A new idea (or bill of goods) that it seems has been sold to the owners of the Conventional Wisdom is that computerizing everyone's medical records will be a great benefit to all of us. The alleged advantage is that making them instantly transferrable between doctors, hospitals, pharmacies, insurance companies (and maybe Dick Cheney's or Karl Rove's desk) will save money and avert some medical errors.
Tonight I'm pleased to read this story in the New York Times
http://www.nytimes.com/...
"Privacy Issue Complicates Push to Link Medical Data," by Robert Pear. Finally, some folks are waking to the idea that making records easy to exchange by computers is difficult to reconcile with keeping those records appropriately private.
A couple of years ago I wrote this to give to new patients at my office.
Thanks to a new law called HIPAA, most doctors give you an information sheet about the medical privacy policy at their office. Most of those are written by lawyers at the doctors' insurance company. My office is small enough I can do things a little differently.
Medical records are supposed to be private, but that privacy leaks like a sieve. It has always been that way, and there are some good reasons. For example, if I get a call some evening or weekend from someone who says he's an emergency room doctor treating a patient of mine for something that could be dangerous, and that voice on the phone sounds like a real doctor and not some amateur impersonating a doctor, I'll probably tell whoever it is everything I can remember about the patient that might possibly be of use. That doesn't usually include things most people would worry about keeping private, because emergencies don't usually involve such things and because my practice doesn't happen to involve treating many diseases most people consider embarrassing. If such an over-the-phone inquiry gets into matters I would expect a typical person would want to keep private, I'll at least get more cautious about what I reveal.
In practice, that means if your wife or husband calls and asks how your cholesterol came out, I'll tell them unless you warn me not to. If you're very ill in the hospital and someone phones who says they're an out-of-town relative, and asks how you're doing, I'll tell them unless you warn me not to. On the other hand, if you tell me that you are homosexual, I probably won't even put that in your office chart. I'll probably tell you I'm not writing it down, so help me remember it.
If for some reason you need more privacy than this, tell me. For example, if you don't want your wife or husband or relatives to know your cholesterol, warn me. If you have relatives you wouldn't want visiting you if you were in the hospital and very ill, tell me. If you're a public figure who wants to project an image of perfect health, tell me. Otherwise, I'll do what I think a typical person would want.
That example of a late night call was inspired by a situation during my residency training, when I was the doctor making the call. I was working triage (similar to the Emergency Room) at the VA hospital and a patient came in with some symptom that might possibly be a heart attack. A precautionary electrocardiogram showed a bundle branch block, which tells you the patient's heart has an electrical conduction abnormality but which obscures any specific signs of an infarction. The bundle branch block can be from an infarction or from a number of other causes. If it was old, the patient could go to telemetry; if it was new, he belonged in ICU. I asked the man if he'd had an EKG any time in the last few years, and we figured he must have had one during a previous hospital stay at another VA hospital in another state. We phoned that hospital, and got them to pull his chart, but this was before the days of caller ID and fax machines. The file clerk at the other hospital didn't feel comfortable doing much more than confirming that they had a chart on the man. Fortunately, I thought to ask, "Do you have a doctor on call in triage who could talk to me?" They did.
I was just a voice over the phone to that doctor, but I started by describing the situation; then I told the other doctor what the patient's current cardiogram showed, as well as I could describe it. The other doctor was then comfortable telling me that the old cardiogram looked about the same as what I'd described. These days, the other hospital could have faxed us the patient's EKG -- and could have asked us to fax a signed release first. A fax of the old EKG would have been reassuring. With computerized records, it might be possible to download a better quality reproduction of the EKG and get it more quickly -- a slight increase in convenience compared to a fax. But for someone who has no business seeing the medical record it might well be a lot easier to hack into a computerized record than it would be to fake a signed medical release. And with a computerized system, once you got access to someone's record you could probably download every bit of it in seconds.
My office still uses paper medical records. I can see several potential problems with 'going digital'. For one thing, I don't trust digital records to be easy to read when they're decades old. Do you know anyone with a computer that can still read the old 5.25 inch floppy disks (that were truly floppy)? Those "old" floppies were introduced in 1976. And software can go obsolete as quickly as hardware. I have a fossil word processor from the mid 1980's that uses the 'newer' 3.5 inch "floppy" disks that are still common, if obsolescent. But the word processor has its own format; I can't find a word processing program that will read them. There's a company somewhere that will transfer the text on the old disks to Microsoft Word, for $27.50 per disk. Will the same thing happen to digital medical records? Will the format in which they're stored be obsolete in 20 years? I have a few charts in my office that go back to 1950. They're still easy to read; the format is typewriter on paper.
Another problem with digital records is that I wouldn't have a clue if they'd been tampered with. If somebody wanted to alter the blood pressure readings in his chart, he'd have to erase mine (which are made in ink) and then imitate my handwriting on the substitute entries. I'm sure the CIA has people who could do that in a way I wouldn't notice, but it's not something some amateur could do. But if somebody wanted to alter his electronic record, I'm completely in the dark what the clues would be no matter how amateurish the forgery.
Another worry about digital records is how easy it could be to steal copies of all of them. With paper records, someone might sneak into my office some night and copy one or a few charts, but to get anything interesting they'd have to know just what they were looking for in advance. With electronic records, someone would probably be able to copy every record I have in a few minutes, on a $5.00 flash drive, either by sneaking into my office or perhaps by hacking into my records computer via the internet. The information thief could then sort through the records at his leisure, or could simply add them to a 'hacked records database' that he'd search when someone in Karl Rove's office wanted to do a "workup" on someone who might have been my patient.
Until security worries such as these are solved, I don't want to switch to electronic medical records.