In this digital age, we have devices that track our daily exercise and the quality of our sleep. Test results are sent from lab to physician in hours, and doctors can see patients over video conference. And yet, a patient sometimes can’t easily have her medical file sent from one doctor to another, even in the same building, and sometimes medical record software is so difficult to work with that a doctor can only search one page at a time.
Our medical records were supposed to join the information age: a single repository with a person’s entire medical history, accessible to all who should see it, safe from those who shouldn’t, easily mined to improve individual care and the health care industry at large. Presidents Bush and Obama signed on to the movement, creating incentives for doctors to switch to EHRs and penalizing them if they didn’t. The federal government invested heavily in EHRs over the past decade, around $30 billion, trying to achieve their widespread use. But we are still a long way off, and before we get there, there are questions about data ownership and privacy to be worked out.
Most hospitals now use an electronic system, and more than three-quarters of doctors’ offices use of some kind of electronic record. But those records are tucked in a complicated web of hundreds of kinds of proprietary software with limited applications that frequently don’t talk to one another.
For the sake of simplicity, I’m referring to electronic records that contain health information as “electronic health records” throughout this article. Ostensibly, there are three kinds of records: electronic medical records, which are like digital versions of the paper charts that traditionally lined doctor office walls; electronic health records, which are meant to include all the records of care a patient gets, from a variety of doctors or labs; and personal health records, which are essentially the same as EHRs but are managed by the patient, not the doctors.
An EHR is supposed to contain all the things that are or were in a paper record — medical history, diagnosis, lab tests and prescriptions — as well as data collected from our many personal tracking devices and information that paper records never could, like reminders for best practices on treating certain diseases or warnings when there’s a potential conflict between two medications. All of this in a secure location and readable format.
In present reality, most health systems in the U.S. use a hodgepodge of paper and EHR softwares that leave the left hand out of view of the right. Just half of doctors’ offices use even a basic electronic system. As a result, for many of us, there isn’t a lot of medical data in our EHR at all, or we have a bunch of records with bits of information that aren’t linked together electronically. While the percentage of doctors’ offices that used any EHR for something other than billing grew from 20.8 percent in 2004 to 82.8 percent in 2014, just half of doctors’ offices use EHRs that include a set of basic functionalities, like the ability to view lab results or order medications or input basic demographic information. That leaves nearly 20 percent exclusively using paper records.
There are also serious limitations with existing software. Look to mental health, for example. There has been a big push to get primary-care and mental-health providers to work together, especially to treat common disorders like depression and anxiety. The trend has shown promising results clinically, but EHRs have been getting in the way of this budding relationship. The language and codes used, as well as data-reporting requirements, differ by specialty, and EHR software isn’t currently up to the task of bridging those gaps technologically, according to a recent study in the Journal of the American Board of Family Medicine.
Nor have we dealt with the questions around privacy that are created or enhanced by the use of EHRs (let alone the security problems that have led to more than 1,300 major breaches in the past six years). The practice of separating mental-health records from more general ones, the norm for the past several decades, grew as a response to discrimination that people with mental health disorders were facing from employers, physicians and insurance companies, according to Deborah Peel, founder of Patient Privacy Rights, an organization that focuses on patient privacy. She points to decades of research that has found that people with mental disorders receive lower-quality health care as just one of many reasons that people might not want to disclose mental-health concerns to other providers.
“People need to control their most sensitive health information, both inside and outside of the health system,” Peel said.
There’s an ongoing philosophical debate about ownership of personal data — does the information belong to the person it comes from or to who gathers it? When it comes to medical records, the law is clear: The data belongs to the medical practice (New Hampshire is the lone exception, where the data in an EHR belongs to the patient, though the file belongs to the provider).
This is unnerving to many people — the record is about us, the patients, after all, and often includes our most sensitive information. Many doctors, however, want it this way. A recent survey on a social network used by about 40 percent of U.S. physicians found that two-thirds wanted to limit, either partially or completely, what part of EHRs patients could see. Doctors worry that patients lack necessary knowledge or context to fully understand their records or might be offended by the notes.
Numerous laws do protect patient privacy, most dating to the time of paper records, though they’ve been updated to reflect the shift to digital. These rules leave patients with a mixed bag of rights covering who can see their information and what can be done with it. Generally, a patient can see all the information in her files (with some exceptions for instances when a provider thinks it could harm the patient or someone else), ask a physician to make changes if she spots inaccuracies, obtain copies and have her file shared with anyone she requests. But she has no right to completely remove a file from a clinician’s office or have it destroyed.
A patient does have a right to an “accounting of disclosures,” which is the wonky way of saying that medical providers have to tell you who they share your data with, if you ask. But that right is very limited; providers don’t have to disclose if they have shared information for the purpose of treatment, payment or operations (so, most any situation where they can legally share your information). If a hospital shares information with a police officer, it must tell you. But if it passes on information to a pharmacy or to another physician, it generally doesn’t need to disclose that even if you ask, and the patient can’t prevent it. This has been a concern for people who don’t want their mental-health-care information shared with their general physician.
On the flip side, however, is the more widespread concern that people can’t see your data even when you want them to. That’s because it’s frequently difficult or impossible for one EHR system to talk to another. Although just a few companies run the software for the majority of doctors’ offices and hospitals in the U.S., there are hundreds of systems currently in use. Billions of dollars have been spent on building health information exchanges all over the country that can translate the data from one type of file to the next, but the groups involved in a national health information exchange that’s meant to be the great equalizer have so far only agreed on a handful of pieces of information that can be mapped across systems.
The federal government believes some of the difficulty is intentional — that medical practices and software companies are using “information blocking” to prevent data sharing. This could be a contractual obligation that limits data sharing or restrictions on what information is sent to providers in a different hospital system. Epic, the software company that provides EHRs to the largest number of providers in the country, says the only restrictions are standard rules to protect branding or proprietary software. Still, these practices are hard to untangle from attempts to discourage patients from going out of network or to lock-in consumers to certain software, making it hard to identify information blocking, let alone regulate it. And the Federal Trade Commission says the complaints about practices that lock medical offices into a particular brand of software and fees for exchanging information keep pouring in.
The lack of “interoperability,” as it’s called, among EHR systems doesn’t just cause frustration, but can lead to medical errors and redundant testing, according to Ross Koppel, a professor at the University of Pennsylvania who studies health information technology. Koppel first came to national attention when he noticed that his employer’s EHR was introducing errors into records. He has since gone on to document ways that limited regulation and industry influence have held back the development of EHRs. “The cost of these errors to individuals and to the health care system in general is non-trivial, which is the mathematical way of saying ‘holy mackerel,’” Koppel said.
Even when files can be shared between providers, what is sent is often a dumbed-down version of the file. It’s sort of like receiving a PDF of a string of numbers instead of an Excel spreadsheet: The information is all there, but it loses much of its utility. Doctors may not be faxing over records anymore, but is receiving the equivalent of an unreadable electronic PDF much better?
Electronic health records “are dramatically better than paper,” Koppel said. “But of course a sheet of paper costs a fraction of a penny, and these cost a million bucks.” Koppel says the $30 billion spent by the federal government to date worked to encourage the transition to digital but did nothing to help develop data standards that would allow different EHRs to easily share information about patients. Those data standards are key to making EHRs work like they should. The mess of EHRs we have to date indicates that without some strict standards, these shiny new data sets won’t live up to their potential.