In the essays above, I have attempted to identify and discuss a number of primary issues that have accompanied the recent major changes within health care, with a view to the long-term. Here, I would like to propose a few suggestions that could potentially help to resolve several of these concerns, at least in part. It is my sincere hope that these thoughts trigger productive discussions that either lead to or catalyze some changes in course.
Patient Histories: In the essay `Life Begins at 60`, I raised a concern that would still greatly compromise the utility of EHRs, even if we achieved full interconnectivity among the major hospital electronic systems. Namely, currently the vast majority of Americans have either no or minimal long-term electronic medical histories in any large hospital EHR system. This is a major limitation, one that I believe must be addressed very shortly as a top priority item. But what can be done? I would propose a WPA type of effort to collect histories on all Americans. This could come from a one-time collection process, done in a similar manner to the collection of census data, with mandatory participation by all, with significant non-compliance penalties. We could recruit and train a small army of recruits to do structured interviews in a systematic way, to obtain standardized `personal history` entries. The training of interviewers could be done in a similar mode to the training presented in many present coding courses. The interviews would (as best as possible) identify which hospitals, private practice doctors and other medical personnel have records about each individual, either recent or well into the past, and then these sources would then be tapped for the appropriate data entry. As well, the interviews would allow one to indicate recent changes, and/or particular health issues or data of special importance. All these data would be aggregated and entered into a centralized secure, single repository. Routine access to these records would be allowed to individuals or organizations specifically named by each interviewee, such as physicians, hospitals, family members; in emergencies, more flexibility of access would be allowed, on an acute need-to-know basis. The records would be maintained both as a spreadsheet format, as well as a converted file, for instance as a searchable pdf file (so that a doctor could quickly search throughout the history for a key term or attribute). This model would still be imperfect, but much closer to the mark, and in particular, could provide a rich and crucial source of data on the many Americans at highest risk for interventions, yet with modest and very incomplete EHRs at present. At the very least, such a repository would buy time until a universal, totally integrated and updated database were developed (if ever). Of course, the ideal remains a patient with whose records and history are with a single physician, practice or system records, where records could in general be readily accessed, but in a more fractionated and discontinuous world of care, I believe that this could help to fulfill many of the needs for true universality. Finally, it should be easy to recruit and train the requisite army of interviewers — at 62.5% participation rate, the proportion of Americans in the labor force remains near historic lows, with many white collar workers out of job, and very eager to work.
Patient Privacy: I agree in principle with the mission, that long-term, a well-constructed EHR system that balanced privacy and accessibility needs could significantly improve the overall quality of our healthcare. However, the actual roll-out of the Affordable Care Act, particularly of EHRs, to date has primarily facilitated the needs of hospitals, administrators, billing and insurance companies, rather than physicians and patients.
In a 2007 article in the University of Illinois Law Review entitled `Ensuring the Privacy and Confidentiality of Electronic Health Records`, Nicolas Terry and Leslie Francis wrote that what is required is a government-funded independent and apolitical regulatory body and commissioner that will have the power to mediate disputes and publish codes of conduct. (I also referred to this article, with some brief background on both Professors Terry and Francis, in the essay entitled `Legal Recourse: Slim and None`). Australia, Canada, New Zealand, and the United Kingdom have all adopted such regulatory review and dispute resolution models as part of their data protection regimes, and most have been particularly active in the health domain.
Frequently, some portions of a patient’s records are very sensitive. Many of my patients would strongly prefer that these portions be considered to be `highly confidential` contents, and then classified as unreadable by providers with routine access to the EHR system. Such contents could be accessed only (i) by explicitly named providers; (ii) with a specific additional consent from the patient; or (iii) in the case of an emergency. Obvious examples of sensitive information that might be secured in this way include mental health history; sexual and reproductive history, including abortion, STDs, birth control, pregnancy and sexual dysfunction; and HIV/AIDS history. Other categories should be identified that a patient could routinely wish to tag as highly confidential, such as colorectal cancer. It would be extremely timely to address this in the very near future, even if the only categories identified as eligible for high confidentiality classification were the obvious examples just named. There is plenty of precedent for restricting data access based on `need to know` and trustworthiness criteria – the FBI, CIA and NSA have well-established protocols for security clearance, and notably, multiple layers or levels that are commensurate with the degree of sensitivity and the vulnerability if a breach occurs. Indeed, following this theme, there must be meaningful penalties for violations of confidentiality, more than modest fines that amount to `the cost of doing business` that seem so prevalent today. Breaches to NSA or CIA records come with serious consequences, and even disclosures of IRS return information may be subject to felony charges and five years in prison. I feel confident that many of my patients would be less upset by a leak of the their taxes than of their sexual history.
Additionally, and perhaps less obviously, some related data must also be protected. For example if I see a prescription for a patient of 250 mg ceftriaxone plus 1g azithromycin, I can infer with virtual certainty that this is for the treatment of gonorrhea. In the paper record world, standard forms for a transfer of a patient`s medical records allow for the exclusion of STD, HIV/AIDS and psychiatric histories, including any pertinent drug and prescription information; these same protections must also carry over to the EHR world. It goes without saying that such information could be used for darker purposes such as extortion or other forms of blackmail. Given the extent of data vulnerability and theft that abounds in online databases, in conjunction with the value of and interest in medical–related data, we need to pay special attention to this issue.
Also, we should recognize that much of Western Europe has strict data protection rules that have enshrined an individual’s privacy as a fundamental right on a par with freedom of expression. Even Google and Facebook have run into this head on during the past few years. I believe that we should consider some of these protections in rebalancing our own present domestic privacy policies, both for EHRs and well beyond. For instance, a new European data privacy rule finalized just several months ago will have major repercussions for U.S. tech companies that do business there. Among the most prominent aspects of the new directive are fines of up to 4% of a company’s global gross revenue if it misuses people’s online data, including obtaining information without people’s consent. While companies are unlikely to be hit with the full fine amount except for egregious privacy breaches, the numbers are still staggering. For Google’s parent company, for example, the fines could reach $2.4 billion; for Apple, $9.3 billion. These kinds of penalties for privacy violations, even if only approached in the U.S., would definitely raise the awareness and responsibility of businesses and agencies that either analyze or pass along our data. Otherwise, the status quo within the U.S. seems quite inadequate. Even when record-setting penalties to major corporations (or banks) for misbehavior are announced with much hoopla, the beat goes on. The penalties are almost always effectively a slap on the wrist, the cost of doing business, and much smaller than the profits gained by pursuing the illegal activities.
Treatment of Docs: In several of the essays, I have tried to point out the degree to which many physicians, especially senior members, are feeling both disheartened and beaten down by systemic changes to medicine within the last 5 years. But what should we make of this, and what can we do to try to ease the pain while moving forward in an electronic world? The bottom line from my perspective has entries in two columns. In the economics column, we must re-align the presently perverse financial incentives, with much more emphasis on long-term health, outcomes and costs. In the personnel column, we must impose some regulations so that physicians are not increasingly treated as `commoditized revenue-generating units to be squeezed`. At a minimum, this should include some mutually agreeable cap on patient volume, with some sane flexibility built in to accommodate unusually complicated cases, emergencies, or atypical patient cohorts. Secondly, significant changes to existing health care software should be mandated towards more doctor- and nurse-centered design, including a very sharp reduction in the number of incessant alerts, with more clearly flagged emphasis on events that require urgent action. Better-tailored order sets to individual specialties would also be a welcome and productive change, and should facilitate improved work-flow. Finally, more reliability and redundancy, that is, system back-up resources should be required of the EHR providers, to significantly reduce the frequency and duration of system down-times, which can paralyze the entire system and endanger patient care.
Regulation of EHRs: In an earlier essay, I mentioned an article by Niam Yarhagi in The Health Care Blog entitled `Congress Can’t Solve the EHR Interoperability Problem`. In April 2015, Ross Koppel, an adjunct professor of Sociology at the University of Pennsylvania (and a leading scholar of healthcare IT and EHRs), and Stephen Soumerai, a Professor of Population Medicine at Harvard Medical School, wrote a response piece. They agreed with Dr. Yarhagi’s core points, although they did disagree with his solution. However, my interest here goes beyond their (convincing yet somewhat technical) disagreement, but rather to what they next wrote, which frames the broader issue beautifully: “The more salient question is: why should any HIT vendor be permitted to charge a penny to help share data that is needed to make medical care safer, more efficient, more informed, better? A key feature of HIT is that it allows exchanging information on patients. The government is giving $30 billion to subsidize purchase and use of these technologies; hospitals and other providers are spending trillions of dollars buying and installing them. It is unconscionable that a vendor would even think about charging clinicians to share data on patients’ health. The government need not threaten vendors who don’t allow sharing of data. There should be no choice. Data exchange must be required through regulation. We don’t negotiate with car drivers about stopping at red lights, and we don’t compromise on truck weight limits on certain bridges. Some rules are simply necessary for public safety.”
Koppel and Soumerai lead right up to the door of regulating EHRs, at least in part, and I believe that a very strong case can be made here to complete this thought, both on the basis of precedent and of parallelism. Recall the old Bell System telephone network during the 1960’s. Prior to divestiture, it was regulated as a public utility, an indispensable part of the national infrastructure, on which we relied constantly. The Bell System gave outstanding service, and established the precedent that identifying a business category as a utility need not compromise the associated product in the slightest. The Federal Communications Commission (FCC) ruled last year to regulate broadband Internet as a public utility, on the basis that it is a public good. This ensured `net-neutrality`, which means that no content is blocked and that the Internet cannot be divided into pay-to-play fast lanes for some users, and slow lanes for everyone else. Given that universal health care is the signature policy initiative of the last 8 years, we should likewise regulate EHRs as a public utility, on the basis of Common Good, and specifically mandate universal interconnectivity without favoritism. If Comcast and its competitors could work it out, so can EHRs. A public-utility commission (PUC) can ensure that a company neither disadvantages competitors, nor abuses its market power. Every state has a PUC regulating electricity, gas, water, railroads, and telephone service, providing essential consumer protections. PUCs have the power to hold public hearings in response to customer complaints, and critically, have suitable authority to fix problems as they arise, that is, to hold providers` feet to the fire until satisfactory resolution is achieved. Their commissions usually assert their mission is to provide safe, reliable service at reasonable rates. Reasonable rates can be interpreted many ways. Utilities are allowed a fair return, usually calculated as a percentage return to their investments, for example 8%. Indeed, 8% seems a generous incentive, given the present rate of inflation, and should produce a nice profit for the regulated companies. The public benefit would be the assurance of quality service to and treatment of all constituents, here including both the patients and the physician providers. Finally, quality service must include ready access and user-friendliness to all!
Some recent testimony in the context of telephone service provides compelling arguments for the necessity of (existing) regulation in a more familiar, yet in many ways parallel, setting. In 2013, Harold Feld, senior VP of the nonprofit public interest organization Public Knowledge, testified to Congress on `The Evolution of Wired Communications Networks`. (The testimony can be found online at
Feld identifies five “fundamental values” that define our telecommunications network: “service to all Americans (universal access), interconnection and competition, consumer protection, reliability (the system must keep working), and public safety.” I believe that these same fundamental values should equally well apply to our EHR network. Feld persuasively argues that free-market incentives cannot and will not ensure that these values are satisfied, but rather, that government oversight is imperative, both on the basis of several convincing case studies, as well as on more conceptual grounds. As one example, in the case study `The “Market” v. Real People`, Feld referred to Superstorm Sandy’s impact on Fire Island in New York, in which much of the existing copper network infrastructure was destroyed. The local carrier Verizon faced a choice: rebuild its copper network, deploy the fiber-optic network FIOS, or deploy its fixed wireless product called Voice Link. Verizon made the entirely rational business decision that deploying either a copper or fiber network for the Island’s small permanent population was simply not cost effective. Instead, they announced that they would deploy Voice Link, which was much less costly to them, with some well-wrung talking points on the market embrace of wireless, away from traditional copper. This decision created a firestorm of customer complaints and negative news stories that, combined with regulatory scrutiny from the New York Public Service Commission and the FCC, ultimately forced Verizon to commit to deploying FIOS on Fire Island. Reliability and quality of service (and reception) were concerns about the proposed wireless service. As Feld noted earlier in his testimony, “Given the importance of communications infrastructure to our lives, particularly in an emergency, we will hopefully continue to maintain reliability as a core value and acknowledge that government at all levels have both a keen interest in the safety of their citizens and an important role in ensuring that safety.” A simple substitution of `health care` for `communications` in the previous sentence should highlight the parallelism here.
And notice that regulation hardly means the end of competition or profit – it just mandates reasonable minimum floor levels of service and responsibility by the vendors, in a few essential categories.
Finally, on the crucial line item of interoperability, let’s borrow Mr. Peabody and Sherman’s Wayback time machine, and head backwards in time nearly 50 years, to 1969 and the birth of the Internet. The Internet was actually born as the ARPANET during the 1960s, at the height of the Cold War between the United States and the USSR. Indeed, universality or full interoperability was its initial raison d’être, not only during routine operation, but even or especially under severe disruption. US authorities considered ways to communicate without interruption in the aftermath of a nuclear attack, if centralized telecommunications switching facilities were destroyed by enemy weapons. This led to the development of a decentralized (distributed) network architecture by Paul Baran with colleagues at RAND, implemented as the ARPANET in 1969 (and renamed the Internet in the late 1980s). The most salient point here, though, is that given enough political will, protocols could be readily established (50 years ago) to establish full interoperability, even among a network of ostensibly very different components. Leonard Kleinrock, a Professor of Computer Science at UCLA and a seminal contributor to both the mathematical theory and early implementation of the ARPANET, succinctly stated the case in his 1976 textbook on Queueing Systems, in which he describes the collection of 100 computers geographically distributed across the United States that were to be connected. “The (HOST) computers are in many ways incompatible with each other, coming from different manufacturers and containing specialized software, data bases, and so on; this in fact presented the challenge of the original network experiment, namely, to provide effective communication among, and utilization of, this collection of incompatible machines.”
And of course, in addition to the Internet, telecommunications and banking, which are likewise essential networks, have been fully interconnected via standardized protocols for many decades.
So for all the reasons stated earlier, a fully realized and interoperable EHR network should be made a topmost, URGENT priority, to be completed shortly. The stars align — there is an acute need; significant historical precedent; bipartisan support; readily available engineering expertise; and existing software infrastructure either already in place or nearly so. Let’s move!