So let's take a look at these items one by one.
- Concerns about security (getting better, but reports of major academic institutions being hacked don't help. Regardless, EMRs are still inherently more secure than paper records)
- Cost (big issue-a small practice just doesn't have $20k to blow on a new system)
- Startup: How to input thousands of paper-based records into an EMR fast and inexpensively
Security concerns
It is normal, I think, in this day and age, to worry about the accessibility of your data online. With so many scandals and so much spam and hacking it is easy to become overly anxious about exposing your information to a potentially hostile environment. The answer to this is a liberal application of strong encryption. I'm not talking about weak SSL with it's pansy 128 bit keys (many implementations of which have failed to demonstrate that there is no redundancy in the key bits), I'm talking about public key cryptography combined with some sort of DRM tool that would allow doctor's to access a patient's information once, in the controlled context of a visit.
I recently discovered a feature in PGP that allows you to encrypt a text document to a built-in viewer that is distributed with PGP and that in addition to requiring you to enter the appropriate passphrase for the key also displays the text in a non-copyable, tempest technology resistant window. Something like this could be used so that a patient would be able to authorize a given physician to access their data once (and only that one time). The physician would have full access to the patient's file for the duration of the consultation but afterwards they would be unable (even for their own purposes) to retrieve information other than
- The fact that the given patient visited them
- The treatment that they provided
- Perhaps (but not necessarily) a general description of the problems that the patient presented with
The key point here is that it is definately possible to build a system where the patient controls all access to their information. This would also limit physicians' liability in certain situations. For example, staff from a doctor's office would be categorically unable to share any details about patients other than their name (or other identifier) and the fact that they visited. It would even be possible to visit a doctor anonymously. As long as the physician has access to your records, they don't really need to know who you are. This would encourage people to use these records for things that could be traced back to them disfavourably such as abortions, HIV/AIDS treatments and so on.
Cost of a new system
In order for the system described above to really work it would need to be de-centralized and managed by each patient individually. Any attempt to centralize the system would probably open the door for abuse (if for no other reason than administrators of the central system could track usage statistics in a non-anonymous way).
I don't think that physicians would need to pay anything at all to use the system (other than the fees for a computer and an internet connection).
We have seen from systems like blogging, FOAF, bookmarks and so on that privately owned and managed resources can still be shared profitably.
Cost of inputting older records
I don't think this is really a big deal either. The fact of the matter is that right now (most) medical records are maintained by each healthcare institution individually. When a patient goes for X-Rays or for blood tests or any other tests, the testing body needs to send the results of the tests back to the physician. How easy is it really for a given physician to find out everything about the patient that is presenting? Not very, I'll wager. This is mainly due to poor organization and not any malice on anybody's part.
There isn't really a need to input all prior records at once. It would (or should anyway) be enough to input them as they become pertinent to the current activities of the patient.
For example, let's say that a patient had a colonoscopy at the request of their physician last year. Whatever condition prompted the test was resolved weeks after the test. The results of that test (and even to a certain extent the fact that it was performed) is of no import the next year when the patient presents with a broken wrist. In that situation, the physician would simply enter the new information without worrying about the lack of the results of the colonoscopy (never mind the fact that the patient should be able to selectively allow the physician to only access the parts of their record that are pertinent).
If on the other hand the same patient presented with bloody stool and the physician wanted to order a fecal occult blood test they should be (perhaps verbally) made aware of the colonoscopy the previous year. At that point the physician would order the results from the lab (or get them from the patient). So far I think this is how things work today. The difference is that once the test results are obtained the physician would enter the new information into the system.
In this way the system would be built up incrementally over time and would not require a huge amount of up-front investment.
2 comments:
Your first point is absolutely correct. Security, while always an appropriate concern, can be made reasonably tight. Never perfectly bulletproof, but safer than what we have now with paper records.
Regarding ownership and centralization, this is something that would have to be centralized. Indeed, that is the design of Brailer's initiative in the US. And that's why standards, such as HL-7 and SNOMED, are so important, so that everyone is speaking the same language. Without centralization, it's just not going to be that accessible to any physician when needed. Patients cannot be responsible for maintaining their own digital records.
As far as cost, that remains the biggest obstacle in every study to date of EMRs. Purchasing an online system at present is too large an expense for smaller practices. Even if data input is done incrementally, this can still be an arduous effort with several thousand patient records.
I still don't feel that there is a compelling argument for centralization. Standards are absolutely important but I think that those standards can be developed like XML and RSS via a combination of standards bodies and popular support.
The kind of centralization that would allow any physician to acces the patient's records could be attained the same way that we have systems like weblogs.com and feedster that allow users to search for "de-centrally" hosted content. Patients could maintain their own records in much the same way as people maintain blogs right now. Several providers would be able to compete based on their implementations of the common standards and other peripheral services (or lack thereof) that they offer.
The issue with data input is not so much that there is a cost, since that cost needs to be paid regardless of the modalities of the actual input and/or payment. My key point with the incremental input is that the cost could be amortized over several sessions/weeks/months/years/physicians.
Post a Comment