BIDMC, Google Health and the data transfer problem

e-Patient Dave on the real world issues of moving data around in health care. The punchline—claims-based data without dates is not very useful, which requires those using the aggregators (Google health et al) to do a whole lot more work.

A really, really important article. Go read.

Spread the love

Categories: Uncategorized

Tagged as: ,

15 replies »

  1. Rob,
    I’m all for electronic medical records; I just don’t want them stored on web servers accessible via the Internet. Notwithstanding Microsoft’s and Google’s claims, their records absolutely are NOT secure! Don’t the daily reports of Internet-based personal record theft and fraud alarm you? Millions of Internet accessible records are stolen or lost every year, and even the Defense Department computers aren’t secure! Doesn’t that tell you something? And if you talk to security professionals, your hair will stand on end!
    I’m all for having a patient’s complete medical record available to every care provider they see because I agree they’ll receive better care at lower cost. But I can make that happen simply, cheaply and quickly in a very different way from what common wisdom would have us do. Our consumer-driven personal health record, called the MedKaz™ (see medkaz.com) does just that — so why should we settle for less?

  2. Merle – You are right to be concerned about privacy and security issues, but electronic health records are strongly linked with better health outcomes.
    Right now, if someone wants to see or copy my written health records, they just have to find one corrupt or gullible person out of the hundreds with access to them. Microsoft HealthVault has this to say for itself:
    “The Microsoft Secure Development Lifecycle is applied to the development of the platform, and HealthVault has had extensive security testing from internal and external parties, including penetration testing by “white hat hackers.””
    That sounds good to me.

  3. Re-posted from e-patients.net:
    Hi everyone,
    First, I want to thank e-Patient Dave for his honesty, integrity, and passion. He is shedding light every day here on e-patients.net, his own blog, and on Twitter.
    Second, I want to thank everyone who has commented. Your questions sharpen Dave’s critique and further everyone’s understanding of the issues.
    Third, I want to point out that this is not Dave’s “day job” but something he does for free, on his own time, because he wants to make a difference. So if your question doesn’t get answered, ask it again of someone else – or track down an answer elsewhere and bring it back to us.
    All those who have benefited from following Dave’s story should go read this post:
    A Call for a Patients Speakers Bureau
    Patients’ voices make the health care debate come to life, they help us to re-focus on what is at stake, and they provide the “participant-observer” testimony that policymakers need to make good choices.
    How can we make this happen?

  4. Hi Dave,
    Haven’t had a chance to read your initial post but will do so shortly. However, I do want to respond to your question about using Internet banking because I don’t think it is at all analogous to “Internet Healthcare” — to coin a new phrase.
    Yes, I do use Internet banking. And every time I do, I get a receipt or copy of the transaction, and every month I get a statement showing me all my transactions. And because each bank or financial service firm I use is a “silo” unto itself, I aggregate all my accounts on Quicken. Thus, I know everything about my financial transactions and position — but no one else does unless I share my records with them. I can’t say the same about my medical records.
    Aside from these “mechanical” issues, how do the risks of Internet banking compare with the risks of “Internet Healthcare?” In banking, my deposits are insured up to $250,000 as an individual ($500,000 as a couple) so if someone fraudulently accesses my account and steals my money, I get reimbursed — so I really am not risking anything! And if my credit cards are stolen and used fraudulently, I am at risk for only $50 per card (and I can even insure against that loss). Again, not much risk.
    Let’s compare these negligible banking risks with the risks inherent in having my health records aggregated and stored on web servers. If my records are hacked into, they are fungible and very likely will find their way into the hands of my employer, my employer’s insurance company, or my own insurance company. And when they see — to make up some extreme examples — that I have been seeing a psychiatrist, have a sexually transmitted disease, and /or that I tend to be “sickly” and need frequent medical care, real or imagined, I am at risk of losing my insurance and even my job! On top of it, I have never seen my records so I haven’t caught the mistakes in them! They might say that I have a history of asthma, diabetes and hypertension which may be patently wrong (as a matter of fact, I did find these exact mistakes in my medical record)!
    In short, the risks associated with Internet Banking are minimal but the risks with Internet Healthcare can be devastating! And they are risks I and a large percentage of our population refuse to take!
    To me, asking why we can’t exchange health records electronically as we do every day with financial transactions, is asking the wrong question. Sure, if I spend enough money and a lot of energy, I can make my medical records “interoperable” but so what? I don’t want to. The risks are too great!
    The question I ask is how can I aggregate my health health records in a single, safe place that I control and get them in the hands of a care provider when and where I require care — while minimizing the risk that they can be compromised or stolen? I can solve this puzzle simply, cheaply and quickly — and I can do so without screwing up every doc’s work flow and reducing their income while they struggle to implement a system that someone tells them they must adopt!
    Don’t get me wrong. I don’t oppose EMR systems if docs want to adopt them. Personally, I wish they would. I oppose holding up adopting simple, financially sound solutions while we try to create high risk, financially unsound networks that patients and physicians don’t want.
    Finally, at the risk of being the skunk at the wedding, I raise the subject of costs. I don’t recall seeing anyone else ask why we should spend hundreds of billions of dollars creating a system neither physicians nor patients want — especially when we can accomplish our real objectives without spending that kind of money. Am I the only one who cares what things cost?
    I apologize for the long post but you opened the door to key questions I think must be addresed.

  5. Dave, I’m sure the hospital does not have the ability to clean the records. I do not dispute the value of patients AUDITING their records and making sure the data is correct in the hospital records. My guess is that this cannot be done retroactively, that the hospital will refuse to do it even on a case by case basis, and that most patients will not audit their records because they don’t know how or don’t care enough to do it.
    There are two options here: One is for the patient to take ultimate responsibility for his records and maintain the final authoritative record, in Google or something similar, by actively aggregating all information from all providers. I suspect that most patients do not have the ability to do that. I also suspect that most patients will prefer to remove entries that seem “embarrassing” from such public record. Given that, I don’t see how a physician can rely 100% on such records. I am almost positive that insurers and actuaries will not even consider looking at such records. So do these personally maintained records have any value? Probably so, but it’s more valuable to the patient to be able to keep track of things and even sharing it with a new provider for his perusal may be helpful to some degree.
    The second option would be for each provider to be able to request records, electronically, from a hospital or another provider, with the patient’s permission. Something like CCR would work nicely and remove all the noise and hopefully provide pertinent data, including dates. The provider can then review that CCR and decide what to include in his own chart and what to exclude. Patient should probably participate in that decision. I think this second option is more conducive to maintaining data integrity, and for “incohate” that “lowly patient” may be a rather savvy drug seeker, or someone inclined to not disclose various psych conditions and medications.
    Now before you disagree, I am perfectly aware that most EHR systems are very similar to your hospital and the data is already in a sorry state. We can just lament that, or we can use some of that $19 billion to do something about it.

  6. Margalit,
    I don’t disagree, but consider that hospitals may not have the ABILITY to clean up the records. There may be no way to tell which data are correct and which aren’t.
    Also consider what it would do to healthcare costs if we mandated that hospital staff comb through all their medical records and verify everything. This is what I alluded to when I said that in my day job we sometimes face the question, is it worth the time and money to go back and clean it up, or should we just mark the old data as uncertain and start “living clean” from that moment forward?
    This is a real-world challenge in my day job, where the stakes are much lower. (In my job, getting a customer’s phone number wrong in our customer database generally doesn’t lead to death.)
    I know first-hand, when you look at a piece of questionable data, it’s more or less a “state function”: it says what it says, and there’s no way to tell how it got that way. And if you can’t trust the integrity of the PROCESS that got it there, there’s no way to know if it’s reliable: you just have to go check.
    In other words, you essentially throw it out and start over.
    I’m going to cross-post this onto the e-patient blog, where there’s more discussion. I don’t want the points you raised to be missed. The think for that is http://is.gd/q6t2.

  7. Margalit wrote:
    ” What I do know is that if I gave a specialist access to my Google record and told him/her that I cleaned up my problem list and fixed some lab results that didn’t look right, he/she would probably discount the entire record and order all new tests. There goes avoiding duplication of tests right out the window.
    I believe e-Patient Dave is on to something, Margalit: it doesn’t appear that you read his post – at least the part where he notes that physicians basically do now, regardless the record quality, what you suggest they’d do on learning a lowly patient had sullied his/her own information.

  8. Hi Dave. I did read your post and it would have been funny if it wasn’t so sad. However, I think the proper solution is to have the hospital fix its own mess and clean up the records, or at least maintain clean records going forward, or at the very least work towards that goal. I don’t think the solution is for patients to be expected to go in and clean up their own problem lists. Heck, most folks wouldn’t know what 99% of that list means.
    The way the hospital maintains and exports the records is absurd. Maybe it’s the way Google uploads it. I don’t know. What I do know is that if I gave a specialist access to my Google record and told him/her that I cleaned up my problem list and fixed some lab results that didn’t look right, he/she would probably discount the entire record and order all new tests. There goes avoiding duplication of tests right out the window.

  9. Hi Margalit. “Consumers control” was just something I pasted in from Merle’s web site.
    Re “the medical record loses all integrity if it’s edited by the” [patient]: you’ve got to be kidding me. What integrity are you talking about? (Did you read my post?)

  10. Dave, what do you mean by “consumers control”?
    If we are comparing this to banking, then maybe “consumers audit” would be more accurate. No banks will allow customers to edit data in the account on their own. You can call the bank if you find an error and hopefully have them fix it, but you cannot fix it yourself.
    I guess that is my major problem, other than privacy and security, with the Google style PHRs. The medical record loses all integrity if it is manually entered or edited by the consumer.
    Do you think that Chase will approve a loan for me if I present them with my Bank of America financial information that I compiled myself? I bet they will verify with B of A regardless of my compilations. So what would be the point in compiling stuff myself? Shouldn’t I just make sure that my B of A account information is accurate at all times and leave it at that?

  11. Well here I am, Merle, so have at me. 🙂 (Nice to meet you.)
    Did you read my original post about why I’ve decided to go ahead with Google Health?
    Besides, as I said in the post, that’s not the point of the post.
    Re safe and secure: do you use Internet banking?
    Anyway, it looks like you’re touting a “simple, cheap, patient-focused medical record system that consumers control,” which sounds peachy to me. I invited comments listing such systems – go for it.

  12. Marvelous post! Should raise real concerns among smug healthcare IT vendors, consultants and observers/commentators who think they’ve got it right. The truth is, they don’t!
    My only disagreement with the blogger is with his conclusion. An Internet-based system is neither safe nor secure so why embrace it?

  13. I’m with you Gilles on this one. Consumer needs to take more direct responsibility. Yes, it will take some effort, but we are already doing such in managing our bank accts, 401K and at this time of yr, making sure all is correct for the tax man. Time for people/patients to suck it up and take on some responsibility. Of course, that being said, sure would be nice if the consumer had better tools to work with – SNOMED is step in right direction.

  14. Matt,
    I disagree with your punchline 🙂
    To me the moral of e-Patient Dave story is that efficient healthcare reform can only occur if and when we personally own and verify our health related data.
    Secondly, Dave story shows why European countries are using SNOMED mapping instead of ICD-9-CM coding. SNOMED mapping contains more than 95,000 terms for the disorders and findings hierarchies, while the ICD-9-CM disease classification has fewer than 10,000 codes. It is time to take medical coding in the US out of the hands of the AMA.

Leave a Reply

Your email address will not be published. Required fields are marked *