There ought to be…

Family member A is ill — cold? flu? Gets worse. Calls doctor.

Doctor is away. A speaks with doctor’s colleague. Colleague listens to A’s account of symptoms, tells A to go to emergency room.

Family member B accompanies A to hospital. Emergency-room doctor examines A — infection? what’s that thing in lungs? Doctor asks if recent chest x-ray is available. B and C (me) consult by phone. B tells emergency-room guy to call A’s doctor’s office to access whatever records are there. Meanwhile I track down most-recent CT-scan records at another hospital. B is now driving there to pick up a disk with the scans on it.

In the middle of our discussions B says something like: This is crazy. All of these records should be centrally accessible and under the control of the patient. Why isn’t all of the information we need available online?

B is right. In the current system service providers control most of the information but have little incentive to coordinate access with other service providers. Indeed there is a disincentive to do so: they can get into trouble if information is misused but don’t benefit directly when improved information-sharing helps patients.

Technically, this is not a difficult problem. Institutionally and legally, however, it seems to have much in common with drug-resistant bacteria.

At least there is progress in other areas. The practice of medicine itself seems to improve over time. And thank God for cellphones, and for the technology that makes it possible to put a copy of a CT scan onto a computer disk in a few minutes.

19 thoughts on “There ought to be…”

  1. Meanwhile I track down most-recent CT-scan records at another hospital. B is now driving there to pick up a disk with the scans on it. In the middle of our discussions B says something like: This is crazy. All of these records should be centrally accessible and under the control of the patient. Why isn’t all of the information we need available online?

    So why don’t you have a copy of your family’s medical records on disk, then?

    The technology which makes it easy to transfer data around makes it even easier to simply keep a copy for yourself. You have a family member whose health is so delicate that they have needed CT scans to be performed, so why not have those records on a computer CD or DVD?

    That would also have the added benefit of keeping personal medical records off line, where they can’t be accessed or tampered with.

    No offense to Family Member B, but that idea to have medical records on the Internet is a really bad one. If the Pentagon has their computers hacked on a regular basis, I certainly don’t want anything as vital as my medical history hanging out there in the virtual breeze.

    James

  2. James…the fact that something is off-line doesn’t automatically mean it can’t be accessed or tampered with. How secure are the file rooms in which medical records are stored in paper form? How carefully have the personnel been vetted to make sure they are not likely subjects for bribery or extortion? The answers surely differ from facility to facility, but I doubt that classified-material-level security is common.

    And if each person has own disk with his own medical records, what happens when he loses it, or even forgets it on a trip?

  3. How secure are the file rooms in which medical records are stored in paper form? How carefully have the personnel been vetted to make sure they are not likely subjects for bribery or extortion? The answers surely differ from facility to facility, but I doubt that classified-material-level security is common.

    That pretty much supports the point I made about how putting medical records online is a terrible idea. If they aren’t secure now in paper form, how secure could they possibly be if every hacker and phisher in the entire world could set their sights on such a juicy target?

    And if each person has own disk with his own medical records, what happens when he loses it, or even forgets it on a trip?

    They swing by their doctor’s office when they have a chance and get a new copy. If they call before leaving the house, the disk will be waiting for them.

    But if someone has a medical condition that would warrant having their own records, like the family member that Jonathan describes above, then they would be a total dope to lose something so vital to their life. People already wear medical alert bracelets and dog tags, and just about everyone at the office where I work wears little flash drives on strings around their necks. Why would it be such a burden to simply combine the two?

    You can’t possibly imagine that I was actually suggesting that each patient have the only copy of their medical history in the entire world, do you?

    James

  4. I don’t understand why privacy of medical records is such a cause for hysterics. I really could not care less if someone knows I broke my arm when I was 5 or that I had my wisdom teeth removed. Other than something like an STD, being embarrassed about your medical history makes about as much sense as not wanting people to find out what color your hair is.

  5. Oclarki – you might not care less about your medical history being open to the world, that doesn’t mean other people wouldn’t want to protect theirs. That’s why we have doctors bound by confidentiality of their patients’ health information (at least in theory).

    David, so you think people can not be trusted with keeping their own vital health information? Somebody else, more able, more authoritarian, should be in control? Nice.

  6. Of course people wouldn’t have the only copy of their medical records, but in an emergency when information has to be gathered from several sources (multiple physicians & hospitals someone has dealt with) it is going to take time which may result in harm to the patient.

    I’m not sure the computerized version would necessarily be any less secure than the paper versions. Billions of dollars move via Fedwire and its international counterparts every day; when is the last time someone hacked the Fedwire system? Thousands of aircraft flight plans are electronically handed off among the FAA’s enroute and approach facilities: I’ve never heard of these systems being hacked.

    One option for improved security would be to run the electronic medical records system exclusively on private networks rather than on the public Internet. This would have a cost in flexibility and would probably also increase the overall financial cost of the system, but might be worthwhile.

  7. Keeping your own copy of your medical records on a disk is a good idea, and one that we may pursue for the family member in question. The only problems that I can think of are 1) the logistical hassle of gathering and updating info from multiple doctors and hospitals and 2) the likelihood that a lot of the records are still being kept on paper. But the big scans and maybe most of the x-rays are digitized, and any important paper records can be digitized by us with a little work. I don’t think you necessarily need the person’s entire medical history; it’s probably enough in most cases to have the results of the most recent round of exams.

    I don’t think privacy is a significant obstacle technically, nor do I think patients would object to a centralized system if that system were properly designed. Encrypted online records for which the patient held the only private key could be made adequately secure. The system could be set up so that the patient (or a member of the patient’s family) would have to insert a flash-memory device into a reader, or type in a password, before a third party could access the records. Or the patient could simply bring his own disk with the info. That would be more secure than the current system, which has an appearance of security, I assume mainly to forestall legal liability, but isn’t really very secure. (In the current case a hospital released CT-scan records to a stranger based on nothing more than a signed paper note.)

    I suspect that patients would use my system to the extent that it left them in control. The system should therefore be opt-in, perhaps marketed mainly to individuals as a commercial service for their own use. Doing it in this way would, from a marketing perspective, make it into something like tax software: by selling the service directly to the people who benefit from it it becomes a straightforward value proposition for the customers, and doesn’t require cooperation from medical service providers (though such cooperation would be helpful and could eventually be negotiated, much as companies that sell retail tax software have arranged with the IRS to allow software customers to upload their tax returns).

    I suspect there is a business opportunity here.

  8. Tanya…people should be able to opt out of the on-line system if they want, or, as Jonathan suggests, need to explicitly opt in. Not sure why it is “authoritarian” to point out the deficiencies of portable media. If you want to carry your medical records around on a flash drive, or a file folder, no one is going to stop you from doing so, but I think many people would choose the on-line approach.

  9. They will choose the online approach exactly because they’re used to rely on someone else keeping record of their life – their credit card company for keeping score of their bills, their bank for their balance, their tax accountant for their returns’ history.

    These people aren’t truly independent; delegating your own responsibility makes you a hostage to someone else’s neatness/reliability/diligence, if not downright goodwill.

    It’s like our new NY Governor, relying on taped information because he never learned (and wouldn’t want to) read Braille. Or using a cane – because instead he always has an aid assisting him.

    Why I used the word “authoritarian”?
    You said And if each person has own disk with his own medical records, what happens when he loses it, or even forgets it on a trip?
    I would say – if the loss of the disk with vital information results in this person’s death, it’s his own fault. He made a choice – not to have a copy, at home or at friends’ hands. I assume an individual is responsible for his gains or losses. You, on the other hand, suggest the responsibility should be taken from this individual – for his own good. Sounds very familiar.
    That’s why the word popped up in my head.

  10. [aside: please call me by my full name; nicknames are reserved for close friends and/or relatives. Not that I wouldn’t like to be your friend, just at the moment we’re not even acquaintances, in usual meaning. I’m sure you wouldn’t want me to call you Davie, so please stick with Tatyana, OK?]

  11. Unrelated but similar gripe: our hmo has a flex payment for medicines, co-pays, etc. We belong to the HMO, get presciptions at the HMO’s pharmacy, and use their flex card. They have stopped payment on the flex card because I haven’t brought them an itemized bill from the pharmacy (not a drug store, mind you, a pharmacy although it does have a small gift shop for long waits) since the payments were not always the round sums of co-pays. I haven’t brought it to them because I was pissed, but of course that is cutting off my nose to spite my face since I also don’t want to leave amounts of money in there at the end of the period. As with your example, can’t they interface these in some sensible way? Actually the pharmacists ask you to pay separately for the gift shop stuff anyway.
    By the way, my choices shouldn’t dictate others, but I’d generally opt for backup over privacy – the more ways that an ems officer knows my kid is allergic to penicillin the happier I am.

  12. Tatyana…I did not state that the responsibility should be taken from the individual. What I said is that there are advantages to an on-line system in which the information is always accessible. If some people want to rely on having the disk (or whatever) and are willing to accept the risk that they will lose it (and that it won’t be burned or otherwise damaged in, for example, a car wreck) then that’s fine for them. Personally, if I had a serious medical condition I would rather not face a possible death sentence for forgetting or losing a device, and I’m sure many others feel the same. Humans make mistakes, and error proofing should always be considered in any system. This is why pilots use checklists, airplanes have various warning systems, and industrial equipment has interlocks and finger guards.

  13. Humans make mistakes, and error proofing should always be considered in any system.

    And you actually think that creating a vast bureaucracy of some kind, probably a government agency, will reduce the possibility of error?

    James

  14. A parallel point is HIPAA, the medical privacy initiative.

    This effort was a feeding frenzy for consultants; I can vouch for that since I was involved in this (one of the biggest ones besides Y2k).

    The end result of this is an idiotic mess where EVERY TIME I go to the doctor I receive a privacy rights form and then have to waive all my rights under HIPAA in order to receive service. Plus, I have to fill out a new HIPAA form every quarter or so (got to keep my waivers current, I guess) and this hand written form has my SSN all over it along with every scrap of my personal info.

    As far as medical privacy, big companies pretty much don’t watch for conditions but some of the smaller firms might. If you have 50 people and someone with a chronic condition shows up on your health insurance you’d better believe that you have big problems. For the bigger firms, they don’t even notice, except to reduce benefits overall for everyone by reducing the % that the company pays when the premiums get too high.

  15. My clinic has all of my records available online. I just signed up.

    It worked like this:
    I entered my name, birthdate and doctor and email and requested to be signed up for this service (free, btw). They did not ask for any more information.

    They will send a password via US Mail to my house in 5-10 days. Obviously, they will use the address on my medical records since I did not provide it to them on the sign up form online.

    I have no problem with this system. Yes, there is a chance that the clinic’s computers could be hacked, but I considered this risk when signing up for the service. I trade this risk for the convenience of accessing my medical records from anywhere in the world at any time online – which are updated instantly whenever I get a treatment, medicine, or just go in for a physical.

    It was a good deal for me, but may not be for others.

  16. Dan, you are relatively young and healthy. Imagine that you are older and have had extensive exams and treatments at different specialist facilities over the years. Then, if you need urgent care, it can be difficult and time-consuming to track down the records of a particular test or treatment you had in the past. My relative (who, BTW, is back home now) has records scattered between at least three hospitals and four or six independent doctors’ offices. (And even the local hospital records seem to be spread between individual doctors’ offices and centralized departments, e.g., radiology.) And I think this kind of situation is typical for many older people and probably for anyone who has had a lot of health problems. In theory the doctors can track down whatever info they need, and usually they can, and usually there’s no problem because they already know you and know each other. But sometimes getting the needed info takes a long time, and sometimes (like this time) you deal with doctors who don’t know you, and then small hangups in getting information become a real problem. So I think there’s a real need for the kind of centralized service that I have in mind.

    Also, to respond to James’s point earlier, there is no reason why this service has to be run by the govt. The whole point is to give patients control of their own info, if they want that control, and for this purpose I suspect that the private sector would do the best job.

    I agree that the military system that Don mentioned (thanks!) looks good. However, it is subtly different from what I have in mind. The military system, as far as I can tell, is designed to be accessed by service providers only. My idea is to give the patient the option to use either 1) something like the military system, where any doctor, presumably with approval (either opt-in as needed, globally in advance, or for specified service providers in advance) can access patient info, 2) a more private system where the patient can carry or make available a data CD but does not give service providers direct access to his records, 3) a bare-bones software system that the patient can use on his own computer to store and organize his medical records, or 4) some combination of 1-3 above. I don’t see why each patient couldn’t select his own level of participation (or not participate) based on his own medical and privacy preferences. The technology isn’t difficult, AFAIK.

  17. I agree Jonathan wrt older or people who have had more health issues than myself, hence my disclaimer at the end of my comment “it was a good deal for me, but may not be for others”.

    In the case you mentioned, I think it would be up to the patient him/herself or the family to somehow organize the records for easy access. Perhaps a password protected site of some sort – as you mentioned, there may be a business opportunity of some sort here.

  18. I am a computer literate architect and have been asked the same question for decades, and the answer is still the same.
    “When will be have a paperless office?”

    A- “When the lawyers let us.”

Comments are closed.