Monday, February 23, 2009

Computerizing Medical Records: What Could Go Wrong?

The other day I was in my dentist's office getting my teeth cleaned (wait, it gets better). Like most other health professionals, my dentist keeps patient records on paper in file folders bearing multicolored tabs, all crammed into shelves behind the receptionist's desk for easy access. As I discussed the bill with the office's insurance person, I glanced behind her and saw the name of a friend scrawled along a protruding edge of one folder.

Now, technically, that was a breach of confidential medical information, I suppose. I hadn't known that my friend and I shared a dentist in common, and I don't think anything nefarious will come of it. But this little episode shows that while some people concerned about computer security are worried now that the Obama Administration has gotten $19 billion out of Congress to spend on computerizing medical records, the old-fashioned paper records are not entirely secure either.

If you had asked someone in 1960 to guess whether doctors or lawyers would be faster to adopt computerized record-keeping, most people might have bet on the doctors. After all, doctors use advanced technology every day, while in 1960 it was still possible to operate a profitable law practice with manual typewriters and carbon paper. But history has proved this guess wrong. Most lawyers now shoot emails and .pdf files and electronic signatures around without a second thought, but doctors and hospitals still keep medical records more or less the same way they were kept in 1890: on millions of little scraps of paper in cardboard file folders. Yes, they can fax copies around, and sometimes do when requested, but the heart of the system is still paper, not electronic.

This state of affairs has its drawbacks. While no form of record-keeping is error-free, you would think that a profession with a reputation for bad handwriting would do something about keeping handwritten records of life-critical information before now. I am not aware of any formal estimate for how many people in the U. S. die every year due to medical errors caused by poor penmanship, but it's probably in the dozens, at least. So if it is done well, the transferring of medical records to computer form promises to reduce mistakes in a field where the phrase "fatal error" means more than just the fact that your computer crashed.

All the same, there are political groups which have been campaigning for increased protection of the privacy of patient records now that computerizing records looks like it actually may happen. A former RN named Deborah Peel runs an organization called Patient Privacy Rights, which tries to influence legislation to increase the formerly meager protections that U. S. citizens have against unauthorized use of their medical records. They have recently announced that the part of the stimulus bill paying for medical-record computerizing also has reasonably good protections in place for patient privacy. I admit to somewhat mixed feelings on this score, since efforts like this were responsible for the infamous information and consent forms every new patient has to fill out nowadays. To that extent, the reforms have increased everyone's paperwork burden, and whether patient privacy really got better is somewhat of an open question. But if the move to computers really succeeds, maybe the forms will become electronic too.

The $19-billion question right now is: exactly how is that money going to be used to convert the head-high file cabinets in every doctor's office and hospital in the country, into some computer files that presumably can be shared effortlessly from office to office? In trying to think of analogies to this, the only thing that comes to mind is the giant databases that aircraft manufacturers like Boeing maintain on new airplane designs. Everyone in the organization with the need to know about or alter these databases can access them instantaneously, and everyone ends up working from the same database. This system has increased productivity tremendously in the industry and reduced errors and misunderstandings a great deal.

But there are many differences between that situation and the case of medical records. Boeing is one private company, although a large one; the U. S. medical establishment is (so far, anyway) largely private, incredibly fragmented, and has no overall coordinating managerial structure of any kind. For the shared advantages of a common record-keeping system to be realized, somebody is going to have to impose some rules, which will include software and possibly hardware specifications. You know that all sorts of computer and software companies are currently salivating over that $19 billion, hoping that their particular product becomes the de-facto (or perhaps even de-jure) norm and they will end up with a good part of it in their pockets.

But given the rather anti-business tone of this administration, I can imagine another extreme, namely a Federal Medical-Records Computerization Agency, with thousands of newly hired young agents fresh out of college (where else are college graduates going to find jobs these days?), going from dentists to hospitals to chiropractors, knocking on doors and saying, "Hi, I'm from the government and I'm here to help you . . . computerize your medical records." Finish the joke any way you like, but that picture has its own drawbacks, not the least of which is the tremendous overhead in terms of federal employees and time it would take to decide on the system, train the agents to do their job, and then go and do it. If the Federal Aviation Administration's experiences with software are any guide (they have had tons of problems, including one or two expensive and complete failures), we have a right to be dubious that an all-government attempt to take on a huge software-intensive job like that will succeed, even with nineteen billion dollars behind it.

The sensible thing (and there are sensible people in government, though they don't often capture headlines) is an approach engaging both public and private entities, creating a minimum of new bureaucracies, trying things on a small scale first to work out the bugs, and adapting good systems that have been proven to work already. I hear that the Veterans' Administration, for example, has a pretty good computerized record approach that could be scaled up. Let's hope that sensible heads prevail, and we end up with computerized medical records that do the job with fewer errors and better privacy than the current paper records.

Sources: A report on some details of the portion of the stimulus package dealing with computerized medical records can be found at Deborah Peel's Patient Privacy Rights organization has its website at


  1. Very Interesting post, some months ago a laptop with medical records was lost causing a national outcry in the UK, the governments statement that the computer was encrypted was not comforting.

  2. This is a very interesting post onIT and health care joining together for maximum efficiency t. I still believe that our private info should not be transferred digitally, only stored digitally and not connected to the web in anyway.
    Check this out , pretty disturbing already

    But as with anything in life there are pros and cons, the trick is finding the best solutions