Wednesday, July 25, 2012

The Privacy of Your Digital Self

Everybody has a shadow. Although as a small child you may have tried, you cannot separate yourself from your shadow no matter what you do. Electronic medical records may be the first tiny step on the road to attaching yet another indivisible part to your persona, a “panoramic, high-definition, relatively comprehensive view of a patient that doctors can use to assess and manage disease”, and this, in the words of Dr. Eric Topol, is the “essence of digitizing a human being”. Dr. Abraham Verghese, named this digitized entity iPatient and expressed concern that the “iPatient threatens to become the real focus of our attention, while the real patient in the bed often feels neglected, a mere placeholder for the virtual record”. Whether you share Dr. Topol’s enthusiasm or Dr. Verghese’s worries, or experience a combination of both, your medical digital self, has been born. And nurtured by leaps and bounds in technology, it will soon grow to loom as large as your shadow at sunset.

Today’s electronic medical records contain a wealth of clinical and socio-economic data. By the time Dr. Topol’s creative destruction of medicine is well underway, electronic medical records will contain mountains of wearable sensors and monitoring devices data, along of course with your entire genome accurately sequenced and analyzed. You don’t have to be a tenured academic in search of grant funding to realize the endless possibilities created by electronic medical records data. Maybe we can find a cure for cancer, or at least figure out what causes it, and then find a cure. Since poverty is in many cases generational, maybe…. Or maybe not. Regardless of your research aspirations, the fact remains that this massive wealth of data is composed of millions (billions) of iPatients, or digitized human beings.

Unlike your childhood shadow, it seems that by erasing or masking some data elements, iPatients can be safely detached from Patients and aggregated in a fairly anonymous mass of iPatients. Assuming that this is true, and some are not so certain, two problems come to mind. First, iPatients pared down to complete anonymity make very poor subjects for serious clinical research. Second, by definition, complete genetic information cannot be anonymised. So what happens if we leave out serious clinical research and futuristic genetic profiles? Is there anything we can do with the simple, not so accurate and rarely complete, data provided by today’s anonymous iPatients? Well, we could do another study to see if we still have geographical variations in care and costs. We could fund the 127th study to figure out that poor people are sicker and sicker people have larger costs and poor and sick people have the highest costs, particularly amongst the elderly. We could get a bit more pragmatic and figure out where grocery stores should stock beer and where Napa Valley wine would sell better. Or we could satisfy our needs to reform our brethren and figure out where we can get the best bang for every buck spent on billboard space for antiabortion ads. Certainly, socially benevolent institutions may be able to find a myriad other uses for our aggregated iPatients, and medical records data adds a lot of “color” to the cut and dry claims data we are now using for similar purposes. But how do we go about aggregating our iPatients? Should all iPatients be available to whoever wants to use them, for whichever purpose?

Currently, iPatients are beginning to form in databases owned and maintained by Health Information Technology (HIT) vendors. The law of the land governing the travels and gatherings of iPatients is HIPAA and it says that each one of us has the right to view our iPatient (seriously?) and to some degree consent to any travel plans made by our physicians or hospitals for our iPatients. iPatients who have been altered in certain ways to facilitate some level of anonymity are beyond our control. That’s the law. The practice of the law is a bit more interesting. First, the language of the HIPAA consent is broad enough to allow health care providers to do anything they wish to do with our iPatient for the purpose of “health care operations”, which can include medical care, washing windows and turning a blind eye to iPatient trafficking. A HIPAA consent form is part of Patient registration in every health care provider settings, but is this really “informed consent”? Do Patients know for example that your contract with your HIT vendor allows that vendor to make copies of supposedly anonymised iPatients and “share” them with whomever they wish? Do you know that? Do Patients really understand the difference between a HIPAA covered entity and a commercial app provider who is not bound by any type of anonymity restrictions upon backend exportation of iPatients?

In the olden days, before iPatients were born, people assumed that the Hippocratic Oath was good enough assurance to allow them to bare their bodies and souls in a doctor’s office. Today, this trust-based act is being electronically recorded and persisted for posterity. In technology circles this is called Big Data. Unlike paper and pencil manufacturers, and unlike any other industry, the new purveyors of documentation tools for the medical profession are asserting a peculiar right to the information created and stored in their tools. The iPatients are not the Patient’s property and are not the doctor’s property, and are not “property” at all, therefore they belong to the “public”. And by “public” they are referring to anyone with backend access to medical records databases, or anyone who can afford to purchase such access. You, the Patient or the doctor, are not the public. Just try to see if you can freely access a recently liberated iPatient population in any way. The idea here is that talking about iPatients as property and asserting ownership of iPatients by Patients and physicians is somehow logically flawed in view of property laws. And the idea is that the same exclusive “public” is much better equipped to decide how your iPatients should be used to your benefit, and used they must be. You should “trust” that this is indeed so. Implicitly. There is no need to “verify” or for anybody to “bring data”. You don’t need to be asked if you would like to volunteer your iPatient for research and you don’t need to be asked if it’s OK for some corporation to use your iPatient to increase profit margins and you don’t need to be asked if your iPatient can be used against you in aggregate or on an individual basis. Where once you only needed to trust your doctor, now you need to trust the “system”. [Don’t confuse this with the ongoing government campaign to facilitate “trusted” exchange of information, which is only concerned with frontend access to data.]

In 1890 Samuel Warren and Louis D. Brandeis published an article in the Harvard Law Review titled “The Right to Privacy”
… “Thus, in very early times, the law gave a remedy only for physical interference with life and property, for trespasses vi et armis. Then the "right to life" served only to protect the subject from battery in its various forms; liberty meant freedom from actual restraint; and the right to property secured to the individual his lands and his cattle. Later, there came a recognition of man's spiritual nature, of his feelings and his intellect. Gradually the scope of these legal rights broadened; and now the right to life has come to mean the right to enjoy life--the right to be let alone, the right to liberty secures the exercise of extensive civil privileges; and the term "property" has grown to comprise every form of possession-- intangible, as well as tangible.
Recent inventions and business methods call attention to the next step which must be taken for the protection of the person, and for securing to the individual what Judge Cooley calls the right "to be let alone."
The principle which protects personal writings and all other personal productions, not against theft and physical appropriation, but against publication in any form, is in reality not the principle of private property, but that of an inviolate personality.” [emphasis added]
The iPatient is quickly becoming the repository for much of that “inviolate personality” and our “recent inventions and business methods” are practically screaming for attention to what must be done to secure an individual’s right “to be let alone”. A more recent Supreme Court opinion, written by Justice Stevens in 1977 in the case of Whalen v. Roe recognized that much, “A final word about issues we have not decided. We are not unaware of the threat to privacy implicit in the accumulation of vast amounts of personal information in computerized data banks or other massive government files”, but stopped short of addressing the larger issue. It’s up to our elected representatives to legislate appropriately, and that time has come.

For starters, people should be made aware of all so called secondary and tertiary uses of their medical records whether anonymised or not. And people should have a choice of what types of usage they are willing to contribute medical records to. Blanket statements like “operations” are just not good enough. Recognizing, as Justice Stevens did, that “[t]he right to collect and use such data for public purposes is typically accompanied by a concomitant statutory or regulatory duty to avoid unwarranted disclosures”, the word "typically" must be replaced by "always", and should include backend wholesale disclosures by those who have no ownership rights to our intangible possessions. And if we must strike a balance between the public good and the privacy of our inviolate personality, we must make sure that the public referred to here is all of us, and that the good is indeed good enough, and that the balance is not calculated by corporate, political and moneyed interests, but that the balance is struck, in our customary ways, by We the People……

Monday, July 9, 2012

Finding Utility in an EHR

If you are like most physicians in this country, you probably bought yourself an EHR, either recently or a while back. If you are like the docs quoted on the various EHR vendor websites, you took to it like fish to water and are thoroughly enjoying your new computerized system. If you are like most other physicians, you are slugging your way through, a bit slower than usual, with a bit less money in your wallet, either hopeful that things will get better or perhaps still hopeful that this is just a bad dream. If you are like most EHR users, you probably compromised on an EHR that seemed to be not as bad as the others, compromised with the documentation style seemingly imposed by your EHR and are now dragging a tablet from exam room to exam room, and that tablet gets awfully heavy after a few hours of seeing patients. Perhaps you found nifty little ways to “cheat” and leave the tablet in your office, or maybe you broke down and installed desktops in your exam rooms, or perhaps you tried to use the almighty iPad, and found that it takes a couple of hours to finish your charts after your last patient left the building. People keep telling you that things will get better, that you will get used to it and that practice makes perfect. You may not be convinced, but what other choices are there? You have to “get with the program”, get your Meaningful Use money and adapt to the new ways of doing business in health care. You are wrong.

If you played any type of contact sports in high school or college, you probably bought yourself a mouth guard at some point.  You can take it out of the package and pop it in your mouth, and you may have done that in a pinch, but it works and fits much better if you take it home, soften it in boiling water and mold it to perfectly fit your mouth.  An old business adage says that you have to spend money to make money. With EHRs you have to spend time to save time (and maybe make a little bit of money too). You have to spend time softening and molding that EHR to fit your future practice. The biggest mistake people make, is to attempt to push and shove an off-the-shelf EHR into their current practice. This is not much different and makes as much sense as using Microsoft Word on a tablet with a stylus to hand write on it. So how do you go about molding an EHR to fit a future environment that is both enabled and limited by the introduction of the same EHR? Is your EHR a chicken or an egg? And no, I don’t think I want to hear the answer to this one.

I’m certain you heard lots of experts talk about “workflow redesign”. In a small practice, there is very little to “redesign” and the work flows predictably from appointment making, to office visit, to claim submission and hopefully payment for services rendered. However, a properly utilized EHR can help create a smarter distribution of workloads.  
Figure 1: EHR enabled office visit (click picture to enlarge)
Figure 1 shows a typical office based encounter when an EHR is utilized to redistribute workload. The flow of the visit has not changed, but the workers are now different. Before we examine the new workloads, let’s keep in mind three things:
  1. The EHR is sunk cost. You already paid for it and any additional tasks that can be offloaded to the EHR are net gains to you and your practice.
  2. You are the only billable resource in the practice.  Any tasks that can safely be offloaded away from you can increase billings (or leisure time, or quality of service).
  3. Patients are a completely free resource. Granted, not all your patients can contribute the same amount of work (i.e. engagement), but whatever is contributed is again a net gain to your practice.
In our simple example, the computer has picked up a variety of tasks previously performed by staff. These are mostly mundane and repetitive tasks suitable for machines. Patients picked up some tasks for which they are much better suited than any of your staff, with the added benefit of creating an informed and engaged patient. And yes, I know that this is not applicable to 85 years old ladies with a 4th grade literacy level, but surely you have some patients that can and wish to participate in their care this way. Since your staff has a bit less work to do now, they can take on some of the things you currently do. For this to happen, you must staff your practice adequately. If the person that rooms the patient cannot be entrusted with much more than politely sitting the patient in the exam room, this is not going to work very well. Otherwise, the entire “I didn’t go to medical school to be a data entry clerk” quandary should be largely resolved. You will always have to document your exam, and may need to add comments here and there, but basically, your nurse should have checked all the boxes and clicked all the buttons before you entered the room, giving you the freedom to truly listen to your patient without having to worry too much about the computer.

Skeptical? Of course you are. Unfortunately, there are no EHRs that come out of the box with all those efficiencies built in or with simple cookbook instructions on how to get there. So here are a few pointers to get you started.
  1. Make your own visit templates. Either you tweak the ones included in a good EHR or start from scratch and create exactly what you like. In most cases this is immensely time consuming, but if you don’t spend time upfront to mold your visit templates to your liking, you will never derive maximum utility from the EHR. Remember the paper forms you used before the EHR? Somebody had to make those forms too. EHR templates are more flexible than paper forms and creating your own templates will take more time and expertise. You will have to try them out and adjust as you go. You don’t really need hundreds of templates. A dozen or so, well-chosen ones should make a good start. If your EHR allows you to configure flowsheets, make a bunch of those as well.
  2. Create order sets and if your EHR allows, add those to pertinent templates. You can start with simple things and work your way up to more complex visits. You shouldn’t need too many here either. You don’t want to have so many templates and order sets that it becomes difficult to find the one you need. Fewer and more general ones work better.
  3. Configure pick lists and favorites. Everywhere you can, create short lists of frequently used items. This is especially helpful for orders and diagnoses.
  4. Deploy the patient portal that comes with your EHR and don’t be afraid to open it up for patients to do as much as possible online. Have your staff actively promote the portal to patients and give out instructions on how to use it. It will take time for patients to get used to online interaction with your practice, and it will take time for staff to get accustomed to it too, but savings can be significant depending on who your patients are, of course.
  5. Make sure that every automated billing feature available from your vendor is turned on and working properly. It won’t hurt to contact the vendor and find out if there’s anything new in this area that you are not aware of, particularly if you had this EHR for a few years. Some of these things will cost you extra, but are well worth the expense.
Generally speaking, every time you find yourself doing something that is not direct patient care, you should pause and ask if this particular task could be delegated to staff, patients or computers, and if there is a way to use your EHR to that end. The answers are not going to be obvious and since most people use only a fraction of features available in an EHR, it may require some digging, exploring and even advanced training. But if you stick with the principles illustrated in Figure 2 below, you will discover that your EHR, although far from perfect, can and will provide you with measurable utility.

Figure 2: Principles of the quest for utility (click on picture to enlarge)

Tuesday, July 3, 2012

EHRs Can’t Talk to Each Other?

When the hypothetical naked, unconscious and alone patient presents at your ER with no immediately evident reasons for his distress and presumably holding his driver license between his clenched teeth, would you find it helpful if you could see a nicely typed, or hand written, list of diagnoses and current medications for this hapless person?

When a family moves across the country and brings in their eight year old for her first visit with the new pediatrician, would it be helpful to see a slightly fuzzy image of her immunizations list from back home?

When an elderly patient you’ve been seeing for umpteen years is shipped to the hospital in the middle of the night, would it be helpful to find the admission record in your to-do list for today?


Perhaps these things would be nice to have, but EHRs can’t talk to each other, so before any of these miracles can occur we must make EHRs communicate. How do we make EHRs talk to each other? That’s simple: we look at how people talk to each other, and apply the same principles to EHRs. Thus, EHRs have to share the same language, use the same syntax, know when to speak and when to listen, and when not in physical proximity, use a variety of paraphernalia to carry voice over large stretches of land and sea. And since EHRs are really computers and this is after all the 21st century, we have the blueprint for a solution in our hands, because any computer in Papua New Guinea can talk to any computer in Boonville, Missouri. How? By using the magic of the Internet.

The Internet is a collection of electricity, plastic, metal, wires and thin air that can carry incredible amounts of yes/no (+/-, 0/1) payloads from any one point to another.  The magic of the Internet is the set of agreements between all users of this global town hall on how to transport and process the yes/no (standards) and how to combine all yes/no blips into meaningful content (software). It is really magical because I can’t think of any other subject on which humanity agreed to agree. When you think about it this way, how awful it must seem that EHRs cannot agree to agree with all humanity, join the town hall conversation and talk to each other on our Internet, particularly since all EHRs, without exception, are using the Internet to talk to all sorts of other entities, but for some peculiar reason, they refuse to directly address each other. How rude.

So our government, in its infinite wisdom, and for the benefit of the citizenry, has decided to crack down on these rude EHRs and force them into polite discourse on the Internet, and in deference to their historical aloofness, the government is building an Internet just for EHRs, so they feel special. The Health Internet will still use the plastic and metal of our Internet, but it will have brand new agreements on how to move those yes/no bits across the wires, and all sorts of contracts and definitions on how to combine them into a meaningful exchange. To that end, our government is busy defining standards and regulations and terminologies for EHRs to use when talking to each other, because what EHRs have to say is so important, so complex and so sensitive that they cannot possibly be expected to convey the true meaning of their information through the plebeian Internet we all use. Didn’t I just say that EHRs are already using the plain Internet to talk to other entities? Yes, and in all fairness, EHRs have never actually said that the plain Internet is not acceptable to them, but the government, being a kind and thoughtful government, figured that this may be the case, and it is always best to provide solutions where no problems exist, just to be on the safe side.

Using the good old Internet, a fairly experienced EHR vendor will connect you to a reference lab in about a week and shouldn’t charge you a single dime for the pleasure. A true Software-as-a-Service EHR, like athenahealth or Practice Fusion, could just “flip a switch” and have your EHR conversing freely with the lab. An even faster switch flipping event will connect you overnight to every pharmacy in the country and every health insurer too. If you have a nice EHR, (not expensive, just nice), a click of a button will send whatever you want to send to whomever you want to send it to. If you have a nice and service oriented EHR, like athenahealth, the stuff you receive from others will “magically” appear in your patient charts. This is called electronic faxing and it uses the Internet around the “antiquated” telephone endpoints. So does this mean that your EHR can talk to other EHRs after all?

Not quite. It is true that by using the F protocol (fax) your EHR can create an image of your documented thoughts and transmit it to another EHR to display this picture to another clinician, so you can “talk” to another doctor, but the EHR itself is left out in the cold because it cannot understand what you two are saying. The EHR is thus just a dumb messenger, shuffling pieces of paper from one master to another. And this is a huge problem for policy makers, although not so much for patient care (see opening questions above), because now your EHR cannot slice and dice, incorporate, analyze, aggregate or report on your conversations, so you can pretty much forget about clinical decision support for yourself and population management for everybody else. Of course, you are already collecting significant amounts of information that your EHR can understand (all those click boxes), so why not let your EHR into the conversation and let it exchange information with other EHRs in its own language of yes/no, +/-, 0/1? After all, that’s how it talks to labs and insurers, and nuances of human narrative seem to be disappearing into 140 characters, grammar free and syntax free, communications anyway.

Seeing that there are hundreds of different EHRs out there, deployed in thousands upon thousands of different configurations and locales, this seems a pretty daunting task, until we remember that there are thousands of pharmacies too and all sorts of pharmacy software packages floating around and your EHR can talk to all of them. The private market solution to this problem is to have everybody send everything to one central place specializing in sending things to everybody else, a giant Post Office on the Internet if you will, and we call it a clearinghouse. This could be built today. Right now. And Surescripts is making a feeble attempt to use the new Direct secure email protocol to do just that, but this is not catching on because the power of the clearinghouse is not in routing emails; we can do that on our own. The power of a clearinghouse lies in its ability to facilitate standardized, bi-directional, and real-time if necessary, Electronic Data Interchange (EDI), in other words make EHRs talk to each other, and all EHRs out there speak HL7 in many dialects. So what’s stopping EHRs from talking to each other in this facilitated manner?

Until recently, the only thing preventing EHRs from chatting over the Internet was corporate policy prohibiting this type of socialization outside corporate boundaries. It was a business decision made by those who own and use EHRs (not those who make them). This may be changing now (to a small degree), since the business of health care is changing, but we have recently run into another obstacle, which was intended to accomplish the exact opposite of what it is accomplishing. It was decided that clearinghouses are an outdated model of communications and that the current Internet is not good enough to accommodate the new and improved vision of how EHRs should communicate through networks of Health Information Exchange organizations. It costs physicians between nothing and a few pennies to use old clearinghouses services today, but it seems that connecting to the new Internet may be cost prohibitive for small practices and the proposed replacements to clearinghouses are struggling with something called sustainability. Existing clearinghouses are the products of many years of market consolidation and technology development and are very profitable now. Adding simple clinical transactions to their existing portfolios shouldn’t be too much of a stretch and the bigger the clearinghouse, the larger the economies of scale.

Obviously, the new Internet does not exist just yet and the new paradigm has never been validated to work on any significant scale, and so we wait for the countless committees our government has put together, with new ones seeming to crop up every day, to figure out their charters and mission statements, and define something that can be prototyped and later tested by volunteers somehow, and maybe turn out to be the new Internet - a more expensive, more complex and more fragmented version of what we have today, which may or may not survive market realities. In the meantime, if you are “just” a doctor taking care of patients, keep doing what you’re doing and if you can replace the print-fax-scan cycle with electronic faxing or secure email from your EHR, by all means do so. Of course, you could always pick up the phone and call someone. Information is information, and some of us can still talk, read and write. As long as you take good care of your patients and are able to find ways to communicate with other care facilities, very little else should be of concern. When all the trials and tribulations are exhausted and EHRs are finally allowed to talk to each other more efficiently, you will be the first to know.

Sunday, July 1, 2012


On Thursday, June 28, 2012, the Supreme Court of the United States decided that requiring all individuals to purchase health insurance from a private corporation, or suffer a penalty, is an unconstitutional exercise of Congressional power, but if you stare at the Patient Protection and Affordable Care Act (PPACA) for long enough, at a certain angle, in a certain light, you can see a tax form, materializing above the viewable details of the act. Since Congress has plenty of latitude on taxing schemes, the health insurance tax, previously known as the individual mandate, was left standing as is.

This great innovation from Chief Justice Roberts was hailed as “A Marbury for our time”, referring to the landmark case of 1803 where Chief Justice Marshall asserted the right of the Court to invalidate acts of Congress if judicial review concluded that the acts are unconstitutional. The Roberts Court of 2012 is expanding the definition of judicial review from the review of actual acts of Congress to the review of what could have been acts of Congress, or a contextually appropriate mixture of the two. The trick here is to know when to plainly look at the legislation and when to concentrate and apply a wall-eyed or cross-eyed technique to discern the hidden meaning that could have been hidden by the content in plain view.

The Court began by looking at the PPACA as it appears to the untrained eye and declared that the Anti-Injunction Act (AIA) is not applicable to the penalty required from those who choose not to obey the individual mandate because said penalty is not a tax and the AIA is only applicable to taxes. This was followed by a blistering opinion explaining that the Commerce Clause of the Constitution cannot be expanded to give Congress the ability to force people to become active in a particular form of commerce by imposing penalties on inactivity, which is both unnecessary and improper. However, as the Chief Justice wrote, “[t]hat is not the end of the matter”. While continuing to look closely at the act, it seems that what looked like a penalty for not buying insurance to the untrained eye, is shaping up to be “imposing a tax on those who do not buy that product”. Ironically, a few pages prior to this momentous discovery, Chief Justice Roberts found it necessary to quote John Marshall in Gibbons: “[T]he enlightened patriots who framed our constitution, and the people who adopted it, must be understood to have employed words in their natural sense, and to have intended what they have said”. It seems that today’s enlightened patriots need not be understood in the same way, and there is no reason to assume that they actually intend what they say. Fair enough. At this point, it must have been too late to apply this realization to the AIA ruling, but not too late to let the individual mandate survive the constitutional challenge, because Congress can tax almost as it pleases. Almost.

If you think about it, applying a penalty to inactivity is just the Yin to the tax break Yang. So instead of giving those who purchase insurance a tax break, we can exact a penalty from those who do not purchase insurance. The latter has the advantage of increasing revenue without the added step of increasing the general tax burden first, and has the same effect. We are all familiar with tax breaks for various activities and the difference is only semantic. For example, instead of giving you a tax break for buying a fuel efficient car, the government could impose a penalty if you buy a regular car. Instead of a tax break for your mortgage, you pay a penalty if you choose not to buy a home. Instead of getting a tax break when you have a new baby, the government could penalize you if you don’t. Same thing, right? Yin-Yang.

This may be by far the most significant innovation introduced by this ruling. Congress now has a brand new, one-step, process to raise revenues without explicitly raising taxes. Better than cold fusion and almost as good as perpetuum mobile. Who needs to torture the old Commerce Clause when our visionary conservative Chief Justice set a powerful precedent for endless ways in which to penalize (i.e. tax) the people?