Electronic medical records help healthcare organizations improve patient care, but lack of standardization could cause safety and security problems.
The foundation hospitals built when they overwhelmingly adopted electronic medical records is trembling under the weight of concerns over security and lack of standardization.
Healthcare organizations already see plenty of benefits from EMRs. The Internet is full of success stories detailing how hospitals save and improve lives, reduce costs, and enhance research capabilities through new access to real-time data. Many EMR applications are high-quality tools that take users' needs and wishes into account and evolve to meet mandates and clinicians' changing requirements.
Yet healthcare sometimes seems to operate in a vacuum. It appears determined to repeat the steps already taken by industries such as finance instead of skipping the proprietary isolationist years and leaping right into the era of standards, collaboration, and data-sharing. The government is starting to shake an interoperability stick, but the industry should act on its own initiative to allow disparate systems to work together -- and not only to cut costs for healthcare provider implementations. Standardizing also will improve patient safety, care, and results, experts say, resulting in reduced care costs and data security. Establishing standards will accomplish this by enforcing guides for healthcare employees and restricting access against unauthorized users.
At least one report suggests these predictions are on track. Concerned that increased use of EMRs tallied with an uptick in "patient safety events," the Division of Laboratory Programs, Standards and Services in the Center for Surveillance, Epidemiology and Laboratory Services, within the Centers for Disease Control and Prevention (CDC), studied errors in labs based on electronic health record (EHR) data. In some cases, labs used outdated software that didn't support current coding -- an issue that might increase when ICD-10 finally arrives.
Different facilities also use dissimilar codes for the same tests, creating confusion -- especially among staff members who move among different hospitals and clinics, according to a CDC report. In one case, the report cited, a woman required a hysterectomy after an EMR moved her abnormal test results to the bottom of the screen instead of placing the most recent results at the top. In another, a male patient received a double dose of a blood thinner due to an EMR error.
Other areas of concern: inadequate data transfer from one EHR to another, data entry in the wrong patient record, incorrect data entry, failure of the system to function correctly, and incorrect configuration, patient safety organization ECRI Institute wrote in a separate report.
"Recognizing that such errors can occur without health IT systems, there is cause for concern as an occasional error in a health IT can be replicated very quickly across a large number of patients," the CDC's report said. "Combining documented patient safety events with the anecdotal evidence shared by individual laboratory professionals across the US presents enough concern to warrant further investigation and mitigation."
The lack of EMR standards creates a greater security burden on healthcare organizations and professionals. But the stakes are incredibly high, not only because of the number of patients who could be impacted by a single breach, but also because of the sensitive nature of the date stored in EMRs and the potential for damage to an organization's reputation.
"We're in an historic time within healthcare. The impact from a healthcare perspective has the same impact as, say, a retail breach, but you're talking about personal health information, things that should be very private," said Ken Bradberry, CTO and vice president at Xerox Healthcare Provider Solutions, in an interview. "We're talking about strategies in healthcare that haven't evolved at the rate they should have. Security has to evolve and align with where we're at with the delivery of electronic health records and the delivery of services in general. The detection and [prevention] of security breaches [and] threats has to be of paramount importance to healthcare providers."
Now that more than 93% of hospitals use at least one EMR, government agencies, researchers, and pundits point to worrisome trends that could -- left unfixed -- jeopardize patients' faith in providers, payers, and the overall system. The drive among providers to forge partnerships and integrate EMRs between smaller practices, hospitals, accountable care organizations (ACOs), health information exchanges (HIEs), and other members of the healthcare ecosystem creates additional links in the chain -- and more potential points of breach, loss, or theft.
"The government is pushing for EHRs, but no one is overseeing the security and privacy of the records," said Karl Volkman, chief technology officer at Microsoft Gold Certified partner SRV Network. "Instead, it's left up to the individual organizations, which may allow medical personnel to alter records incorrectly with little oversight -- or the entire system may not have the capacity to protect from fraudulent encounters. Instead of rewarding and punishing those who have or have not switched to EHRs, the government should consider instilling standards to identify inappropriate use of the records, fraud, and breaches."