In a recent article in the American Journal of Medicine (AJM), the problems found as a result of the copy and paste functions in electronic health record (EHR) applications resulted in loss of new input, repeated errors, and loss of narrative function. Subsequent responses by healthcare professionals concurred with the analysis stating specific incidents of recorded error as a direct result of providers copying and pasting the notes of previous reports.

If copy and paste is a problem, then the built-in intelligence of some of the newer EHR applications creates an even larger problem to the medical community. In several of the EHR applications I have reviewed, the application will attempt to auto-populate a physicians notes and response to diagnosis based upon common notations or even based upon past notes. For example, as the physician begins to type in a diagnosis of a sinus infection, the application will begin to suggest or auto-populate observations and notes based upon the diagnosis into the patients electronic health record. If physicians become used to the application attempting to suggest content for a medical record then the AJM article is correct in assuming the medical records will lose accurate diagnostic records and the importance of a narrative health record trending the patient’s trajectory.

In an effort to make the EHR applications easier to use, save time and attractive to use in an industry where paper documentation has been the norm for so long, the technology may actually be harming the industry and therefore harming the effectiveness of healthcare. The AJM article suggests corrective action by disabling the copy and past features which may solve the problem but may also set back the usefulness and efficiency touted by the EHR movement. Selective copy and paste functionality for personal patient record information such as social security, name, address and non-health related information has bee suggested as permissible to maintain the efficiency of an EHR.

Once question not yet addressed is the potential for malpractice. If a record is recorded improperly as a result of copy and paste, does that constitute malpractice? If an incorrect or inaccurate diagnosis is perpetuated in the EHR as a result of copy and paste even though the patient’s trajectory has changed and an improper treatment is issued resulting in permanent injury or death then does this constitute gross negligence? EHR has the potential to transform the healthcare industry and improve the effectiveness of healthcare providers but only if the technology progresses in response to the needs and unique requirements of the healthcare profession.

As part of the 2009 HITECH Act, a national health information technology infrastructure (NHITI) is required for access and use of electronic health records resulting in a more “effective marketplace, greater competition…[and] increased consumer choice (HITECH Act, Section 3001(b)).”  Such a system is not only necessary, but it is cardinal to improving delivery and reducing costs of health care in the United States.  Properly executed, a NHITI with appropriate controls and security protocols will have the means to protect individual electronic health records (EHR), prevent provider mistakes, report errors and audit abuses of the health system.

A letter from Dr. David Blumenthal, National Coordinator for Health Information Technology, restated the requirements of the HITECH Act and the reasons for a NHITI.  Blumenthal stresses the key premise of the technology infrastructure should allow information to follow patients while removing any technical, business and bureaucratic obstacles from the process of sharing an EHR.  He also states that “Americans must also be assured that the most advanced technology and proven business practices will be employed to secure the privacy and security of their personal health information.”

The best process for defining the operation of a NHITI should start with a working group focused on national standards for interoperability and security of a health information exchange.  Working groups should be comprised of an interdisciplinary group of industry experts tasked to create a national open protocol for the secure and private transfer of electronic health information.    Ideally, such an exchange would occur over a private and secure network limited to health care providers and required users with limited and monitored access.  Public access to personal healthcare records should utilize secure gateways similar to architecture utilized on Department of Defense (DoD) classified networks.

It is also important to note that most security violations occur internal to an organization.  Internal security, privacy and access controls may be more important to securing the national health information infrastructure although perimeter controls are by no means useless.  Working groups to develop security and privacy policies for internal use of data, perimeter controls of the exchange and interoperability of data exchange should all be formed as soon as possible.

A nationwide health information data exchange will contain extremely private and personal health information.  The public has no reason to fear such a data repository if proper measures are taken to manage security and privacy risks.  Dr. Blumenthal emphasizes the importance of this network and the need for strong security but are we heading in the right direction to satisfy the requirements necessary?

This article was originally published on Healthcare Professional Live

With two large players, Microsoft and Google, entering the health IT marketplace, it would make sense that the two would drive standards for information exchange between applications and their PHR systems.

Microsoft and Google are notorious for innovation and driving development towards their own ends yet neither seems too vocal on electronic health records and the inevitable leap in innovation the industry will experience over the next five years.

Both Microsoft and Google have electronic health portals for use by patients to create and store a patient health record (PHR) yet neither has been very vocal to drive interoperability and consistent formatting. For an industry we literally entrust our lives to, patient records have the least governance for standardization.

It makes sense that the national health exchange would dictate standards for formatting to both share doctor driven EHRs and patient driven PHRs, but with the states gaining control of the backbone of data exchange, it seems unlikely that all 50 states will agree upon a standard format. Where does the industry turn? HITSP? HHS? Industry leaders?

In the past, the health care industry seems happy to invent their own cryptic standards such as HL7, but with the aggressive time table for implementation it seems fruitless to spend time reinventing the wheel. There are many options available, but why not use XML? With XML accelerators available on the market to process large quantities of data, a structure easy to customize and modify as requirements change, and the perfect way for disparate software platforms to communicate to each other. It seems XML would be a perfect solution for vendors to use to export data from practice to national health data exchange and then again to PHR systems for the patient to view their data. XML data exporters can be effectively optimized for speed, security and integrity.

Close to any modifications and upgrades to the health IT infrastructure in use within the United States must always be the security of the patient’s health information. HIPAA security requirements are weak at the best of times, but generally are open for any knowledgeable hacker to obtain from the average health care provider. It is imperative to treat the security of patient health information with the care we treat our financial information.