Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Patient Access To Electronic Medical Records Strengthened By New HHS Rules

Soulskill posted about a year ago | from the power-to-the-people dept.

Privacy 53

dstates writes "The Department of Health and Human Services has released newly revised rules for the Health Information Privacy and Accountability Act (HIPAA) to ensure patient access to electronic copies of their electronic medical records. Several years ago, there was a great deal of excitement about personalized health information management (e.g. Microsoft HealthVault and Google Health). Unfortunately, patients found it difficult to obtain their medical records from providers in formats that could easily be imported. Personalized health records were time consuming and difficult to maintain, so these initiatives have not lived up to their expectations (e.g. Google Health has been discontinued). The new rules should address this directly and hopefully will revitalize interest in personal health information management. The new HIPAA rules also greatly strengthen patient privacy, the ability of patients to control who sees their medical information, and increases the penalties for leaking medical records information. 'Much has changed in health care since HIPAA was enacted over fifteen years ago,' said HHS Secretary Kathleen Sebelius. 'The new rule will help protect patient privacy and safeguard patients' health information in an ever expanding digital age.'"

cancel ×

53 comments

Sorry! There are no comments related to the filter you selected.

About time but is it enough (5, Interesting)

Gim Tom (716904) | about a year ago | (#42633765)

A recent experience in my family made me fully aware of how important immediate access to personal medical records can be and how difficult they can be to obtain at times.

A family member had been hospitalized and surgery was indicated. However, the current CT image showed something that may contraindicate surgery if it was new, but would not do so if it was an artifact of a previous surgery many years before. The only way they could tell was to compare the current image with an image several years old, but after the prior surgery. There was such imaging done at a different hospital about 20 miles away about eight years prior and the doctor learned that they did have the image archived. However, the only way to get the image to him was for someone to drive to the hospital and bring a copy of it back on a CD. I made that trip and the CD showed that the suspicious object on the CT scan was an artifact from a surgery over a decade prior.

This made me realize how important having one's own copy of complete medical records could be. It would be so easy to have them on even a small thumb drive and they could be encrypted for security. The real problem is getting the medical community to give the patient those records in electronic format, and that format should be an open and published format and not in any way proprietary.

Re:About time but is it enough (4, Insightful)

Anonymous Coward | about a year ago | (#42633881)

As someone who develops medical records, let me tell you "good luck with that".

As a newcomer to the field (with hundreds of competitors) fighting to carve a space for ourselves we're all for it, after all if you don't like your current system, an open record format makes it easy to import it into our system.

Obviously, the established players aren't so happy with it, but there's one more party who's against it too: the doctors themselves. They don't realize it, but their own actions are fighting this tooth and nail. "Why can't I just dictate everything in a box?" "Why can't i just write it down and scan it in" "I don't want my chart to say Weight can't it just say W"?

TL;DR: the format already exists, it's called PDF.

Re:About time but is it enough (4, Informative)

ColdWetDog (752185) | about a year ago | (#42633979)

As a physician involved in this mess (and it's a mess), let me chime in and say that you're partially right and partially wrong (TL;DR - it's complicated).

Yes, lots of health care providers (doctors, nurses and ancillary personell) absolutely hate change. There are doctors who are perfectly happy scribbling down a paragraph of acronyms and abbreviations and calling it a day. Then they get mad at the nurse because she can't figure out just what the hell the doc meant.

Those people need to get put in a closet and only used in emergencies (fat chance). Then there are EHR providers that can't program anything harder than "hello world" without six months of testing. It should be fairly easy, for example, to input weights in pounds and convert it on the fly to kg (or stones or troy ounces for that matter). Instead you have input fields that are rigidly structured, and worse, fail in unspecified ways requiring you to re input the data. Those programmers need to be put in a closet an left there.

The problem with patient data is that you don't know the level of understanding that you are shooting for. Do you dump everything out in Doctor Babble? Do you try to make it read at a 5th grade level? Do both? Something else?

PDF is fine for data output that would be static - not so good if the patient wants the new provider to input it into another system. That's a difficult problem to solve. HL7 was supposed to be the standard that offered a solution to that, but, like most standards, it suffers from implementation problems.

And the new gem:

When individuals pay by cash they can instruct their provider not to share information about their treatment with their health plan.

is going to really jam things up. Now you have to sort data on a whole new metric - who can see it. I predict this isn't going to work out well, although I understand the rationale behind it. I also understand how this is going to be abused - your doctor / healthplan doesn't see the fact that you paid for a script for 150 Vicodan. You'd like some more.... Whatcouldpossiblygowrong.

Re:About time but is it enough (1)

Anonymous Coward | about a year ago | (#42634659)

GP again.

It should be fairly easy, for example, to input weights in pounds and convert it on the fly to kg (or stones or troy ounces for that matter).

It is easy. When they use our field to do that. When they want to dictate "21 year old 18 stone female presents in my office with a blistering rash on the upper right thigh" that's their problem (and they make it my problem).

HL7 was supposed to be the standard that offered a solution to that

Except that it really, really wasn't. Wasn't ever supposed to be. Reading the documentation for both v2 and v3 (which looks more and more like it will never be used, possibly because of this shortcoming) made it quite clear to me that the events they intended it to be used for were taking place entirely within a single hospital. This is why every single reference laboratory that we interface with does it differently: whoever came up with this stuff apparently had no idea that the test might be done in a lab in a different building than the doctor ordering it. Holy shit, it might even be in a different state! Thus we get custom segments like ZPS which everyone does in their own way, because this wasn't what HL7 was for.

Now you have to sort data on a whole new metric - who can see it

Honestly, I'd have to say that this isn't as big of a deal for us since this kind of thing is something we tackled from the very beginning. While "OK to send records to the insurance company" is definitely a new one we'll have to hotfix ASAP (nobody tells US about this in advance), our primary focus is OBGYN and one of the first top priority requirements we got from our developing/beta doctors is "I see my nurses as patients and don't want them reading each other's records". It's another checkbox to fill, and an alert on a claim rejection for patient records requested. We'll add a line to the patient registration "I understand by checking this box I will be responsible for any claims denied by my insurance carrier for lack of documentation".

Re:About time but is it enough (1)

modmans2ndcoming (929661) | about a year ago | (#42634965)

Don't you love how a management task gets offloaded to the technology....again.

If you don't want your RNs to look at their records then tell them not to and have and run an audit report to see if they are or are not....then fire them for ignoring you and if you really don't like them, report them to the licensing board for breaking ethical and legal codes.

Re:About time but is it enough (0)

Anonymous Coward | about a year and a half ago | (#42636087)

Oh, come on. Expecting a system to have ACL's isn't exactly tantamount to trying to solve a social problem with technology.

...or do you really hope that your health data is protected only by the honor system?

Re:About time but is it enough (1)

modmans2ndcoming (929661) | about a year and a half ago | (#42638921)

umm....Data is data...if you have access to the medical data then something other than simple ACLs needs to be used to stop a user who has access tot eh data from accessing a specific set of records....unless you expect the physician to go it and manually manage that....sorry...he has a practice to run.

Re:About time but is it enough (0)

Anonymous Coward | about a year and a half ago | (#42641189)

Nope, sorry, ACL's solve exactly this issue. Yes, I expect there to be individual patient level granularity for ACL's, just like I expect there to be individual file permission granularity in my filesystem.

If the physician is too lazy to spend the five minutes it takes to setup the ACL's, then I guess she didn't really care about the policy. I mean, the ACL solution configuration for this is trivial. If these records were files on an NTFS share, it would take just a minute or two for a physician to setup the controls. However, what *really* would happen is that IT would handle that via a checklist item as part of every new nurse hire.

Re:About time but is it enough (1)

modmans2ndcoming (929661) | about a year and a half ago | (#42662759)

and a physician who has a sole proprietorship practice... maybe a partner and 10 employees....

Just an FYI...we work with a large EMR in the hospital system I work for and we do not manually lock down the medical record from the users....our EMR is smart enough to look at your provider record, your user record and the patient's record and determine if you are opening your own record. It does not stop you but it pops up a warning that requires you to explain why you are opening it and it ends up on an audit record that is reviewed weekly.....Not a simple ACL because it would be unattainable as well as it would be unnecessary to set up a medical record for every employee in order to lock it down upon being hired.....that is kind of illegal since you are documenting that this person has come to see you for medical reasons...thus you are falsifying records.

Re:About time but is it enough (2)

dstates (629350) | about a year and a half ago | (#42636783)

And they will come back at you for a HIPAA privacy violation. Your scenario implies that to save IT complexity and expense, you are willing to risk patient confidentiality. You are not going to come across as a sympathetic defendant, especially when they say the only reason they were looking was to test the system security which they found wanting but were afraid to report to their greedy boss looking for an excuse to fire people.

Re:About time but is it enough (1)

modmans2ndcoming (929661) | about a year and a half ago | (#42638929)

Sorry it does not work like that.....the data is protected...a user of the system is not allowed to access their medical chart using the system.

Re:About time but is it enough (0)

Anonymous Coward | about a year and a half ago | (#42639909)

"Not allowed to" and "Fired for after the fact" are two completely different things.

Re:About time but is it enough (1)

Kjella (173770) | about a year ago | (#42635647)

You're trying to solve the problem of electronic patient journals, very good luck with that. But the grandparent is right in one thing - it'd be a helluva start to get "electronic paper journals" off the ground. Sure it *would* be nice if it existed in plain text or a structured format that could be parsed electronically as well, but currently a lot is done by printer/scanner/photocopier that didn't have to go via physical paper.

Re:About time but is it enough (2)

smpoole7 (1467717) | about a year ago | (#42635733)

As a patient involved in this mess, first, let me say that you sure are putting a lot of people in the closet. :)

(And I heartily agree.)

As a patient, what drives me crazy is that each health care provider wants you to fill out forms with the same questions. Each form is just different enough that I can't make a standard form and just take it with me. "Yes, I have high blood pressure (and you people are part of the reason, heh), yes, I've had surgery, my father had heart trouble and both parents have had cancer," and so on. Standardize the blooming form and let me fill it out once.

This isn't an issue for some people, but my wife, just to name a good example, is one of terribly unlucky people who specializes in conditions that are uncommon. We often have to explain them, over and over again.

Pseudo Tumor Cerebri, or Idiopathic Intracranial Hypertension -- hope I spelled that right -- is the best example, though she was also one of the youngest ever to need hip replacement because of avascular necrosis; in that case, Blue Cross insisted that she HAD to have been in an accident, because it just didn't happen to people her age. The form just said, "give the date of the accident and the name of the responsible party." I had to cram on that form: "NOT AN ACCIDENT."

I have to be honest: I am NOT a fan of the Affordable Care Act, at all. I won't get into that here. But I'll agree that some form of standardization, and the availability of records, is badly needed.

Re:About time but is it enough (1)

anorlunda (311253) | about a year and a half ago | (#42638433)

So it wold jam things up to treat some patient's information different than other's? I think that proves the deceptive fallacy in the patient opt out of the original HIPPA.

We have all seen the HIPPA privacy disclosure forms they give you in the doctors office. Part of that form says that you have the right to request changes with respect to how your data is handled. But as coldwetdog points out, if they say yes it could require new software, maybe even new sort fields in their databases (horrors!). So of course their reply is no. You accept the standard term or you are denied access to health care.

During the original debate over HIPPA much was said about opt in versus opt out. That is all a deceptive smokescreen if the providers are allowed to design their software assuming that the privacy handling of 100% of patient records is identical to all others. As long as that is true, not even one patient in the nation can opt differently than anyone else, because that would require special software and maybe more DB fields.

In the USA, the only choice is to opt in or die.

Re:About time but is it enough (1)

anorlunda (311253) | about a year and a half ago | (#42638445)

So it would jam things up to treat some patient's information different than other's? I think that proves the deceptive fallacy in the patient opt out of the original HIPPA.

We have all seen the HIPPA privacy disclosure forms they give you in the doctors office. Part of that form says that you have the right to request changes with respect to how your data is handled. But as coldwetdog points out, if they say agree to a change it could require new software, maybe even new sort fields in their databases (horrors!). So of course their reply is no. You accept the standard terms or you are denied access to health care.

During the original debate over HIPPA much was said about opt in versus opt out. That is all a deceptive smokescreen if the providers are allowed to design their software assuming that the privacy handling of 100% of patient records is identical to all others. As long as that is true, not even one patient in the nation can opt differently than anyone else, because that would require special software and maybe more DB fields.

In the USA, the only choice is to opt in or die.

Re:About time but is it enough (1)

Jane Q. Public (1010737) | about a year ago | (#42635607)

"TL;DR: the format already exists, it's called PDF."

No, it isn't.

PDF is a proprietary format that can change at any time at the behest of Adobe. (And in fact has changed on a pretty regular basis, with no requirement for "public" input.) So far, they have decided to be user-friendly about making the format available to the public, but there is NOTHING saying that will be true tomorrow.

A standard medical record format has to be PUBLIC, not proprietary. The Open Document standards (Open Office, Libre Office) come a hell of a lot closer to a truly public format than Adobe ever has.

And just as an aside: in my opinion, anybody who would use Microsoft or Google to store their medical records must be seriously uninformed or crazy. Might as well give them to Facebook.

Re:About time but is it enough (1)

magic maverick (2615475) | about a year and a half ago | (#42638027)

Wikipedia sayz:

While Adobe Systems made the PDF specification available free of charge in 1993, PDF remained a proprietary format, controlled by Adobe, until it was officially released as an open standard on July 1, 2008, and published by the International Organization for Standardization as ISO 32000-1:2008.[3][4] In 2008, Adobe published a Public Patent License to ISO 32000-1 granting royalty-free rights for all patents owned by Adobe that are necessary to make, use, sell and distribute PDF compliant implementations.[5]

Wikipedia also sayz:

There is also the PDF/H, a.k.a. PDF Healthcare, a best practices guide (BPG), supplemented by an Implementation Guide (IG), published in 2008. PDF Healthcare is not a standard or proposed standard, but only a guide for use with existing standards and other technologies. It is supported by the standards development organizations ASTM and AIIM. PDF/H BPG is based on PDF 1.6.[25][26][27]

Basically, while PDF was originally an Adobe only specification, it is now open and free. Adobe does, however, make use of the extension bits. So, don't use Adobe products and you won't have a problem.

Re:About time but is it enough (1)

Jane Q. Public (1010737) | about a year and a half ago | (#42643955)

"Wikipedia also sayz:"

Well, good for Wikipedia.

Now create a nice graphic-and-fancy-text-filled web page in Adobe Illustrator CS5 (or 6 now, if you prefer), and save it as .pdf. Then see if you can open it with an older program that was made to read the .pdf specification as it was in 2008 or 2009.

And good luck with that.

Re:About time but is it enough (1)

magic maverick (2615475) | about a year and a half ago | (#42655543)

"Adobe does, however, make use of the extension bits. So, don't use Adobe products and you won't have a problem."

Re:About time but is it enough (1)

ColdWetDog (752185) | about a year ago | (#42634053)

The problem with your solution is that it requires patients to behave in a rational and appropriate fashion. Asking an individual to be responsible for their medical records just doesn't work on the whole. Too many people can't be arsed. Too many people would purposefully hide data. And there are many, many people who would simply find this to be impossible - my demented mother, for instance.

At present, there are many ways to keep track of important medical information. A piece of paper with your relevant history, drug list, allergy list and latest EKG does wonders for an ER doc. And some functional folks have been doing that for years. Of course, handing me a USB drive and expecting me to plug it into the hospital network gives my IT folks hives.

In your case, you (or someone in your family) had the relevant data - knowledge of a previous CT scan. A better system would be for the other hospital to be able to transmit the data to the new hospital without you having to resort to a sneakernet, but sometimes the old ways are the only ways it would work. The radiology issue is actually one that is pretty amenable to a good technical fix. There is an industry standard (DICOM) that is pretty well fine tuned. Most radiology systems are already on line. Most hospitals already have systems in place to transmit data between other hospitals that they routinely do business with (lots of exceptions, unfortunately).

The rest of the medical record is a bit more of a mess.

Re:About time but is it enough (2)

Gim Tom (716904) | about a year ago | (#42634207)

Thank you for your comments. I was aware of the multitude of problems that would have to be addressed to really do this effectively. Both of my parents had Alzheimer's, and prior to retirement in 2007 I was Network Engineer and Security Officer for a State Agency that handled PHI and was on a state wide HIPAA implementation team. A nightmare that still haunts me from time to time.

I too was surprised that the image could not be transmitted electronically between the two hospitals. Some prior experiences with medical records may have influenced my opinion. When was in military service I hand carried my medical records when I moved permanently to a new base. That was back in the days of paper and film records. Latter, my employer had a large HMO (Kaiser) as the insurer for their employees and it was at the time that they were making the transition from paper to internal electronic records. Considering what I did I was very skeptical of how well it would work, but the transition was much smoother than expected and the advantages of every doctor in the network having immediate access to my complete medical record soon became very obvious.

Earlier in my career I worked on design, implementation, and quality assurance of some large systems. I know that good systems can be built and can be designed to do what what the USER needs not what is easy for the designer or coder to make. However, this does not seem to be being done much any more. I suspect that part of the problem is that the developers never actually talk and work with the people who are going to use the system and don't really know what is needed.

Re:About time but is it enough (1)

maxwells_deamon (221474) | about a year ago | (#42634545)

Kaiser is now much harder to work with.

They will not request medical records to be transferred from your old doctor. As far as I can tell, you must request them directly from your old doctor on paper (this generally means paying for copying costs at a jacked up per page rate) then the fun really begins.

You can't just take the copies of the records to Kaiser and ask them to put them in the system, you have to take them to the doctor (in that department) with an appointment and have the doctor designate what is important to be entered into your local records. Multiple conditions has meant multiple doctors get the information.

It is usually easier just to let them order new tests/x-rays

The attitude you are left with it that they do not trust other doctors.

Re:About time but is it enough (2)

ColdWetDog (752185) | about a year ago | (#42634669)

There is some rational thinking behind parts of those policies:

- In general, having a patient directly give a doctor records makes tampering with the record a real possibility. No real way to ensure that the record hasn't been modified or simply trimmed of data that the patient didn't want anyone to know or just simply thought wasn't relevant.

- Some EHRs dump every cold and sniffle to the output. EHRs, especially on complex patients, suffer from a signal to noise problem. Unfortunately, the best way to deal with that is for a clinically trained person (doesn't have to be a physician) to review the chart and determine what's valuable. I can't see why you'd have to send the chart to each specialty to pull out the relevant data - that sounds like some committees got involved somewhere.

- And, unfortunately, you're right. It's often easier / faster to just repeat the tests. This is seen by the Higher Powers as an unmitigated evil and the Source of All Financial Improprieties. It's likely that the feds are making a bigger deal about it than reality would indicate. It's a problem. It's not the Big Problem or even one of the Big Problems.

Re:About time but is it enough (1)

modmans2ndcoming (929661) | about a year ago | (#42635045)

it is a hospital....of course a committee of no nothing administrators made decisions based on stupid political BS with wrong assumptions because they fail to even know who the right people are to pull in and ask.

Re:About time but is it enough (1)

modmans2ndcoming (929661) | about a year ago | (#42635049)

ugh...KNOW-nothing....this place needs an edit.

Re:About time but is it enough (-1, Flamebait)

mihahalu (2819363) | about a year ago | (#42635529)

http://www.cloud65.com/ [cloud65.com] as Bernard said I am startled that a student able to get paid $8485 in 4 weeks on the computer. have you read this web link

What's not in the article (4, Informative)

somarilnos (2532726) | about a year ago | (#42633831)

One thing it misses - the "Final Rule" part of it implies that this is it. It's not.

The requirements from HITECH come in three stages - and this is the final rule for stage 2. There's an entire additional stage coming to further enhance what hospitals are doing to improve the quality of health care with technology.

Of note, too, hospitals who meet these requirements get additional reimbursement from Medicare (Beaucoup bucks). Those that don't get reduced reimbursement from Medicare. So a lot of these rules aren't entirely mandates, but close enough.

For what cost? (3, Interesting)

pubwvj (1045960) | about a year ago | (#42633857)

A year or so ago our doctor switched over to electronic records. Now they want $75 per person for us to get a copy of our records as an administrative fee. All they need to do is print the records off of the computer. Minimal labor, minimal cost, not even very many pages. They're just using the fact that they're now electronic records as a means to collect more fees. It is greed on the doctor's part, plain and simple.

Re:For what cost? (3, Insightful)

Trax (93121) | about a year ago | (#42634015)

I'm a doctor who is involved with the hospital's IT and EMR. The cost of switching over to electronic records is an already expensive proposition at the beginning and where the vendors get you is for maintaining the EMR on a yearly basis. Yes, it is minimal labor and not many pages but it is NOT minimal cost. Neither the private insurance nor medicare/medicaid reimburse the doctor for his or her use of the EMR and the patient is saddled with the cost.

Re:For what cost? (1)

cluedweasel (832743) | about a year ago | (#42634623)

That's not always the case. We provide copies of medical records to patients free of charge. Yes, it takes a little time to retrieve and send, but feel that charging for that is detrimental to relationships with our patients.

Re:For what cost? (1)

pubwvj (1045960) | about a year and a half ago | (#42640185)

That cost is your problem. Not mine. I did not ask my doctor to switch to electronic records. They shouldn't be charging an arm and a leg for me to get a copy of my own records. They don't do this for the paper records, only the last years that are in electronic form.

Re:For what cost? (1)

modmans2ndcoming (929661) | about a year ago | (#42635075)

dump your doctor.

Not under these new rules (1)

Anonymous Coward | about a year and a half ago | (#42636345)

The cost has to be the actual cost of making the copy and delivering it to you(postage, for instance) They cannot charge for search, retrieve, or things like transportation from an offsite location. Basically, they can charge for the labor and materials to burn a CDROM or make photocopies.

Access rules in the UK - compare and contrast (1)

Bruce66423 (1678196) | about a year ago | (#42633899)

One of the things that the UK does right is to allow 'subject access' to all forms of computer held data, with remarkably few 'national security / crime control' cop outs. The fee for the access is £10 - less than US$18 for EVERYTHING they've got on you. Facebook even succumbs - providing a CD when such a request is submitted. This certainly included your records with the National Health Service. It was passed nearly 30 years ago in 1984 http://en.wikipedia.org/wiki/Data_protection_act [wikipedia.org] for the history and later extended to ALL data, not just computer held, when some organisations tried to avoid the issue by NOT computerising the data they were embarrassed to have.

Re:Access rules in the UK - compare and contrast (1)

Anonymous Coward | about a year ago | (#42635923)

Actually the fee isn't limited to 10GBP: they can charge reasonable costs and postage. For health record requests from the NHS, though, it's capped at 50GBP.

Also, it's not quite that simple. You have to work out who has the data, and they might have destroyed it. I've recently requested my medical records, and while my GP was able to supply me with everything they had (basically summary notes for my entire medical history) for 15GBP plus postage, the hospital where I had a battery of tests in 1990 destroyed the records in 2008 because it was 8 years since I had moved out of the area. I had been hoping that the results of some of those tests would provide a useful baseline for comparison with recent abnormal test results.

See the French Carte Vitale. (0)

Anonymous Coward | about a year ago | (#42633931)

Already accomplishing the task.

Why? Because the French aren't stupid about doing things. Except language. And wines. And cheese.

HIPPA isn't about patient rights to information (1)

HotNeedleOfInquiry (598897) | about a year ago | (#42634051)

It's about government access to patient information. Everything else is a sideshow.

Re:HIPPA isn't about patient rights to information (1)

modmans2ndcoming (929661) | about a year ago | (#42635095)

And the moon landings were a fake...and Obama signed executive orders to allow the UN to kick in my door and take my guns if they feel like it!!

[/ stupid conspiratorial nut]

Don't trust "the cloud" (1)

Animats (122034) | about a year ago | (#42634101)

"Google Health has been discontinued"

2012 was the Year of the Cloud Going Away. Several major service vendors bailed completely. GoDaddy dropped their cloud service last October [gigaom.com] , Dell discontinued their Quest Cloud Automation Platform [quest.com] and Harris dropped theirs last February. [informationweek.com]

On the consumer side, where the contracts are heavily biased towards the vendor, it's worse. Apple dropped MobileMe, and Google dropped a long list of products. Windows Live Mesh shuts down February 13, 2013. [binlogs.com]

When cloud services die, they tend to die fast. A business which relied on a "cloud" service can be in big trouble. The best case is a frantic effort to get the data off and move to some alternative. Worst case is the data gets lost.

Re:Don't trust "the cloud" (1)

tokencode (1952944) | about a year ago | (#42634585)

I work with a company named Dynamic Vault http://www.dynamicvault.com/ [dynamicvault.com] and we are a cloud & disaster recovery provider focused on the healthcare industry. Cloud services in general are rapidly growing and this holds true for especially for the healthcare industry. As offers further mature, this will ultimately lead to a cost savings and increased data security for providers. Centralizing your infrastructure and using a leveraged support model absolutely delivers a better value than many disparate systems supported individually. A simplistic example would be a small 1-2 provider practice that keeps their server on-site versus in a secure data center facility.

Re:Don't trust "the cloud" (1)

Qzukk (229616) | about a year ago | (#42634723)

To be honest, people who called themselves "the cloud" were the pets.com of the post-dot-bomb era. "The cloud" existed before it became a buzzword, and it will continue to exist afterwards for the use cases where it makes sense.

Get out! Get out now! This post is coming from inside The Cloud [tvtropes.org] !

Standards required (1)

Todd Knarr (15451) | about a year ago | (#42634835)

You want to make electronic health records easier for consumers?

1. Set up a standard XML format for records and mandate that all providers must give consumers access to the data in that standard format (other formats are allowed, but the standard format's required). That'd give services and software at least one format they can target for import/export that the patient's guaranteed to be able to get. Make sure the format inclues a "Notes" element that's free-form text, so providers can include stuff that won't fit anywhere else, but require that if the format provides an element for the information that element must be populated with that information (ie. no putting everything in the "Notes" element and leaving the actual XML unpopulated).

2. Mandate that the patient's record be complete. When I go to get my electronic records from my doctor's office, there's two major problems. First, they only include so many records and then cut the record off. I want a copy of all my records that they have, not just the last year's. Second, they don't include certain "sensitive" records. Again, I want a copy of all my records. I'm the patient, by definition I know or should have been told everything in that file. If there's anything in that record that it'd be a problem for me to see, then the problem is that the provider is concealing information from me. If it'd be confusing, the provider should have already discussed it with me so I won't be confused. Omitting sensitive or irrelevant records from a copy sent to another party would be OK but the patient's copy should have complete information for every record the provider has for the patient, without exception or limitation.

Frankly as a patient I'd love a single standard format I could get and maintain myself, so when I went to a new doctor I could just hand them a USB drive or SD card with my complete record on it. It'd make it easier for me too, no more struggling to remember phone numbers of doctors I saw years ago and no more dealing with a doctor I saw ages ago having moved his office and my new doctor can't reach him to get the records.

Re:Standards required (0)

Anonymous Coward | about a year ago | (#42635315)

Part of a problem with a standard format (of any kind) for medical records is that you have multiple different businesses with different data needs. Essentially, trying to come up with one "Medical records" format is like trying to come up with one "Utilities records" format that your water company, your electric company, your trash company, your ISP and your phone company are all going to use. I do IT work for a pharmacy, our records and what we need to work is completely different from what the patient's insurance provider needs, which is completely different from what their PCP needs from what their heart doctor needs. Heck even with standards we can't agree. We finally just started getting doctors sending us prescriptions via Surescripts which is an electronic prescription system, and we have doctors (with supposedly Surescripts certified EMR systems, sending us prescriptions that are completely out of spec, which we still have to process because that's the way their EMR sends them, and the alternative is to have them fax it over, which defeats the whole point of the electronic scripts anyway.

Re:Standards required (1)

Todd Knarr (15451) | about a year ago | (#42635425)

You're over-loading the problem. You do IT work, so stop and think a minute about how many problems you've stated here:

1. A format for holding the patient's complete medical record for permanent storage and transfer between systems.

2. Formats for sending various types of requests between systems, eg. sending a prescription from the doctor to the pharmacy.

3. Internal working storage that holds the data a particular system needs in a form that's easy for that system to handle.

Now, why would I use the same format for all 3? The third wouldn't be XML at all, it'd be a database schema probably. The second would be specific to the request at hand, I wouldn't use the same format to send over a prescription as I'd use to send the bill to the insurance provider. The first would be the one at issue here, and would contain both less and more information than the other formats (I wouldn't, for instance, put detailed billing information for every item in the medical record, although I might include a record for the insurance provider(s) and when the patient was covered by them).

And I'm usually on the other end of your EMR problem, being the guy who has to write the client software that submits requests. Half the time my problem is ambiguous documentation, much of the other half it's legacy code I have to match. Seriously. I've had to write code that fails to follow spec because it's required to successfully talk to a simulator that fails to follow spec, and the simulator team won't fix it because they've got no resources for the job and it works fine with their existing software.

When all is said and done... (-1)

Anonymous Coward | about a year ago | (#42635149)

Regardless of the outcome of any of the discussions, the bottom line is that these 2 contributed to the death of a human being.

As such, they need to pay the penalty for such. They cannot be immune to prosecution for wrongful death regardless of who or what they were.

If that happens, then no law has any merit and should all be repealed.

Someone dies because of another person's actions (yes he committed suicide but it was an act of desperation caused by these malicious self-aggrandizing idiots) that person or persons must needs be prosecuted to the absolute fullest extent of the law.

The fact that they were part of the government should mean a minimum doubling if not tripling of the penalties for misuse of power and breaking of the public trust.

Put em away for 30 or 40 years, in the worst hellhole prisons we have.

Can't even get it right? (1)

Anonymous Coward | about a year ago | (#42635797)

You'd think /. would be able to get HIPAA right, given they also link to the description of the abbreviation. "Health Insurance Portability and Accountability Act", folks.

the sad thing is... (1)

slick7 (1703596) | about a year and a half ago | (#42636777)

The sad thing is that those who follow the rules keep the information safe. Hospitals are in the game for the money, just like the pharmaceutical companies. Nothing is free, nothing is sacred, just show me the money. Anything that can benefit the patient is secondary unless some medical graduate can get a grant to further the exploration. If a substance cannot be patented, regardless of the lives saved or at least relieved, it has no merit.

Re:the sad thing is... (1)

Mike Frett (2811077) | about a year and a half ago | (#42637931)

Oh my, people will call you Mentally Ill and come for your Guns!. Money does make the world go around though. Did you expect a Star Trek Like "We have no need for money, we do things to better Humanity" type of System?. Sounds nice, but from an early age, we are taught that free is evil and if you're not rich; then you are nobody.

Fuck these databases (0)

Anonymous Coward | about a year and a half ago | (#42639967)

fuck obamacare
fuck hospitals
fuck big pharma
fuck psychiatrists
fuck your lists

It's an Electronic Civil War

just last week I hear a Kaiser laptop went out unencrypted.

FUCK YOU!

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>