Are electronic healthcare records really safe?

Jodie Humphries

In 2009, the Obama administration allotted $20 billion of stimulus funds for healthcare providers to install electronic healthcare records (EHRs) and architect a nationwide electronic medical record database. The ultimate goal for the Obama administration, is that every American will have a health e-record by 2014. But despite the push, are electronic healthcare records really safe?

Electronic healthcare records were supposed to help providers of healthcare services manage their businesses more efficiently. They were supposed to help physicians adhere to CMS documentation rules, automate patient flow management and clear the mountains of paper floating around a typical medical office or hospital. It was assumed that the software would increase reimbursement rates, streamline workflow and even make the doctor more efficient, the blog 'On healthcare technology' states.

It's been claimed that electronic medical records could also reduce medical errors. The most common argument was for the benefits of replacing the notoriously illegible hand writing of physicians. Prescription errors would be reduced if only pharmacists and nurses could acquire a nice legible script. Then came the frequently misplaced paper charts. If the chart resides in the computer, it cannot be misplaced, it is always available to all and it is complete. All the information that is needed is available at the touch of a fingertip.

Leaking of electronic healthcare records data

In 2008, a hospital employee at UCLA Medical Center was fired for leaking details of Farrah Fawcett's cancer treatment. But the information didn't come from someone directly involved with the late actress's caretaking. Instead, the person hacked into Fawcett's electronic medical record in the hospital's patient database, Discovery News reported.

As the national initiative to create electronic medical records for every American moves forward, the Fawcett incident exemplifies the worst-case scenario for putting people's most personal and sensitive health records in a digital format.

"There's no absolute, 100-percent guarantee that a person's information is secure right now," said Melissa Goldstein, a public policy expert at George Washington University, who specializes in health information technology.

Making electronic healthcare records a reality

Once nationalized e-records are a reality, doctors could theoretically pull up a new patients' medical history within a few seconds, to enable them to see what tests the patient needs or has already undergone, and review any allergies to medicines. This reduces waiting times, eliminates unnecessary tests and procedures, and improves overall healthcare and costs.

In theory this all sounds great, but healthcare leaders need to be able to resolve the data security and patient privacy threats which are linked to digitizing healthcare records.

Carl Gunter, a computer science professor at the University of Illinois is at the helm of the Strategic Healthcare Information Technology Advanced Research Projects on Security, a $15 million initiative to research and improve the security and outcomes of electronic medical records.

Two main factors Gunter and others are investigating in order to lock down privacy and security issues deal with authentication and authorization; in other words, limiting access to different tiers of information to only authorized medical professionals and patients.

"In this space the privacy concerns are the trickier, harder problem (as opposed to data security) because we have a need for finding ways of (acquiring) patient consent, but at the same time ensuring that doesn't get abused by having the data shared too broadly," Gunter told Discovery News.

Electronic healthcare records going wrong

The press received on electronic healthcare records have been extremely mixed - some find the use of the records a huge positive, while others find there has been more negatives associated with the digitizing of records.

The Food and Drug Administration (FDA) estimated that 44 patient deaths in the last two years "might be" attributable to the use of EHRs.

Dale Saunders, CIO of Cayman Island Health Authority, in his article 'Patient safety and electronic health records' states that in 13 years of electronic healthcare records use, on his watch, there have only been four patient safety events which have been directly attributable to the records.

Missed diagnosis for soft tissue sarcoma: In this accident, a soft tissue sarcoma went undiagnosed for at least three months, possibly as long as six months, because the radiologist's report from the Radiology Information System failed to file properly in the EHR and the referring physician didn't know what they knew and failed to follow-up on the results of the scan. The young mother of three went untreated, the cancer spread to the point that it was untreatable, and she died. The case was settled out of court for several hundred thousand dollars.

Acute Renal Failure from lack of lab results: The patient was administered a contrast dye in preparation for an imaging procedure, even though a recent lab test revealed compromised kidney function. The lab result failed to file properly in the EHR and the ordering physician didn't know this. The patient suffered Acute Renal Failure and the case was quietly settled out of court for several hundred thousand dollars.

Missed and inappropriate diagnosis for Congestive Heart Failure: The echo report from the cardiologist clearly indicated that the patient was suffering from a very low LVEF, but the report did not file to the correct patient record - it filed to the wrong patient record. The correct patient went untreated and eventually died. The incorrect patient received aggressive medication treatment for CHF when that treatment was unnecessary. The case was quietly settled out of court. The CHF patient's family was given a seven-figure settlement, with a requirement to keep the incident quiet. The other patients' family was given an apology.

Infant death: A young, single and non-English speaking mother was in hard labor and her baby under duress, but the Application Programming Interface (API) failed which had been developed to capture contraction waveforms and fetal heart data and then display those for remote viewing in the EHR. This software error also caused the fetal monitor to stop generating local audible alarms. The nurses were left unaware of the patients' condition and the treating OB/GYN, who was monitoring the patient from his home via the patient's EHR, was left unaware. The young and frightened mother continued quietly through her labor, giving birth in the hospital bed, unattended. Her baby was born brain-dead and later died due to umbilical strangulation.

But according to The Huffington Post Investigative Fund, there are "scores of reports on file with the Food and Drug Administration detail consequences to patients when an electronic medical record system fails."

Altogether, the Investigative Fund identified 237 reports of "adverse events" associated with health information technology reported to the FDA over the past two years. Most problems involved computerized medical ordering software or systems that supply the software with vital information, such as recommended doses of medicine or test results. Most of the adverse events recorded in FDA files were blamed on software malfunctions, user error or the system's lack of user friendliness.

Are electronic healthcare records helpful?

A December 2009 study, 'Are electronic medical records helpful for care coordination', a study of small- and medium-sized physician practices found that electronic healthcare records systems can help coordinate patient care within practice offices. However, because of interoperability issues, they are less able to support coordination between clinicians and across settings. Other challenges, like information overflow and reimbursement, also impede physicians' ability to use electronic healthcare records to improve patient care and coordination.

The report found:

• Electronic medical records help to facilitate care coordination within a practice by making data available at a patients' visit. For example, features like instant messaging, e-mail, and electronic tasking (electronic notification of tasks that need to be performed) help prevent patient care needs from "falling through the cracks" while improving efficiency.

• Respondents noted that EHRs are less helpful for exchanging information between practices and settings because of a lack of interoperability. For instance, primary care physicians complained of not reliably receiving hospital admission or discharge summaries before they were needed for a care visit.

• EHRs can create the unintended result of producing an information overload. For instance, some clinicians complained that when using EHRs, the problem list - the main medical problems that the physician needs to know about during a visit - grew exponentially and became cluttered with redundant information because of information automatically generated by the EHR.

• Respondents noted the lack of financial incentives for coordination among providers. Until reimbursement rules change, EHR products will not prioritize coordination.

So are electronic healthcare records really safe? Well, like anything, they're going to take time to implement and really fulfil their full potential. Will Obama achieve his goal by 2014? Well I guess we'll just have to wait and find out if full implementation can be achieved, and if they do help healthcare services manage their business more efficiently.

Related News:

The best first step towards a painless implementation |Will there be a clear winner in the EMR market? |Tips for easing into medical technology |Electronic healthcare benefits