Electronic health records

Capital New York's Dan Goldberg reported last week on the problems with electronic health records. For example, a Columbia University physican inadvertently exposed thousands of patient records by accessing a server at New York Presbyterian Hospital with his personal laptop. The result was the hospital paid $3.3 million and Columbia paid $1.5 million.

Moving patient information into electronic form comes with a greater risk of data breaches, Goldberg writes: "'Because more and more information is becoming electronic, there is a greater risk of breach of loss of that information,' said Ken Rashbaum, an attorney with Barton L.L.P., who specializes in cases related to the federal Health Insurance Portability and Accountability Act (HIPAA), and advises hospitals and health systems on how to remain in compliance with state and federal privacy laws."

The healthcare sector is the new place for identity theft, Goldberg reports, because the billing systems are out-of-date.

Also of concern: hackers messing with healthcare technology: "According to a Wired report published in April, Scott Erven, founder and president of SecMedic, 'found drug infusion pumps–for delivering morphine drips, chemotherapy and antibiotics–that can be remotely manipulated to change the dosage doled out to patients; Bluetooth-enabled defibrillators that can be manipulated to deliver random shocks to a patient’s heart or prevent a medically needed shock from occurring; X-rays that can be accessed by outsiders lurking on a hospital’s network; temperature settings on refrigerators storing blood and drugs that can be reset, causing spoilage; and digital medical records that can be altered to cause physicians to misdiagnose, prescribe the wrong drugs or administer unwarranted care.'"

As electronic health records reach a critical mass in the healthcare field, the litany of problems with them could be "hazardous to your mental health," the Pittsburgh Post-Gazette's Bill Toland reports. The symptoms of issues with electronc health records (EHRs) include "pharmacy errors, hard-to-find clinical alerts, 'farcical' training, and potentially life-threatening design flaws," Toland further reports. EHR critic Dean Kross, a cardiologist in private practice at the Allegheny Health Network, told Toland that EHR vendors have not been held accountable for the devices they are manufacturing.

The main safety issue with EHRs may be ensuring patient safety and privacy during their implementation. They are still thought to be a better practice than paper records. For example, faxes of patients are still commonly used in Canada, and an Alberta man reports that he has been receiving private health records on his office fax machine for the last six years, Canada's Global News reports. But EHRs are only as secure as technology can make them. Community Health Systems Inc., one of  the largest hospital groups in the United States, disclosed this week that Chinese hackers stole social security numbers and other personal data of 4.5 million patients, Reuters reports. The security breach did not include patient information.

The California Court of Appeal has ruled that a healthcare provider did not violate that state's medical confidentiality law when a laptop containing four million patients' medical records was stolen, The Recorder reports. Sutter Medical Foundation could have faced $4 billion in statutory damages. 

The court concluded there could not be liability without evidence that anyone actually looked at the records and the patients' confidentiality was breached, The Recorder also reports.

Congressional leaders blasted the lack of interoperability between different vendors' electronic health records systems, Politico reports. The harshest criticism came from "Rep. Phil Gingrey (R-Ga.), who charged that Verona, Wis.-based Epic Systems, the leading EHR company, was operating 'closed platforms' that did not allow information to easily flow into and out of its electronic health records systems," Politico further reports. Epic is the most highly used electronic health record system, Politico also reports.

The issue of interoperability is a big one with electronic health records: if different systems can't talk to each other, then patients can't benefit from having information that is portable between different healthcare providers or readily available if they need emergency care while traveling.

USA Today reports that the incentives being provided by the federal government to get doctors and hospitals to adopt electronic health records are being offered even though those EHRs "currently make it easier for health care providers to defraud government-paid health programs." The issue, according to USA Today, is that the EHRs don't have auditing safeguards in place to prevent fraud or the safeguards are "vulnerable to corruption" from providers adding unnecessary notes to existing records or creating new records where none existed before.

 The U.S. Department of Health and Human Services has spent $22.5 billion in financial incentives for healthcare providers to use EHRs, USA Today also reports.

A series of data breaches have put higher pressure on Corporate America, including retailers like Target, to tighten its cybersecurity. But the health care sector is not engaged on the security of electronic health records and faces the risk of hackers exposing sensitive patient information, Politico reports: "As health data become increasingly digital and the use of electronic health records booms, thieves see patient records in a vulnerable health care system as attractive bait, according to experts interviewed by POLITICO. On the black market, a full identity profile contained in a single record can bring as much as $500."

Politico also points out that information in a patient's health record, including medical history and family contacts, can't be undone.

A new study shows that safety concerns with electronic health records persist after they are implemented--even though patient safety is part of the reason to go electronic with patient records, Politico reports. The study is based on 344 incidents with Veterans Administration electronic health records.

Apple's partnership with Epic Systems, the dominant vendor of electronic health records, on a HealthKit platform for health apps and tracking devices will initially store around 60 different types of health data, Forbes contributor Zina Moukheiber writes. A conusmer using HealthKit has to give Apple permission to share biometrics with Epic's electronic health record system for patients, MyChart, in order to notify their clinicians.

This partnership could be a key step in making electronic health records more portable and interoperable between different healthcare providers. There also will be privacy concerns that Apple will have to engage with as it moves into the health information technology sector.

One of the main challenges to actualizing the promise of electronic health records in improving patient care is that they are developed as part of proprietary systems and are not always interoperable. FierceHealthIT asks if a $11 billion contract to develop electronic health records for the Department of Defense could "be a game-changer for healthcare in the United States due to its sheer size and scope." The system will integrate a commercial electronic health records system to cover the DoD's nearly 10 million beneficiaries, FierceHealthIT reports.

Government-funded scientists are connecting "terabytes of patient medical records" at 11 sites across the country, The Washington Post reports. The result would be possibly the largest repository of medical information in the country, containing the medical information of 26 million to 30 million Americans. The new repository also raises privacy and propietary concerns, presenting "tricky ethical questions about who owns and controls the data, how to protect patient privacy and how research questions will be prioritized," The Post also reports.

"'The raw data is not what is being shared. That remains with the institution that the patient trusts,' said Devon McGraw, director of the health privacy project for the Center for Democracy and Technology," The Post further reports.

The project arises out of a Affordable Care Act provision  to create an independent nonprofit to help doctors and patients make better-informed decisions about their care, The Post further reports.