Despite its best efforts over the past two-plus decades, the healthcare industry has seriously lagged when it comes to implementing secure, user-friendly, and fully digitized medical recordkeeping. But this situation has started to shift as people in the field begin to encourage and embrace much-needed change through legacy recordkeeping and the implementation of new technologies.
The challenge has been threefold: one part business administrative challenges; one part regulatory and compliance requirements; and one part disparate vendor platforms and systems that do not talk to each other. According to a recent study completed by SAP Center for Business Insight, 400 global C-level executives agreed that digital transformation is critical to survival, and healthcare organizations are in relatively early stages of this journey.
Are your medical records secure?
Personally identifiable information (PII) refers to any data that can potentially label, name, pinpoint, or single out a specific individual. And any information capable of distinguishing one person from the next can be used for de-anonymizing anonymous data, which falls under the category of PII. So in the world of healthcare, keeping a patient’s PII safe is the ultimate challenge—and the ultimate goal. Because we all have medical needs, most of us have found a General Practitioner (GP) who can refer us to specialists for various healthcare issues, whatever they may be. And sometimes we end up with an unexpected visit to the ER while on vacation in a place far, far from home.
Each one of these medical offices we may visit have a different set of records and different practices for keeping them organized and safe. Believe it or not, one virtualized centralized medical record “hub” has yet to be established. According to HIPPA guidelines, the Health Insurance Portability and Accountability Act passed by Congress in 1996, a medical professional can share a patient’s records by fax, email, the post office, or through a secured online portal. This leaves a lot of room for error, as the potential risk of losing data in translation, or even worse—not capturing or communicating it all, is real. Think about it. All it takes is one medical professional to misread or incorrectly document a patient’s allergy information for someone else to administer dangerous medication or complicate an existing health issue based on misinformation. Honestly, it’s like a bad game of telephone—or rather, a lethal one.
Billion and billions of medical records exist in the U.S. alone, all of which need to be readily accessed in the event of a health problem, which means industry providers are required to keep a patient’s medical data for up to 10 years. This creates an additional challenge—storage. Whether a paper file or a digital file, these records take up space.
The Promise of Cloud-Based Technologies
Moving medical recordkeeping to the cloud using Electronic Health Records (EHRs) can solve some of the challenges that healthcare providers and patients have faced when it comes to the paper chase. In 2009, Congress authorized and funded legislation known as the Health Information Technology for Economic and Clinical Health Act to stimulate the conversion of paper medical records into electronic charts.
While many hospitals and medical offices have since done this successfully, electronic health vendors’ proprietary systems haven’t always been compatible with one another, and an untold number of patients undergo duplicate procedures, or fail to get them at all, because key pieces of their medical history are missing. And there are other risks associated with this type of digital transformation, especially as they relate to cybersecurity. When it comes to ensuring that medical records are stored securely online, do the technology providers have our best interests in mind? Some would say yes.
The information in medical records is sensitive and private information. Many ethical and legal issues are implicated in their maintenance, such as third-party access and appropriate storage and disposal. Although the storage equipment for medical records generally is the property of the health care provider, the actual record itself is considered (in most jurisdictions) to be the property of the patient, who may obtain copies upon request.
The good news is that today every human touchpoint is considered when it comes to the usability and portability of hardware and software, from patient to caregiver to hospital administrative workers. And as with any industry, the more we remove friction and obstacles, the more people can do their jobs, save time, and prevent mistakes.
Regulation around EHRs is stringent, the training of healthcare professionals rigorous, and transparency of telemedicine has enabled patients to have more control of their healthcare and wellness. However, it’s worth noting this does not factor into the topic of health insurance.
The Human X Factor
Along the evolutionary path of digital transformation, the real rogue factor is a human one—we make mistakes. People don’t always communicate as well as they ought to, which causes duplication of efforts, loss of data, or security breaches. Perhaps a record is not entered into the system correctly. Or, a file is accidentally deleted. Or, a server is hacked by outside entities. All of these are real possibilities.
One exception to this scenario, on the spectrum of up-and-coming solutions, is the example of a New Zealand-based company delivering services via a Microsoft-based platform called Whanau Tahi (Fan-u-tah-hee). The social enterprise provides a human-centered case management solution that removes communications barriers, eliminates duplication of efforts, and empowers practitioners and the families they serve.
Guided by Māori principles of Whanau Ora, or “family well-being,” the team has worked with social service agencies and the government for over 30 years to develop a secure, integrated case management solution that is built on this family-centric philosophy. This type of total transparency between doctors, patients, and their families can build more trust and security within the healthcare industry. The U.S. has a lot to learn from this unified approach.
Legacy Vendor Lock-In
The final mitigating factor affecting the successful digital transformation of the healthcare industry, which directly affects recordkeeping practices, is vendor lock-in. As with many enterprises or companies, people in medical practices or hospitals approve IT budgets to implement systems, such as databases, storage servers, or tablets for mobile patient intake. This is often a large expenditure. Each healthcare organization is different and has varying requirements when it comes to EHR selection.
With the accelerated rate of technology development and advancement, administrators and IT professionals who make important decisions often cannot keep up with the newest, greatest thing. So, while there are better solutions out there, the medical providers—like hospitals, universities, and private practices—are beholden to a vendor contract or outdated hardware they simply cannot afford to swap out.
We, as patients, need to feel more confident and trusting of how our medical records are being securely managed, shared, and stored. These key factors must work together in an integrated manner. The human factor, the technology factor, and the compliance and regulatory factors have created a complex healthcare ecosystem that already feels overwhelming for many people. The healthcare industry may be moving at a glacial pace, but at least it is moving in the right direction.