- Were paper records more secure?
- Health records of more than 120 million Americans have been exposed to hackers.
- Non-interoperability poses at least as great a threat to American healthcare as does stolen data.
- Interoperability is a problem that could be solved by the EMR manufacturers.
- How will healthcare IT solve this challenge?
Most physicians remember the time when nearly all records were hand written, kept on paper, and stored in boxes.
Were those the good old days?
One of most significant roadblocks to the open, free use of healthcare data is the lack of interoperability among electronic medical record (EMR) manufacturers. (See Figure.)
Data Are at Risk
The storage of vast amounts of data in one digital place makes large-scale data theft much easier. So, despite all the hardware and software protections, your patients’ data are more at risk than ever.
Another significant risk to the effective use of healthcare data is the lack of interoperability among EMR systems. This lack of digital cooperation among databases largely stems from a lack of financial and corporate cooperation among EMR manufacturers.
The vast amounts of paper, and all those boxes, made it relatively hard to steal much patient data. It also made it equally hard to share data among physicians.
Today, however, the records of millions of Americans are stored in such a way that they are weightless – as opposed those heavy papers – and highly compact, meaning that those millions of data can slip through a wire, if the right gate is opened.
Much more frequently, those data are sent from physician to physician, from institution to institution, over the internet using various types of data-protection techniques in order to improve patient outcomes and satisfaction, and to reduce the cost of care.
However, as you read on MDalert.com on April 19, 2015, millions of American’s have had health data exposed to questionable individuals since 2009 – in more than 120,000 successful breaches.
The theft of the paper records of 120,000 million individuals is completely unimaginable. Perhaps a careless office consolidation would put the records of 120 people in the dumpster – and then the right thief would have to come along and find them, and then know what to do with them.
The cyber thief can do all these things: steal the records of millions, instantly conceal and store them, and then use them to steal in the names of others.
Those were the good old days. Now we’re in the Wild West of healthcare data.
Your Data in the Wild, Wild West
However, it seems that the danger posed to patients by stolen data is dwarfed by the danger of non-interoperability. Computer World published a solid article on the topic.
Only five years ago, just about 20% of physicians used EMRs. Today, that number is thought to be closer to 80%. This is due in part to the enormous amount of money spent by the federal government through the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. HITECH required that EMRs be adopted by healthcare providers. The federal government has since invested nearly $30 billion toward this universal implementation.
Not So Good at Sharing.
And, yet, EMR data sharing among vendor platforms, geographically distant facilities, and unassociated medical institutions remains severely restricted.
A number of factors are contributing to this standstill:
Disagreement among clinicians as to how to share clinical data and how it should be used.
Inability of hardware or software from different manufacturers to communicate with one another
According to attendees of the recent annual meeting of the Healthcare Information Management Systems Society (HIMSS), people within the industry are confident that this is not a technological problem. More likely, it's about money.
Economy of Data
The economic thinking is quite simple, by keeping the company product code secret, and refusing to open it to developers or to otherwise share it, the EMR companies are actively blocking the sharing of data. They are attempting to dominate their market niche.
This would be one thing if they were cornering the market on bean sprouts, but they’re not. Instead they’re attempting the corner the market on someone else’s personal medical information.
This could have negative implications for the quality of patient care, the cost of that care, and the patient’s experience of the care. None of that is good for physicians or patients.
“There are some folks in the healthcare value chain that are actively blocking the sharing of data,” Shahid Shah, CEO, Netspective Communications told Computer World. “This was completely obvious. Unless they're named … That's when we get to reality. Until we get to reality, we can't solve the problem,” according to the Computer World article.
In early April, 2015, the Office of the National Coordinator for Health Information Technology (ONC) reported that data re not being shared among providers.
“Current economic and market conditions create business incentives for some persons and entities to exercise control over electronic health information in ways that unreasonably limit its availability and use,” the ONC report said.
The ONC went on to state, “some persons and entities are interfering with the exchange or use of electronic health information in ways that frustrate the goals of the HITECH Act and undermine broader health care reforms.”
Being able to exchange healthcare data promises far greater benefits than just the convenience of data mobility. Patient data can be anonymized and used in accelerating scientific research and tracking health trends.
Today, Karen DeSalvo, national coordinator for health information technology, announced new efforts to curtail data blocking, saying the ONC's focus will be on interoperability.
Karen DeSalvo, national coordinator for health information technology (right), speaking at the 2015 annual meeting of the Healthcare Information Management Systems Society in Chicago in April. From left to right: Jodi Daniel, director of the ONC Office of Policy Planning; Ahmed Haque, director of the ONC's Office of Programs & Engagement; Lucia Savage, the ONC's chief privacy officer; and Steve Posnack, director of the ONC's Office of Standards and Technology Regulation.
In March, the ONC published new IT certification criteria that include interoperability requirements and a set of proposed rules for qualifying EMRs for use. Those rules will be under a public comment period until May 29, 2015.
Ms. DeSalvo noted that the ONC has no enforcement capabilities. Instead ONC will work with agencies such as the Federal Trade Commission and Congress to impose fines and penalties for organizations who do not adhere to interoperability standards.
