Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Electronic Health Records Now In All Mil Hospitals

smitty777 (1612557) writes | more than 3 years ago

7

smitty777 (1612557) writes "Information Week is reporting on the the inclusion of Electronic Health Records (EHRs) in all US military hospitals. This is significant in that it allows the sharing of patient information on a worldwide scale, improving care. This is leading a national trend, which is currently motivated by HIT Meaningful Use legislation which provides incentives for civilian physicicans to adopt EHRs. Not that the adoption is without challenges. The usability of EHRs is also an ongoing concern."
Link to Original Source

cancel ×

7 comments

What you can count on... (1)

Jah-Wren Ryel (80510) | more than 3 years ago | (#36483602)

This is significant in that it allows the sharing of patient information on a worldwide scale, improving care.

...and increasing risks to patients.

We can pretty sure that the following things will happen

1) Integration with Homeland Security tracking databases [nytimes.com]
2) Abuse by insurance companies and healthcare providers to reduce costs / increase profits in ways not envisioned by HIPAA.
3) Whoiesale data theft for criminal abuse

Re:What you can count on... (1)

smitty777 (1612557) | more than 3 years ago | (#36483892)

@Jah-Wren Ryel - good points. I completely agree with the risks you've identified. I'm not sure those are unique to the healthcare system, but more byproducts of the increasingly digital age that we live in. I think this is especially true with regards to points #1 and 3 - our over-digitzed lives are becoming easier and easier to track and exploit.

So, given the inevitability of the EHR in the medical system (and it is inevitable), what can be done about it?

Re:What you can count on... (1)

Jah-Wren Ryel (80510) | more than 3 years ago | (#36486110)

So, given the inevitability of the EHR in the medical system (and it is inevitable), what can be done about it?

Incorporate a design philosophy of compartmentalism. Both at the database level where it would be more appropriate to call it decentralisation so that there is no mechanism to automatically cross-reference data from one database with another and also within each database such that each patient's records are encrypted and the only person with a key is the patient himself.

EHR's are one use case were DRM can function reliably because they are essentially closed systems - unlike DVD players and PCs, all access to the EHR data is only through devices that are under the control of the EHR admins. Restrictions like document expiration, limits on copies and access logging are all tools that can be reasonably implemented in an EHR system.

So give the patient the ability to control access via the equivalent of a smartphone and then each time someone wants access to a patient's records, the system sends a request to the phone and the patient can decide to allow it or not. In emergency cases where the patient is unconscious, physical access to the smartphone should be enough to approve very short-term access to the records.

The idea is not to make the system 100% impervious to abuse - nothing will ever stop a person from copying information off a computer screen with paper and pencil. But rather to design the system so as to make bulk access to patient information impractical because bulk access is the means by which the most misuse can occur.

Nor is it necessary that an EHR system make all legitimate uses of patient information easier than current systems because really no system, no matter how lax the security, is going to be an improvement for 100% of legitimate uses. All that can be reasonably expected is that the most common uses of the patient records be improved. And that should be quite feasible even with strong compartmentalisation.

Re:What you can count on... (1)

smitty777 (1612557) | more than 3 years ago | (#36486286)

Incorporate a design philosophy of compartmentalism. Both at the database level where it would be more appropriate to call it decentralisation so that there is no mechanism to automatically cross-reference data from one database with another and also >

Hrmmmm...interesting idea, but doesn't that contradict the whole purpose of having an EHR? I mean, if you compartmentalize too much, than you won't have the benefits of information sharing between hospitals and physicians, for example.

The idea of a client owning their own data is also intriguing, but I'm not sure it would fly. It's too much of a departure from the norm right now. Hospitals own the data, and they like owning the data, and....the biggie...they are the ones paying for the EHR system. So what is the incentive for the hospitals to create an EHR, gather all the patient data, and then give away all ownership of it? From their perspective it's a lot easier to just keep it themselves. While they think it will probably be safer in their hands, us /.ers know from the recent news that no systems are impervious.

One other thing too - having a smart phone that would release the information is a good idea, but also risky. You're assuming that everyone has a smart phone, or at least everyone in the system. That's a pretty big assumption. What about elderly folks that might have trouble using them, or the mentally/emotionally handicapped?

Good conversation - definitely food for thought.

Re:What you can count on... (1)

Jah-Wren Ryel (80510) | more than 3 years ago | (#36486790)

Obviously there is a lot more nuance to how things would all come together. But sharing between distinct EHR systems at different hospitals is different from sharing between an EHR system and a DHS database. Ultimately encryption at the patient level makes it infeasible to bulk export from one system to another and that's the key difference from the current wisdom which is to centralise everything and then just manage access control with permissions.

As for an individual's ownership of the data about themselves, that's a fundamental problem with all such databases - not just EHRs. The EU is further along the path of recognising an individual right to "informational self-determination." It is a societal change of mind-set that I believe is inevitable because it most appropriately links control of data to the entity with the most risk associated with the data. But I do agree that groups who benefit from the out-of-kilter risk/benefit status quo are going to fight tooth-and-nail to keep things the same - they like having the benefits without shouldering the risk.

The smartphone as access control device is just a example. The idea is that, manufactured in bulk, gadgets like that are ubiquitous and cheap enough to be issued as part of enrolment in the EHR system. In the outlier cases of people who can't reliably use the gadget or aren't fully in control of their own faculties, then a proxy could be assigned to handle the duties for them, like a power-of-attorney. It might even be reasonable just to set their gadget to "auto-approve," at least for a certain type of access (say, just as one example, within the same EHR and only for access requests from doctors that have previously been granted access).

Re:What you can count on... (1)

smitty777 (1612557) | more than 3 years ago | (#36487072)

I'm playing devils' advocate of course, but I think one of the big problems they are trying to solve or will be solving in the near future is data sharing between hospitals. It's not something that we do particularly well (at least here in the states), but it would take care of the problem of duplicate med lists, overlapping treatment, and abuse by patients (that's one aspect of abuse that you didn't really bring up, but it happens a lot now). I'm pretty sure that's the way things will be going, and I'm equally sure that the governments will have a pretty strong hand in it.

Also one of the problems with patients "owning" their own information is that it's the doctors that are ultimately responsible for the treatment and care of the patients - another motivator for the hospitals and physicians owning the data. How do they know you are who you say you are and that you haven't monkeyed around with the data somehow? If they own the data, they know where it's been. Supposedly of course, at least until Lulsec drops by for a visit.

I'm intrigued by your idea on the patients devices for keeping the data. I think the real problem is that whatever the device is, it becomes a point of failure. You can forget it, it can break, get stolen, or whatever in most of the forms we have today. Even if everyone had an embedded RFID chip for example... well, you can get your arm chopped off in industrial accidents, can't you?

Again, I'm playing devils advocate. These are indeed intriguing thoughts. I think however it plays out will be largely determined here in the US by the market and the malpractice insurance companies, to name a few.

Re:What you can count on... (1)

Jah-Wren Ryel (80510) | more than 3 years ago | (#36487536)

I think one of the big problems they are trying to solve or will be solving in the near future is data sharing between hospitals.

Well, that starts to get outside the purview here, but (for example) the idea is that a doctor writing a script would request the patient's list of current prescriptions first, the patient would OK the records transfer (with, say an expiration of the copy of 1 day), the doc would look them over for conflicts with what he's about to prescribe and then update the list with the new medicines. Not particularly different in workflow from the current vision for such things.

How do they know you are who you say you are and that you haven't monkeyed around with the data somehow?

They can cryptographically sign the records - something they ought to do to ensure data integrity anyway.

I think the real problem is that whatever the device is, it becomes a point of failure.

When I first started thinking about this a few years back, I thought that keeping the sole record on the gadget was ideal. But with encryption, it is probably at least as good to keep it on the servers and the gadget acts just as a fancy key to selectively unlock them. Lose the gadget, there is a process - ideally using an air-gap firewall - to configure a replacement gadget with the required cryptographic keys. It doesn't need to be a streamlined process either since such while losses are expected they should be uncommon enough that a little inefficiency is tolerable.

I think however it plays out will be largely determined here in the US by the market and the malpractice insurance companies, to name a few.

Unfortunately I agree, at least in the short term. I think that, in large part, the problem is that nobody is even talking about any other way of automating health records. Everybody just assumes that full-blown centralisation plus permissions is the only possible way to go about it.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...