Medical Professionals Aren't Leaping For E-Medicine

theodp writes "Despite all the stimulus money being directed toward developing electronic medical records, surprisingly few doctors, hospitals and insurers are using Google Health and other sites like it. One reason, Newsweek suggests, may be that Web-based personal-health records like the ones being compiled on Google Health don't appear to be covered under HIPAA, which requires that health care providers and health plans protect patient confidentiality. 'We don't connect that information to other aspects of Google,' explains Dr. Roni Zeiger, product manager for Google Health. Still, the federal government is in the process of drafting privacy recommendations that would apply to Google Health, as well as the makers of consumer apps that perform tasks like monitoring blood pressure."

The real problem with centralized records

[slackergod]

I work for a company that produces various types of medical records management software (credentials management, PHI document exchange, EMR); and I've spent a lot of time talking to a number of doctors, both tech-saavy and not so much. That disclaimed...

Let me tell you what the key problem is with electronic medical records: they are legally the property of the patient, but no doctor can (or will) trust the important details of such records unless they come from another doctor, and have a verifiable history leading back to that doctor. Not that they don't believe the part that lists a patient's allergies, but when the medical record says the patient has a debilitating disease which *requires* they be given morphine and lots of it, the doctor has to be able to verify the patient didn't just fake a record for a quick drug fix.

This leads to an interesting state electronically: if data records are to be centralized, a public key system must be set up, tied to each doctor, allowing them to both contribute & authenticate records, and allowing the patient to do the same (but the patient contributions will have to remain "untrusted" medically). You can have centralization without a public key system, but then you're just trusting the gatekeeper to never mess up, get hacked, or paid off. And even if you'd set up such a system which you know (as a programmer/cryptographer) can be made to work... you have to get the doctors to trust it as well; as given how seriously most of them take the responsibility to safeguard their patient's records, that's a hard sell even to a tech-saavy doctor.

Which is why the only major movement we've had in adoption of electronic records has been a decentralized one... doctors are converting their offices to use electronic systems internally, exchange information electronically; but always records are transmitted in a p2p fashion (whether by email, fax, courier, etc); allowing the receiving doctor to trust the veracity of the information (at least as far as they trust the originating doctor); without requiring them to trust the patient.

Google Health is merely one of the most prominent "my PHR online" projects out there, but the problem they are faced with solving is not merely legal or luddite based, but a issue of cryptographic trust in it's truest sense.

And that's not to mention that centralization of medical records creates a much more attractive point of failure for all kinds of things (such identity theft, if merely for the purposes of using some else's insurance),
and even if a public key system is implemented, the doctor (and staff) are handing off part of their trust to a central database... and given the mess of outdated information the NPI registry contains, they are loath to believe in such a system.

disclaimer: my company has a number of ongoing projects in this field, but my assessment here is pretty well unbiased architecture and adoption-wise as far as I know, we have a number of pokers in the fire fitting most of the above scenarios.

Re:The real problem with centralized records

[CrashandDie]

Hey sg,

The thing is that a decentralised system isn't a bad thing at all. PKI was designed, from the start, to be usable as a non-centralised system (non-pyramid). Realistically speaking, using the same example as the one you offered, where a doctor needs to validate medical records provided by the patient to be truthful, you only need to verify the other doctor's credentials and a signed file.

Now we get back to the old "How do I trust another doctor's certificates?", well, we use a centralised service. Each doctor needs to enroll (Google cache of the same document) to get his certificates, and they are delivered by a central authority, possibly governmental (or whatever authority governs doctors in your country). It's not a very hard thing to do, and can be implemented for roughly a couple million dollars -- the whole system.

How many doctors are there in the US? A laughable amount if you compare how many certificates are issued for the DoD. Heck, you could even implement it to be fully PIV-C compatible, and get cross-certification from the US government, and would allow doctors' credentials to be easily validated during a crisis.

Heck, nobody even needs to own the PKI solution in the US. The government can do it for you, if you are a valid organisation, an excellent project provides certificate management for you. Outside the US it gets a bit more difficult, as interoperability is not quite as great as in the US, however PIV is starting to have quite a lot of traction in Europe as well (I can't remember off the top of my head if it's PIV-I or PIV-C that is being implemented with the UK police forces). A pretty good read (Google cache as it doesn't seem to be loading from here) about how data is provided on a PIV smartcard.

That being said, maybe the health care professionals ought to have raised their voice at the same time the engineers and scientists did (Google cache)?