Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Electronic Medical Records, the Story So Far

kdawson posted more than 5 years ago | from the work-in-progress dept.

Medicine 136

StupidPeopleTrick writes "After the executive order signed in 2006, states are making strides with privacy breach notification but are struggling with enacting privacy laws and finding funding.
With looming deadlines to move to e-records and e-prescribing, where will the money and the privacy standards come from?"

cancel ×

136 comments

Sorry! There are no comments related to the filter you selected.

The shocking truth (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26504855)

Only here [goatse.fr] .

HEY GUYS! (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26505091)

r MM MM MMNMMMM MMMMMMMMM MMMMMMMMMMMMMMMM MMMMMM MMMNM MM M Fuck your mother and your father
r MrMrr'ro',oro',o',oro',o',oro',o',oro', ',oro',o',rrrrr@MM Fuck your mother and your father
rMMrWrM'ro',oro',o'>>,r'ror`rr7MrXrM Fuck your mother and your father
rM,rrrM'ro',oro',o', ro',o',oro',o',oro',or,r'ro',rrrrMrrBr0 Fuck your mother and your father
rMrWrrM'ro',oro',o',oro',o',oro', ',oro',or,r'ro',rrrWMrr0rMX Fuck your mother and your father
rM2rSrMr;r,rXi'ro',o o',o',oro',o',oro', ',oro',o',rrrM7rrii@ Fuck your mother and your father
rMSr@MMrX0'ro',oro',o',rrrrSrrrrr;i'ro',oro',o',rr rrrrMMrrMrM Fuck your mother and your father
rMWMMM'ror`rra0BMMMZo',or`rrXBrrSrrroMMMMMMMMMB'ro ',rrrMrrMrM Fuck your mother and your father
rMMrMMrrrrMMMMM MMMMMMMMMMr'ror`r:MMMMMMMMMMMMMMMMMWrrrMMrMiS Fuck your mother and your father
r MMM2rrMMMMM (o) MMMMMMMMMM rr XMMMMMMMMMMMMMMMMMMMMorBM:MX Fuck your mother and your father
r MMMrrMMMMMMMM MMMMMMMMMMMMM r MMMMMMMMMMMMMMMMMMMMMMrrMMMM Fuck your mother and your father
rMMZrrBMMMMMMMMMMMMMMMMMMMMMM r MMMMMMMMMMMMMMMMMMMMMBrrrrMM Fuck your mother and your father
rMrrrrMMMMMMMMMMMMMMMMMMMMMMM r MMMMMMMMMMMMMMMMMMMMMWrWMrrM Fuck your mother and your father
WMrrirMMMMMMMMMMMMMMMMMMMMMMM rM MMMMMMMMMMMMMMMMMMMM,rrrrrM0 Fuck your mother and your father
MXrrrrMMMMMMMMMMMMMMMMMMMMMM'ror` MMMMMMMMMMMMMMMMMMM'ror`rMM Fuck your mother and your father
MZrrrr7MMMMMMMMMMMMMMMMMMMM rrorZr MMMMMMMMMMMM MMMMMrrXrrrZM Fuck your mother and your father
MMrrZrrMMMMMMMMMMMMMMMMMM; rrMMrMMr WMMMMMMMM (o) MMrrarrrrM0 Fuck your mother and your father
rMrr,rrrrXMMMMMMMMMMMMM rrr:MMMrMMM:r MMMMMMMMM MMrrrr7rrrrM Fuck your mother and your father
rMM'ro',rrrr,M0'ro',rrrrr,,MMMBrMMMMr,rrrrZMMM:rrr raWrrrrrMM Fuck your mother and your father
r MrrrrriirXrrr7rrSr,2rrrrSMMMMrMMMM'ro',rrrrrr2:r'r o',rrrM Fuck your mother and your father
r MM'ro',oro',or,r'ror`r8:MMMMMrMMMMMr;rr;iio',or,r' ror`rMM Fuck your mother and your father
rr MM'ro',oro',o',rrrrrr;WMMMMMrMMMMMrM'ro',oro',o',r rroMM Fuck your mother and your father
rrrr MMM'ro',oro',o',rrrrrMMMMMrMMMMM'ro',oro',o',rrrXM MM Fuck your mother and your father
rrrr 0MMMMr'ror,r'ro',rrrrBMMM@rZMMM;'ror,r'ror`rraMMMM M Fuck your mother and your father
'ror` MMMMMMrMr,rr;'ror,r'ror`ri'ror,r'ror`rirrrrMMMMaMa Fuck your mother and your father
'ror` MrrBMMMMr2rZMrr@rrrrZ'ro',rrr,,rror'rrrMrr;M@rrrM Fuck your mother and your father
'ror` MMrrrM2MMM8MrrrZrrrXMrrrX,rrrrMorrrrrrrMMMM@rrrrM Fuck your mother and your father
'ror` MMrrrMrrrZMMMMMMMMMMMiMMMrrrrrWMSMMMMMMMrZMrrrrMM Fuck your mother and your father
'ror`r MWrrMMrrWrrXrrrMrrriMaXMMMMMMBMrSrr7rr:rMMrrrrMX Fuck your mother and your father
'ror`r MMrrXMM2MMrMrrrMrrr,rrrM' or`rrrrBraMBMrM2rrriM Fuck your mother and your father
'ro',rr M2rrMrr@rrMMMMMMMMMr rMrrMorMMrZMZMMr;MMrrrrMM Fuck your mother and your father
'ro',rrr MrrrMMM0rZrrrMr rMMB7MM2MMrMrrSrrrrrMWrrrrrM Fuck your mother and your father
'ro',rrr MrrrrrSMMMMWSMr rrirrMrrrarMrrrM:MMBrSrrrrMM Fuck your mother and your father
'ro',rrr MM'ro',rrr2XMMMWMMMM0MMMMMMMMMMMMrrrrrrrr2M Fuck your mother and your father
'ro',rrrr MMr:'ro',rrrrrr;rrrrr8'ro',oro',o',rrrrMM Fuck your mother and your father
'ro',rrrrr XMMM'ror`roaM'ror`rr, rrrr;;:'ror`rrMMM Fuck your mother and your father
'ror,r'ro',rr WMM'ror,r' or`rBrrMrr rao',or`rMMMr Fuck your mother and your father
'ro',oro',o',rr MMMr:rr,rrrrMorrXS2,rrrrrZMMMX Fuck your mother and your father
'ro',oro',o',rrr rMMMZMMrrr;rrrrBrrrrrrMMMM Fuck your mother and your father
'ro',oro',or,r'ror` irXS2MMMMMMB8ZMMMMX: Fuck your mother and your father
and your father
TROLLKORE HEAD, I'M IN YOUR BED and your father
I'M FIZZY FIZZY WIZZY, I'M OFF MY HEAD and your father
Filter error: Please use fewer 'junk' characterso
Filter error: Please use fewer 'junk' characterso
Filter error: Please use fewer 'junk' characterso
Filter error: Please use fewer 'junk' characterso

HL7 CDA document follows... (0, Troll)

geonik (1003109) | more than 5 years ago | (#26504911)

<?xml version="1.0"?>
<ClinicalDocument xmlns="urn:hl7-org:v3" xmlns:voc="urn:hl7-org:v3/voc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:hl7-org:v3 CDA.ReleaseTwo.CommitteeBallot03.Aug.2004.xsd" templateId="2.16.840.1.113883.3.27.1776">
<title>First Post!</title>
</ClinicalDocument>

Re:HL7 CDA document follows... (5, Funny)

MrNaz (730548) | more than 5 years ago | (#26505227)

<?xml version="1.0"?>
<ClinicalDocument xmlns="urn:hl7-org:v3" xmlns:voc="urn:hl7-org:v3/voc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:hl7-org:v3 CDA.ReleaseTwo.CommitteeBallot03.Aug.2004.xsd" templateId="2.16.840.1.113883.3.27.1776">
<title>Consultation notes</title>
<body>Patient is an incorrigible troll. Recommend medevac to an appropriate jurisdiction and performance of lobotomy. Note: This procedure may or may not result in reduced intelligence or motor skills, as levels between this patient and previously lobotomized patients proved comparable.
</ClinicalDocument>

Re:HL7 CDA document follows... (1)

value_added (719364) | more than 5 years ago | (#26505941)

Patient is an incorrigible troll. Recommend medevac to an appropriate jurisdiction and performance of lobotomy.

I watched a documentary some time back on the problems associated with the dire shortage of primary care physicians in the US. One of the more interesting conclusions it offered was that patients who see a primary care physician on a regular basis are both healthier (frequent visits encourage healthy lifestyles), and cheaper (preventative measures are invariably cheapier than after-the-fact treatments). The doctors, for their part, noted that often their patients just wanted to talk with someone about their problems and felt better after having done so.

If you're a doctor, be kind to the trolls. If there's no obvious or measurable benefit for the patient, the placebo effect should more than make up for things.

Re:HL7 CDA document follows... (1)

geonik (1003109) | more than 5 years ago | (#26507753)

The parent is right, I already feel much better after this discussion.

Re:HL7 CDA document follows... (0)

Anonymous Coward | more than 5 years ago | (#26508447)

That is what midlevels are for.

VistA - VA Open Source (5, Informative)

mrmtampa (231295) | more than 5 years ago | (#26504935)

The VA hospitals and clinics have an open source package called VistA (Veterans Health Information Systems and Technology Architecture). Veterans can walk into any facility and have their medical records available.

And we already paid for it!

http://www.va.gov/VISTA_MONOGRAPH/ [va.gov]

Re:VistA - VA Open Source (2, Funny)

Tony Hoyle (11698) | more than 5 years ago | (#26504995)

Unfortunate name :p

Re:VistA - VA Open Source (2, Insightful)

Anonymous Coward | more than 5 years ago | (#26505359)

There also is(was?) a window manufacturer called vista. They used to be the top result in google, but I have trouble finding there site now...

Re:VistA - VA Open Source (2, Interesting)

ValentineMSmith (670074) | more than 5 years ago | (#26505725)

Even more unfortunately, that name was picked in about 1997 or 1998 or so. The prior name of the VHA's electronic medical record system was DHCP (the Decentralized Hospital Computer Program), which was confusing for obvious reasons.

So, they switched to VistA about 10 years or so ago, and look what Microsoft did.

Re:VistA - VA Open Source (1)

mysticgoat (582871) | more than 5 years ago | (#26507917)

Yeah, the VA has been unlucky in its choice of names for this software.

Originally this was the Decentralized Hospital Computer Program package, DHCP, back around 1982, before the internets. Then when they began migrating from the old dumb terminal / minicomputer model to an intranet model in the early 1990s they found they had a serious name collision with Dynamic Host Configuration Protocol (a very different kind of DHCP). So in 1996 they changed the package name to Veterans Health Information Systems and Technology Architecture, or VisTA. That was years before Microsoft latched onto Vista as a name. I bet the VA will change the name of their software again soon.

In 1999, VisTA was the most advanced clinical management software anywhere on the planet. Because it was open source (public domain), no private companies in the USA would touch it, since it was much more profitable to develop proprietary solutions that would assure long term customer lock in. IIRC, Saudi Arabia was adopting VisTA for its national health care system, Israel was also looking closely at it, and there was some interest in it in Latin America.

Any nationwide attempt to standardize health care records needs to look hard at VisTA. But more importantly, it needs to be recognized that standardizing health care records in the USA means going up against the combined might of the private health care industry and the insurance industry who both prefer the status quo. Since the profits inherent in the current chaos are greater than the cost reductions they could realize if health care records were standardized, and in the boardrooms these dollar based pragmatic arguments trump idealistic concerns about providing better health care.

Re:VistA - VA Open Source (1)

ilo.v (1445373) | more than 5 years ago | (#26505673)

Two problems
1) It's written in MUMPS (obscure programming language)
2) It has nothing built into it to generate a bill for the patient, which makes it useless to almost every hospital in the U.S. except the V.A.

Re:VistA - VA Open Source (0)

Anonymous Coward | more than 5 years ago | (#26505933)

Unless you use something else to integrate it to the billing. There is a lot of work out there for that and it pays. Many hospitals still use HL7 and need this. I work with systems that dispense meds for oncology in a SaaS env and we still have to deal with HL7. From what I can see MUMPS isn't going anywhere, this is good for those who know it.

Re:VistA - VA Open Source (4, Interesting)

lysergic.acid (845423) | more than 5 years ago | (#26506433)

1.) who cares what it's written in as long as it's available for popular platforms. and MUMPS is still commonly used in the healthcare industry because it was specifically developed for managing medical databases. it's highly scalable, low maintenance, and much faster than conventional (relational) databases.
2.) why should a system meant to share medical records across a national medical network generate bills?

adding non-essential functionality to a medical database and forcing all hospitals to change their billing system would drive up costs and make the system unnecessarily complex. each hospital should be able to choose their own billing system. it's better to have a handful of systems that each perform a single role really well rather than have a single system that tries to serve 20 purposes and does it in a mediocre fashion.

Re:VistA - VA Open Source (2, Interesting)

ilo.v (1445373) | more than 5 years ago | (#26506975)

why should a system meant to share medical records across a national medical network generate bills?

It shouldn't. The problem is, the fact that the program is open source doesn't help the other 99.9% of US hospitals that need to generate bills to stay alive. Unless the Feds (i.e. taxpayers) pay for the new system, the hospital needs a way to finance the purchase. Integration of the EMR with the billing system is often the only way for most hospitals to justify the expense. (You'll capture every procedure, even if they didn't fill out a charge slip. You can also fire all the people who collect the charge slips and key them into the current billing system...")

It would cost more to add a billing component to the VA code than it would to build a whole new system from scratch. The tragedy is that there is no viable open source system available. This is a classic example of something that should be open source, so that charity hospitals around the world can ultimately use it. It would also vastly simplify the task of integrating the EMRs of different hospitals, since in that scenario many would be using the same core system. Unfortunately, there is no "Open Office" for EMRs right now. We are in the early "AOL, Compuserve, Prodigy" era in EMR software. I'm worried we are going to go through a "Microsoft" phase before we get to a viable open source alternative. An open source VA system might have allowed us to skip the "Microsoft" stage, but the lack of an integrated billing system is a fatal flaw for the rest of us.

Re:VistA - VA Open Source (0)

Anonymous Coward | more than 5 years ago | (#26505687)

How dare they use Vista.

We /. ers demand they switch to OS X!

Re:VistA - VA Open Source (1)

modmans2ndcoming (929661) | more than 5 years ago | (#26505749)

It is not that simple.

Once you get the medical records electronic at the hospital, you have to make them available to the private practice doctors as well. and Those Doctors have to get the software to make their records electronic, but also have it work with all the hospitals that they work with.

Re:VistA - VA Open Source (1)

markdavis (642305) | more than 5 years ago | (#26505803)

Unfortunately, from what I can tell, VistA is horribly written, is huge, and in an ancient/obscure language (MUMPS). It also appears to be difficult to implement under only open-source tools and even *requires* the use of proprietary MS-Windows for all the desktop front ends (unless you really think WINE is a solution). Plus, it is only acute-care oriented yet seems to have no centralized patient record.

EMR is a good goal, but only as it helps a facility reduce paper, prevent mistakes, and provide faster and more useful information to clinicians. Unfortunately, all the talk about EMR by the Fed seems to be more oriented toward "sharing" of records from one facility to another. But more likely it is "sharing" it with policy makers, insurance companies, employers, and other entities that probably should not have access to such information.

EMR should not be a way to tear apart one of the last and most important privacy areas.

Anyway, there is a reason only a relatively small percent of facilities fully use an EMR: it is *extremely* expensive to install, setup, configure, maintain, backup, test, make accessible, secure, and provide continuous user training (in an industry with lots of nursing/CNA turnover). If the Fed wanted to "help", then they should provide funds to one or more of the newer, open-source EMR projects like PatientOS http://www.patientos.org/ [patientos.org] which runs on a *variety* of front end and back end systems/OS's and can be implemented with 100% open source tools, all the way to the desktop/client. This could help to cut some of the overall cost, spur cooperative development, and lead to more innovation.

Re:VistA - VA Open Source (0)

Anonymous Coward | more than 5 years ago | (#26506549)

Meditech is written in mumps and yes it's horrible to. Difficult to implement, slow to adjust, few features, etc. (plus the company is run by asshats)
If you want to implement EMR appropriately two key components need to be in place for any company/technology wanting to do it. One is that it would need to be written from the ground up, with the sole purpose of EMR. Most are reworks of some other system that have tried to change to make accomadations for EMR. Second is that, while even though HL7 is fairly complete/encompassing, it is only so because it is also fairly open ended. Interpretation and customization that really fall outside of the HL7 standards have both hurt is and helped it. HL7 itself would need some work, but really the method for approval and implementation of what is in the standards needs to be redone. With that the "Best of Breed" solutions that are so prevalant would be more likely to succeed with accurately and in a more complete way feeding the EMR with it's details.

Re:VistA - VA Open Source (0)

Anonymous Coward | more than 5 years ago | (#26508191)

A lot of companies are using the VistA system for private hospitals. Most of them are taking the code, adding a couple minor things, and then repackaging it and selling it as their own without source code. Since it's public domain, that's completely legal.

There's another company (called Medsphere [medsphere.com] ) that has done a re-implementation of the VistA system in a slightly more modern language (C#, as opposed to Delphi that the VA code is written in). They've redone the UI components using Gtk so it's portable between Windows and Linux, and they've open sourced it [medsphere.org] .

wow my first one (0)

Anonymous Coward | more than 5 years ago | (#26504945)

frist posts? whoot!

Scary how people don't care (2, Insightful)

pondermaster (1445839) | more than 5 years ago | (#26504955)

Scary thing is... they'll get away with almost anything w.r.t. privacy. Average Joe, plumber or not, doesn't seem to care much.

I wonder why?

Re:Scary how people don't care (2, Insightful)

mancunian_nick (986362) | more than 5 years ago | (#26504987)

Probably because it doesn't affect or concern them personally - or at least they don't perceive that it does. It's usually when it's too late that maybe they discover that it does or it will!

Re:Scary how people don't care (1)

Kindaian (577374) | more than 5 years ago | (#26505705)

May i see the medical records of soon ex-President Bush?

I bet that when they are in the public, "They" will care about Joe-The-Plumber privacy!

Re:Scary how people don't care (1)

walterbyrd (182728) | more than 5 years ago | (#26506003)

I seem to missing your point. As far as I know, privacy will still exist. I know of no proposal to make medical records wide open.

I happen to work as a sysadmin for a company that works with medical records. Just last Friday I had to attend a 90 minute training session about FOIA and HIPAA and other matters relating electronic filing of medical records. I was left with the impression that they are actually increasing privacy.

Re:Scary how people don't care (4, Interesting)

ColdWetDog (752185) | more than 5 years ago | (#26506205)

I happen to work as a sysadmin for a company that works with medical records. Just last Friday I had to attend a 90 minute training session about FOIA and HIPAA and other matters relating electronic filing of medical records. I was left with the impression that they are actually increasing privacy.

There is privacy and then there is limiting the distribution of data. While HIPAA in many ways is a step ahead, the 'loopholes' that give insurance companies, the police, the various bits and pieces of government widespread non negotiable and often non accountable access to pretty darn near everybody has lots of people very concerned. Until and unless Congress really gets clean on 1) ensuring that medical data, including genetic information, is used only by medical personnel for medical reasons and 2) entirely changing the way that health care is paid for in the US this won't happen.

The strong desire of this society to punish suspected bad people - in this context anyone with an identifiable medical condition that has anything to do with patient lifestyle choices - is going to trump privacy and choice every time. As a physician, it's a very troubling issue. On one hand, I'm sick and tired of the disaster that is the individual paper chart. On the other hand, if you think the problem is bad now, just wait until we've fixed it.

I'm going back to bed.

Re:Scary how people don't care (1)

lysergic.acid (845423) | more than 5 years ago | (#26506761)

because they're not stupid.

if i ever get injured while out of town, i want the hospital that i'm admitted to to have my medical records immediately. they need to know my medical history, my allergies, and what medication(s) i take. medical records are something that most people recognize the need to share with their physicians.

this isn't the sanctioning of warrantless wiretapping, a national ID card system, the monitoring of travel activity, or the handing over of library records to law enforcement. the proposed database is strictly for healthcare professionals who are trying to treat patients and save lives.

i'm more concerned with the information collected on me by private data mining & database marketing companies who are free to sell my personal information to the highest bidder. they are not governed by rules that are in place in the medical industry to protect personal privacy. and these companies have more information on American citizens than even the dossiers kept by the Stasi on East German citizens.

Re:Scary how people don't care (1)

namgge (777284) | more than 5 years ago | (#26508117)

if i ever get injured while out of town, i want the hospital that i'm admitted to to have my medical records immediately. they need to know my medical history, my allergies, and what medication(s) i take.

What you want is a 'Medic Alert' bracelet.

To medics/paramedics reading: Please, if I am injured, get straight on with treating whatever injuries I present with. Don't waste time trying to work out which of the thousands of people that share my name I am. We can chat about my medical history if/when I wake up. And thanks in advance guys!

Namgge

The "Story" So Far (1)

cibyr (898667) | more than 5 years ago | (#26504981)

I find it rather amusing that "Electronic Medical Records, the Story So Far" is a complete non-story.

Re:The "Story" So Far (1)

mysticgoat (582871) | more than 5 years ago | (#26508173)

Let's see, every private hospital and clinic in the USA has developed its own normal values for each of its laboratory tests, based on which proprietary instrumentation they bought into, who they buy their standardized reagents from, and how their lab techs are trained to set up the equipment. A CPK result that raises concern in one hospital might well be within normal limits for the hospital two blocks down the street.

So standardizing all this in a way that would make medical records usable across the country is going to be a massive effort. You either replace all the existing procedures, equipment, and training with standard ones, or you find a way to assure that each clinic and hospital in the USA has a valid way of converting their proprietary results to a standard format.

And that's just one small part of the problem. There are major technical barriers related to bandwidth and storage and moving medical images around the country without sacrificing critical detail. There are huge subjective in handling the written expert assessments of clinicians. The problems with encryption and security are orders of magnitude greater than anything that has yet been attempted,

This stuff is technically challenging. Yet it pales beside the political problems of dealing with the health care industry and the insurance industry.

Worse than rocket surgery. Uh-huh.

when do we get to the turning point? (0)

Anonymous Coward | more than 5 years ago | (#26505025)

The most disturbing thing is that the government doesn't tell what information they have and what they do with it, they are big black boxes now. One day the point might be reached when the people have enough of it and start destroying in some way.

Re:when do we get to the turning point? (1)

wcb4 (75520) | more than 5 years ago | (#26505741)

government .... they are big black boxes now

Now, not its a big black man not a big black box. No comments about his wife, please.

Microsoft has done some good work on this so far (4, Interesting)

solder_fox (1453905) | more than 5 years ago | (#26505039)

Their Health Services are actually very well done conceptually, and they've managed to put the patient in the loop. That's impressive given the degree to which patients are usually out of the loop on their own files. They're also a lot more security-conscious than your average hospital.

My father called the hospital the other day and gave them his name, and they asked "Is your social security number XXX-XX-XXXX?"

(Most medical records today aren't things that patients get--MS is taking the position that patients should be able to see their own records, and even correct their own medical records. (But with digital signatures to keep track of who is updating the record.))

Microsoft still have some work to do, but they've put a lot of good talent into the area.

One thing about electronic records in general--patient accessible ones--is that it should make a difference in accountability. Normally, at many hospitals in the US, if a doctor makes a significant mistake the records disappear. If patients have direct access to their own records, that will become a less common practice.

Re:Microsoft has done some good work on this so fa (5, Insightful)

SupremoMan (912191) | more than 5 years ago | (#26505599)

My father called the hospital the other day and gave them his name, and they asked "Is your social security number XXX-XX-XXXX?"

Ummm anyone else see a problem with this?

Re:Microsoft has done some good work on this so fa (4, Interesting)

markdavis (642305) | more than 5 years ago | (#26505881)

Um, yeah. Social Security numbers are not universal ID numbers. They should be used solely for, get this, Social Security.

Unfortunately, the medical industry uses SS# on just about everything. In most facilities, they even try to use it as the Medical Record Number! Try to get appropriate care without giving them your SS# and see what happens (I have tried... good luck). And now just about every industry has some excuse as to why they *have* to have access to your SS#. Credit of any kind. Drivers license. Movie rental. Home insurance. You name it.

Anyway, SS#'s are the #1 way that information about you is tracked, "shared", associated, identified, etc. It is a huge security and privacy problem. There is a reason that when the Social Security Number was invented, it included laws about it was *NOT* to be used for any other purpose but Social Security. You can see just how effective those laws were.

Not at all... (1)

gillbates (106458) | more than 5 years ago | (#26508091)

Apparently, the bank has no problem with lending me a substantial sum in his name.

But on a more serious note, I think the problem is that our so much of our society relies on a mere secret combination of name and numbers to prove identity. PKI provides a much more secure means of proving one's identity than merely relying on a (presumably) secret combination of numbers known by one's employer, banker, credit card company, and several government agencies as well.

Re:Microsoft has done some good work on this so fa (1)

malkavian (9512) | more than 5 years ago | (#26505691)

Ooops, they shouldn't ask that.
Social Security (Or national insurance number in the UK) is a privileged piece of info. It's a great loophole to acquire someone's number given you know their name and address (phone up hospital, give the name and address, and voila, they give you back the person's Social Security number).
If you ask for name and date of birth, you can confirm with address. In other words, you're asking for more privileged information than you give back, the combination of all three is sufficient to identify the person. Either that, or you ask for their social security number. It's bad practice to hand back more privileged info than you receive.

Also, patients seeing medical records won't affect accountability one jot.
Currently there are several levels of 'intervention' in hospitals. When a doctor notes something, or requests a procedure or medication, the request goes past an intervention group. For medication, this would be a Pharmacy intervention group. They'll check the patient notes to see what's being treated, check the medication requested, make sure the dosage is correct (in case the doc has accidentally requested 10g instead of 10mg, or vice versa), check it doesn't interfere with other drugs, or even query in case it's not a drug that would affect the condition at all.
If the doc has got it wrong, they'll log it, and get in touch with the doc quickly to verify the request, and if the doc was wrong, they'll advise the correct dosage/medication for the doc to agree. This happens in a busy hospital, which is why the procedures are in place to catch it. Occasionally, something will slip through all layers (nothing is perfect). In those cases, the absence of notes in the medical records when they are noted as ok'd elsewhere, or queried in intervention is a serious issue, possibly more so than being wrong.
Having good and consistent notes gives the hospital a chance to win a case. Absence of notes is always a losing strategy, as in court, the default is to find against the hospital.

Having direct access to records is not always a great idea. For one, most people won't understand what's there (and no, reading up on the internet won't always make you understand either).
Having a medical 'fishing trip' would show up.. And some conditions that are quite mild, may present symptoms of something that could also be very dire. And if all that's happening is they're doing tests to discount the dire ones, who would feel comfy being checked for cancer, AIDS, or some other nasty, and seeing that test being carried out, when the real expectation is that it's not, they simply want to PROVE it's not.
Ignorance, in many cases, really is bliss.
Plus, if you can get at it, I can guarantee others can too, by some route or another. Personally, I don't trust patient accessible records.

Re:Microsoft has done some good work on this so fa (1)

Kindaian (577374) | more than 5 years ago | (#26505717)

If the medical records disappear under the supervision of the stated hospital, then it's the hospital responsibility.

I don't think that the hospitals will want that liability!

An audit trail is what counts (2, Insightful)

Alwin Henseler (640539) | more than 5 years ago | (#26505873)

My father called the hospital the other day and gave them his name, and they asked "Is your social security number XXX-XX-XXXX?"

You mean that if you call that hospital and pretend to be person X (known to have have been in there sometime), the hospital will happily give you the SSN that's recorded for person X ? Over the phone, with no further checks or guarantee(s) on the identity of the caller?

Not that SSN's are well protected anyway, but if the above is true you should definitely take it up with higher management of that hospital (to adjust procedures / staff education etc. hospital-wide), because that's a serious privacy leak. If same thing still works after, say, a couple of months from then, I'd even consider reporting that hospital to whatever government body you can find that has the power to 'punish' hospitals for things like this. If any such government body exists, that is ;-(

Most medical records today aren't things that patients get

From what I've seen myself, and heard from family members etc. that appears to be the default - to keep patient, and medical data on that patient, in separate places. But why ??? Can anyone from the medical profession enlighten us what's wrong with patients studying their own X-rays, reviewing lists of drugs to be used in the course of a (planned) operation, or re-reading a diagnosis? And I'm talking totally separate from the issue of how much influence a patient should have on these things. Is medical data only interesting to doctors etc., but not for patients themselves? Are well-informed patients a nuisance, or what? What do medical professionals think of this?

MS is taking the position that patients should be able to see their own records, and even correct their own medical records. (But with digital signatures to keep track of who is updating the record.

Even more than privacy, that should be the focus for medical records: an audit trail. You start with an empty record, and for every little bit of data that gets added, edited, removed, and even accessed there is a hard, unforgeable proof of who did it. What doctor added that X-ray pic, which nurse looked at what medication was prescribed to you earlier, etc. etc. Perhaps with an automatic notification policy? Patients' record updated -> update notification sent to patient.

An unforgeable ID for anyone accessing that record would be minimum requirement. And stiff penalties for abuse. Shared passwords, terminals accessible by multiple people (and perhaps out of sight) would be unacceptable by definition.

Re:An audit trail is what counts (1)

markdavis (642305) | more than 5 years ago | (#26505967)

>From what I've seen myself, and heard from family members etc. that appears to be the default - to keep patient, and medical data on that patient, in separate places. But why ??? Can anyone from the medical profession enlighten us what's wrong with patients studying their own X-rays, reviewing lists of drugs to be used in the course of a (planned) operation, or re-reading a diagnosis?

The patient has the absolute RIGHT to see anything they want in the record. But the provider also has an OBLIGATION to ensure that the information is kept secure and not disclosed except to the proper people and through the proper channels.

But I can also tell you that 98+% of the population would not be able to properly understand and interpret the information in the record. From a practical standpoint, that does create a tremendous drag on the healthcare professionals who have to explain and "justify" it all; people that normally have barely enough time to just provide the care. Furthermore, there is rarely any payment for time used to explain things, which is why you often find that doctors will set up additional [reimbursable] "appointments" to discuss things, when the patient needs more time than "typical" to discuss care and records.

So you are correct that there is a real tension between providing and restricting information.

Don't know what all the fuss is about... (0)

Anonymous Coward | more than 5 years ago | (#26506233)

Every time I've had X-Rays taken at a hospital the doctors have shown them to me, complete with explanations of what they found or didn't find in them. They also always explain what drugs they are going to use, and when--with the one exception of anesthesia. Anesthesia is a tricky process which has to be monitored and adapted continually, so I'm quite happy to let the professionals handle it. The problem with letting people edit their own records is that people generally don't know enough to argue with the doctor's diagnosis (else why did they go to the doctor in the first place?), and the things they would know, like their symptoms and history, are already written mostly in their own words. Plus, if an uncooperative patient genuinely prevents a doctor from providing the best medical care, and the doctor notes such a thing on the chart, what do you think that patient is going to do? Or the people who go to the ER just to get narcotics--do you think *they* would be honest with their records?

Re:Microsoft has done some good work on this so fa (3, Informative)

amabbi (570009) | more than 5 years ago | (#26506083)

(Most medical records today aren't things that patients get--MS is taking the position that patients should be able to see their own records, and even correct their own medical records. (But with digital signatures to keep track of who is updating the record.))

IANAD (but I will be one in 5 months or so). If that is Microsoft's position, that is the stupidest fucking thing I have ever heard. Worse than Clippy. Worse than Bob. Look, a patient's medical record is supposed to be an OBJECTIVE documentation of a patient's health status and treatment. How, exactly, is a patient qualified to make an objective assessment of their medical problems, diagnostic workups and treatment regimens?

One thing about electronic records in general--patient accessible ones--is that it should make a difference in accountability. Normally, at many hospitals in the US, if a doctor makes a significant mistake the records disappear. If patients have direct access to their own records, that will become a less common practice.

Well, that's just complete BS. I don't know where you get your information, but altering a patient's medical record is illegal and, at the very least, will result in a physician's suspension of privileges from a hospital... and most likely, a revocation of their medical license.

Btw, your patient record is completely accessible. You just have to make a request to the medical records office. No, it's not available on the web, but it's not as if your MR is a secret like your FBI file.

Re:Microsoft has done some good work on this so fa (1)

Jah-Wren Ryel (80510) | more than 5 years ago | (#26506977)

(Most medical records today aren't things that patients get--MS is taking the position that patients should be able to see their own records, and even correct their own medical records. (But with digital signatures to keep track of who is updating the record.))

IANAD (but I will be one in 5 months or so). If that is Microsoft's position, that is the stupidest fucking thing I have ever heard. Worse than Clippy. Worse than Bob. Look, a patient's medical record is supposed to be an OBJECTIVE documentation of a patient's health status and treatment. How, exactly, is a patient qualified to make an objective assessment of their medical problems, diagnostic workups and treatment regimens?

Who has the most to lose if somebody fucks up a medical record? That's the person who should have the final say about the contents. Authority without responsibility is a major part of what has fucked up our medical system today.

Re:Microsoft has done some good work on this so fa (1)

amabbi (570009) | more than 5 years ago | (#26507161)

Who has the most to lose if somebody fucks up a medical record? That's the person who should have the final say about the contents. Authority without responsibility is a major part of what has fucked up our medical system today.

By that logic, passengers on a flight should be allowed to edit the contents of the flight data recorder.

Look, I'll re-iterate my point. The electronic medical record is intended to be an objective record of a patient's health assessment. A patient is not qualified to make an objective assessment of their health status. They're able to make subjective reports that are recorded in the medical record. A medical record does not work if it gets to be edited. In fact, many successful lawsuits have hinged on the fact that the medical record had been added to or edited after the fact. At the risk of sounding cocky, I honestly don't think you understand what the medical record is, if you think that a patient should be allowed to edit it.

To read it, sure. To comment on it to their physician, sure. But to edit it, no f'ing way.

Re:Microsoft has done some good work on this so fa (1)

Jah-Wren Ryel (80510) | more than 5 years ago | (#26507289)

Who has the most to lose if somebody fucks up a medical record? That's the person who should have the final say about the contents. Authority without responsibility is a major part of what has fucked up our medical system today.

By that logic, passengers on a flight should be allowed to edit the contents of the flight data recorder.

Only if you are more interested in making specious arguments.

Look, I'll re-iterate my point. If a person's medical record gets fucked up, they could end up dying as a result.
Nothing trumps that. Nothing.

Re:Microsoft has done some good work on this so fa (1)

amabbi (570009) | more than 5 years ago | (#26507385)

Only if you are more interested in making specious arguments.

Look, I'll re-iterate my point. If a person's medical record gets fucked up, they could end up dying as a result. Nothing trumps that. Nothing.

And exactly how would letting patients haphazardedly edit their medical record going to do a thing to prevent that?

Do you even know what a medical record is?

Re:Microsoft has done some good work on this so fa (1)

Jah-Wren Ryel (80510) | more than 5 years ago | (#26507539)

And exactly how would letting patients haphazardedly edit their medical record going to do a thing to prevent that?

Gee, I don't see any words to the effect of "haphazrdly edit" anywhere in "MS is taking the position that patients should be able to see their own records, and even correct their own medical records. (But with digital signatures to keep track of who is updating the record.)" Perhaps you can point them out?

Re:Microsoft has done some good work on this so fa (1)

amabbi (570009) | more than 5 years ago | (#26507573)

Gee, I don't see any words to the effect of "haphazrdly edit" anywhere in "MS is taking the position that patients should be able to see their own records, and even correct their own medical records. (But with digital signatures to keep track of who is updating the record.)" Perhaps you can point them out?

I make the assumption that most patients, without medical training, aren't qualified to make edits to their medical record. I equate that with haphazardly edit.

Look, legally, even a patient's physician isn't supposed to "edit" a medical record. It's like a file that you only have append privileges to. Why does it make any bit of sense to allow someone with no medical knowledge whatsoever to make edits?

I'm still waiting for an answer. do you even know what a medical record is?

Re:Microsoft has done some good work on this so fa (1)

Jah-Wren Ryel (80510) | more than 5 years ago | (#26508085)

I make the assumption that most patients, without medical training, aren't qualified to make edits to their medical record. I equate that with haphazardly edit.

Doctors who can't accept that the patient is in the driver's seat are obsolete.

Look, legally, even a patient's physician isn't supposed to "edit" a medical record. It's like a file that you only have append privileges to. Why does it make any bit of sense to allow someone with no medical knowledge whatsoever to make edits?

You do understand the concept of audit trails, right? ...digital signatures to keep track of who is updating the record is exactly that.

I'm still waiting for an answer. do you even know what a medical record is?

It is fundamentally irrelevant whether I can regurgitate a specific definition.
What matters is that the record is the property of the patient and the patient bears the ultimate responsibility for its contents.

Re:Microsoft has done some good work on this so fa (3, Insightful)

GNT (319794) | more than 5 years ago | (#26507145)

I AM A DOCTOR. 11 years medical informatics. 16 in medicine in general, 6 years medical devices.

And you need an attitude check, if for no other reason than your experience is insufficient to the matter at hand.

(1) The patient record IS owned by the patient (and the hospital/provider)

(2) All 50 states mandate access to the record by the patient

(3)Hospital records are routinely lost and routinely we do not enter crucial data because of liability reasons. A fact-on-the-ground, if you will. Never mind it is actually counter-productive and the best documents are the best defense, with the majority of docs actually winning the lawsuits.

(4) Larry Weed's arguments on patient's owning and understanding their record have never been refuted (You might know him differently, as he invented the SOAP note)

(5)Many patients have a better and more intimate understanding of their condition (and the tests they underwent) than you give them credit for. You might want to learn to properly listen to your patients and credit them for being more than stupid cattle.

(6) And your MedRec SHOULD be more secret than your FBI file. As a man suffering from condition that routinely cripples him once a year, if that info was known to Tom Dick or Harry Employer I would unemployable even though I only lose a day or two of work a year, they would freak. Just think of the HIV stigma that AIDS *testing* brings to the fore. Never mind I have had to have 3 of those tests for various reasons, NONE having to do with exposure.

Re:Microsoft has done some good work on this so fa (1)

solder_fox (1453905) | more than 5 years ago | (#26507345)

The old information is there, I believe, and you know what the patient did. It is, ultimately, the patient's record, and if he sees something that is obviously incorrect he should be able to note that without the added hassle and expense of a doctor's visit for... correcting the record. The audit trail makes it workable.

The problem isn't always one of qualification--sometimes it's one of a doctor who didn't listen or who jotted something down quickly which--while accurate--was woefully incomplete.

As to the records disappearing, it's not BS. At a good hospital, they usually don't. But there are a lot of hospitals that are not good. When the risk of a law suit presents itself, medical records often disappear, become deliberately vague, or flat-out lie. Medical ethics classes notwithstanding. When a patient gets a staph infection from a needle prick at a hospital, the doctor will avoid telling the patient or noting in the record how it happened. When an almost criminal misdiagnosis results in multiple unsucessful surgeries rather than detecting a cancer (which the symptoms suggested), the records disappear.

I'm not saying it happens everywhere--but it does happen regularly, and more frequently than you think. Medical ethics aren't as strictly adhered to as the ideal would suggest. They should be, for the most part, but they're not. There are still docs people go to for notes to get off work, who practice insurance fraud in exchange for the notes and deal drugs out the back door. There are still hospitals where washing hands before touching a patient, and not touching non-sterile surfaces after washing hands, are not common rules. Yes, in the U.S.

A patient in the ideal case has immediate access to his records. But a request for records that are obviously about something that was done wrong in the past is a red flag for a lawsuit.

Re:Microsoft has done some good work on this so fa (1)

Moridin42 (219670) | more than 5 years ago | (#26507725)

Do tell us where you'll be practicing your particular brand of medicine. I'll be sure to avoid that locale like the plague. Just to avoid you. Makes you kinda special doesn't it?

Re:Microsoft has done some good work on this so fa (2, Insightful)

winwar (114053) | more than 5 years ago | (#26508361)

"Look, a patient's medical record is supposed to be an OBJECTIVE documentation of a patient's health status and treatment."

You are kidding, right?!? It's a record. Generally a crappy one. That has lots of errors in the best case. Hell, some things aren't even written down any longer for legal reasons.

"How, exactly, is a patient qualified to make an objective assessment of their medical problems, diagnostic workups and treatment regimens?"

Some of us know more than most doctors about their specific issues. I have time to research my problems, keep up to date on advances, etc. Most doctors, even specialists, don't have the time or don't bother.

"...altering a patient's medical record is illegal and, at the very least, will result in a physician's suspension of privileges from a hospital... and most likely, a revocation of their medical license."

Yeah, right. I doubt that the complaint would even be looked at by the relevant authorities. Only when litigation is involved does it matter. Doctors routinely (unintentially) kill their patients with no disciplinary actions (medication errors, lack of sanitation, etc)....

Re:Microsoft has done some good work on this so fa (1)

ff1324 (783953) | more than 5 years ago | (#26508421)

Btw, your patient record is completely accessible. You just have to make a request to the medical records office. No, it's not available on the web, but it's not as if your MR is a secret like your FBI file.

Your record is NOT completely accessible...I guess you never watched much Seinfeld?

Re:Microsoft has done some good work on this so fa (1)

icyandunapproachable (1004849) | more than 5 years ago | (#26507033)

The use of SSN is problematic.
Not everyone has one, and some
folks use fradulant ones. The
SSA has at least 4.1% internal
error rate using SSN as an ID.
And the FTC will soon enforce
the 'Red Flags' rule, having a
chilling effect such that most
health care leaders depricate
the use of the SSN in med recs.

Now I know how to get the SSN of a veteran (1)

Skapare (16644) | more than 5 years ago | (#26508185)

Thanks! I hadn't thought of calling a VA hospital, before.

Here in The Netherlands... (5, Insightful)

thrill12 (711899) | more than 5 years ago | (#26505133)

...we are already starting with the "EPD" (Electronic Patient Record) this year.
Every citizen to which it applied got a letter in their home, from the government, asking if they wanted to object. For this they had to reply using the included form and a copy of their ID.

Until now, approximately 500.000 objections have been sent in.

Just last week, the government proposed hard actions against those who violate the "EPD", such as high penalties. Insurance companies are not allowed access to the EPD and doing so would give the patient an immediate right to go to a different insurance company.

Let's be frank - these 500.000 people understand the one and only true thing about EPD : once information is out in the open, you never going to get it back in.

Just a while ago I got my own medical file from my physician - I am in my 30s - which contained 6 pages of text...
That's not a huge load of information, and makes it very easy to copy. Once out, anyone knows my complete medical record from my birth onwards. A penalty against misuse would thus not work, it would simply be used to blame any messengers that stand up and find flaws in the security.

One such flaw was already found last year: most hospitals (yes - publicly accessible hospitals) don't password protect their terminals.
Argument ? In an emergency, they do not want to put up the physician with all those tough things like entering passwords.

I respect the ideas of your new president, but I think he should definitely think again when implementing this - information wants to be free.

Solutions ? Maybe give only the patient the private key to unlock the medical database. It was an argument here, but was quickly thrown away on grounds of "much too difficult" and "what in an emergency" etc. Until that solution is seriously looked upon, or at least until the security of it all is completely looked after, my vote against this would be a big fat "no way".

Private key is the wrong solution (1)

migloo (671559) | more than 5 years ago | (#26505623)

Solutions ? Maybe give only the patient the private key to unlock the medical database.

Then, if he refuses to give access to his private medical data, he will be denied whatever he is applying for: an insurance, a job, a sports license, etc...
The best way to ensure your freedom and privacy is to either *not* give you the key (so that no one can force you to release your data) or give you an *alternate* key to an edited version purged of anything you don't want to show.

Re:Private key is the wrong solution (1)

chooks (71012) | more than 5 years ago | (#26506415)

... or give you an *alternate* key to an edited version purged of anything you don't want to show.

I think that is a good idea on the surface. The reality though is that you do not know what parts are OK to leave out. One key piece of medical information can radical change the differential diagnosis and problem solving approach. If you personally redact information, then you run the risk of removing key (pardon the pun) information for diagnosis.

That being said, however, it is very difficult to get a good history. So if I am faced with having 1/4 the information I want from the medical interview (due to time constraints, patient being a poor historian, etc...) or 1/2 of information from a personally edited electronic record, I know which one I would prefer...

Re:Here in The Netherlands... (0)

Anonymous Coward | more than 5 years ago | (#26505631)

From the practical perspective I don't see this issue becoming an "if" but a "when". So instead I think we should look at some technical solutions to the problem.

Our problem is:
We need to provide the pertinent information on a patient immediately in an emergency but keep any information that can be leveraged over this person in the future to as small amount of people as possible.

Life and Death,
If the question of whether or not I should die rests on the truth and accuracy of my medical records then I believe it is in my best interest, all of our best interests, to make sure this happens.

So how can we do this?
From a purely IT perspective I was thinking something like a hash of the DNA which pulls up the records.

Many questions arise,
Who has access to make queries on this database? Who has write permissions? Organizations? Hospitals? Who decides?

One idea I had was to allow one write per "transaction". AKA "Money Changing Hands", however that happens for a specific incident of a patient getting treated.

This is a deep topic but I think if we actively try to solve it, the engineering of law and technical skills can achieve the desired result:
Private and Secure but centralized medical records of everyone.

Insurers EXCITED about EMR's potential to.. (3, Insightful)

Anonymous Coward | more than 5 years ago | (#26505787)

Basically, EMRs are very dangerous in countries that don't have free universal healthcare, like ours, because they promise to make it far easier for insurance companies to identify medical risks (their euphamism for sick patients) so they can be avoided or dumped.

Obama pledged to lower costs a tiny amount for normal families. Obama has a huge amount of support from the insurance industry on this because they have been pushng EMRs for years as a a way to eliminate the assymetric information held by patients about their own health status.

Currently, patients know more than insurance companies leading dangerous customers who represent medical risks to be more likely to buy insurance.

To lower costs for "normal families", they must raise costs for the chronically ill or reduce the number of them who receive coverage. (Triage)

The Obama's priority is improving the statistical "coverage" of the healthy employed. The dark side is that the 20% or so of Americans who have any kind of chronic illness, and to a lesser extent, first degree relatives of them (children, siblings, parents) will still find it harder and harder - next to impossible - to get insurance outside of a large medical group, (small employers will see huge price rises if they cover a medical risk) Eventually, finding any kind of employment for medical risks will become very difficult, and they and their families will become a marginalized underclass, not unlike the film "Gattaca".

We price insurance by risk. That is the one most non-negotiable part of Obama's healthcare platform.

People who are known to be sick or are related to them are known risks. The so called "fair price" to insure known risks is high.

The only solution possible that would preserve our current 1/3 cut insurance model (very important to those in Washington today) might be to offshore the care of the sick. Medical emigration and marriage out of medical insurance necessity are already skyrocketing, a recent nationwide study found. (17% of Americans have a close friend or family member in that situation)

Re:Here in The Netherlands... (1)

markdavis (642305) | more than 5 years ago | (#26506007)

> once information is out in the open, you never going to get it back in. Actually, it is worse than that. Once information is *collected* you can never be assured it will remain private or used appropriately.

Re:Here in The Netherlands... (1)

MrMr (219533) | more than 5 years ago | (#26508337)

Every citizen to which it applied got a letter in their home
Not true. Only the people who had not already opted out of unaddressed paper spam (i.e. the 70% most likely to believe propaganda and advertisements) received this letter.
In this way the government 'accidentally' failed to provide the option not be be registered to the 5 million citizens who were most likely to object.

Re:Here in The Netherlands... (1)

winwar (114053) | more than 5 years ago | (#26508425)

I have a better idea. Don't use electronic records. They benefit almost everyone except the patient.

The paper ones can be transported easily. Anyone can access that information. And anyone who has a truly serious condition should carry documentation of that fact on them.

Unfortunately, electronic records are coming. And unless there are severe penalties for release (long prison terms/fines that destroy companies) they are going to be as secure as your SSN. For all intents and purposes your records will be public including all the errors.....

What privacy? (5, Interesting)

Wowsers (1151731) | more than 5 years ago | (#26505203)

I will tell you about the UK experience of computerised medical records.

The government wants everyone's medical records on a database, searchable by who knows who for whatever fishing expedition they want (including giving this private data to drug companies and the EU), no justification of their actions is required. The records are not secure, we already know that because the government lost 26 million taxpayers records in one go, and that's supposed to be a secure system.

So far the scheme has burnt through £16bn (about $24bn), it still mostly does not work, is years behind schedule, and is expected to burn through another £8bn.

If like me you object to your medical records being computerised and being available to any member of the state for their fishing expeditions, your doctor will tell you to get lost.

Like it or not, the state will do whatever it takes, and will not care what laws are already in place (like data protection laws) to stop such schemes.

Re:What privacy? (5, Interesting)

pmarini (989354) | more than 5 years ago | (#26505281)

and in the meantime, any "insurance" company will also have full access to your your complete medical history, should you apply for a mortgage or the like...
(not to mention that the broker will "candidly" suggest not to review them before passing them on to insurer... and checks the option box for you)

Re:What privacy? (3, Informative)

Blue Stone (582566) | more than 5 years ago | (#26505493)

>If like me you object to your medical records being computerised and being available to any member of the state for their fishing expeditions, your doctor will tell you to get lost.

You have not told anyone about "the UK experience of computerised medical records", you've informed them of your own (appaling) experience. Make a formal complaint about your doctor and then change him for one who will respect your right to medical confidentiality (something which electronic records rides a coach and horses through).

I simply gave my doctor a letter, informing him of my wish to opt out, and he accepted it. There's a form letter on www.nhsconfidentiality.org which I will paste here in it's entirety:

Dear Doctor,

                                                  Exercising right to opt out

As you are probably aware, the Government is intending to ask you to transfer
the electronic medical records of your patients onto a national database called
the "spine". They intend you to do this without first seeking the consent of
your patients. It is BMA policy that patients should give their individual
consent prior to their information being transferred on to the national
database.

There are substantial concerns about the privacy and confidentiality of
information transferred onto the national database, not least because promised
software security safeguards called "sealed envelopes" will not be in place
and because the patient's instructions with regard to who may access the
records can be overridden. I do not believe that such a large database, with so
many staff users, can be regarded as secure.

I would be grateful if you would ensure that none of my records held by you are
entered onto the national system. Would you please also file or scan a copy of
this letter in my records and also record my dissent by entering the "Read
code" - '93C3. --- Refused consent for upload to national shared electronic
record.' into my computer record. I am aware of the implications of this
request and will notify you should I change my mind.

This request is itself confidential. Please do not divulge my decision, in an
identifiable manner, to anyone other than to clinicians who are providing care
to me and who might otherwise place information about me on the national care
records service.

Further information for GPs is available online at www.TheBigOptOut.org/for_GPs

Yours sincerely,

Re:What privacy? (1)

namgge (777284) | more than 5 years ago | (#26507881)

If like me you object to your medical records being computerised and being available to any member of the state for their fishing expeditions, your doctor will tell you to get lost.

Firstly, this has not been my experience. Having briefly discussed the issues with my GP (the doctor who is the gatekeeper of medical treatment in the UK) he immediately agreed not to upload my records to the national database, and indeed said he would not be having his own records uploaded for pretty much the same reasons as me.

Secondly, in the UK doctors are required to adhere to professional standards, one of which is to respect the confidentiality of patients http://www.gmc-uk.org/guidance/current/library/confidentiality.asp [gmc-uk.org] . So, if your doctor really told you to 'get lost' and intends to transfer your records to others without your consent, I suggest you use the GMC's complaints procedure http://www.gmc-uk.org/concerns/making_a_complaint/index.asp [gmc-uk.org] .

Namgge.

YUO FAIL It! (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#26505251)

Electronic Prescriptions (3, Interesting)

anorlunda (311253) | more than 5 years ago | (#26505273)

In the 1980s, a Scientific American article by David Chaum, and an article from Germany on electronic prescriptions (sorry, no links, it predated the web), educate me about the possibility of electronically secured prescriptions.

Basically, by creative use of encryption, it is possible to create an electronic prescription that
(1) lets the pharmacy know that the prescription is authorized, and how it is paid for without revealing the name of the patient or the doctor. (2) similarly allow the insurer, the patient, the doctor and government, access to information they are authorized to have without disclosing anything more.

The same can be applied in all areas involving privacy and access to electronic records. Encryption can be used to actively limit access to authorized purposes without depending on the lack of human error.

Isn't is about time that we started using technology in these creative ways to achieve privacy levels as high as technology allows? How about an open source effort to publish papers and algorithmic examples showing how this can be done in an attempt to influence policy?

Re:Electronic Prescriptions (1)

pmarini (989354) | more than 5 years ago | (#26505341)

you mean pre-dated (the web), do you ? :-)

Re:Electronic Prescriptions (4, Interesting)

thogard (43403) | more than 5 years ago | (#26505349)

The problems aren't technical so its helpful to follow the money.
Consider how the payment of an average prescription for a cheap antibiotic in the US. The customer will give the pharmacist the prescription and their "pharmacy card" which will often have a $25 co-pay and they think they are getting a great deal. The pharmacy sends the detail to the medical buying club who may reject it or send back 3 numbers. The 1st number is how much the customer is to pay, the second will be the price to put on the invoice and the 3rd number is how much money gets transfered from the pharmacy to the insurance company or the other way around. The result is the $4 bottle of pills cost the patient $25 yet the price on the invoice says $43 so they think they are getting a good deal and the pharmacy has to send $22 of the money collected back to the insurance company. If you want a good deal, check the prices online and let your pharmacist know you will be paying cash..

You are getting ripped off (1)

NotQuiteReal (608241) | more than 5 years ago | (#26505777)

There have been several times where I have picked up prescriptions that cost less than my $15 co-pay.

In those cases the pharmacist just says "You are better off skipping the card this time."

Pocketing over-payments and kick-backs like you describe are probably illegal in most jurisdictions.

Re:You are getting ripped off (1)

thogard (43403) | more than 5 years ago | (#26506179)

It depends... the insurance company will claim that the patient agreed to the copay so its not a kickback. They keep the pharmacy in line by threats to pull business if they don't cooperate. Of course each state has different laws so your state might just have its act together.

Re:Electronic Prescriptions (1)

ion.simon.c (1183967) | more than 5 years ago | (#26505869)

Crypto guys have known how to create secure, customer-verifiable, anonymized transactions for decades.

I wish that I understood where the cypherpunks went wrong.

Re:Electronic Prescriptions (1)

rufus t firefly (35399) | more than 5 years ago | (#26506013)

The issue with e-prescribing in the United States is that, although NCPDP SCRIPT (the standard) is more or less free, there's a horrible system where providers have to pay per transaction to send prescriptions to pharmacies through a cartel of companies. For examples, check out surescripts [surescripts.com] or rxhub [rxhub.net] , who run the "Pharmacy Health Information Exchange."

Like everything else in the past eight years, a monopoly on something has been sold out to one or more companies, then codified into law. Several states have set deadlines *mandating* using e-prescribing, which is essentially forcing providers to shovel money into these guys.

Re:Electronic Prescriptions (0)

Anonymous Coward | more than 5 years ago | (#26508161)

This is only partially true; the pharmacies foot the bill for the per-transaction fee, not the providers.

However, underscoring the other point, SureScripts and RxHub are actually one company now: http://www.surescriptsrxhub.com/

Re:Electronic Prescriptions (1)

martalli (818692) | more than 5 years ago | (#26507719)

In the United States there are constant problems with coverage, preferred medications, and so on. Having prescriptions delievered without the patient's or doctor's information would be incredibly unworkable.

Obama (1, Insightful)

Anonymous Coward | more than 5 years ago | (#26505345)

I understood Obama's spokespeople to making a big deal about moving to electronic records. Are you telling me that it was actually Bush who made it happen?

Re:Obama (2, Insightful)

Anonymous Coward | more than 5 years ago | (#26505455)

If Obama does this, then it's a wonderful cost saving measure that will bring health care to everyone.
If Bush did this, then it's an evil plot by the insurance companies to deny coverage to poor, deserving people.

Re:Obama (0)

Anonymous Coward | more than 5 years ago | (#26507681)

Well given that we were lied to about the costs of Medicare reform, that medicare reform gave more money to insurers and big pharma than even they asked for. I'd say, this is at least 50% accurate. We'll see about Obama.

Bush and Obama both support EMRs (0)

Anonymous Coward | more than 5 years ago | (#26505871)

because they help the medical and insurance sectors to be more profitable by helping them avoid the customers who represent the highest claim risks while lowering costs to healthy customers. Their employees represnt a BIG source of money to politicians.

Re:Obama (1)

amabbi (570009) | more than 5 years ago | (#26506691)

I understood Obama's spokespeople to making a big deal about moving to electronic records. Are you telling me that it was actually Bush who made it happen?

Obama's health care plans includes an emphasis on evidence based medicine, preventive medicine, and improved efficiency and safety.

In other words, a pretty much verbatim duplication of the CURRENT requirements of JCAHO - the accreditation body that Medicare uses to certify hospitals as compliant and eligible for Medicare funds.

Change we can believe in, indeed.

Executive Orders and unconstitutional (1)

commodore64_love (1445365) | more than 5 years ago | (#26505909)

I can not lay my hand on the part of the Constitution that grants such a power to the Executive. And for good reason. The power to make laws was given to the People's and the States' Representatives in Congress, where the law may be debated and the people's support (or non-support) elicited.

The power to make law should never lie with just a single man, especially one who does not listen.

As somebody who works in HIT... (0)

Anonymous Coward | more than 5 years ago | (#26506091)

I can make some suggestions:

1) Stay away from consultants (Ass-end-tour, Toilet and douche, etc). You'll get ten cents goods or services for every dollar you spend. They won't have the expertise they say, and the "facts" they provide you will generally be wrong (and you'll have to fix the problems later).

2) Be wary of vendors. Spec out exactly what you want, and include penalties for not meeting specs (we've actually had vendors openly acknowledge that they didn't deliver what they promised, but it didn't matter cause they got the money).

3) Don't let pipe dreams trump privacy. In the rush to get your money, many will try to brush off privacy concerns as an annoyance. Don't let them! There countless scenarios where the most innocent information can make a saint look like a sinner.

well, that's a start. And, I need coffee. But, please consider that all of these suggestions are based on actual experiences from the HIT field. If they seem like flame bait, that's just cause things really are that bad.

This is untenable (1)

Pig Hogger (10379) | more than 5 years ago | (#26506141)

The reason for the requirement of stringent privacy requirements for health-record keeping is solely due to the sheer number of unregulated, unaccountable organizations dealing with them.

I am talking, of course, of private health-insurance companies.

The obvious cost-effective solution is to get rid of them, and implement an universal, single-payer insurer that would cover absolutely everyone (no opting-out) with exactly the same coverage (no more time wasted to figure out if some procedure is covered or not).

Since coverage of everyone will be compulsory, there will be no more need to discriminate for pre-existing conditions, thus removing the need for intrusive record snooping in the first place.

In fact, such a solution is currently in place in **ALL** the industrialized countries, except in the USA.

There shall be no more pussyfooting around the bush with this issue, the bull's apple need to be bitten by the horns right now.

In addition to finally covering everyone, the USA will no longer be a turd-world country and a laughingstock in respect to health-care, and in bonus, all the rotten parasites that fester in and around private health-insurance companies will be forced to find an honourable way of paying the bills.

Re:This is untenable (1)

amabbi (570009) | more than 5 years ago | (#26506769)

The reason for the requirement of stringent privacy requirements for health-record keeping is solely due to the sheer number of unregulated, unaccountable organizations dealing with them.

I am talking, of course, of private health-insurance companies.

The obvious cost-effective solution is to get rid of them, and implement an universal, single-payer insurer that would cover absolutely everyone (no opting-out) with exactly the same coverage (no more time wasted to figure out if some procedure is covered or not).

Since coverage of everyone will be compulsory, there will be no more need to discriminate for pre-existing conditions, thus removing the need for intrusive record snooping in the first place.

In fact, such a solution is currently in place in **ALL** the industrialized countries, except in the USA.

There shall be no more pussyfooting around the bush with this issue, the bull's apple need to be bitten by the horns right now.

In addition to finally covering everyone, the USA will no longer be a turd-world country and a laughingstock in respect to health-care, and in bonus, all the rotten parasites that fester in and around private health-insurance companies will be forced to find an honourable way of paying the bills.

First off, I just don't understand why people insist that universal health care == single payer. The two are completely separate; you can certainly have the former without requiring the latter.

There are MANY reasons to argue against single payer health care.... and that is beyond the scope of this /. discussion. I do, however, have to object to your dumbing down of the issue. While one of the main goals of HIPAA was to insure privacy of health care with respect to portability of insurance (the H, I, and P in HIPAA), there is far more to HIPAA than just dealing with private insurance companies. If that weren't so, then HIPAA wouldn't be relevant for, say, Medicare purposes.

For instance, what if a prospective employer wants to take a look at your EMR to see if you have chronic medical conditions that would require you to take days off in the future? What if your prospective spouse wants to see what heritable diseases run in your family?

Of course, that's not important for you. What's important for you seems to be inserting a rant supporting your political viewpoint. Kudos, my friend, kudos, for trying to distract a real argument with your strawman.

Re:This is untenable (1)

Pig Hogger (10379) | more than 5 years ago | (#26506967)

First off, I just don't understand why people insist that universal health care == single payer. The two are completely separate; you can certainly have the former without requiring the latter.

That's because only a compulsory single payer is able to avoid discriminating for pre-existing conditions.

There are MANY reasons to argue against single payer health care.... and that is beyond the scope of this /. discussion. I do, however, have to object to your dumbing down of the issue.

"Dumbing down", as opposed to **OBFUSCATING** in order to maintain the status-quo, so that people keep believing that "the government is **BAAAAD**" so private insurer can continue to gouge the public???

While one of the main goals of HIPAA was to insure privacy of health care with respect to portability of insurance (the H, I, and P in HIPAA), there is far more to HIPAA than just dealing with private insurance companies.

Bullshit. What happens is that insurance companies are looking at all possible ways of weaseling out of their contracts in order to increase their profits, and to do this, they have armies of "investigators" who social-engineered their ways into medical records.

For instance, what if a prospective employer wants to take a look at your EMR to see if you have chronic medical conditions that would require you to take days off in the future?

This is an unacceptable invasion of privacy. If you believe that croporations shall have the right of life or death to people, you are truly a fascist.

Or you have been sorely misinformed and swallowed the whole hook line and sinker of fascists arguments.

If you were a millionnaire whose fortune would depend on maintaining the status-quo, as you are pitifully trying to do, you would not hang on Slashdot on a sunday morning.

Of course, that's not important for you. What's important for you seems to be inserting a rant supporting your political viewpoint. Kudos, my friend, kudos, for trying to distract a real argument with your strawman.

How about you? Why are you so hell bent on preseving the "liberty" you have been led to believe you have? Why are you thinking like a zillionnaire???

Re:This is untenable (1)

amabbi (570009) | more than 5 years ago | (#26507087)

That's because only a compulsory single payer is able to avoid discriminating for pre-existing conditions.

That's completely untrue. Say, for instance, I work for LargeMultinationalCorporation. I could have diabetes, high blood pressure and had 3 heart attacks, and I'll still get coverage because I work for LargeMultinationalCorporation. And I did it without the federal government!

"Dumbing down", as opposed to **OBFUSCATING** in order to maintain the status-quo, so that people keep believing that "the government is **BAAAAD**" so private insurer can continue to gouge the public???

Please give me one example of the U.S. federal government taking over for a private industry, where the end results were better than if the federal government did not meddle at all.

Bullshit. What happens is that insurance companies are looking at all possible ways of weaseling out of their contracts in order to increase their profits, and to do this, they have armies of "investigators" who social-engineered their ways into medical records.

Now you're just making shit up. Do you have any proof of your claims that large insurance companies are committing mass fraud to gain access to medical records?

This is an unacceptable invasion of privacy. If you believe that croporations shall have the right of life or death to people, you are truly a fascist.

Or you have been sorely misinformed and swallowed the whole hook line and sinker of fascists arguments.

Sorely misinformed? My friend, I work in the hospital and see day to day what goes on. Do you?

If you were a millionnaire whose fortune would depend on maintaining the status-quo, as you are pitifully trying to do, you would not hang on Slashdot on a sunday morning.

Don't you know that Sunday morning is vacation day for millionaires whose fortunes depend on maintaining the status quo?

First off, I'm all for universal health care. I'm just against having the federal government run it. I'm all for enacting NEEDED health care reform. I'm just against expanding failed or failing government programs like Medicare and especially Medicaid in order to do it. Of course, it seems that you're under the assumption that if you're not pounding the socialization drum, you must be a facist, right?

How about you? Why are you so hell bent on preseving the "liberty" you have been led to believe you have? Why are you thinking like a zillionnaire???

I'm not thinking like a zillionnaire. I'm thinking like a medical student who's going to be a medical doctor in 5 months, and worrying that the federal government is going to completely fuck up the medical system as it has with, say, the railroads, banking, space, high technology, and the like.

Re:This is untenable (1)

Daniel Dvorkin (106857) | more than 5 years ago | (#26508319)

That's completely untrue. Say, for instance, I work for LargeMultinationalCorporation. I could have diabetes, high blood pressure and had 3 heart attacks, and I'll still get coverage because I work for LargeMultinationalCorporation. And I did it without the federal government!

That's great for employees of LMC, but you're overlooking two things:

(1) LMC was able to negotiate that kind of blanket coverage with their insurance provider because, well, they're Large. Smaller business don't have that kind of leverage.

(2) There's absolutely nothing to stop the insurance provider from telling LMC, "Right now you're paying $x million per year for blanket coverage. We can offer you the same coverage for 0.9$x million per year [which will actually cost us 50%, not 90%, of what it does now, although we're not going to mention that] if you accept our suggestions about which types of employees you might want to ease out the door." Nor is there anything to stop LMC's management from thinking this offer is a really good idea.

If you think there's a way to solve either of these problems without serious government regulation, please feel free to make a suggestion.

EMR Debate. (1)

Ostracus (1354233) | more than 5 years ago | (#26506143)

Well there's an interesting debate [arstechnica.com] on EMR, including some physicians.

Re:EMR Debate. (1)

jhoegl (638955) | more than 5 years ago | (#26507433)

Interesting that the back and forth on the debate is just like any political debate. The never-ending debate Issue -> discuss problems of issue -> propose general solution -> Issue. No one ever gets down to the details its just generalized propaganda and hot air. Here is the deal, HL7 has been a communication standard, think of it as the IEEE networking layers. You have your basic standards then you have your sections that can be manipulated to contain any data. Someone proposed XML on the forums. XML? Why do they need a new standard when HL7 is already availible? Sales pitch is why, spend money. Delivery? PGP encryption or if need of a live feed, VPN. Oddly already availible. Uhg...

With added power comes the risk of abuse (2, Interesting)

cunamara (937584) | more than 5 years ago | (#26506323)

I'm a psychologist and work for a large clinic (93 clinicians, 25 support staff, five clinic locations and a lot of "out in the field" services). My specialty is nursing home services; there are about 15 of us in the nursing home division and we work in about 150 nursing homes. Often a client is referred to me and it turns out they were seen by a colleague in another nursing home. If we had an EMR that I could query remotely, I could find that out and streamline the delivery of services and provide better care. This would be the "added power" part of the discussion and the rosy picture that EMRs present

The flip side is that computer security is not reliable. Any system connected to the outside world can be hacked remotely one way or another. We have thousands of clients with a lot of sensitive data sitting in our files, currently in locked cabinets behind two locked doors with limited access to maximize security as much as we can. The risk of data exposure is minimal and happens as a result of sloppiness by practitioners (e.g. leaving a file sitting on a desk unwatched). With an EMR, however, the risk of exposure is potentially much higher (e.g., downloading *all* the files instead of swiping or reading just one).

We have made no provisions for using an EMR in our clinic. We have a computerized billing system which contains insurance information and diagnostic codes- only the information required to send out a bill- but none of our clinical records are in an EMR. AFAIK we are not required to do so.

What is an executive order? (1)

MobyDisk (75490) | more than 5 years ago | (#26506607)

After the executive order signed in 2006,

And from the article...

President Bush issued an executive order that requires certain federal programs (including Medicare) to develop interoperable HIT systems.

What the heck is an executive order, and from what does the president derive this mystical power?

Re:What is an executive order? (1)

Daniel Dvorkin (106857) | more than 5 years ago | (#26508389)

An executive order is a quasi-law which exists as a symptom of the quasi-monarchical powers which the President has unfortunately been granted by a cooperative Congress and Supreme Court and a complacent people over almost the entire course of American history. It's really just an updated version of "the king's word is law" with a modern gloss. Some blame Lincoln for the Imperial Presidency, some blame FDR, and some blame the Cold War, but honestly the problem goes (at least) back to Jefferson, of all people -- there has almost never been a time when the President did not try to make his office into a throneroom. See also the phrase "commander in chief" and wilful misinterpretations thereof.

What is the debate? (1)

jhoegl (638955) | more than 5 years ago | (#26507023)

Quite frankly I do not get what the debate is. Technologies are already developed to provide secure connections to patients. Back end securities are already developed to provide interoffice communications. Build interfaces for data to talk to each system and then build towards one centralized uniform system. It is easy to also deliver this data to patients, however the human factor (I call Darwinism) is always the concern. If IT ever figgures out the human factor, meaning the stupidity of the average person to come up with simple passwords, forget passwords, give out/share passwords, or keep compromised systems compromised then our work will be done. Until then, make people realize their data is in their hands. Educate on this fact and be done with it. Access to data, even your own, comes at a cost. The cost isnt a buck o' five, but rather maintaining ones own standards and rules when accessing data or giving out information. The status so far? Crap, we should have been done by now.

A workable open source solution (1)

martalli (818692) | more than 5 years ago | (#26507801)

There are hundreds of various EMR products, which typically cost $30,000 per physician to buy, and $5,000/year/MD for maintenance costs. After paying all that, the EMR products are incompatible with each other, so that records cannot be sent from MD to MD, except to print out the information and scan the pages into the other MD's system. If the digitized information is lost, then the value of the EMR to track information is also lost. A better solution would be to encourage ro require the use of a single backend product, which would be open sourced, such as the VA's system. This system should be capable of handling all patient encounters: hospital, clinic, OT, PT, labs, etc. Separate front-ends could be created for different situations. The variety of these various situations (hospital front ends, ENT clinics, family practice clinics, pediatrician's office, and so on would be a great environment for private investment. A generic open source front end could be maintained for minimal cost (such as the current VA front end. This would lower the cost of projects, while increasing diversity in front ends (all the healthcare workers care about) and create an opportunity to share digitized information between providers who have permission to share this information from the patient.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>