Categories

Tag: OHSU

What the Recent Data Breach Says About the State of Health IT

Recently officials at Oregon Health Sciences University discovered that residents in several departments were storing patient information on Google Drive, and had been doing so for the past two years. They treated this discovery as a breach of privacy and notified 3000 patients about the incident.

While I don’t condone the storage of patient information on unapproved services like Gmail or Google Drive, this incident pretty much highlights the sorry state of information systems within the hospital and the unfulfilled need by physicians for tools that facilitate workflow and patient care.

It says something that the Oregon residents felt compelled to take such a drastic action. I don’t know what punishment – if any – those responsible were given by administrators for their “crimes.” I’ll leave it to readers to make up their own minds about the wisdom of the unauthorized workaround and the appropriateness of any punishment. But I do know that the message the incident sends is a very clear one.

We’re screwing this up. There is really no earthly reason why it should be any more difficult to share a patient record than it is to share a Word doc, a Powerpoint or yes, even a cloud-based Google Drive spreadsheet.

Why the Breach Happened

What’s going on here? Let’s say I admit a patient to the hospital.  Our friend was hospitalized here just last month, and like many patients, he has dementia or is poorly educated, and does not know the names of the medications he takes. Unfortunately, I don’t have the ability to see what he takes or how he was treated during the prior admission because the records in the computer are there for documentation’s sake and don’t contain any meaningful information. This is clearly a problem for me.

Therefore I will spend time calling outside facilities to gather information and repeat several tests and imaging procedures.

Medical care has become a team sport, and residents have developed systems for keeping track of their patients and communicating to other physicians. It takes some time to think about and process each patient that comes in, to consolidate all the information. Ultimately, I need to boil that information down to a five-minute description on the patient, their problems, the status of their current admission, and what needs to happen before they go home.  We do this in the form of a signout document.

Figure: The signout document has four to five columns and includes the To Do list for each patient.

The EMR does not have a good way to store information in this format, and  additionally I have no way of editing this in real-time to communicate with my
coworkers what still needs to be done. That’s why residents were storing their  signouts in Google Drive.

What providers need here is simple data management. We need to store and access this list from different computers. We need the ability to enter a subset of those data  using a custom form, and the ability to print subsets of those data to create a To Do lists, rounding sheets, or progress notes.Continue reading…

Improving Patient Safety Through Electronic Health Record Simulation

Most tools used in medicine require knowledge and skills of both those who develop them and use them. Even tools that are themselves innocuous can lead to patient harm.

For example, while it is difficult to directly harm a patient with a stethoscope, patients can be harmed when improper use of the stethoscope leads to them having tests and/or treatments they do not need (or not having tests and treatments they do need). More directly harmful interventions, such as invasive tests and treatments, can harm patients through their use as well.

To this end, health information technology (HIT) can harm patients. The direct harm from computer use in the care of patients is minimal, but the indirect harm can potentially be extraordinary. HIT usage can, for example, store results in an electronic health record (EHR) incompletely or incorrectly. Clinical decision support may lead clinician astray or may distract them with unnecessary excessive information. Medical imaging may improperly render findings.

Search engines may lead clinicians or patients to incorrect information. The informatics professionals who oversee implementation of HIT may not follow best practices to maximize successful use and minimize negative consequences. All of these harms and more were well-documented in the Institute of Medicine (IOM) report published last year on HIT and patient safety [1].

One aspect of HIT safety was brought to our attention when a critical care physician at our medical center, Dr. Jeffery Gold, noted that clinical trainees were increasingly not seeing the big picture of a patient’s care due to information being “hidden in plain sight,” i.e., behind a myriad of computer screens and not easily aggregated into a single picture. This is especially problematic where he works, in the intensive care unit (ICU), where the generation of data is vast, i.e., found to average about 1300 data points per 24 hours [2]. This led us to perform an experiment where physicians in training were provided a sample case and asked to review an ICU case for sign-out to another physician [3]. Our results found that for 14 clinical issues, only an average of 41% of issues (range 16-68% for individual issues) were uncovered.

Continue reading…