ETech 7 Blog | IT Services, IT Support, and IT Security

Doctors or Technicians? Flaws in Electronic Health Care Records Exposed

Written by Marnie Rubenstein | Jan 22, 2018 12:00:00 PM

At first glance, electronic health records (EHR) seem like a great way to store patient information. A doctor could call up your medical history at the swipe of a finger, and send off a prescription to a pharmacy from the same screen. You may have been to a doctor’s office where patient files reach from floor to ceiling, which is both a waste of office space as well as difficult for your doctor to organize. Today’s world is data driven, and having all that data cooped up in beige tabbed folders doesn’t do anyone any good. EHR systems want to liberate your data, putting it at the fingertips of healthcare providers and patients alike.


Many in the greater healthcare establishment have been enthusiastic about the possibility of using patient data to create better outcomes. In 2013, the American Medical Informatics Association (AMIA) administered the board certification test for Clinical Informatics for the first time. This subspecialty focuses on utilizing information in a way that will create better healthcare results.


Not everyone is so quick to adopt EHR systems though. As in any large industry, change comes about slowly, and there are concerns with its implementation.

 


Ransomware

Recently, there have been attacks on critical patient information that was stored on hospital servers. These attacks involve people connecting to a hospital’s network and locking down files so they can’t be accessed. The attackers promise to restore the files, but for a fee. In these instances, taking proper precautions before the attack happens is essential in avoiding a disaster. In fact, when the UK’s National Health Service’s computer network was attacked this past year, experts said that they could have evaded the attack had they followed basic cyber-security recommendations. If a hospital doesn’t have a contingency plan, then appointments will have to be cancelled, surgeries outsourced, and medications will go unfilled. In sum, an attack can bring all activity in a hospital to a grinding halt.

In some instances, hospitals that have been hit with ransomware attacks are able to use backups to restore data. When the Ottawa Hospital suffered a ransomware attack, administrators were able to isolate the incident and access backup files to restore normal operations. Hospitals and clinics that don’t have a plan B in case of an emergency should look at these incidents as a call to beef up their own security.

 

 

Steep Learning Curve

As EHR may be a different system than what most healthcare professionals are used to, the time it takes to adjust can have real life consequences. If a hospital is considering a transition to a new EHR system, it should account for a decrease in efficiency. That means that fewer patients can be admitted, and fewer surgeries can take place. Though administrators may think that it may only be a few weeks until normal activity is restored, studies have shown that it can take much longer than that. In fact, one such analysis at Brigham and Women’s Hospital showed that it took about five months for pre-implementation workflow to be restored.  

 

 

Fatal Mistakes

Learning curves might seem insignificant if you’ve gotten a new computer and aren’t fully comfortable with it yet. However, the type of learning curve that doctors face can have much more drastic outcomes. If a doctor is uncomfortable using an EHR system, they could make mistakes when ordering a prescription or tests. Even if a doctor is familiar with an EHR system, if it's poorly designed, then practitioners can still make mistakes (such as accidentally prescribing a lethal dose of a sedative). Think about all the times that you were filling out an online form and mistakenly clicked the wrong box. Now imagine that you’re in a hospital on a 12-hour shift, you have other patients to attend to, and you just so happen to make that same mistake. A tiny issue when you’re ordering your groceries online is now a much larger one when it comes to your patient. EHR designers can prioritize patient safety by making sure that their interface is clear for healthcare professionals to use and has features that will prevent a much larger or smaller dose than is needed from being ordered.

 

Communication Challenges

We’ve been assured that the purpose of technology is simply to make our lives easier, but in many cases, this is far from the truth. The arrival of emails just meant that your boss could ask for a revision on a PowerPoint after hours. If you have a cell phone, those close to you might start to get concerned if you haven’t responded to their messages for more than a few minutes. Technology promises better connectivity and understanding, but it has taken the way humans have communicated for centuries and shaped it to fit its limited capabilities. In a clinical setting, communication is one of the most essential qualities that a physician can possess. A physician must clearly communicate treatment plans to nurses, differential diagnoses with colleagues, and the nature of a disease to a patient. In an age where medical information is freely available online, communication allows a physician to guide a patient on the correct path to good health. However, many doctors report spending less time on patient interaction and more time on filling out forms. In fact, a study in the Annals of Internal Medicine found that only about half of the time spent in the exam room was used for patient interaction. Of the total time spent in the office, just one-quarter was spent on clinical “facetime”.  This can lead to patients feeling neglected and doctors becoming “burnt-out” by what they perceive to be a waste of valuable resources. A survey done by Medscape found that “too many bureaucratic tasks” and “increasing computerization of practice” were leading causes of physician burn-out. Physicians may leave medical school with the hope that they will get to spend time making a personal connection with their patients, but the mountain of paperwork that they face may dim their bright enthusiasm. It is this chasm between idealism and reality that EHR providers must bridge, not widen, if they wish to change the face of medical care for the better.

 

 

Privacy and Confidentiality

In the past, patient records were stored under lock and key, and access to patient information was granted only to authorized individuals. With such a centralized database, it was easy to see who had accessed patient files. The drawback was that only one person had access to a patient file at a time, and records could be easily damaged or lost. However, with an EHR system, patient information is shared across a network. This means that all the healthcare professionals involved in a patient’s care can view the patient’s record at the same time. Hospitals have plenty of experience with keeping a centralized, physical database secure, but not as much experience in keeping a virtual database secure. There have already been instances where people illegally downloaded patient information because they were accidentally granted high-level access, or the data itself was unencrypted.  Now that patient databases can contain millions of records, hospital IT departments have to be extremely vigilant about maintaining network security.

 

 

Why Interoperability is Essential to Electronic Records

Let’s say your primary-care physician stays up to date and has outfitted his clinic with the latest EHR system. You go for your annual checkup, and he says he wants you to see a specialist. When you arrive at the specialist’s office, you might think that all your medical information was sent over electronically, and integrated seamlessly into the new system. However, a study by the American Hospital Association (AHA) has found that only 40 percent of hospitals can use the information they receive electronically. That means that when the specialist got your file from your doctor, it’s very likely that a secretary had to manually input your information into their computer. This can lead to data-entry errors, and seems to defeat one of the main purposes of an EHR system. The idea that different EHR systems can communicate with each other is called “interoperability”. The goal of interoperability is one that the U.S. Department of Health and Human Services has outlined in their report “An Interoperable Health IT Ecosystem”, where they call for cross-compatibility across all EHR platforms by 2024. A tall order, but one that is necessary for maximizing the potential of EHR and minimizing unnecessary mistakes. For interoperability to be realized, hospitals need to get fully on board with electronic record-keeping, EHR companies must work together to integrate their products.

 

Room for Improvement

Despite all the issues we have with EHR systems, they shouldn’t be seen as a deterrent to adopting technological innovations. It might be helpful to think of EHR technology like any new technology that gets off to a rocky start. When computers first came out, they were expensive, massive, and offered the bare minimum of computing power. It took a few visionaries to recognize the potential that computers have, and today, we couldn’t imagine life without them. The flaws that we see today in EHR are areas to work on and develop, and ultimately, EHR software is only as intelligent and useful as we make it. If we question the status quo and are committed to improvement, then we’ll hopefully look back on these early days of EHR as the time when we made the right choice.