Pages

Sunday, March 16, 2008

Electronic Medical Records (EMR)

A boon to patients or a threat to privacy?

113 comments:

Joel Sherman said...

I've already posted about this topic, mainly under the HIPAA thread. But it deserves its own thread.
EMR promises great benefits but threatens great dangers to privacy. Here's a brief summary of the pros and cons including the ability to take your portable records anywhere but the danger of having your identity stolen.
More to follow.

Joel Sherman said...

Electronic medical records are undoubtedly an innovation whose time has come. But it’s an immense undertaking which is being implemented piecemeal by a large number of entrepreneurs, none of whom have any reason to look at the larger picture or beyond their own bottom line. Medical offices look into a variety of systems which are appropriate for their scale; hospitals look at much larger systems. None of these are compatible with each other. They will all have to be replaced at some point by a national system that’s compatible with providers needs, so that a physician’s office can click and see what happened to their patient while vacationing a thousand miles away, and the hospital treating the patient can click and get the patients’ medical histories from their family physician. We haven’t even begun to look at the problems involved in achieving this just from a medical point of view. Then there are a whole host of privacy issues intertwined with this which can potentially be worked out, but I have little reason to think companies will take that seriously as it interferes with companies ability to make profits off the system. If this system is regulated like HIPAA, it will only ensure that big pharma, big insurance companies, and large employers can data mine the system to improve their profits.
I frankly don’t see how any of this can be accomplished without the framework of a national health system. Not that I trust the federal government to necessarily do it right. But if the planning is done by Medicare, Medicaid, 50 states, many hundreds of large insurance companies, and software entities like Microsoft and Google, there is no hope anyone will come out with one system that gets it right.
Whatever system is designed has to be achieved under a federal mandate with one final system ultimately used. Then its implementation has to be federally subsidized so that it is affordable to physicians and institutions alike. Just the cost of inputting all of our present paper data into the database is monumental. This undertaking will cost many billions.

Joel Sherman said...

Here's another review article which pretty well outlines the conflict of EMR with privacy concerns. The potential of EMR to improve medical care is very real, but it is all in the future on a wide scale. But the threat to privacy and of identity theft is here right now.

Joel Sherman said...

Here's an article which points out one of the potential pitfalls of widely available electronic medical records. For instance, your family doctor may know that you had an abortion 20 years ago or a sexually transmitted disease. But do you really want your dentist or pharmacist to have access to this as well. These issues are far from clear as EMRs evolve.

Joel Sherman said...

Here's a nice review of the logistical problems involved in developing a nationwide EMR system.
It's nearly self evident to me that only the federal government can commission and develop such a system. If Congress thinks that they can mandate the adoption of any such system in a vacuum they have lost any grip on reality.

Joel Sherman said...

I've already commented in another thread that the potentially worst complication of wide access to EMRs is the problem of medical identity theft.
Here's an article that goes into some details.

Joel Sherman said...

Here's an article by Deborah Peel, the head of the Patient Privacy Organization, (see links) which is a good review of the potential privacy problems with EMR.

Joel Sherman said...

Here's a brief article from a man who worked in the junk mail industry for years and is now a big defender of your right to own and control your own medical records.
It's worth a quick read.

Joel Sherman said...

Here's another physician's take on EMR and the unanswered problems associated with it. He also agrees with my position that this country's entrepreneurial position on the development of EMR is untenable.

Joel Sherman said...

If you thought the terms electronic medical records were interchangeable with electronic health records (I did), guess again. There's also a personal health record and others.
Here's an AMA reference. Someday maybe it will all be clear.

Joel Sherman said...

Here's a story from Vermont concerning mandating state wide EMR which discusses the pros and cons. Note the statement that if there are any financial savings from this, studies show it is reaped by insurance companies, not patients or providers. That's not how most legislators mandating EMR plan to place the burden of paying for it.

Joel Sherman said...

Here's a review from the NY Times of a New England Journal article referencing the possibilities, both good and bad, of major players like Google and Microsoft getting into electronic health records. (The NEJM article is not freely available online.) As noted above, I don't think it should even be considered unless HIPAA is extended to cover entities like this.
Personally I wouldn't trust any company to guard the privacy of my medical records. They are bottom line oriented businesses who make their money selling information, especially Google.

Joel Sherman said...

Here's an article that outlines the dangers of peronal health records online, and lists questions to ask any potential provider of this information.

This weeks New England Journal of April 17th had two editorials on the subject one of which gives similar cautions. (I cannot reprint these copyrighted editorials.) The other editorial talks about a different aspect of electronic records as they are usually used in offices that have them (<10% of all offices). These records are oriented towards billing purposes and not the easy transfer of pertinent information. Records are copied and repeated endlessly without any provider having to actually re-ask the questions. In fact many office visit records are huge just because they repeat initial information for coding and billing purposes and it is hard to dig out what's pertinent in the pages for the current illness.
Unfortunately digital information is not a panacea for all that ails medicine.

Anonymous said...

Upside: Patients can hopefully also access their own medical records in order to verify that information contained within is correct or that nothing is missing.

Downside: Possibility of medical identity theft made easier for computer hackers that are already threatening to steal our identities with fake e-mails.

Joel Sherman said...

Another article from the Wall Street Journal which lists many instances of medical records being stolen online. It also talks about the large number of hospital employees who have access to full records in most institutions. It is feasible however to limit the data available so that it's appropriate to the person who's looking, so that for instance lab techs would see only lab data. Unfortunately huge numbers of people can see your billing info which includes SSN and other sensitive info.

Joel Sherman said...

Here's a brief summary article from USA Today on the dangers of identity theft taken from electronic medical records. Don't see how the problem is going to be solved. It's only going to get worse for the foreseeable future.

Joel Sherman said...

Here's an article about Microsoft's new Health Vault system for medical records. The article copies Microsoft's privacy policy:

"Microsoft may access and/or disclose your personal information if we believe such action is necessary to: (a) comply with the law or legal process served on Microsoft; (b) protect and defend the rights or property of Microsoft (including the enforcement of our agreements); or (c) act in urgent circumstances to protect the personal safety and welfare of users of Microsoft services or members of the public" (emphasis added).

Note article (b). Microsoft reserves the right to do anything to protect their interests. In other words, they can do anything they want. Remember, Microsoft is not even covered under present HIPAA regulations. IMO anyone who believes that Microsoft will protect your privacy is very naive.

Joel Sherman said...

Here's a story about a proposed Congressional amendment which would be a step in the right direction. Of course that doesn't mean it will be passed and Bush would sign it.
This amendment would prevent distribution of medical records for marketing purposes, an elementary protection. I wouldn't bet it will pass.

Joel Sherman said...

The Congressional amendment has been approved by the committee. It still has a long way to go before it becomes law.
I note that this committee is chaired by Sen. Kennedy. His serious illness may also interfere with this legislation.

Joel Sherman said...

Here's a good article in the AMA News weekly which outlines all of the difficulties in achieving a unified national EMR database which can offer ready access to medical records. The difficulties are immense and the effort has been under funded in the extreme on a federal level.
All the difficulties mentioned are impressive, but most impressive to me, the article doesn't even consider the immense additional problems with the privacy of your medical records.

Joel Sherman said...

Google Health is now online in a beta version. They promise to let you post your records online from multiple sources. I am unclear how many sources are available for that. My guess is very few, so it may not yet be practical.
Worse it will take years before we really know how well your privacy will be protected, or will your records be data mined by all their advertisers?

Joel Sherman said...

Here's more on Google's privacy policy. It's positively frightening. I wouldn't trust them with my dog's medical records at this point. They promise to keep them private except they can share them with almost anyone they please! I will wait a few years.

Joel Sherman said...

Here's another good article outlining why Google's privacy guarantee is meaningless.
I'll continue to pass on Google's new service.

Joel Sherman said...

Here's a small battle won in California. But the bill is not dead yet.
It will be a never ending battle to protect your privacy against big pharma and big corporations.

Joel Sherman said...

For balance here's the opinion of a fairly knowledgeable and presumably independent person with administrative background singing the praise of Google healthcare.
No one doubts that the potential benefits are immense, but he completely ignores the almost certain downsides.
Does he believe that Google is doing this out of a sense of nobility? They are a corporation answerable to stock holders and they have to have a profit motive behind all this. Development is expensive. The only way I can figure out that they'll make money off it is to sell your data to their 'associates' who are any companies who will pay for it, big pharma, medical equipment manufacturers, probably insurance companies, and nearly anyone else.
The article does clarify for me that Google has worked with 8 institutions only that they can transmit data to, so the scope is still very limited. And don't forget that Google is not covered by HIPAA, for whatever limited protection that may be.

Joel Sherman said...

Here's a good description of the health care problems you can have if your medical identity is stolen. Your medical record can suddenly include illnesses and problems that you don't have, and you may have insurance problems that take forever to rectify.

Joel Sherman said...

Here are three worthwhile articles on protecting patient privacy in the digital age. The first two are cautionary, the last is all in favor of Google and Microsoft. They are all worth reading. I remain suspicious of Google and Microsoft, but the arguments are important.
Article 1
Article 2
Article 3

Joel Sherman said...

Here's a nice summary article about the benefits and disadvantages of electronic medical records. One point not made is that EMRs are usually bloated with information that is just copied through from the start and not updated. It's there just for billing purposes so that they can upcode whenever possible. But it not only adds no new information, it makes it harder to find the pertinent new information, especially if it's a practice record with which you're not familiar.

Joel Sherman said...

Google and Massachusetts Blues are getting together to put patients' medical records online. Though the article says that doctors can add to the records, it will be mostly insurance and claim information which is relatively useless to the patient, but valuable to identity thieves. Doesn't say how providers contribute information outside of billing. If they don't have a compatible digital medical record system in place, don't know how they could.
EMR is still an idea that is ripe with promise, but overwhelmed by practical problems and dangers.

Joel Sherman said...

Here's a brief article about the political difficulties in developing a nationwide database of patient medical records.
Other references are given. Here's another expose of what Google privacy guarantees really mean. Don't worry about Google. They have themselves fully protected, though individual state laws could invalidate some provisions in your state.

Joel Sherman said...

This article has a nice summary of current progress in developing digital medical records. It gives details for individual states which are active in this endeavor.

Joel Sherman said...

I feel compelled to amplify my thoughts on Google Health. Here's one section of their terms of service:

10. Indemnification

You will defend or settle any third-party claim against Google, any third party Google Health feature providers, or any of Google's other licensors arising out of or related to your use of Google Health.


What that means is that if anyone sues Google and your name is mentioned, whether or not you had much to do with it, YOU are liable for defending Google and paying any damages. This multibillion dollar corporation wants you to spend your money defending them. How reasonable is that?
In medicine, indemnification is a dirty word. If I sign any agreement where I agree to indemnify anyone, my malpractice insurance will not cover the claim as I have already given away all rights to defend myself. I NEVER sign a contract which has that word in it, and I wouldn't for Google either. I'm not a lawyer and I don't know that this clause would hold up in a court, but I can guarantee you that it complicates your defense.

Joel Sherman said...

An interesting thought, are electronic medical records going to expose physicians to review of their treatment by any malpractice lawyers the patient wants to invite? Certainly if raw medical records are automatically posted digitally it is a possibility.
To me it's another consideration that confirms that physicians and providers get the least benefit from EMR. Who benefits? -potentially patients if records are really transferable safely across the country. But the real push is coming from insurance companies and the feds who hope to use it as a cost containment measure. Yet almost certainly the enormous cost burden of changing to digital records will be placed on physicians. This is not a one time cost which can be amortized, but will require continuing maintenance, support, and upgrades.

Joel Sherman said...

In case you weren't already confused by the different terms used such as electronic medical records vs electronic health records the formal definitions are now available.
I'm not sure how one goes about keeping them straight or if it makes much difference. I'll give it a try.

Joel Sherman said...

Here's a Congressional update on proposed legislation to spur the development of national health information technology.
People wonder why we're behind the rest of the Western world. The answer is easy. Other countries have a national health system and a single payer who can set rules and standards for everyone. Here we have the feds, 50 states and powerful corporations all with their own point of view and interest. Doctors aren't enthusiastic because they will bear the cost including high initial startup and high maintenance costs and see little financial incentive which will go mainly to insurance companies.

Joel Sherman said...

This article makes it sound like there has been a major break through by a consortium of technology firms, consumers and providers to agree on privacy standards for digital records.
Not enough details are given for me to judge whether this is real or not, but I will certainly try to follow it and get more details. Interestingly it says Google will have to change its format to conform.

Joel Sherman said...

Here's a link for the complete information regarding this agreement. The full agreement pdf is 8 MB so it will take me awhile to get thru it.
It does look significant.

Joel Sherman said...

Here's an article from Newsweek stressing all the benefits of accessible health records and downplaying the privacy risks. The potential benefits may well overcome the risks, but it's far from clear.
If I was setting up an account with Google or Microsoft I would be certain to post NO demographic information at the very least. That is don't give any identifying or financial information such as address, phone number, insurance, or SSN. That won't necessarily prevent your employer from getting the info, but it should inhibit most identity thieves.

Joel Sherman said...

Microsoft has finally posted their privacy agreements for HealthVault. Here's a quote:

Microsoft may access and/or disclose your personal information if we believe such action is necessary to: (a) comply with the law or legal process served on Microsoft; (b) protect and defend the rights or property of Microsoft (including the enforcement of our agreements); or (c) act in urgent circumstances to protect the personal safety and welfare of users of Microsoft services or members of the public.

In other words they can do anything they want with your records if they feel it's in their best interest. I'll continue to pass up both Google’s and Microsoft’s offer.

Joel Sherman said...

Here's a legislative update on Congressional efforts to pass and mandate a nation digital health record system.
At least some legislators are giving more than just lip service to patient privacy concerns.

Joel Sherman said...

Here's a nice article explaining the hazards of medical identity theft. It doesn't require electronic records; they can be stolen the old fashioned way off paper records or by outright theft of a person's wallet for instance. Probably most nowadays are stolen off of large computerized billing systems of hospitals or institutions where the thief could be one of hundreds of employees with access to billing records. The problem will only get worse if large national EMR databases are established without tight controls.

Joel Sherman said...

Here's a complimentary article on the national VA electronic records system which is available all over the country at VA hospitals. The article does not mention privacy concerns, but apparently the system works well nationwide.
I believe that a unified system like the VA could get a system to work. However it has little relation to bringing a national system to all of our private hospitals in different states with hundreds of different insurers. The VA is feasible, a truly national system is not feasible under our present health care system.

Joel Sherman said...

There's presently a big push on in some quarters for so called e-prescribing, authorizing prescriptions over the web. Has the potential advantage of speed and ease for the doctor and patient. Potentially it could also automatically check for interactions and contraindications, but this would only really be helpful if the patient was getting prescriptions from multiple physicians and all their prescriptions were on one database. That's a goal that won't be achieved in this country for decades, until there is a truly national system. In the meantime, it opens a host of privacy concerns which are impossible to resolve at this time.
Here's an article precipitated by the merger of two companies involved.

Joel Sherman said...

There's lots of discussion about the present bill in Congress whose purpose is to speed up the adoption of information technology.
Here are two summaries of what's happening:
Article 1
Article 2
I still think that they are putting the cart before the horse. What's needed first is a national health system; then it can be developed with modern digital technology over the entire system instead of piecemeal by every provider, jurisdiction, insurance company and pharmacy in this country.

Joel Sherman said...

Maybe a significant break through. A computer software program that claims to be able to automatically delete all identifying information from digital health records so that they can be forwarded for administrative or research purposes without fear of violating privacy. If true it should be made affordable and mandated everywhere.

Joel Sherman said...

Here's a brief update on what changes the Dingell committee made in the bill to encourage the adoption of national electronic records.
Most of the changes I approve of. It shouldn't be necessary to inform people everytime records which are made anonymous are accessed.
But the further provisions are even more important: 1.) prohibit sale of medical records 2.) provision for no cost digital copies 3) banning direct payment to providers who try to sell health care products to patients. Still needed is the extension of HIPAA to cover all entities that deal in medical records, especially Microsoft and Google.

Joel Sherman said...

The bill that passed Congress recently restoring physician payments from Bush's cuts also included a provision to promote e-prescribing. In an ideal world, a physician could look up a patient's medications on a site and in return the site could tell him if there was a conflict between meds, if a patient wasn't taking the meds, and warn the provider of allergies. We are far away from that goal. In truth at this stage in the game, e-prescribing will only expose patients to big pharma ads and insurer and employer reviews of their confidential information with few if any benefits over traditional methods. I'm against it at this point in time.

Joel Sherman said...

This post discusses an issue we haven't discussed much. Anytime your records are sent to another country, especially countries like India which processes a lot of medical transcription and diagnostic tests, you have lost all privacy protection. As laws stand now, you do not have to be notified if your medical information is sent out of the country. If your information is sold or abused outside this country, you have no legal recourse.

Joel Sherman said...

Yes, online records of prescriptions could stop patients filling multiple prescriptions for narcotics over and over again at different pharmacies. It would indeed be helpful.
But it should be a state run database and have nothing to do with big pharma who should have NO access to the database.

Joel Sherman said...

Here's an article outlining how insurance companies can mine your prescription information for their benefit as well as use them to deny coverage. This is not theoretical; it's happening now.

Joel Sherman said...

Here's a concrete example illustrating the dangers of e-prescribing

Joel Sherman said...

Hopefully my last post on this subject, but here's a review in the Washington Post which reiterates all the privacy problems with e-prescribing.

Joel Sherman said...

It's amazing all the ways your medical records can go astray. Georgia Blues sent over 200000 records to the wrong address. Some of them included demographic info including SSN's.
This is asking for identity theft.

Joel Sherman said...

Here's another post documenting the inherent dangers of e-prescribing.
That doesn't mean we shouldn't do it, but the appropriate safeguards need to be put into place first. These abuses are happening now and few patients realize it.
Do you really want your insurance company and others to have access to all kinds of information about you which you never understood they were going to get? They can and do routinely use this information to deny claims, deny insurance, and even deny employment.

Joel Sherman said...

Here's another summary about the privacy dangers of digital records. They are no doubt real.
Missing in all of this is a clear idea of how likely your digital records are to be abused. Is this a one in ten thousand chance or something that happens to most people? I'd certainly like more information about the likelihood of abuse or identity theft. Almost certainly, the chances of a problem are rapidly increasing as EMR's proliferate.

Joel Sherman said...

Here's a company, Practice Fusion, allowing free personal digital medical records online. What's the catch? They make their money by using Google's Adsense to mine your data to display ads on your screen. They say the companies won't have access to your demographics if you believe it. Not sure I believe it. When you log on anywhere your address is easily available and can be identified. Do they do it? I wouldn't know, but I'd rather pay a small fee for the service and not receive any ads, an option which is not available.

Joel Sherman said...

I don't usually agree much with Representative Pete Stark (D Cal) on much. He's usually very anti medical establishment. But here's a quote from an article on a proposed bill of his which gets it exactly right:

If we want a uniform, interoperable health care system in America, time has shown us that we can’t depend on the private sector to do it on their own,” he said in his news release. “This is the perfect role for government. We should work with stakeholders to develop the standards, ensure an affordable product is available, and pay providers to adopt it. That’s exactly what the Health-e Information Technology Act does.

The key is to make it a national federally regulated system and to give financial support for its adoption.

Joel Sherman said...

California takes the lead as usual, both in abuses and in proposing cures.
A bill has been signed by the governor setting out substantial fines for violations of patient privacy, both for individuals and institutions I believe. I'm sure it helped that the governor's wife's privacy was violated while she was in the hospital.

Joel Sherman said...

Here's a poll taken on how the public feels about electronic medical records whose use has been mandated by Congress, though we're still light years away from achieving it. 48% in favor, 28% opposed, the rest undecided. Most of the concerns people voiced were indeed about patient privacy which means these concerns are getting through.
Many think it's a panacea for error free inexpensive medical care. Whenever it gets here, I'm sure we'll find that its benefits are much more modest, though hopefully still significant. But the cost in terms of money and privacy remains unknown.

Joel Sherman said...

Here's a nice summary of the problems with non covered HIPAA entities such as GoogleHealth and Microsoft HealthVault from a patient privacy standpoint.
As no laws cover them, they can pretty much do anything they want with any health records you put online.

Joel Sherman said...

Long ago, the use of a unique patient identifier for all health records was recommended, but has yet to be implemented. Hopefully this could replace the dangerous use of social security numbers which are used for Medicare.
Here's a study from the Rand Corporation about its use which they estimate would cost up to 11 billion dollars. As always the costs are formidable and daunting.

Joel Sherman said...

Here's a new threat to patient privacy. A national pharmacy benefits provider has received a demand for blackmail payments, threatening to release millions of patient records.
Of course none of this would be possible without electronic medical information on large online databases.

Joel Sherman said...

This concerns the electronic records that pharmacies keep. Pharmaceutical companies have access to these records and data mine them. They know what drugs I prescribe and probably who gets them.
Here's a state that forbade the practice. Big pharma appealed and lost. All states need to do this.

Joel Sherman said...

Here's an industry follow up to the above story from New Hampshire.
The article claims that no patient identities are revealed. They don't claim that physician identities aren't revealed.
But no bother. Big pharma thinks they have a right to my records so that they can market their pills more effectively. That's an outrageous claim. My records should be just as private as my patients. I might agree with them only if they could show that somehow these records helped them to manufacture a more effective medication, but not how to market them.

Joel Sherman said...

Here's a brief article which nicely sums up the dangers of EMR and your prescription information.
The companies claim they only sell information with patients' permission, but I doubt that 1 person in a hundred really understands what's going on when they sign permission forms.

Joel Sherman said...

Here's an article summarizing the not reimbursed costs of EMRs from a physician's standpoint. Economically it is a high risk venture, and there are few benefits to physicians.
I've seen many records from offices that use EMRs. They look very impressive except when you realize that the 4-6 pages you get summarize a brief office visit and likely 95% of what you read was just defaulted from prior visits and carried forward by the computer without anything further being asked or examined.

Joel Sherman said...

Here is a highly technically post which explains well how we strayed from the ideal of interoperability for setting standards for EMR and HIPAA as well.
It tells a cautionary tale how competing interests easily subvert the best of Congressional intentions.

Joel Sherman said...

Obama pledges to have national electronic medical records in 5 years. It's a very ambitious goal, one which I doubt he can keep. I'm in favor of it if it's done right, but I don't see how it can be done right with our incredibly fragmented health system. A first goal should be some form of national health coverage which could then be unified by national EMR.

Joel Sherman said...

Here's a good summary of the quandary faced by national health info technology vs privacy concerns from the NY Times.
There's no answer in sight yet for this.

Joel Sherman said...

Here's a Wall Street Journal article discussing Obama's and the Democrats proposal to promote EMR. I don't find it very encouraging. They will give doctors a bonus if they have an interchangeable EMR system by 2011. What that usually involves is a 1-2% bonus on payments. In return physicians would likely have to lay out $30000-$50000 to install the system. No way. Worse the nation is nowhere near ready for interchangeable EMR. Those protocols haven't been worked out, and I doubt that they can be without a unified national health system.

Joel Sherman said...

I warned about this before. Anyone who thinks that Google and Microsoft don't intend to sell medical records to interested parties is living in a dream world. They wouldn't be offering personal online medical records unless they thought they could make a profit on them.
Here's a report that Google is lobbying to get laws changed so that they can do just that, that is sell your records.

Joel Sherman said...

Here's a balanced New York Times editorial on Obama's pending legislation on electronic medical records which is worth reading.
There are certainly some good parts of the bill. But I firmly believe that transferable electronic medical records is an issue whose time has not yet come. We need a unified national health system first.

Joel Sherman said...

With Obama posed to spend 20 billion advancing digital health records, there is a battle forming between the health industry and privacy advocates as to how it is done. The industry wants few restrictions on how they can use your data.
This issue is far from settled. Indeed it will likely be an ongoing battle for years. But there is a huge amount of money at stake and it could easily tilt towards the health industry data mining your health records under the guise of informing patients.
Stay tuned.

Joel Sherman said...

Not a surprise. There's room for lots of exceptions to Obama's stimulus package as they affect privacy in health care.
I have no idea what this will mean in practice except that I'm sure if left unchallenged the health industry will data mine every cent the can. Will anyone be watching?

Anonymous said...

Hi Joel,
I just do not understand the Obama rushed theory on this. Our government is so broken and our elected officials can not even protect us with laws already in place. If this happens the system of EMR will be broken into and information will be used against us when credit,jobs, and insurance is applied for. What happens when a doctor office inputs the wrong information or we go for a second opinion and we have two different opinions? My government does not pay a nickle of my medical expenses so at this point until they can prove me wrong I do not want them to get involved. My government must prove to me that they are responsible to handle such a task, otherwise they can go and try to fix the millions of things wrong with our government.

Thanks Daniel.

Joel Sherman said...

Patient privacy rights org thinks the privacy protections in the stimulus bill are an advance. I hope they're right but I fear it represents an improvement from a low point. Once again you can be sure industry will have teams of lawyers figuring out every possible way to circumvent any privacy provisions. It will take awhile to know how this plays out. But at least Obama gives lip service to privacy rights.

Joel Sherman said...

I don't think that most people realize just what happens with their prescription information. Many if not most companies market it to pharmaceutical companies and other interested parties.
Here's an example from CVS Caremark. I don't think Obama's package prohibits any of this, but I haven't seen the details.

Joel Sherman said...

Here's a lengthy article from a doctor about all the concerns with EMR. It focuses mainly on cost savings. Even ignoring start up costs, it makes the point that hospitals, institutions and physician practices are more likely to use the technology to upcode thereby increasing insurance payments than for any other reason. Sometimes one gets the impression that Obama thinks EMR will be a panacea for our health problems. I doubt it very much. I still don't believe a nationwide system can even be put functionally in place without first having a national health system.

Joel Sherman said...

Here's a very good article about EMR which summarizes the problems involved:
1. EMR potentially reduces profits
2.Technologic difficulties
3. Deciding on standards
4. Problems of access and privacy

I still maintain that EMR will not be practical until we have a unified national health system. I'm not holding my breath.

Joel Sherman said...

Here's an opinion piece in the Wall Street Journal from Harvard which debunks Obama's repeated claim that EMR will save 80 billion dollars in health costs. It's almost surely wishful thinking, something politicians are known for. That's not to say there won't indeed be some benefits, both medical and financial, but they will be much smaller. There are also some downsides which no one talks about.

Joel Sherman said...

This reference is mainly for physicians. It is an article from Medical Economics documenting the dangers and risk of instituting an EMR and billing system into your medical office. It makes for very thought provoking reading outlining all the difficulties a paractice can get themselves into including financial penalties from Medicare for unintentional false billing.

Anonymous said...

I just do not think that hackers and id thieves are going to have any problems with electronic records...look at what they do to banks now?...I am not sure how the "access by authorized persons only" will ever be enforced.
I understand the possible upside and benefits...I just do not ever want my medical records online..
leemac

Joel Sherman said...

Here's an idea we can all agree on. The VA already has a nationwide digital records system that really works. Unfortunately up to now when you're discharged from the military and go to the VA, no digital records are accessible to them from your service. This initiative would hopefully institute a military system of EMR and combine it with the VA system.

Joel Sherman said...

Here's a slightly different take on the subject. It also puts the emphasis on interoperability as I have, not on individual medical records, either personal or in a physician's office.
But it makes a new claim to me that even in single payer national systems such as the NHS in the UK, it is difficult to do and hasn't been very successful. I'm not sure how the articles emphasis on interchanges is different from what's hoped for here.

Anonymous said...

I do not want my medical records made electronic and put on the net.
A) there is no real security on the net.
B)I feel that this is a scheme to make multi-billionairs out of a programer or two.
C) If I want a provider to have access to my med records, it is easy enough to do now.
I think the government is going to do this lie they do so much else...their protocol seems to be....ready...shoot...aim
leemac

Joel Sherman said...

Here's a wrinkle I wasn't aware of. According to the usually accurate Wall St Journal, the stimulus bill passed last year by Congress requires that all electronic medical records be passed to a federal coordinator without the permission of the patient being needed.
If so the major patient privacy lobbying groups have completely missed this.
I'd like to see further follow up on this.

Anonymous said...

Between the stimulus requirement of handing some federal bureaucrat private and confidental information and what it seems as a furthering of government intrusion in teh new health bill along with teh electronic medical records regs and rules.. it is extremely frustrating... I see no better health care coming from it, but I do forsee a giant snafu....
I am in teh process of moving to a smaller town.. it has a hospital with less than 100 beds. I saw a headline for teh local news about it recieving recogniton for attaining a stage 6 standard... I had no idea what stage anything meant , but I thought that it sounded good.... OMG stages are how far along you are in electronic recors.. and you can only go to stage 7.. There are supposed to be only 5 or so hospitals of this size that have attained this level. I had known that it had astaffing problem and that it was affiliated with a nursing school and was nervous enough about those issues...
All I can say is that I hope I do not need hospitalisation there and hope that any health care bill that passses Congress addresses privacy in a real manner.
This same hospital has an RN who is a full time patient advocate. I have met him...that seems to be the only item their modernisation was right on.. except he never does patient care himself and there is only one other male nurse.
leemac

Anonymous said...

I wish there was a way to keep all your records private from anyone but your private doctor, or maybe a specialist if I need one. I wouldn't want every nurse, receptionist or anyone else to know that I had something like a hemorrhoid problem. That should be between you and your doctor, PERIOD!

Joel Sherman said...

In theory, medical records can be kept private. For instance, each user can be granted permissions according to what they need. For instance, a billing clerk could only access your account receivables and not medical information. However in order to bill, you need a diagnosis, so they would still know if you had hemorrhoids if you were billed under that code. In institutions the system can also break down in that people often don't log out when they are finished at a terminal. You'd think that rules would at least require that if a terminal is inactive for say 5 minutes, it automatically logs a user out.
The real danger though is not the ward clerk knowing you have hemorrhoids, but your employer or new prospective insurer knowing you have a serious and/or expensive to treat disease.

Joel Sherman said...

Leemac sent me this link from a NY Times article documenting how your prescription information can be obtained by all kinds of marketeers.
This is well known. Even worse sensitive prescription information can be obtained by potential employers and insurance companies who may reject you even though they have no legal access to your past medical information.

Anonymous said...

Not only can some gather all kinds of info on anyone it seems.. but they are not bound by any privacy acts ...
If a hacker gets your medical records..what is to stop him/her from altering them?.. delete an extreme allergy or give you a false one.?.. state you only want opposite gender care..(boy wake up in the hospital to discover they are honring that one and then try to convince them you don't)?...There is just no assurance any private medical info will be kept so.. Even the webs offering to store your info online have a long string of diclaimers...
I know.. there are situations where having this info Fast might be critical in some patients care...so it shoulod be an opt in/ opt out situation.
All other gathering of info by anyone should be criminalised.
leemac

Joel Sherman said...

Well here's something to think about. Rep. Patrick Kennedy of RI says people can opt out of having their histories of STD's or abortions put on their electronic medical records which are mandated by 2014.
I'm not familiar with the relevant bills. But that means that every patient will actively have to opt out. What about other histories such as mental illnesses which are now usually afforded special protection? HIV is encumbered with legal restrictions in many states, but if your medical record doesn't have it, it won't be of any use to anyone else.
I have strong doubts as to how workable these laws are.

Joel Sherman said...

Personal health records are hosted by various companies, most prominently Google and Microsoft. Patient Privacy Rights has graded them on the privacy protection of your records. They are all very poor which is no surprise. The article is worth reading for anyone who is tempted to put their medical history and data online.

Joel Sherman said...

This is a fairly balanced account of the pros and cons of electronic medical records.
I only note that the site apparently has commercial links with Microsoft who is clearly not a disinterested observer. The post also plays down the fact that we are light years away from any standardization so that one office's records cannot be made available to another office unless they have started with the same system.

Joel Sherman said...

Here's a NY Times article, about why this administrations push to have all medical records digital by 2015 doesn't stand a ghost of a chance of success. It was obvious from the very beginning that their requirements were unrealistic and couldn't be met. Here's documentation that even those institutions which are leaders in the field of electronic records can't meet them either.
You can legislate anything you can think of, but that doesn't mean it's going to happen.

Anonymous said...

Here is an issue about EMR probably none of you have heard of. I am an electronics engineer and have personally worked with the technology that will enable this. Very SOON you all will have to have the medical ID chip implant
that will be scanned to get your records. Many have it now. This same chip will also be your bank number and national ID. It will totally replace cash and debit cards. This is actually the "mark of the beast" as mentioned in the bible. Google it and see for yourself. I assure you this is fact.

Joel Sherman said...

Well I certainly have heard of it. A chip like that would actually be of use to high risk patients, such as those with severe and complex medical problems and patients who were unable to give their own history for whatever reason.
But I can't imagine an embedded chip being mandatory in this country for the foreseeable future. Too much like big brother is watching you.

Anonymous said...

The government always sneaks in things by touting them as a great convenience when they ultimately have other intentions for them. How will electronic medical records be useful if there is no way to scan everyone to get them? What if you end up in an accident far away from home and cannot speak? Without that implant chip how would they get your records? I believe that the new healthcare bill just passed has a provision in it to require EVERYONE to have the implant chip. In fact, I know I read it.This chip is know as a RFID chip, or radio frequency identification chip. When a handheld scanner passes over it the chip will emit a 16 digit code to the operator. The code can then be read to provide the information.
In some cities, ambulance crews are already trained to scan a person who is unconscious or dead for the chip. They then send the code to the hospital. You can look it up yourself. I wish I did not know what I know. You will see it soon.

Joel Sherman said...

Here's a nice brief summary on the pros and cons of electronic medical records.
I'd only add that the article doesn't go into exploring the prohibitive difficulties and cost involved in getting a system where records are easily transportable from anywhere in the country. The truth is that medical information is ever so much more complicated than financial records which can largely be reduced to numbers.

Anonymous said...

Lines 4 of the pros, and line 5 of the cons makes my point exactly. The Government WILL at some point in the near future make it mandatory after the health care plan is fully implemented. Then any government employee who has access to that system can see your private files. It will also allow the government to track you anywhere on earth. Absolutely frightening scenario.
Thank you Dr. Sherman for allowing me to write this.

Joel Sherman said...

Here is a long thorough position paper from the Patient Privacy Rights organization concerning informed consent and how it is needed to protect your electronic medical records in this digital age. It is worth reading through.

Anonymous said...

How common is it for doctors to deliberately exaggerate how much their patients weigh? The two doctors I've seen in the last few years always weigh me in at about 10 to 12 pounds heavier than a dozen other scales I've used immediately before and after. I'm told that for my general weight the only important thing is that they can see how much weight I've gained or lost since the last appointment so it doesn't really matter if that particular scales consistantly weighs me heavier than I am. MANY other people I've talked to say the same thing.

What worries me is that those inflated weights are put into my permanent medical records. I worry that if other doctors or specialists weigh me with an accurate scales they're going to see my EMR and believe that I lost 12 or 15 pounds in a relatively short amount of time. Therefore they're going to believe I have some type of serious health problem and will run me through every test imaginable to try to figure out this dramatic weight loss. Is this common? I also don't want everyone associated with the medical field to be able to pull up my records and believe that I actually weigh as much as it says in my EMR.

Who is allowed to see our EMR? Receptionists, medical assistants, pharmacists, employers, insurance companies? So far in my life I haven't had many medical problems, especially embarrassing ones, but I shutter to think what's going to happen in the future. If someday I have a problem with say, hemorrhoids, will everyone in the medical world be able to see that in my EMR? Can family doctors keep problems like that out of my EMR?

Joel Sherman said...

Anon, I never heard of any physicians purposely overestimating weight. It serves no medical purpose. Of course it depends how it's done. You may take your weight at home first thing in the AM wearing almost nothing and have it done fully dressed in an office with boots on and pockets full after a big meal. That could easily be worth 10 lbs.
Can't answer who can see your EMR. Every office could be different that's why EMRs are problematic for privacy. If you see a physician in a small office, it is likely that no others can access your records. Very few offices today have medical records that are transportable to insurance companies etc. That does not apply to financial records which generally would be viewable.

Joel Sherman said...

I am presently reading a book on comparative health systems, The Healing of America: A Global Quest for Better, Cheaper, and Fairer Health Care. I am amazed to discover that both in France and Germany patients are issued a credit sized plastic card which contains all their medical records, including billing and payment. Each physician enters a report when the patient is seen which is entered onto the card. From that point billing and payment is automatic and the patient always carries around their complete up to date medical record. Doctors don't even need to maintain files on patients. They can run an office without an administrative assistant.
How I would love a system like that. Though we in the US pride ourselves on our technological advancement, we're not even close.
I hope to eventually do a review of this book on the companion blog when I finish it.

Anonymous said...

Already, 3 hospital staff fired in Arizona for unauthorized accessing patient info of those involved in the shootings. This should be a story worth following.

http://www.washingtonpost.com/wp-dyn/content/article/2011/01/12/AR2011011205034.html

Doug/MER

Anonymous said...

Actually, it's 4 -- three clinical support staffers and one contracted nurse. At least the hospital seems to be pretty quick at catching them.

http://www.politico.com/news/stories/0111/47515.html

Doug/MER

Joel Sherman MD said...

Here's a nice skeptical article on why we should not be rushing into electronic medical records. Much more could be said. The entire system should be designed by government contract and essentially given to the industry at low cost. Not how it is done now, by individual companies whose systems are not interchangeable and whose major goal is to make a profit.

Joel Sherman MD said...

This is no surprise to me. Google has announced it is ending its 3 year medical foray into online personal electronic records.
The idea was always impractical. Each patient had to ferret out their own records and post them online individually, a highly onerous and difficult task. I'm sure Microsoft will follow sometime as well.
EMR must be standardized by the government and made fully transportable before it can work. It's just not a valid area for private for profit companies.

Joel Sherman MD said...

Here's a nice brief article outlining why Google Health was doomed to failure.
As I've said repetitively, such ventures are hopeless until there is a standardized integrated nationwide system for digital health information.

Joel Sherman MD said...

There's no end to the potential for privacy breaches with online medical records.
Here's a flagrant case of 300000 patient records online in California that weren't even password protected.

Joel Sherman MD said...

There's no doubt that at its best well done EMR can facilitate standardizing care. In this study, centers with EMR's were able to easily surpass centers who didn't have them in terms of meeting accepted guidelines for care of diabetes. By no means are all patients and diseases amenable to standardized protocols, but when available they certainly can improve care.
The problem is not so much that it can't be done, but that it's a mess for smaller practices to decide and obtain the best EMRs.

Joel Sherman MD said...

There's so many data privacy breaches that it's barely worth commenting.
But here's how Stanford Univ. Hospital posted identifiable medical records of 20000 ER visits online for a year until someone complained.

Joel Sherman MD said...

Here's a story about a physician who was fired by his employer because he was unable to become proficient with their new electronic medical record system. An extreme example of the path we're heading down. This has been coming on gradually for years, Obama didn't start it, but they are pushing it with the unproven and unlikely hope that EMR will bring down the cost of healthcare. In fact until we have a standardized universal transportable system in place, it will surely increase costs.

Site Meter