While its title refers to privacy issues, the op ed takes a somewhat contrarian view towards the EHR in general and the push for healthcare IT at the federal level, e.g., ONCHIT.
My comments are in blue italic.
Technology and Privacy: Keeping snoops out of our health files
Tuesday, March 14, 2006
Despite a strong push by the Bush administration for the majority of Americans to have computerized medical records within 10 years, I am not sure I want the attending privacy risks.
I don't believe the hype dished out by our government that the odds of my survival after a heart attack would improve because the emergency-room computer would let the doctor connect to the Internet, type in a password, and within a few clicks, view my medical history and begin treatment. Those who write this fiction have never seen a real emergency room in operation.
This observation with regard to the value of EHR in an ED setting seems both extremely narrow and probably inaccurate. Instant availability of prior ECG's, cardiac history, past cardiac enzymes, cath results, meds, other medical history, etc. certainly could affect admission and treatment decisions and hence odds for survival. He follows this narrow objection with a list of benefits, somewhat contradicting his original point conceptually:
I cannot deny the positive benefits for public health in having medical records computerized. They make it easier to track diseases and side-effects of prescribed medications. They can prevent redundant invasive procedures, X-rays, MRI and CT scans and blood tests. Universities, where most clinical trials of new drugs take place, have access to data for research. Billing is more efficient, and bad claims are caught more quickly. If an individual is insured or gets sick in another part of the country, that person's medical history is readily available to another doctor or hospital.
"Positive benefits for public health" seems quite contrained considering the value of this information to care of the individual.
But I am wary at the thought of my medical history floating in cyberspace because we have no system to guarantee protection from hackers, insurers and drug-company marketeers.
This is a valid concern. However, such protection is evolving, not non-existent.
I am also concerned because this new development is going ahead without adequate public participation. According to a 2006 survey by Health Industry Insights, a market-research firm, most respondents (70 percent) are unaware of the federal government's initiative to make electronic medical records available.
ONCHIT and the healthcare informatics community needs to get the word out more fully...
Another concern is cost. One estimate places it at $250 billion, to be offset by economic benefits of an estimated $700 billion that critics consider over-inflated. But these savings, spread over a decade, would go to the insurance industry, while the actual costs of implementing the system will accrue to doctors and hospitals. The new computerized system at Lucile Packard Children's Hospital in Palo Alto, for example, soon to go online, will cost $150 million.
Regarding the $150 million EHR implementation figure, rather than abandoning change as this op ed seems to imply, cost reduction is an area for exploration. From my perspective I am concerned that EHR project budgets may be padded and inflated, along with generous consultant engagements and 'fudge factors' for project delays and cost overruns that should be better managed or prevented from occurring in the first place. It's not as if these issues are immutable, new or unknown.
The deployment of the new technology is also expected to create havoc among physicians with small practices who do not have the know-how, the management staff or capacity to re-engineer their practices according to the wishes of government bureaucrats in the same way as large group practices.
Experts doubt the government will succeed without committing tens of billions of dollars. There is no real sign the Bush administration will provide anything even remotely close to that sum. In Britain, the government's adoption of a similar goal is succeeding because it is driven by a single-payer system funded with an extra $10 billion in government contracts and enforced by mandated computerized standards applying to all hospitals and doctors. Approximately 95 percent of the doctors in the United Kingdom now use computers in their practice, as do most doctors in Sweden and European Union nations compared to a measly 20 percent in the United States.
This seems like a bit of gratuitous Bush-bashing. This initiative is not limited to any one administration, and will be ongoing long after this president, and the next, have left the White House. That clinical IT is "succeeding" in the UK seems a strawman argument. Recent publications suggest the UK initiative is far from "success" at this point in time, and part of the problem is the "enforcement and mandated" issue, e.g., "Terminal care", The Economist; 7/23/2005, Vol. 376 Issue 8436, p52:
Convincing Physicians to Use IT-Britain is Struggling: Many observers of physician behavior have been watching to see how Britain would overcome physician hesitancy to use medical information systems. Many have hoped that the enormous Connecting for Health project would solve this barrier and provide learning lessons for others. According to recent publications, only 21% of physicians were enthusiastic about the project, and usage rates were low. A good grounding back to the basics, build it with them and for them, and maybe, just maybe, they will adopt. Terminal Care, The Economist, July 23, 2005
A statement that "95% of the [UK] doctors are now using computers" fails to mention what computers are being used for. A large percentage of the use is administrative at this point in time.
There was a time when medical records were kept on paper in file cabinets of hospitals and doctors' offices. As electronic records gain ground, insurance companies and HMOs require detailed accounts of patient treatments and expenses to stem health costs. Previously, they asked only for basic information on diagnoses.
That this may have been so is not necessarily a good thing. This works both ways. Among other factors, it can encourage overutilization and fraud. I have observed rampant medical fraud in the worker's compensation system as a result of such undetailed reporting and uncontrolled payments.
The chances for misuse are also greater. Employers could use the information to exclude applicants for employment due to medical history, and insurers to refuse insurance to those who are sick or have genetic predisposition to illness. The pharmaceutical industry is organizing conferences to explore how to "mine" information from electronic records for secondary purposes, including selling services and drugs to patients.
In regard to pharma using these systems to "exploit" consumers by "selling services and drugs" as he seems to suggest, the same systems can likely be used to detect postmarketing drug side effects earlier, avoing the next Phen-Fen, as well as missed opportunities for preventive interventions.
Let's not forget hackers and pranksters. Six years ago, a hacker downloaded thousands of confidential files from the University of Washington in Seattle containing patients' names, health conditions and Social Security numbers.
Polls suggest that 70 percent of Americans fear that there could be more sharing of patients' medical information without their knowledge; computerization could increase rather than decrease medical errors; some people would be reluctant to disclose information to doctors because of worries that it will go into their records, and existing federal protection rules will, in time, be relaxed in the name of efficiency.
While these are valid concerns, to state as fact that "existing federal protection rules will, in time, be relaxed in the name of efficiency" is a bit of a leap. It seems far more more likely the rules will be refined and strengthened as errors occur.
Such fears are not without foundation. Last December's issue of Pediatrics reported, for example, that mortality rates for pediatric patients at Children's Hospital of Pittsburgh increased to 6.5 percent after the implementation of a computerized physician order-entry system, intended to prevent medication and patient management errors. While this finding does not mean causality and may have an explanation, it has stirred debate publicly and in cyberspace.
That doesn't mean clinical IT necessarily will increase errors, and it's more likely that well-designed and well-implemented (i.e., clinician-driven as opposed to businessperson driven) clinical IT will not.
In the mid-1990s, Congress passed the Health Insurance Portability and Accountability Act (HIPPA) to protect patients from privacy violations. The regulations are full of loopholes and Congress may need to tighten the law's provisions.
This seems an internal contradiction in the op ed. As I stated above, this is the more likely scenario, rather than loosening federal protections for increased efficiency.
Under HIPPA, health-care providers have the right to process your insurance claims, discuss your case and send data about you to other specialists, respond to requests from public-health authorities, law-enforcement agencies, and your employer if you are injured at work, and send you fundraising materials. While these provisions may appear reasonable, HIPPA also allows health providers to share information with health-care business associates for the purpose of training their personnel. HIPPA gives patients the right to restrict uses of their medical information. Providers or health plans, however, are not obligated to agree to the restrictions if they state so in their privacy notices that patients sign when admitted for treatment. This is why patients must read the fine print carefully before signing.
Dr. David Brailer, appointed by President Bush to coordinate the move to electronic medical records, is a former software company CEO. In his public statements, he acknowledges the mind-boggling complexity of information systems, but with refinements and proper security systems, he believes electronic records can be made to work and be more secure than paper records.
Brailer is also a clinician with a solid knowledge of healthcare quality issues and metrics, as well as medical informatics, not just a former "software company CEO."
If patient information moves successfully from paper to the computer, as its champions hope, the door to privacy abuses will swing wide open.
"The doors to pivacy abuses swinging wide open" as a result of EHR seems a bit hyperbolic.
One suggested solution is to give patients the right to work with the doctors to decide what is included in his or her record. A small step to be sure, but if the law and doctors were to give patients this amount of empowerment and autonomy, the doctor-patient relationship will have come a long way.
In effect, there are arguments on both sides of the EHR issue. I believe this portrayal of EHR is somewhat over the top with a strong tilt towards the "dark side", as often seems the case from those on the "Left Coast" about a number of issues of public import. In EHR, the "light side" needs to be taken into account to avoid premature discouragement or abandonment of the efforts to improve healthcare quality via IT.