Blocking health records for fun and profit
November 4, 2015 6:10 PM   Subscribe

First...Epic would have to link each system that a hospital wanted to access—a labor-intensive process for which it charged an hourly fee. Once linked, hospitals could trade information, but only by paying an additional fee: "We charge on a per-patient, per-year basis—so it's not per transaction—and it's the same whether that patient is sent to 100 different places or one other place."
posted by Lycaste (40 comments total) 29 users marked this as a favorite
 
The flip side is that information sharing leads to horrendous privacy practices. Things do need to be more unified, but privacy doesn't seem to be part of the consideration when this happens.
There's no reason why the receptionist at Clinic A should have instant access without my authorization to my medical records at Clinic B, when the two clinics are part of separate medical groups affiliated with completely different hospital systems, but I've seen it happen.

Right now, I have to authorize every piece of my information Facebook gives to Candy Crush Saga, but I have no earthly idea who can pull up my lab test results with a few basic pieces of personal information. That's screwed up.
posted by zachlipton at 6:26 PM on November 4, 2015 [5 favorites]


Epic is not the only barrier to a seamless medical records system. Thanks to legislative maneuvering by former Rep. Ron Paul (R-Texas) in 1999, the federal government can't fund any sort of system with unique health care identification numbers. (Paul saw individual medical IDs as further creep of Big Brother.) Social Security numbers aren't a good fill-in; they're not on insurance cards, and in April Obama signed a bill that will strike them from Medicare cards in order to reduce identity theft.

This reminded me of the time I called a Medicare patient who had visited an offsite location. I didn't see his ID in the system (a glitch was blanking out IDs) and there wasn't a copy of the card in the chart, so I called to ask if he would give it to me. He was rightfully freaked out- who are you! Why are you calling! I don't know you! You should call the secretary at the offsite, she has a copy of my card! Turns out, she did have a copy (not sure why, she shouldn't have been maintaining separate paper charts, but not my problem), and I was just the ding-dong who called an elderly strange to ask for his social security number.
posted by ThePinkSuperhero at 6:27 PM on November 4, 2015 [2 favorites]


So ... this is highly relevant to my job. And look, I'm not going to say that Epic's charges aren't pretty ridiculous, but at the same time I think this article vastly undersells the real complexities at play here.

Put simply, the reason why we're still faxing and printing despite EHRs is that authentication is hard, and there is no centralized system for authenticating healthcare providers. The documentation in question is highly sensitive and (rightfully) under a lot of legal restrictions. Just because Bob is a doctor and Alice is a doctor, that doesn't mean Bob has a legal right to see the records of Alice's patients (and in fact, if he doesn't have a good reason to view them, every one he views is a HIPAA violation punishable by fines and potentially jail time).

So, it's easy to say, "why aren't these systems interconnected?", but that completely ignores huge problems that can be stated as briefly as: "OK, let's say we connected the systems, now how exactly do you restrict access to the right people at the right time?". And how about: "so I'm a primary care doctor who refers patients to 6 different hospitals depending on the specialty needed, how exactly am I going to keep track of the authentication credentials for every single one of their EHRs, assuming they even wanted to give access to a 3rd party who doesn't work for them?"

Print and fax are old and crappy, but both have a long history and are effectively grandfathered in. A hospital can print to a printer within their network, and they know where that document went. They can also fax to a fax number provided by a doctor, and the details of securing that transaction are well understood (even if it does feel low-tech and low-security in this day and age). There are (no joke) legally accepted audit trails in faxing, and a fax has the legal weight of an official document.

None of that absolves Epic of nickel-and-diming, but frankly I'm kinda surprised they even offer the service at all, and I guarantee you that setting it up is a giant soul-sucking mess of a project involving trying to map users and credentials between frequently incompatible systems that you really want nothing to do with.
posted by tocts at 6:34 PM on November 4, 2015 [38 favorites]


I used to work in the medical records/software field. Not only are there privacy concerns, all the HIS systems have been built to prevent persons other than the vendor, for adding to, and/or querying that data. It's a huge scam.
posted by Windopaene at 6:34 PM on November 4, 2015


I gotta say, though, MyChart is a pretty good product from the patient's point of view!
posted by escabeche at 6:50 PM on November 4, 2015 [1 favorite]


I did some fairly deep consulting work on 'big data' systems with Epic a number of years ago, and I still have the scars. The fact that they still exist shows exactly how desperately bad EMR systems are, and how choked by regulatory and (frankly) professional medical cultural issues the whole space is.

MUMPS, the 'unique' programming language that Epic is pretty much the sole user and proponent of, is an ancient blight of a language that not only encourages poor software and data management practices, it actively prevents the development and testing best practices of the past 20 years from being used. All of their systems are built with and around it... so as far as I can tell, they only deliver results by brute force (and then poorly, and decades behind the rest of the industry).

At some point, health care systems are going to have to wake up to the fact that they are now in the data management business, and they will need to start bringing this stuff in house, as a core competence. Until then, they're going to continue to be raked over the coals by 3rd party vendors, and all of us will foot the bill.

I will say, some HMOs (namely Kaiser, that I'm familiar with) have been starting to do this in house, and are *much* better than the average medical system. So there is hope.
posted by zeypher at 6:54 PM on November 4, 2015 [12 favorites]


MUMPS, the 'unique' programming language that Epic is pretty much the sole user and proponent of, is an ancient blight of a language that not only encourages poor software and data management practices, it actively prevents the development and testing best practices of the past 20 years from being used.

If you think that's bad, wait till you hear that MEDITECH doesn't use MUMPS, but instead uses MAGIC, which is basically a internal fork of MUMPS (created by one of the original designers of MUMPS). Epic's use of MUMPS is them hanging onto a language that was actually used elsewhere at some point. MEDITECH, though, literally bases their whole product line on an in-house language no other company has ever used.
posted by tocts at 7:00 PM on November 4, 2015 [10 favorites]


I have very little to add, but after going to the doctor today for a relatively simple issue (fractured bones in my foot), I was stunned at the amount of paperwork that asked repetitive questions. I know the Paperwork Reduction Act has its issues, but a similar system (made easier by the ability to electronically share data) on the private side for medical practitioners has got to be a massive time and money saver for health care professionals. Between the initial phone call, copies of documentation provided, and paperwork filled out, there were probably close to two man-hours of work that boiled down to "Yes, I agree to a massive ton of liability limitations that, if I decline, will adversely affect my ability to receive any treatment at all today".

That, plus I'd be interested to, if there's a system like this, stop signing the damned privacy forms - without getting on a tangent, I'm curious if my "all interested parties" would be honored on my "who you can release my data to", as I'm somewhat hesitant to divulge the personal information/contact/etc for any of the multitude of people I figure may be curious or have an interest in my status.
posted by Seeba at 7:12 PM on November 4, 2015


Most pharmacy systems won't talk to each other either. You have to do prescription transfers verbally over the phone and reduce it to writing (as in pen-and-paper writing) for record-keeping purposes. Then you scan the written prescription and enter all the information into the computer manually. It's madness. Also a common source of error.
posted by dephlogisticated at 7:13 PM on November 4, 2015 [2 favorites]


zeypher: "MUMPS, the 'unique' programming language that Epic is pretty much the sole user and proponent of"

"Reserved words: None. Since MUMPS interprets source code by context, there is no need for reserved words. You may use the names of language commands as variables. There has been no contest such as the International Obfuscated C Code Contest for MUMPS, despite the potential of examples such as the following, perfectly legal, MUMPS code:"

Huh.
posted by boo_radley at 7:32 PM on November 4, 2015 [2 favorites]


... I had opportunity to read the MUMPS manpages once. I would rather give up many non-essential organs to not code in it ever in my life
posted by curuinor at 7:36 PM on November 4, 2015 [2 favorites]


tocts: "Put simply, the reason why we're still faxing and printing despite EHRs is that authentication is hard, and there is no centralized system for authenticating healthcare providers."

There are (no joke) legally accepted audit trails in faxing, and a fax has the legal weight of an official document.

This is SUCH a case of the good being the enemy of the perfect (and a big case of domain-specific not-invented-here syndrome). PGP solved these problems ages ago. Doctors already exchange records based upon a de-facto decentralized web of trust, and it wouldn't require a giant leap to bring those networks into the digital age.

We've been sitting around forever waiting for the EMR revolution to happen. Simply put, if it hasn't happened by now, it isn't going to happen. Done properly, an evolutionary approach could be adopted gradually, and would greatly improve the current state of affairs with relatively few drawbacks.
posted by schmod at 7:41 PM on November 4, 2015 [2 favorites]


Yeah, MUMPS sounds just dreamy: A Case of the MUMPS
The primary design goal MUMPS was to create code that, once written, can never be maintained by anyone ever again. The syntax is somewhat reminiscent of FORTRAN and SNOBOL (no, not the toilet cleaner), only much, much worse. Ironically, being inflicted with mumps (the disease) is much more pleasant that actually working with MUMPS (the language).

[...]

All MUMPS code was stored in a Global Array named ^ROUTINES. The only code that existed outside of this array was stored in "Application Startup" codefiles, each containing a single line of code: X(^ROUTINES("XSTARTGB")). The only difference between each file was the last two characters, or, the application identifier.

Within each application lived hundreds of modules, and within each module lived thousands of routines. All of these routines shared the same environment. To ensure that global arrays and code didn't get mixed up, a strict naming convention was followed. Each routine name was no more than eight characters, and consisted of a two-character application identifier, a two-character module identifier, and a two-character routine identifier. The remaining two characters were for "routine chaining." You see, because MUMPS has a rather small routine limit, developers had to spread code across several routines (GBLVCM1, GBLVCM2, etc) and "chain" them together with a GOTO at the end.
What could possibly go wrong?
posted by tonycpsu at 7:42 PM on November 4, 2015 [20 favorites]


zeypher: "I will say, some HMOs (namely Kaiser, that I'm familiar with) have been starting to do this in house, and are *much* better than the average medical system. So there is hope."

Kaiser are AWESOME at this. If I ever end up working for a company that offers a Kaiser plan again, I'm going straight back to them (god, the way the US does this is stupid). Their high-tech records system makes everything that they do about 5 times as efficient as any other medical practice that I've ever encountered.

That being said, getting your records out of Kaiser is a bureaucratic nightmare. You basically need to show up at their records office between 10 and 4 (but not during lunch), wait in a long line, and fill out a pile of paperwork, and hope that you've requested the right set of records. After about a month, they will mail you a bill for the cost of printing and then re-scanning your records (yes...), at which point you mail them a check and two weeks after that, they'll either fax the records to your new physician, or print them again and mail them to you.

And god help you if something goes wrong during this process (as it did for me), and nobody wants to take responsibility for losing the records, or faxing the wrong set.

For all of the things that Kaiser is really really good at, I was amazed at just how tightly my records ended up locked inside their system. My current physician said that he's never seen such comprehensive and meticulous records, but good god, they were a pain to get a hold of.
posted by schmod at 7:47 PM on November 4, 2015 [2 favorites]


The primary design goal MUMPS was to create code that, once written, can never be maintained by anyone ever again.

So it's Perl then?
posted by schmod at 7:49 PM on November 4, 2015 [2 favorites]


MUMPS is to Perl what Perl is to other languages. APL is comparable in unmaintainability, I'm told
posted by curuinor at 7:51 PM on November 4, 2015 [4 favorites]


DATA TYPES: one universal datatype, interpreted/converted to string, integer, or floating-point number as context requires.

DECLARATIONS: NONE. Everything dynamically created on first reference.

LOCAL ARRAYS: created dynamically, any number of subscripts, subscripts can be strings or integers. Stored in process space and expire when process terminates.
Sounds pretty modern, really.
posted by eruonna at 7:56 PM on November 4, 2015


Former MUMPS programmer here. It is every bit as godawful as you think it is. In the time I worked on it I was so stressed out I started pulling hairs out of my beard for the momentary relief that the distraction of pain afforded.
posted by Jpfed at 7:58 PM on November 4, 2015 [6 favorites]


Oh man, don't get me started on MEDITECH! Most of our customers were MEDITECH Magic shops, transitioning into whatever new crap MT was putting out. Proprietary doesn't even begin to describe the thinking in that place...
posted by Windopaene at 8:06 PM on November 4, 2015 [1 favorite]


I work for the only EHR manufacturer that (to my knowledge) builds interoperability into their systems.

The Jobs act's Meaningful Use (i.e. free government money for meeting technical milestones) is mandating this interoperability to help address this exact problem, and by doing so drive down the cost of healthcare. I think this is pretty excited, even if I'm not really involved in this work.

A friend of mine just got her MPH, and takes a rather dim view on whether we can realistically lower the cost of healthcare, because healthcare providers do not want their services to be cheaper. Realistically, the money saved by having a cheaper EHR vendor will get fudged and squirreled away, and never passed on to the consumer no matter what.
posted by habeebtc at 9:07 PM on November 4, 2015 [2 favorites]


I interviewed at Epic a couple of years ago and it was pretty interesting. They hire based largely on standardized test scores and their own applicant testing, and they're very big on the idea that they're hiring the smartest people out there. Whether that's actually true I have no idea. They hire a lot of young people, a lot of them without relevant experience, and they have a very strong corporate culture. And the end result is a lot of people who are very, very passionate about the company. A little more so than I was comfortable with, honestly.

The cafeteria, though, is every bit as awesome as every Madisonian has heard (over and over and OVER) that it is. Yum.
posted by gerstle at 9:08 PM on November 4, 2015 [2 favorites]


APL is comparable in unmaintainability, I'm told

I hadn't heard of this one before, but holy crap.
posted by echo target at 9:24 PM on November 4, 2015 [8 favorites]


Why can't the patient have ownership of his/her own records? I already carry insurance cards and credit cards. I already have oodles of information online, that I own. It should be comparatively easier, and delightfully "disruptive" if we could do a google drive/dropbox/etc sort of approach to this.
posted by yesster at 9:27 PM on November 4, 2015 [3 favorites]


Speaking on the user end of things, I have no idea how all these systems are built, except to say they feel so antiquated compared to anything on the web, or even flight reservation systems, or the goddamn public library. Epic is miles ahead of any other system (others I use regularly are Cerner, Meditech, and NextGen) in terms of smart management of information and usability.

In Seattle, there are 4-5 major hospital systems that I routinely need to gain access to, really in the interest of practicing good medicine, and not wasting dollars on retesting, or the patient's time. "Come back next week when I have been able to request and receive a faxed copy of the information I need to solve this clinical problem" is such a frustrating way to end a patient visit, and it's not an option when I'm doing hospital work. All the hospitals that use Epic have a plug in called "Care Everywhere" where literally a button push gives me access to all their care anywhere in the area at other hospital systems that use Epic. I didn't ask for this option, I didn't have to verify anything, and I don't need to ask the patient for permission to instantly access it. (That's not to say there aren't safeguards -- I once looked up my son's birth record at a hospital I'm on staff, just because I wanted to see which templated notes his pediatrician was using to see if I could steal/borrow those templates and I was immediately sent a notice stating that I was caught snooping into a record of a patient I had no business accessing, that I was officially warned not to do this again and that a permanent record of this was placed in my personnel file).

The systems that are not on Epic, all have a portal that allow you to request access as a community physician where I did a one time form promising not to violate HIPAA and to use protected health information only for patient care activity, and now I can access, without the patient's permission, all of the records for any one particular hospital system. I have this access to 3 different hospital systems.

I cannot say how invaluable this access is in caring for my patients. Every single day, I see several people who come to see me to follow up on some hospital stay or ER visit and if the patient tells us ahead of time what they are coming in for, we can get permission and get records the "official" way with a signed release and a request for faxed records, but in practice this never happens and I'm stuck with the patient in an exam room and I suddenly need to know the details of their recent stroke or whatever.

I am as amoral, snoopy, and gossipy as anyone and the fact is that I have never once looked up anyone for those kind of purposes, having been constantly slammed with patient care responsibilities I have only every used this power and access I have for good.

Meanwhile, all the community health centers in Washington state went in together several years ago to purchase an EMR together (NextGen) and created a private company to manage the health information that we've populated into the EMR. Each community health center has a virtual wall that blocks the transfer of information from one center to another, even though the data exists formatted for the same EMR and is literally housed in the same physical facility. One of my IT guys tells me they could literally flip a switch and all of the data would be instantly transferred from one place to another, but thanks to our rigid interpretation of HIPAA, if I need to get records from another community health center in the state, I need to get written patient authorization and the records are faxed on paper 2 weeks later, and then I am taking the paper printout and re-entering data from my own system back into the system. This is a profoundly wasteful use of hours every week for me.

In fairness to the antiquatedness and unfriendliness of EMRs, health information management is a very different problem than any other kind of information management and I guess most doctors feel that they'll take what they can get. When I am seeing a patient, I am rapidly pouring through 100s of pieces of information (much of which is not query-able like dictations or images) and picking out the one or two important things among the rest of the meaningless stuff, to make a complex decision that affects someone's life. I imagine someday this problem will be solved, thus making my job obsolete, but we are very far away from that day. I would think it would be a tantalizing problem to work on for some gifted software developer were it not for the fact that hospitals and medical software makers are bloated bureaucracies that use weird outdated systems that are very expensive to tweak and even more expensive to replace.
posted by Slarty Bartfast at 9:28 PM on November 4, 2015 [16 favorites]


Um yeah this is not a technically unsolvable or even unsolved problem. Like most things it's a cultural problem that we're just going to have to get over for our own sakes.

I gotta say, as having been the patient in Slarty Bartfast's example above, it is AWESOME to be in a doctor's office for an ER follow up and have them pull up all the information immediately. If I'm going to trust someone to cut me open and dose me with poison to cure me and stick their fingers in me I'm happy to trust them to know everything else there is to know about my health.
posted by bleep at 9:45 PM on November 4, 2015 [3 favorites]


If you can't trust them then they aren't good and that's it's own issue.
posted by bleep at 9:47 PM on November 4, 2015


Epic is amazing. Epic is pizacrap. There is no easy solution.

I work with Epic every day. We transitioned over from paper charts years ago. I used to love paper charts, because I love writing, and seeing things on a page, whether it be data or just words, is very different from reading things from a screen. I digress.

Epic is the juggernaut of EMR systems. They've such inertia that it makes little sense for hospital systems and clinics to go with another company, as invariably other people are using Epic. Once you're connected, you've got easy access to a lot of information that you might not otherwise have if you were to go with another EMR.

Of course, you're paying for that. That "Care Everywhere" button that Slarty Bartfast mentions? It's incredible, and can go across state lines and beyond any particular regional health system. But you're paying for it on top of whatever license you've purchased just to run Epic.

Yes, it's incredible and has made life a lot easier for a lot of healthcare providers. Now, instead of tracking down a chart in medical records or god forbid on microfiche, you can see every office note from every specialist, have a patient's medical/surgical/family/social history pop up before your very eyes, and see what medications they're on. All without doing anything but moving your hand and clicking a button.

That patient who's unable to provide any sort of history because they're, say, comatose? Well, now you've got infinitely more information where before you'd have none. Unsure about what to make of an unusual finding on someone's EKG, or CT scan, or x-ray or lab work? Bam. Look at all the old studies and flip back and forth in a browser by hitting CTRL-TAB (incidentally, this is my favorite tip to show other healthcare providers: go back and forth between EKGs or CXRs with this stupidly easy key combination!).


But even the best EMRs cannot save you from bad data. Diagnoses/problems that haven't been cleared from the "Active Medical Problem DealWithThisNOW!" category. Medication lists that are either not complete, or filled with duplicate entries, or just outdated. Notes from consultants that are a billion pages long, filled with every single lab value and test result from the past however many years, because they either think that more data is better, or more likely because they didn't take the time to craft their own note template.

EMRs make it very easy to be lazy. Copy and pasting old notes or sections of notes. Template exams that are pasted in with a short macro, and providers not going through them to make corrections. Real life examples I've seen: a patient in the hospital who, according to the documentation, was seen eating a cheeseburger every single day for over a week (the MD just copied his old progress note and made minimal changes).

A transfer summary for a patient coming onto my service where the physician for some reason copy and pasted everything from other notes, resulting in a 10+ page hodgepodge of everyone else's impressions of what was going on and plan of care.

An innumerable number of documented physical exams where whole sections weren't performed. Yeah, I had a patient who apparently had all the signs and symptoms of an infection, but the MD asking me to admit the patient couldn't identify a source of infection. His exam was benign. The patient was diabetic. In the course of my exam I took of the guy's socks and found toothpicks between the sock and his skin. "Why are there toothpicks here?" I asked. Guy says, "well, because if I put them in my pockets I get poked." He had a infected, deep ulcer, that had a strange, kinda hard center. Yes: it was part of a toothpick. It is very unlikely that the prior MD took the guy's socks off, examined the guy's feet, then put the socks back on, carefully replacing the toothpicks within.

But these are all problems that can be found while using any EMR. They're problems that can be identified and addressed, and there are measures and processes (god, I hate admin-speak) that can be followed to mitigate problems related to poor documentation or charting habits.


The thing that kills me, and how this all relates to Epic, availability and portability of health records, and you, is that all of this-- all the great stuff about Epic and all the bad stuff-- all of this costs money, and all the fixes will cost more money.

Money: pay for licenses to use Epic. Pay a ridiculous and massive fee up front, or pay a barely less ridiculous and massive fee for licenses based on the number of computers your practice has, or the number of beds your hospital has, or the number of providers in your group.

Pay for a transition team made up of a handful of experienced experts and a whole bunch of barely-trained "experts" (medical students: this is an excellent way to make a ton of dough). Pay for their hotel rooms and food. Pay for the time they spend sitting in a makeshift headquarters in your hospital or in your office. Hell, pay for the stinking matching-color "I'm Epic! Ask me anything and I'll get back to you someday!" t-shirts they wear. Money.

That incomplete list of diagnoses or inaccurate medication list? You paid for another team, whose role was to grab whatever data there was to be found in the paper chart and plug it into Epic when it's easy, or to just scan whole pages as images when it's not.

Pay for the terrible templates used for progress notes or admission H&Ps, which results in a tremendously long document due to "note bloat." Pay for training sessions and workshops where you're told what note bloat is, why it's a bad idea to have an unreadable mess of every single lab and test result in one giant note, and tips on how to avoid it.

If you're savvy with computers, you can play around in the safe, sandboxed version of Epic, and construct your own macros and templates. Wait. Wait: you're paying for that, too, doing work when you're not at work.

Pay for upgrades and additional plug-ins. Pay for that Care Everywhere tab that'll let you get information from other healthcare systems. Why can't you just have all the info readily at hand? Well that other hospital is running a slightly different or customized version of Epic, and the only way you might be able to get their records is by downloading each patient encounter, one by one. And still you can only see that information: it's not dumped into your own system, and it won't populate your patient's chart locally.

Pay for the phone call you make to Epic support asking why this is so. Pay for realizing that the support person doesn't have an answer. Climb up the ladder and realize that you've got to pay for the ability to import data into your local system. Realize that, fukkit, you just wasted a bunch of time and hitting Alt-PrtScr and pasting the screencap into MS Paint, cropping it, and copy and pasting that into your progress note is easier.

Good job, by the way, for ensuring that the support person will remain employed and for paying their salary. Somebody will get around to manually typing in the lab values you screencapped into the system. It might be you. How much time did it take? Did you get paid?


All right, now enough time has passed and you've got some experience with Epic. You've seen so many patients and you and your colleagues have spent so much time chipping away at things to have reached the comfortable place where many of your patient charts are correct. Your note templates have been edited down and customized to produce succinct documents. You're not calling Epic support as much these days: in fact, you haven't seen that person around for a while. They've moved on.

Now what? Well, damn! Something happened and a giant bug needs to be squashed. That costs money. Hopefully you're part of a system large enough to have just given a huge payment up front that covers such things. At least it doesn't feel like you're constantly hemorrhaging money.

Indeed: now what? Oh god, ICD-10. A new, massive way to code and bill for diagnoses and treatment. Pay for training modules. Pay for support staff again, to help with the transition. Are you going to rebuild the list of diagnoses, or will you pay someone to do it?

You're good with computers. You've made custom macros and templates for yourself and your colleagues. You're asked by administration to be a representative for your hospital and your region. Now you've got to dial in to multi-market conference calls, where 50% of the time it's just people bitching about how terrible Epic is, 50% of the time is spent by people fielding impossible or unrealistic ideas for improving Epic, and 50% of the time the physician "leaders" for Epic and Epic staff are making adjustments, major or minor, whose only purpose seems to be to ensure their own job security. 100% of the time these calls are 150% a waste of your time.

In case you can't tell, I'm a sucker who got nominated to participate in these calls. The enterprise-wide conference calls suck my will to live. The most recent call dealt with introducing fifty ways to address something that doesn't need to be address, trying to solve a problem where that was none. We also discussed medication lists, and whether yet another sub-committee comprising the same people on this call should be formed to tackle this issue, whose only solution is to pay more money to hire people to enter and correct data that should've been done when the transition to EMR was taking place.


Concerned about how accessible your chart and medical history is? Epic says you shouldn't be: every click is logged. Anytime your chart is accessed, the person looking at it has his or her name logged. If there were a breach of privacy, it would be easy to find out who the guilty party is: all someone's gotta do is spend their money or spend their time to perform an audit.

Not happy with Epic or one of the other top four EMRs? No problem: pay a lot less money to fund an open-source EMR. And then pay an impossible sum to allow it to access and pull data from their EMR.

But don't get me wrong: EMR has made life for myself much easier in so many ways, and indeed to the benefits of my patients. But I also don't kid myself: it does so at a tremendous cost.
posted by herrdoktor at 11:42 PM on November 4, 2015 [25 favorites]


This is SUCH a case of the good being the enemy of the perfect (and a big case of domain-specific not-invented-here syndrome). PGP solved these problems ages ago.

Believe me, you're preaching to the choir here -- I've had that discussion so many times in the last 10 years or so, it isn't even funny.

That said, though, it bears pointing out that authentication of healthcare providers isn't the only stumbling block here. While it is totally ridiculous for Epic to charge a fee per patient per year for this kind of linkup, what isn't ridiculous is charging to set up the linkup in the first place. There's a ton of work that has to go into that sort of thing because two medical systems almost never have the same sets of identifiers for people (providers or patients), nor do they necessarily have compatible metadata (e.g. department identifiers/names and such; at least in the case of procedures, ICD-9 and ICD-10 push compatibility).

What the government should have done, and I'm sure what it couldn't have done due to pressure of various sorts (including Ron Paul's interference), is create a standardized medical identification system for patients (note: identification, not authentication). That would solve a huge chunk of the problem because it would mean that Hospital A and Hospital B could very easily know they're both talking about the same Alice Smith and exchange information as appropriate. Without that, though, every time you link two systems there's an often painful set of steps required to figure out how you're going to map this kind of information between systems, and that takes time and money to accomplish.
posted by tocts at 3:18 AM on November 5, 2015 [1 favorite]


The fundamental problem is that each linkage is point-to-point, so there are n^2 linkages required if there are n systems. Since every system is a little different, each one has to be written by hand. Even if APIs exist already!

Epic is not particularly worse at interoperability and public APIs than Cerner or the other big vendors.
posted by BungaDunga at 4:54 AM on November 5, 2015 [2 favorites]


I work for a company that makes patient accounting software and while there are parts of this article that seem right on the mark, there are others that I find a little disengenous. Criticizing EPIC's culture seems useless when you could actually criticize their business practices.

And the pull quote: "Epic would have to link each system that a hospital wanted to access—a labor-intensive process for which it charged an hourly fee." Yeah, of course that is a time-consuming process for which people commonly charge a fee. Linking together software systems is not at all trivial, even if you have a common way of communication. I don't know if my company charges hourly for this privilege, but considering all of the setup and maintenance, it seems like something worth charging for. There's no way to get around that interface, even if both hospitals wereusing the same system -- you still have to set up connections and communications between them, because it's not like their databases all reside on one central server.
posted by possibilityleft at 6:18 AM on November 5, 2015 [2 favorites]


You have to do prescription transfers verbally over the phone and reduce it to writing (as in pen-and-paper writing) for record-keeping purposes.

Note that for Class II drugs in most states, you are required to have a written script, and you can only fill for 30 days. The feds, and some states, will allow a prescribing physician to issue three prescriptions, with one to fill immediately and the other two marked "do not fill until...." but after they made that change, a lot of states immediately went and said "no you can't."

So, even if pharmacies were connected to providers, then well, you'd still have the goddamn paper scripts running around.
posted by eriko at 6:28 AM on November 5, 2015 [4 favorites]


Speaking on the user end of things, I have no idea how all these systems are built, except to say they feel so antiquated compared to anything on the web, or even flight reservation systems, or the goddamn public library.

Don't feel bad, they pretty much are.

The goals of these companies is to make money, and since they are neither insurers or providers, they don't have the ACA medical loss ratio rule in place. So, they're basically charging what the market will bear, which is basically 70-90% of what it would cost for the insurers to do this directly.

Remember: The market is so complicated that there are companies who make money by just letting a provider submit claims to them, then they figure out how to get the claim to the right payer.
posted by eriko at 6:34 AM on November 5, 2015 [1 favorite]


Don't feel bad, they pretty much are.

A little anecdote on that. I built a system for a company to handle transmitting batches of claim files to payers. It handles about 400 different payers, used to be more but consolidation has happened.

It is, as I type this, 05-Nov-2015. Fully 60% of those claims today -- some two *million* claims, mind you -- will be transmitted by modem. A few are dialup PPP then FTP, but most are, I kid you not, menu driven BBS systems and you use zmodem to send the files.

I am proud about how bulletproof the system is. It detects things like password change demands, and either changes the password or drops the connection and alerts an operator that they need to do it. It doesn't drop files *ever*. All the rest of the system needs to do is prepend the payer identifier and drop it into the "outbox" share and it does the rest, then confirms when it's sent and tracks it.

But seriously. This should be a bunch of sftp or scp scripts. Not a bank of 12 modems. But it is. There are a few sftp sites. And there are a few web only sites that I managed to script out using curl. But basically, it's modems. Because it's the 1980s, apparently.

Thank god they still make the USR Courier modems. The bad news is one of the key pieces of software -- Kermit -- isn't maintained anymore. The good news is there's really nothing that needs to be done, but someday, it's not going to build and run on current systems.

So, somebody will try to reimplement it on Windows 2016 or whatever. And that's when they're going to realize they need to make modems work on that.

And that somebody is not going to be me.

So, yeah.
posted by eriko at 6:43 AM on November 5, 2015 [13 favorites]


tocts: "That would solve a huge chunk of the problem because it would mean that Hospital A and Hospital B could very easily know they're both talking about the same Alice Smith and exchange information as appropriate"

Wait. Why do I give my SSN to every single healthcare provider if they don't actually use it?

But this too is also a solved problem, even if we can't guarantee a single namespace. I work on a big ed-tech platform, and each external system that we interface with is allowed to provide a unique identifier for each user. Typically, those systems also have something like a verified email address on file, which allows us to automatically correlate Jane Doe from System A with Jane Doe from System B. Other times, the users need to be correlated by hand or some other means. How we do this is handled on a system-by-system basis, but there end up being surprisingly few systems that are truly unique, so these integrations aren't necessarily that difficult.

In short, the information architecture for this particular problem is not necessarily easy, but it's fairly straightforward compared to some other things that EMR systems need to do.
posted by schmod at 6:51 AM on November 5, 2015 [3 favorites]


Wait. Why do I give my SSN to every single healthcare provider if they don't actually use it?

Putting aside the fact that hospitals, even US hospitals, often treat patients who do not have an SSN, using SSNs as identifiers is actually a very bad idea, for a number of reasons.

In short, the information architecture for this particular problem is not necessarily easy, but it's fairly straightforward compared to some other things that EMR systems need to do.

You're not wrong that this is a solvable problem, but I think most people would be aghast if they realized how much of a wild west healthcare IT has been until recently (and even now). For example, as recently as 2008 only 9.4% of hospitals were using even a basic EHR system [PDF]. Even as much as we now think there's only a few big players in that space, the history of healthcare IT is littered with custom-written EHRs, pharmacy systems, lab reporting systems, etc, written by lowest-bidding contractors who had no mandate to care about interoperability. At best, they'd be handed a copy of the (terrible) HL7 spec, and implement whatever tiny portion was absolutely required to glue their component to the customer's other systems.

In short, healthcare IT is still barely starting to crawl, let alone walk.
posted by tocts at 7:17 AM on November 5, 2015 [1 favorite]


I also work in this field (although at a policy/strategy level). Even in a public system, where healthcare organizations don't have a commercial motive to keep data within corporate silos, interoperability and/or data sharing is a much harder problem to solve than most people realize. Ensuring that the appropriate privacy protections are present every step of the way, while at the same time not introducing huge barriers to clinical workflow, is an ongoing challenge.
posted by sevenyearlurk at 9:01 AM on November 5, 2015 [1 favorite]


Thanks to legislative maneuvering by former Rep. Ron Paul (R-Texas) in 1999, the federal government can't fund any sort of system with unique health care identification numbers... Social Security numbers aren't a good fill-in; they're not on insurance cards, and in April Obama signed a bill that will strike them from Medicare cards in order to reduce identity theft.

Ironically Paul also proposed a bill to phase out of the use of SSNs for non-SSA business back around this time. Hopelessly impractical, as they were already the de facto unique ID for citizens. But it's not clear that having the government generate yet another lifelong unique ID and slapping HIPPA protection on it would be that much better. (Then again, it's not clear that letting the likes of Experian handle it is great, either)
posted by RobotVoodooPower at 11:19 AM on November 5, 2015


APL is comparable in unmaintainability, I'm told

APL!!! I worked with APL at an old job (and I'm not even a programmer, we used it for complex calculations). And the bosses were so dedicated to it that when windows 8 came out, it wouldn't work, so I had 2 laptops, one of them specifically to run APL on an older version of windows.
posted by LizBoBiz at 2:04 PM on November 12, 2015 [1 favorite]


So I'm currently a resident at a hospital that uses a terrible order entry system(too cheap to implement full electronic documentation), a former epic employee, and used to work for a FQHC doing IT work. Epic is not really a technology company. They are really a service company and customer service is the main reason they have kept most of there customers. Their customers really are the executives of the organization, but that really applies to all the EHR companies. At a lot of hospitals doctors and nurses are becoming replaceable cogs.
What is really the problem in my opinion is hospital administrators and general focus on profits or anything not related to patient care. The reason that most people adopted an EMR was because of the HITECH act and not that they wanted to increase the efficiency of the hospital or improve patient safety. At this point I would say you definitely do not want to be at a hospital with paper orders. The number of mistakes and bureaucratic problems caused by paper orders is ridiculous and it is only second to the inability to read various doctors notes and figure out what there plan is or why something was done. Most paper notes are fairly brief. While with EMR you can read various doctors notes, but it doesn't tell you much because it is templated. I can not stand point and click notes that most ER use. They do not tell much of anything, but are useful for billing purposes.
posted by roguewraith at 11:50 PM on November 21, 2015 [2 favorites]


Re: the comments about Kaiser above. Kaiser is on Epic.
posted by Lukenlogs at 4:29 PM on November 29, 2015 [1 favorite]


« Older "Will you walk a little faster?" said a whiting to...   |   What happens when America's food banks embrace... Newer »


This thread has been archived and is closed to new comments