Wednesday, May 19, 2010

qotd: Hospitals abusing electronic patient data

The Dallas Morning News
May 18, 2010
Hospitals criticized over offers to earn or save money by sharing electronic patient data
By Jason Roberson

The $45 billion set aside for electronic health records in the federal government's 2009 stimulus package created a carrot-and-stick approach to lure providers into the electronic age. Physician practices could be paid up to $44,000 over five years, and hospitals could get a maximum of $15.9 million to install systems that comply with federal rules.

On the other hand, the government would penalize providers that don't participate, reducing their Medicare and Medicaid payments by 1 percent beginning in 2015. In later years, the penalty grows to 3 percent.

Electronic records are expected to allow doctors to coordinate care for the sickest patients, eliminate paper-transcribing errors that lead to inaccurate prescriptions, and avoid duplicate lab and imaging tests.

But with the promises of efficiency come questions of privacy.

The vendor that Dallas-based Tenet Healthcare Corp. uses has been criticized for sharing patient data with drug companies. The vendor that Fort Worth's Cook Children's Health Care System uses is considering offering physician customers discounts for sharing patient data.

Texas Health Resources Inc., an Arlington-based hospital system, and Children's Medical Center Dallas announced April 27 that patients seen at one hospital will have their records available electronically at the other if they need to be admitted.

This summer, Parkland Health & Hospital System, which operates Dallas County's public hospital, is expected to join them. That means a patient's medical records will be seamlessly, electronically transferable to three of North Texas' largest hospitals.

Cerner Corp. – a Kansas City-based electronic health record vendor with 200 Texas customers, including Tenet Healthcare – shares unidentifiable patient records with drug companies and researchers looking for patients to participate in clinical trials, says a company spokeswoman.

Doctors long have made extra money by referring patients to clinical drug trials. Cerner says it simplifies and cleans up the process by acting as a middleman of sorts between doctors and drug companies. 

But Dr. Deborah Peel, an Austin psychiatrist and founder of the nonprofit advocacy group Patient Privacy Rights, questions whether a patient's most confidential information in their medical records, such as psychological treatment or HIV testing, will be secure at those hospitals.

Cook Children's electronic records system is different from most others in hospitals. Rather than pay $50 million to $120 million installing software for its 400 physicians in 55 locations, it paid less than $1 million for an online record-keeping service.

But the key difference, Peel said, is that the damage of illegally accessed electronic records is more extensive.

"Once your information is released, it's like a sex tape that lives in perpetuity in cyberspace," Peel said. "You can never get it back."

Comment:  "... a sex tape that lives in perpetuity in cyberspace..." Certainly very few if any readers of these comments have personal sex tapes that could live in perpetuity once released in cyberspace, but we all have personal medical data that we would just as soon not share with the world, even if we are revealed as living a perhaps boring life of relative purity. Even that is no one else's business.

Yet the federal government is going to penalize Medicare and Medicaid providers that do not covert their patient data into electronic form. Promises of system security provide little reassurance when people with other interests, whether for business purposes or for more nefarious intent, have access to those records. As mentioned in this article, hospitals are already taking liberties with private patient data.

How well does controlled access work? Rupert Murdoch controls Internet access to certain articles in The Wall Street Journal, limiting them to paid subscribers.

Try this experiment. Log onto The Wall Street Journal at Go to the section labeled subscriber content. Click on any article. You will see only the opening preview of the article, but then must subscribe to see the full article. But wait. Cut the precise title of the article and paste it into a Google search box. The first item that comes up in the Google search is likely a selection that lists the same title, with a WSJ link. Click on it and you have - voila - the full article, which already has been released into cyberspace.

Admittedly, electronic health systems vendors will use a higher level of security for patent records, but they are no more secure from hackers than are Murdoch's subscriber-only articles secure from theft by those of us with only the simplest of computer skills.

At this stage, infallible cybersecurity is only a wish, especially for a system that will eventually have over 300 million patient records with variable degrees of interconnectivity. It is premature for the government to start penalizing us for declining to expose patient data to this potential threat.

Looking for the magic in information systems has been yet one more unfortunate diversion from achieving the most consequential goal of all - affordable health care for everyone through an improved Medicare for All. Let's work on that first.

No comments:

Post a Comment