EMR/EHR: The Good, The Bad & The Uncertain

The following is a guest blog post by Abby Norman from BHM Healthcare Solutions.

One of the hottest topics in healthcare right now is the great debate about electronic health records. Ideally, the “one patient, one record” dream would create a healthier population, but with many false starts, unforeseen complications both technological and financial and an overarching resentment to change, it seems that the implementation is off to a rocky start. Here’s a breakdown of the pros and cons, as heard in the trenches of medical life.

The Pros

Availability

No matter where you are, or where your physician is, your health information could be accessible in the event of a health emergency. It takes the pressure off you to try to remember your doctor’s phone number, or insurance information, if you’re in a serious accident or land in the hospital while on vacation. On the flip side, when you get home and follow up with your own doctor, you don’t have to try to conjure up all the details of your treatment – they’ve already got it, in real time. Furthermore, your care is better coordinated, in theory. If your vacation doctor can see your record and run their treatments against your history, they’ll be able to make informed choices about how to treat you, while avoiding any adverse reactions or allergies, much faster than if they had to attempt to call your physician. Another benefit to escaping paper records is that, in the case of a natural disaster, the information is stored electronically, in cyberspace, and is immune to fire or flooding.

Reduced Errors

If a doctor can have real-time views of your health information, it’s less likely that they’ll overlook an allergy or contraindication, something that could be missed in the paper chart, especially if it’s misfiled. While there is still room for human error in preliminary EMRs, ideally, there would be less data input by human hands. It’s also much faster to get a longitudinal look at your health care on a computer than in a chart. Some patients who have complex medical needs have volumes upon volumes of paper charts. When I worked in medical records, it was not an uncommon sight for a single person to have as many as eighteen volumes of paper charts. Imagine being a physician, or a nurse, and trying to find something from several years ago.

Tracking and Auditing

Another benefit of the electronic record is that it’s much easier and more intuitive to audit access to the documentation. With a paper chart, it’s hard to keep track of how many hands it passes through- and what, exactly, those hands are flipping to in the chart. With the EMR, you know exactly who looked at what, and when, and for how long. This not only discourages “snooping” but can help direct investigators to the origin of identity theft.

Less Duplication

In the paper chart, if it is misfiled or missing from the file room, there’s always a chance you’ll end up with a duplicate chart. Furthermore, when it comes to creating a medical record number, by which the patient will be identified in the system, EMRs have stopgaps to prevent duplications. Having two medical record numbers can be problematic, not only for health information but billing as well. If there are programs in place in the EMR to “catch” an attempted duplicate, or combine previous duplicates, it will cut back on missing information in the record and inappropriately billed services.

The Cons

Advances 

In the last few decades, increasing availability of technology in healthcare has lead to some amazing advances, both for physicians and patients. Documentation for physicians is well on its way to becoming more streamlined, thanks to the interconnectivity of electronic health records, and the potential for “One patient, one record” only becomes more of a reality with each new innovation. Patients who use computers, tablets or smartphones have more access to their health information than ever before, with many patient portals available through participating healthcare systems. With these advances, however, comes risk. Technology is heavily safeguarded, particularly in healthcare, but it’s imperfect. As technology advances, so do the hackers who attempt to find loopholes into healthcare systems. After all, in terms of identity theft, what holds more useful information than a medical record? Perhaps that’s why, in the last year, of all identity theft claims, 43% were medical related. So, when thieves are perusing vulnerable spots, almost half the time they’re looking to healthcare organizations, hospitals and these online portals. So, what are some of these vulnerabilities that you should be safeguarding against?

Insecure Browsers 

Just this last week, Microsoft warned consumers of a vulnerability in Internet Explorer that made users particularly vulnerable to hackers looking to insert malware into their computer systems. While the bug was patched relatively quickly, it was the first time that the United States government actually told users to cease using a browser. A bug that big could easily have made patient portals vulnerable to malware, as based upon consumer statistics, IE has more than 1 billion users; more than any other browser currently on the market.

Unsupported Operating Systems

Microsoft has also recently announced they will no longer support older versions of their Windows operating system (OS). As they are progressing more toward the chic, Mac-like appearance and functionality, it didn’t come as much of a surprise that they are all but abandoning older OS’s. The problem is, smaller healthcare organizations, as well as patients and consumers, may take the “don’t fix it if it isn’t broken” mentality and continue to use an unsupported Windows OS to avoid the costly upgrade. This leaves them vulnerable to malware, loss of data, and many other inconveniences that could potentially cause enormous problems if they store or access personal data through their computers.

Electronic Records

Even though most EMRs on the market claim that they are “bulletproof”, they are clearly not immune from serious threats of patient information seeking hackers. This risk intensifies when physicians and patients use third-party applications to access electronic records, or email, on iPhones and tablets. Handheld devices may not be under the same amount of scrutiny as hospital or office computers. Particularly in the case of “remote” work, there might be technological vulnerabilities that go virtually unrecognized until a threat is made.

Inside Threats

Again, with EMRs, comes the potential for hacking — but from within an organization. Not that this is vastly different from the information that could be gleaned from a paper chart by a snoop, but with technology making it much easier to capture and send data, the breaches can now happen faster — and reach a greater distance. Where an “inside hack” of days past might have jotted down names, dates of birth, and social security numbers–not to mention billing and insurance information– from a few paper charts, now, someone who intended to breach an organization’s data could obtain hundreds of patient charts with much less effort. Audits at an organizational level need to be done routinely to safeguard against this, and users of the electronic records need to be made aware of access policies. Those policies may need to be revisited several times a year, and adjusted, to meet the demands of healthcare’s ongoing reliance on information technology.

Lack of Upper Level Understanding

Healthcare leaders are overburdened as it is by the growing demands and changes necessitated by healthcare reform. IT security needs to be higher on their list of priorities, but it’s easy for it to fall through the cracks. CEOs of 2014 were not educated during a time in history when technology pervaded every element of one’s personal, professional and social life. Quite frankly, the general lack of understanding in upper level management stems both from disinterest and lack of exposure. While the education is there, technology is vast and can’t be grasped overnight, or through one seminar. To understand and to use efficiently the technological advances available to medicine are two completely different arenas, and many healthcare CEOs who are at the end of their tenure may not see the point. But the reality is, technology is quickly becoming the foundation for many industries, not just healthcare, and to continue to place it lower on one’s priority list is a grave mistake that will have financial ramifications.

The future of EMRs is uncertain, but one thing remains clear: we ultimately still want to pursue the “one patient, one record” ideal and in order to achieve that we might need to head back to the drawing board.

Abby Norman is a writer and health guide living and working in Maine. She writes for BHM Healthcare Solutions and has had work featured in The National Medical Records Briefing, HuffPost UK, SALTArtists and The Almost Doctor’s Channel, as well as many international print and online publications.