, but when the medical record says the patient has a debilitating disease which *requires* they be given morphine and lots of it, the doctor has to be able to verify the patient didn't just fake a record for a quick drug fix.

    This leads to an interesting state electronically: if data records are to be centralized, a public key system must be set up, tied to each doctor, allowing them to both contribute & authenticate records, and allowing the patient to do the same (but the patient contributions will have to remain "untrusted" medically). You can have centralization without a public key system, but then you're just trusting the gatekeeper to never mess up, get hacked, or paid off. And even if you'd set up such a system which you know (as a programmer/cryptographer) can be made to work... you have to get the doctors to trust it as well; as given how seriously most of them take the responsibility to safeguard their patient's records, that's a hard sell even to a tech-saavy doctor.

    Which is why the only major movement we've had in adoption of electronic records has been a decentralized one... doctors are converting their offices to use electronic systems internally, exchange information electronically; but always records are transmitted in a p2p fashion (whether by email, fax, courier, etc); allowing the receiving doctor to trust the veracity of the information (at least as far as they trust the originating doctor); without requiring them to trust the patient.

    Google Health is merely one of the most prominent "my PHR online" projects out there, but the problem they are faced with solving is not merely legal or luddite based, but a issue of cryptographic trust in it's truest sense.

    And that's not to mention that centralization of medical records creates a much more attractive point of failure for all kinds of things (such identity theft, if merely for the purposes of using some else's insurance),
    and even if a public key system is implemented, the doctor (and staff) are handing off part of their trust to a central database... and given the mess of outdated information the NPI registry contains, they are loath to believe in such a system.

    disclaimer: my company has a number of ongoing projects in this field, but my assessment here is pretty well unbiased architecture and adoption-wise as far as I know, we have a number of pokers in the fire fitting most of the above scenarios.

    1. Re:The real problem with centralized records by slackergod · · Score: 4, Informative

      It occurs to me I used a bunch of industry specific acronyms in the above post; let me define 'em...

      PHR - patient health records

      PHI - protected heath information - mostly equivalent to PHR, but sometimes with private doctor-to-doctor discussions (such as a patient's drug seeking habits)

      EMR - electronic medical records - "EMR" software as a class basically is the eletronic equivalent of the wall of paper charts in your doctor's office. most PHR exchange will happen between these types of systems, or be printed out, edited, and faxed (sometimes to another EMR).

      credentialling / credentials management - tracking of doctor licenses, certifications, etc... this stuff is personal information about the doctors (ssn, etc) that's flying around between their office, the govt, and insurance companies.

      NPI / NPIDB - National Practitioner Data Bank - government database of the public parts of a doctor's credentials; that's trying to unify and replace all the others that are out there (UPIN, Medicaid, Medicare, DEA). It's in use, but the information frequently is years out of date, even with the best intent of all involved.

    2. Re:The real problem with centralized records by CrashandDie · · Score: 5, Informative

      Hey sg,

      The thing is that a decentralised system isn't a bad thing at all. PKI was designed, from the start, to be usable as a non-centralised system (non-pyramid). Realistically speaking, using the same example as the one you offered, where a doctor needs to validate medical records provided by the patient to be truthful, you only need to verify the other doctor's credentials and a signed file.

      Now we get back to the old "How do I trust another doctor's certificates?", well, we use a centralised service. Each doctor needs to enroll (Google cache of the same document) to get his certificates, and they are delivered by a central authority, possibly governmental (or whatever authority governs doctors in your country). It's not a very hard thing to do, and can be implemented for roughly a couple million dollars -- the whole system.

      How many doctors are there in the US? A laughable amount if you compare how many certificates are issued for the DoD. Heck, you could even implement it to be fully PIV-C compatible, and get cross-certification from the US government, and would allow doctors' credentials to be easily validated during a crisis.

      Heck, nobody even needs to own the PKI solution in the US. The government can do it for you, if you are a valid organisation, an excellent project provides certificate management for you. Outside the US it gets a bit more difficult, as interoperability is not quite as great as in the US, however PIV is starting to have quite a lot of traction in Europe as well (I can't remember off the top of my head if it's PIV-I or PIV-C that is being implemented with the UK police forces). A pretty good read (Google cache as it doesn't seem to be loading from here) about how data is provided on a PIV smartcard.

      That being said, maybe the health care professionals ought to have raised their voice at the same time the engineers and scientists did (Google cache)?

  4. Medical data has owners by law by sjbe · · Score: 4, Informative

    There is no such thing as data ownership.

    Pity the law doesn't agree with you. Not on medical records at the very least.

  5. Re:Googlectomy by demonlapin · · Score: 4, Informative

    Physicians are not (necessarily) technophobes. Allow me to explain.

    One of the many oddities of medicine in the US is the payment model. There are two ways in which physicians can earn money: by doing procedures, or by applying their learning. Now, procedures are fairly straightforward; if you do it, you can bill for it. But how do you get paid to think? You prove how much thinking went into the process by your documentation. On a paper chart, this is straightforward: you see a patient, talk to them, formulate a plan, and scribble out a note. The paper is easy to pull out and read, or copy, or whatever. You can take it with you on a clipboard into the room. Unless you get laptops with carts, you can't do that with EMR.

    When you're in a hospital with EMR, you have to remember your username and password (and every password system has a different expiry cycle). In the one hospital in which I work, I have SIX systems with different usernames and passwords - the general EMR system (which has labs and dictations), the radiology system, the pharmacy dispensing system, the OR EMR system, the OR scheduling system, and email. Those who admit patients to two or three hospitals have this problem at each and every one.

    In other words, physicians have two jobs - one as a physician, and one as a data-entry clerk. Not surprisingly, we are incredibly averse to spending time and effort on the second of these jobs, and anything that causes that data entry to take more time is costing us money. Not only that - the electronic records are often inferior to the paper ones they replace. In particular, many branches of medicine use drawings or diagrams. It's nice not to have to deal with handwriting, but a heart diagram with coronary blockages marked by location and percentage blocked is superior to a verbal description of those blockages.