Friday, December 12, 2008

Electronic Medical Records -- at what cost?

President-elect Barack Obama has made Electronic Medical Records (EMRs) one of the centerpieces of his plans for economic stimulus and healthcare reform. Now I'm certainly in favor of both stimulus and greater access to healthcare with lower costs, but I have some serious concerns about the use of EMRs to accomplish this. While automation would undoubtedly improve the productivity of healthcare delivery, it is also likely to improve the productivity of misuse. And considering how sensitive health information is, we need to be extra careful about building in safeguards against misuse. I just don't have a lot of faith that those safeguards will be thought out or implemented properly.

Let me start with the good part. The expectation, as I understand it, is that EMRs would
  1. provide stimulus by employing a large number of IT and healthcare professionals to implement the EMR infrastructure

  2. improve healthcare quality by centralizing information about a patient, to enable more informed decisions by healthcare providers (thereby also reducing dangerous errors)

  3. reduce healthcare costs by reducing duplication of services, dangerous errors and insurance fraud

  4. though nobody mentions it much, these days, I'd have to say another benefit would be the research that would be enabled: with large bodies of patient information, it would become possible to analyze more thoroughly the efficacy and safety of various drugs and treatment protocols, as well as disease models, etc.

Now I'm all for these goals. Especially the bit about employing more IT professionals. Not to mention the bit about helping scientific research (I still have a soft corner for AI and medicine, and all that, don't you know?) And I do believe that all of these benefits would ultimately be realized.

However, there are two main classes of concerns that I have:

  1. I don't see net cost savings any time soon (like any time in the next 8 years)

  2. I see massive societal risks to consolidating patient information
We're already up to our ears in debt, and we need some big spending to get our economy going, so what the heck? Cost savings isn't the gamechanger in my mind. I consider the societal risks the more serious issue, so let's begin with that.

First of all, I hereby admit that I haven't been able to find any details on exactly what an Obama administration would call for, in terms of EMRs. And the exact risks depend on the exact model. From a purely productivity point of view, I imagine that the ideal thing would be for a massive central database of health records for every patient in the country. It is possible that Obama envisions something rather different, such as a sort of federation of independently owned and operated databases managed by different stakeholders, with rules about when and how they can exchange data. But even in a de-centralized approach, there would almost certainly be design requirements to ensure ease of exchange of information, which in practice would probably lead to more or less aggregation of information about individuals. So most of my comments will address the risks of a centralized database. However, you may be certain that arguments over the exact model (centralized or federated or ...) will dominate the first several years of the effort -- different parties (companies, industries, trade and professional organizations, etc.) will have a lot at stake in the decision of what model to adopt. Hence some of my cynicism about when we can expect to see any savings. But I digress.

So what sort of risks are we looking at? I can't begin to do justice, but here's some broad categories:

  1. Risks from malicious outsiders (hackers, etc.)
    A massive database of patient information would be an exceptionally juicy target for all sorts of hackers for all sorts of reasons. It would be a fantastic target for a Denial of Service attack: just imagine the havoc you could wreak by taking the system down -- the health of millions of people could be put in jeopardy. (Denial of Service would be less of an issue in a de-centralized model.) It would also be a terrific target for all sorts of hackers aiming for shake-down information about specific individuals (e.g. politicians, celebrities, annoying next door neighbors, ex-girlfriends, etc.)

  2. Risks from (malicious) insiders (people who have legitimate access to data but misuse it)
    Anyone remember the flap last spring about those naughty State Department contractors who peeked at Obama's passport records? Just imagine that on steroids. Again, we're talking about all kinds of possibilities of improper access to peek at records of politicians, celebrities, annoying next door neighbors, ex-girlfriends, etc. Some of this can be prevented with proper auditing (which was responsible for catching the passport peekers). But given the large number of people potentially involved in providing healthcare services, I believe that there is still considerable risk from this. Of course, there could be some entertainment value. Imagine the fun that we'd have when unnamed sources from a large hospital divulged to the National Enquirer that some pro-life candidate once had an abortion 10 years ago :-) Oh yeah, and apart from the malicious thing, how long until some contractor goes out for lunch carrying around health records for 300,000 patients and loses the laptop?

  3. Risks based on poorly designed policy (who do we give access to the data and what are they allowed to do with it?)
    Number one on my list would have to be: what do insurance companies get access to and what do they get to do with it? Full patient information for health care providers also potentially means full information for insurance companies to simplify their cherry picking. We need to build in anti-discrimination policy. This would be far less of a worry to me if we were looking at a single payer system -- ain't gonna happen. Number two on my list would probably be the financial pressure for targeted direct-to-consumer marketing. What a gold mine for pharmaceutical companies (and/or hospitals co-marketing on their behalf)!

  4. Risks based on poorly designed processes
    I recently read a piece by Tom Yager which really gives me pause. He describes a rather unpleasant personal experience with e-prescription (a small part of EMRs), which almost amounted to a denial of service for him. When you're talking about things that people's lives depend on on a day-to-day basis, you've got to be especially careful to not hold them up because "the system said so". But it's not easy (and it is fraud-prone) to build flexibility into a system. Also, consider the potential for errors and identity confusion. Imagine your situation if somebody entered a positive HIV test result in your record, intending it for someone else with the same name? There's been lots of fun with the no-fly list (google David Nelson no fly). Imagine the fun with a nation-sized list (a couple of orders of magnitude larger). By the way, this is one place where a single centralized database might work a little better, in that you could have a national ID that could uniquely identify you. Oh, I forgot...Social Security Numbers...identity theft. Forget I mentioned that.
Apart from the risks inherent in EMRs, I see the cost-savings as gradual, at best. If we're talking about a single central database, you can just forget about it until oh, I don't know, maybe some time before Sasha and Malia O. retire. A typical largish project, in my experience requires about
  • A year to argue about what the project goals are (scope, standards, etc.)
  • A year to decide on an approach to the project (technologies, buy-vs-build, players, etc.)
  • About two years to implement a rudimentary system that achieves about 60% of What We Really Want -- enough to give an illusion of business as usual, but not enough to feel really comfortable
  • A year or so to get people up and running with the rudimentary system and develop workarounds for the kinks in the system
  • Several more years to evolve to a mature system with most of the functionalities that users need and just a few annoyances
And mind you, I've never worked on a really large, government-sized, industrial strength project. (I have worked on a smallish government project, and it's in the mature stage where non-radical changes take 8 months.) If we're not talking about a single central database, change could be achieved more quickly, but delay will arise due to incompatibilities between independently developed systems that will need to interoperate. And don't forget, once there are systems in place, it will take time to get data from existing paper records into electronic format. Again, I think we can expect that once a system's in place, there will be savings. Just don't expect a quick payoff.

So am I saying we shouldn't implement Electronic Medical Records? No, I don't think so. No more than I am saying that we should ban pencils because some people use them to write hate literature. No more so than that we should forget about computers because they cost more and are more complicated than pencils and paper.

But I would call for some sober reflection on what we are getting into.

Edited 1/12/09: CNN has an interesting piece which makes many of the same points. It has some useful statistics, I think.