I have been meaning to do a long post on EMRs for a while. After reading a recent post on Ars Technica on this issue, I decided this is as good of a time as any.
Although Mr. Gitlin readily admits that EMRs are unlikely to solve the problems of “inefficiency” in the medical community within the US, he claims it will decrease cost in the end. He disdainfully alludes to “high cost” in the US system without ever questioning why the costs are so high besides noting that our focus is generally on emergent and not preventive care. Now we can argue this point to death, but if you’d like an enlightened point of view on this subject, I suggest you read any number of PandaBear, M.D.‘s blog posts. I’ll leave this one lie.
My next issue was the fact that Gitlin is actually making two very distinct arguments for EMRs without differentiating the two. First, he argues that EMRs are a perfect way to organize an office. They free the workplace of excess paperwork and can make an efficient way to keep track of “billable” services, something very important to physicians. This much I can definitely support. There are considerations, but I think in the long run, physicians will be better off doing more on computers and less on paper. At the same time he alludes to EMR portability, which is a whole separate can of worms.
The long and short of it is, people need to decide what they want. Currently HIPAA dictates that medical records are on lock-down, and the only people who have access to them are are you and those whom you designate. These “others” could be someone like a spouse or a parent or another physician. I think preserving this privacy is (at least mildly) important from a patient’s perspective. After all, it’s not everyone’s business what your latest test results are or what diseases you’ve been diagnosed with or what medications you’re on. However, from a health care professional’s perspective, this is a frustrating impediment. It does matter to them what your test results were last Monday in the E.R. It’s helping dictate your treatment. Acting like electronic medical records are going to magically make that red tape junkie HIPAA disappear is naive. They might make it easier to transport the information once approval has been given, though.
If people are treating their medical records with that kind of security, then the security vulnerabilities exposed by making things electronic are significant. Even the most secure computer systems are vulnerable to attacks, and considering that many of these systems will be running on Microsoft platforms, there is an increased risk to any data on entire computer networks. If the secretary opens a bad email attachment, is it going to worm its way into the EMR database server and start uploading all the records to someone else’s computer? My point is not that the type of security necessary to run such a system is impossible. Just that it will be a lot of work for everyone, including patients. If a patient needs to “grant access” to their health care providers, they are going to be the gateway into administering their electronic medical record. This means strong passwords, which will probably need to be changed frequently. Are they going to want to do that? How about health care providers? Sure most hospitals have a (probably sub-standard) IT department, but what about your average medical practice? Are they going to be able to employ an IT professional (or pay for the temporary services of one) to set up and maintain these records? All of this is simply going to add cost and overhead to a community that is already overly criticized for how “inefficiently” it works.
The business model that will probably end up working is one where large companies are in charge of the records and medical practices pay fees for the use of their services. In other words, Dr. Jones pays $X every month to have his patients’ health records stored online by a company. When he needs to view the patient’s records, he simply logs in from his office computers (or even from home) and downloads the information. If he has new test results, they would be uploaded. This actually could be a fairly profitable market. It’s basically what’s being set up by Google. For this to be successful, they would still need cooperation from the patient, however, and there would still be security issues. While there would be IT professionals in charge of keeping the data secure, the centralization of data would make it more of a target for criminals. There probably aren’t very many people who would try to break in to Dr. Jones’ patient EMR database since it’s only for a small number of patients. If a large company was hosting hundreds of thousands of patient records, it’s more of a target.
My biggest issue with Gitlin’s argument is that he claims portable EMRs will eliminate (or even significantly reduce) the amount of duplicate testing that is performed and thus save everyone money. See this is an issue that people have to deal with concerning health care in the US. Doctors are skilled professionals. If someone comes to them (especially a specialist) with a problem, they’re going to want their own x-rays and CT scans, not ones from another facility. That’s not to say that they shouldn’t be using them, but considering there’s no incentive for them to work any differently, I highly doubt whether implementing portable EMRs is going to change things. After all, today doctors can get x-rays and CT scans from other institutions if their patients say it’s ok. They just don’t use them.
Gitlin did address my main concern with EMR portability, which is a less concrete aspect: the standards. See right now, there are no standards set in the US for electronic medical records. There’s no “right way” for information to be stored in EMRs, so if you want to transmit information from one doctor’s office to another, they probably need to be using the same program on their end as you are on your end. This is a really bad way to deal with any sort of information. The government has laid some loose guidelines, but nothing really telling people what should be done. They want the market to sort it out. The problem is businesses are all going to try to come up with a proprietary format that will gain a significant market share. This way, everyone has to use their software and their databases. In other words, all the businesses are competing to see who’s going to “win” this race to control everyone’s medical records, and by “winning” the market, they will control the standard and thus the future of the industry. This is a “great” way to form an industry from a business perspective (lock everyone into your format) but a horrible way from an end user’s perspective (doctors and patients). It would be really great if we could nip this issue in the bud now, before any one company has a market share. This way there won’t be a fight to get one big company to relinquish it’s power. Plus, it would be great if EMRs used an open standard so we can continue to have cross-platform competition in the future. We can learn a lot from the mistakes of the past on issues like this.
Look for a future post on FOSS operating systems and EMR programs to tackle some of the issues I brought up here.