DC Medical Malpractice & Patient Safety Blog

Medical records are supposed to be a truthful repository in real time of everything that happened to a patient. Their integrity is vital to high-quality patient care and to the ability of a patient to hold providers accountable in court if things go wrong. So word of widespread abuse of shortcuts allowed by electronic record systems is important for patients, lawyers and safety advocates.

A recent op-ed piece in the New York Times by Dr. Leora Horwitz, an assistant medical professor at Yale, documented problems like copy-and-paste where one provider's error early in a patient's treatment gets replicated over and over by later providers who are supposed to be recording their own independent observations of the patient.

Another issue is the too-tempting way that an e-system can allow a single mouse click to populate every box of a fill-in-the-blank physical examination with completely normal, healthy results.

Now more doctors have weighed in with letters to the Times editor on e-record abuses. One, Madhura Pradhan, a pediatric kidney specialist in Philadelphia, wrote:

The ease of using built-in shortcuts for documentation in medical records is teaching younger physicians to be efficient at the expense of being thorough.

Time and again, I see notes in charts that have clearly been copied or have been entered from standardized templates with conflicting information cited elsewhere in the chart. This not only compromises the patient-physician interaction but also makes me question the level of engagement of the physician in that visit.

Another, an internist in New York named George Lombardi, wrote: "It is deeply disrespectful and against a physician’s canon of ethics to take shortcuts in evaluating and caring for patients."

Still another physician, Dr. Margo Cohen of New York, wrote about the errors she discovered in the records of doctors caring for her husband's cancer -- how she as the wife had supposedly had long conversations and agreed with the care plans of doctors whom she'd never met.

A patient, Lois Berkowitz, had an interesting suggestion. Before the doctor can save the e-record, the doctor should be required to get the patient's agreement that the record accurately represents their encounter.

Not practical for all patients or for all situations, still, such a practice would go a long way toward getting us back to the goal: records that are accurate enough that they can safely guide future care and provide a database for malpractice analysis if the patient gets hurt.

Electronic medical records make it easy -- too easy -- to document that a doctor or nurse has performed a model examination of a patient. One click, and the empty slots fill in the results of a normal exam from head to toe. But was that thorough exam really done?

Copy and paste is another shortcut offered by electronic records that saves a lot of typing, but that can allow errors in a record to perpetuate from shift to shift and day to day. All it takes is a single mistake in, say, the past medical history taken of a patient when admitted to the hospital, and every other provider copies the error, with sometimes terrible results, as when the initial history taker, and then everyone else, misses an important disease that the patient has had.

An op-ed in the New York TImes highlights the downsides of electronic documentation. Leora Horwitz MD, a Yale medical professor and internist, says she wouldn't go back to the bad old days of handwritten medical records, but the new electronic records carry some dangerous temptations for busy providers and also make care more expensive. Dr. Horwitz writes:

Of course, you shouldn’t click those buttons unless you have done the work. And I have many compulsively honest colleagues who wouldn’t dream of doing so. But physicians are not saints.

Hospitals received $1 billion more from Medicare in 2010 than they did in 2005. They say this is largely because electronic medical records have made it easier for doctors to document and be reimbursed for the real work that they do. That’s probably true to an extent. But I bet a lot of doctors have succumbed to the temptation of the click. Medicare thinks so too. This fall, the attorney general and secretary of health and human services warned the five major hospital associations that this kind of abuse would not be tolerated.
...
In short, reading the electronic chart has become a game of looking for a small needle of new information in a haystack of falsely comprehensive documentation and outdated, copied text. Why do we doctors do this to ourselves? Largely, it turns out, for the same reason most people do most things: money.

Doctors are paid not by how much time they spend with patients, how well they listen or how hard they think about what could be wrong, but by how much they write down.

Of course, when you have an honor system for how much a doctor is paid, the documentation requirement is a natural check-and-balance to make sure the time really was spent with the patient. Now we need a way to make sure that point-and-click medicine and copy-and-paste medicine really serve the patients' interests.

This reinforces my advice to all patients: Read your own medical records. You may be surprised what you find there. You will always be educated, and sometimes you can catch flagrant errors, whether they are due to copy-and-paste issues or other problems. Last month's newsletter has more on how to get and read your own medical records.

Last year we wrote about how the privacy and security of your medical records are vulnerable, and what happens when those records are stolen and used by someone else pretending to be you. A story earlier this month in the Los Angeles Times explains more about how the illegal use of your medical records threatens not only your financial well-being, but how medical identity theft can endanger your physical health.

1. False information in your record is poison. If an impostor pretending to be you receives hospital care, orders prescription drugs or submits fraudulent insurance claims, those activities become part of your medical record. What if a blood type other than yours is recorded? What if a bogus drug-use history is attributed to you? What if tests results bear your name, but you’ve never had those tests? Accurate medical history is critical to competent care. Mistakes about your medical condition, whether honest or recorded because of fraud, can be life-threatening.

2. Be suspicious of offers of medical services tied to disclosure of your health profile. As reported in The Times, the Federal Trade Commission said, "Medical identity thieves may pose as employees of insurance companies, doctors' offices, clinics, pharmacies and even government agencies to get people to reveal their personal information.” Be suspicious of offers of free medical services in exchange for supplying your insurance ID. Be wary of promotions offering to switch your pharmacy records for deeply discounted future drug purchases.

3. Don’t ignore bills for medical services you did not have and insurance company notifications that you’ve reached coverage limits. If legitimate, such correspondence is a strong indication that someone else is using your health insurance information to receive care. That’s true as well if you’re denied for an insurance policy due to a condition you don't have.

4. There’s a strategy to uncovering medical identity theft. You have the right to get your medical records from your insurance company and health-care providers. If you do this because you suspect record theft, don’t say so—if you have been a victim, the culprit might be part of that office. Also, according to the FTC, some providers deny you access to your records in the mistaken belief that they must protect the impostor's privacy; you don’t want to waste time providing proof otherwise. Anyone from whom you’ve requested your records has 30 days to comply.

5. Know how your information is shared. You have the right to find out from your insurer and health-care providers with whom they have shared information from your medical records. The FTC says knowing this helps you reconstruct a data trail, and shows where it veered from describing you to someone pretending to be you. You are entitled to one free copy of this accounting every year from each provider.

Clearly, the best way to protect against medical identity theft is knowing what’s in your file and when it’s being disclosed. See our recent newsletter, “Why Reading Your Medical Records Can Improve Your Health.”

Scrutinize your credit reports for medical debts you don't recognize. According to the FTC, AnnualCreditReport.com is the ONLY authorized source for the free annual credit report that's yours by law.

Visit MIB.com, to see if anyone has applied for life or health insurance using your name. The nonprofit MIB is a service provided by insurance companies that includes alerts about errors, omissions or misrepresentations made on insurance applications.

In addition, don’t entertain callers you don’t know who are seeking your medical information. Shred health-care documents—insurance information, bills, lab reports, etc.—you no longer need.

Anyone who has ever reviewed, inquired about or disputed an itemized medical charge has been introduced to the arcane world of bill coding. Every procedure, from the administration of an aspirin in the hospital, the use of a surgical sponge or the blood draw for a lab test, is assigned a code number.

As reported by Merrill Goozner earlier this month, the manipulation of codes can significantly boost a provider’s fees through “upcoding,” or inflating the seriousness of a medical condition in order to generate more tests. And more fees for them.

The codes, as explained in a recent story in the New York Times, require some subjective evaluation, and are meant to reflect how much care is being delivered. An emergency department patient with a simple case of indigestion would be classified by the hospital as using few resources, and would be reimbursed by Medicare only $50.

But a patient suffering from a presumed heart attack might require oxygen, be placed on a cardiac monitor and be sent for a CT scan. Those are higher, more expensive services that Medicare would reimburse for $323.

Referring to the story in The Times, Goozner describes the situation with HCA, a hospital chain we recently wrote about after an investigation found that it performed unnecessary cardiac procedures that boosted its profit. Apparently that wasn’t enough bottom-line helper. As Goozner notes, “In 2008, [HCA] introduced a new coding and billing system that over … two years … tripled the share of emergency room visits that received the two highest reimbursement rates paid by Medicare.”

“In other words, almost overnight, people visiting its emergency rooms got a lot sicker.”

Except, of course, they didn’t. They only seemed sicker on paper thanks to upcoding. And it isn’t the first time HCA has indulged in that unsavory practice—in 2000, the company paid $840 million to settle fraud claims for allegedly overcharging Medicare for upcoding pneumonia patients.

Goozner says that HCA is hardly alone; during the two years tracked by The Times, the percentage of emergency room patients receiving Medicare’s top two billing codes jumped from 58 percent to 74 percent.

It appears to be typical in the U.S. “The system,” Goozner says, “creates a powerful incentive for providers, especially those that operate as for-profit businesses, to shift patients into those sicker categories.” It’s a perversity of the fee-for-service model that’s undermining the ability to control health-care costs in the U.S.

The “diagnostic related group” (DRG) system for reimbursement was introduced more than 30 years ago. Between 1989 and 1996, according to a Dartmouth University study, the share of pneumonia and respiratory infections assigned the most serious DRGs increased 10 percentage points at nonprofit hospitals and 23 percentage points at for-profit hospitals.

In 2010, a Health and Human Services (HHS) report concluded that elderly patients requiring extensive rehabilitation therapy in skilled nursing facilities increased from 17 to 28 percent of that population between 2006 and 2008. But the age and diagnoses of the patients when they were admitted to the facilities hadn’t changed. That’s upcoding.

And according to the HHS study, for-profit nursing facilities were far more likely to recommend more extensive services. Thirty-two percent of patients at those facilities were given “ultra high therapy,” compared with 18 percent at nonprofits and 13 percent at government-owned skilled nursing facilities.

Medicare Advantage is the federal Medicare program that provides coverage via the private insurance market. As Goozner writes, “When President George W. Bush in 2003 announced that payments for beneficiaries in Medicare Advantage plans would be adjusted to reflect their medical conditions, the reported health status of those in the plans declined sharply over the next 12 months.”

And the “risk scores” for people in Medicare Advantage plans rose much faster over the next two years than people covered by more traditional Medicare.

As long as the predominant health-care business model is “the sicker they are, the richer we get,” the system will be gamed and costs will rise.

Twelve years ago, Helen Haskell’s son died because of a series of medical errors. That sad episode prompted her to found Mothers Against Medical Error (MAME), which offers support and advice for people who share such tragedy.

Haskell’s ongoing effort to quantify medical errors and the harm they can cause are detailed in her story on Reporting on Health, an online community for people to share information that fosters better media coverage of health and medicine.

You can’t head off medical harm, Haskell contends, until you can identify its reach. Until 2010, she writes, the primary source cited for the frequency of medical harm in the U.S. was a 1999 report by the Institute of Medicine (IOM). As venerable an institution as it is, the IOM collected data for the report from the 1980s and 1990s--old numbers that didn’t fully offer even a sense of what was happening at the end of that decade, much less more than a decade later.

In addition, the IOM reported only on hospital admissions (see our article, “Hospital Errors” ); but medical harm, of course, occurs in outpatient clinics and surgery centers, in physicians’ offices and nursing home, in dialysis clinics and chemotherapy centers -- wherever medical care is rendered.

In short, while the IOM metrics were solid, they gave an incomplete picture of the impact of medical harm in the U.S.

In 2010 and 2011, Haskell says, new studies were published by the Health and Human Services Department in the New England Journal of Medicine (NEJM) and Health Affairs that advanced the body of harm knowledge.

Employing a system called the Global Trigger Tool developed by the IOM, the studies probe medical records for evidence of potential adverse events. To no one’s surprise, Haskell writes, the newer research found “exponentially greater levels of harm than had been reported earlier by the IOM.

Specifically:

• more than 1 in 4 hospitalized Medicare patients had suffered an adverse medical event resulting in harm;


• approximately 180,000 Medicare beneficiaries died every year from their medical care;


• 1 in 3 patients admitted to three large teaching hospitals suffered medical harm, often more than once;


• nearly 1 in 5 patients in 10 North Carolina hospitals experienced at least one adverse medical event;


• a commonly used adverse event detection method—voluntary reporting and the Agency for Healthcare Research and Quality’s Patient Safety Indicators--was poor; it missed 9 in 10 of the events (Global Trigger Tool found at least 10 times as many confirmed, serious events).

The 1999 report, Haskell reminds, was considered a wake-up call for the health-care system to come to grips with the extent and repercussions of medical errors, but the newer studies showed that from 2002 to 2007 there was no significant change in the rate of harm.

The researchers concluded, “Though disappointing, the absence of apparent improvement is not entirely surprising. Despite substantial resource allocation and efforts to draw attention to the patient-safety epidemic on the part of government agencies, health-care regulators and private organizations, the penetration of evidence-based safety practices has been quite modest.”

This “modesty” was quantified:

• only slightly more than 1 in 100 U.S. hospitals have implemented a comprehensive system of electronic medical records;


• only 9 in 100 have even basic electronic record-keeping;


• physicians-in-training and nurses routinely work hours in excess of what’s proved to be safe;


• compliance with even simple interventions such as hand washing is poor in many centers.

That’s bad, but, as Haskell notes, we still don’t know how bad—or even if it’s less bad—because the most recent numbers crunched in the newest studies date from 2008; the least current numbers come from 2004. That’s better than numbers from the 1980s, but it’s not the most revealing information. Much has changed since the 1990s, but the tired data don’t tell us what changes increase estimates of harm, and what changes decrease them.

In the intervening years, medicine has become more corporate and more consolidated. Bottom-line pressure has intensified. The incidence of medical encounters has increased, but most occur outside of hospitals, where safety isn’t tracked.

In summary, our collective attention about medical errors and the harm they do has been piqued. But that’s only half the job of actually addressing and minimizing them.

Martha Deed is exactly the person anyone would want as his or her patient advocate. A psychologist and member of the Consumers Union network of patient advocates, she is trained in patient advocacy and has a profound understanding of patient safety issues.

Yet when her own chronically ill daughter was subjected to a daunting cross-current of hospital specialists and treatment, even Deed felt like a sock being tossed around in an industrial washing machine.

She recently wrote about the experience on Sporkworld.org, and came away with valuable lessons for all.

As designated advocate for her 36-year-old daughter, Millie, who suffered from Behcet’s disease, an obscure autoimmune disorder, Deed had been through multiple medical emergencies and hospitalizations. She knew her daughter’s wishes, her response to various medications and her complicated medical history.

When Millie contracted a respiratory infection, few of Millie’s treatment providers had ever encountered a person with Behcet’s and none had ever spoken to her about how she wished her illness to be handled.

On admission to the hospital, Deed soon learned the limits of her superior knowledge. “I knew only what Millie’s previous illnesses had taught me. Each new hospitalization required a steep learning curve. [This] hospital was not treating Millie for Behcet’s. They were treating her in the ICU for respiratory failure due to swine flu. Behcet’s, to them, was an interesting side issue that they had little time for in an emergency.”

What ensued was a torturous adventure trying to communicate with uninformed professionals and coordinating care for two diseases whose treatment options often were contradictory. Medications that exacerbated Behcet’s were given to Millie without Deed’s knowledge, and sometimes in defiance of her directions.

We’ve written frequently about patient advocacy, including “Bringing an Ally with You to the Doctor’s Office,” “Protecting a Loved One in the Hospital” and “When the Doctor Isn’t Sure: What You Can Do.”

After Millie’s death, Deed learned:

• If you do not have accurate information about your family member’s treatment, you cannot advocate effectively.


• If staff does not accept documented medical facts about the patient, the hospital’s patient safety efforts may fail.


• Patient safety personnel cannot work effectively if there are gaps in handling a patient’s concerns.


• If you don’t know who is in charge, your concerns may not be addressed.

Before hospitalization, Deed recommends:
1. Look up your local hospitals on your state health department’s website for information that might include the record of citations and corrective actions that have been taken against them by the Department of Health.
2. Look up results of patient satisfaction surveys for the hospital. Check for infection rates, medical errors and mortality and failure to rescue rates as reported by Medicare’s Hospital Compare.

If hospitalization is a surprise:
1. Read the hospital’s orientation material carefully. Find out who is in charge of your loved one’s case. Be present for rounds by that physician.
2. Make sure that others are available to visit and comfort the patient if you are engaged in advocacy.
3. Have someone stay with the patient as close to 24/7 as possible--problems can occur day or night. Do not attempt to do it all by yourself.
4. Get some rest yourself so that you can remain helpful and clear thinking.
5. Keep a log so as not to lose track of what is happening with your loved one’s care. Include notes of any contact with medical staff. This can help prevent misunderstandings as well as mistakes.
6. The hospital probably prefers a single contact person. But that person—you, the patient advocate—can benefit from discussing the patient’s treatment with someone who knows the patient well and is trusted by him or her. The back-up can help identify communication or treatment gaps.
7. Be polite, even in an emergency in which you must engage the highest levels of hospital hierarchy.

The concept of coordinated care is considered a best practice, but in light of a recent survey and story by NPR, the Robert Wood Johnson Foundation and Harvard School of Public Health, it’s hardly a widespread one.

A few years ago, we wrote about what happens to hospital patients when the facility’s right hand doesn’t know what the left hand is doing. The story told how the lack of coordinated care resulted in 1 in 5 Medicare patients being readmitted to the hospital within 30 days.

Earlier this year, we reported that some health insurers are beginning to appreciate the wisdom of coordinating patient care in terms of both health outcomes and cost savings.

Coordinated care involves a therapeutic plan that integrates the efforts of all of the patient’s medical and social service providers. It might designate a single person to manage all of the collaborators or simply might be an understanding they share to ensure efficiency and communication. The point is to maximize resources, minimize duplicate procedures, reduce costs and, ideally, prevent harm.

That didn’t happen for Andrew Dasenbrock, one of the subjects detailed in the NPR story.

A 32-year-old a self-employed IT consultant, Dasenbrock says he can't afford health insurance. When he woke one night with intense stomach pain — "like shards of glass traveling through me," he said—he went to an urgent care center nearby. Doctors ran several tests, couldn’t settle on a diagnosis and sent him to the hospital.

The hospital was part of the same system, but its staff was not alerted to Dasenbrock’s arrival, nor were his records transferred. He was forced to fill out the same questionnaires and repeat all the same diagnostic tests. He remained in excruciating pain.

The hospital diagnosed an ailment that, while painful, wasn’t serious and required only that Dasenbrock ingest a lot of fluid. He went home. Two days later he received two bills totaling thousands of dollars.

"I laid the two bills next to each other and it was literally word for word, letter for letter and line item by line item the same charges ... for all the tests I had gone through," Dasenbrock said. He had to pay double what he should have for his care.

Another tale was told by Jacki Bronicki, whose father was 80. He had Parkinson’s disease, but the retired engineer and physics teacher was mentally acute and responding well to his treatment.

Last year he fell, broke three ribs and was admitted to the hospital. His mental state began to deteriorate by the second day. "He wasn't even coherent by the third day," Bronicki said.

Bronicki said that the parade of doctors who saw him seemed to assume that his confusion was, for him, normal, and reflected his age and condition. Bronicki said she had to explain to each new doctor that he had Parkinson's, that his mental deterioration was not his normal, that he usually was coherent.

Finally, a neurologist finally figured out that all the different doctors had prescribed different pain medications, and the drugs were interfering with Brown's Parkinson's medication. That caused his mental deterioration and made his limbs rigid.

His prescriptions were realigned, and he improved. But Bronicki and her sisters felt they had to remain at his hospital bedside 24 hours a day to prevent another medication error. And, she reported, "He has a lot more dementia than he had a year before. He can't walk anymore. And I'm not sure if it would have normally progressed like this, or if we really sped it up."

It wasn’t they who sped it up; more likely, it was the lack of communication and coordination among all of his caregivers.

Certainly, many of the survey respondents were pleased with their care. But of people hospitalized in the last 12 months:

• 30 percent said doctors, nurses and other health-care professionals communicated poorly with each other;


• 24 percent said doctors, nurses and other health-care professionals didn’t communicate information about their condition or treatment.

To prevent mistakes and unnecessary costs that result from uncoordinated care, ensure that in advance of your need for care by multiple parties, you and your loved ones have a patient advocate (read our article “Bring an Ally with You to the Doctor's Office”). Get and maintain a complete patient history, and make sure all of your care providers have it.

Early in 2009, President Obama signed the American Recovery and Reinvestment Act (ARRA). Commonly known as the Stimulus, or Recovery Act, it was intended to juice the sluggish economy, and it reached into all corners of our culture. One of its effects on health care was the establishment of a national electronic medical record (EMR).

Financial incentives were provided for medical providers to transition to electronic record-keeping. Well-designed and well run e-record programs improve efficiency and enhance patient safety, but they require conscientious attention on the part of designers and providers.

One such provider, a cardiologist and a fan of EMR, recently had an experience that prompted him to wonder if electronic record-keeping systems should be considered medical devices, and therefore subject to all the same kind of regulatory oversight given, say, a heart defibrillator.

Dr. Wes Fisher received a medical record from a major medical center that employed an EMR manufactured by a well-established, billion-dollar corporation. As recounted on KevinMD.com, he saw “one of the better examples of how EMRs are contributing to misinformation and confusion when health-care is delivered.”

The report was an internal medicine consultation of a hospital patient whose “medications” portion of the internist’s notes are posted on the KevinMD website exactly as received in the EMR, and identified as “Active Medications.” All told, 55 entries for medications were listed, and Fisher was “terrified."

Some medications were listed multiple times, sometimes with different dosages. Some drugs lacked dosages, such as warfarin, a blood-thinner that must be carefully dosed and monitored. Meds typically prescribed for outpatients are listed along with those typically prescribed for inpatients, making any reviewer of this record unclear what meds this patient is actually taking.

Fisher in no way excuses the internist, or any other doctor, from responsibility over the quality and accuracy of any medical record, whether it’s confined to an office or disseminated to other providers, facilities and insurance companies. But his overriding concern is that when EMRs are poorly developed and/or hospital administrators buy products capable of providing “useless and potentially lethal information about our patients” (his italics), doctors must speak up.

“So how will we measure problems with EMRs?” he asks. “It seems industry representatives would rather not address these concerns. We should ask ourselves, is anyone thinking about this?”

Fisher suggests the creation of an EMR registry similar to the data repository mandated by the Center for Medicare & Medicaid Services (CMS) for implantable cardioverter defibrillators (the ICD Registry). Its purpose would be to track adverse patient outcomes resulting from software systems and would enable EMR manufacturers to learn and improve from everybody’s mistakes.

To learn more about your rights in compiling, keeping and disseminating your medical records, read our newsletter article, “Why Getting and Reading Your Medical Records Can Save Your Life.”

Electronic health records (EHRs) hold much promise for reducing medical errors and improving quality of care, but the prospect that patient advocates can use EHRs to do an autopsy of where a patient's care went wrong has some in the medical industry sounding an alarm.

Last week a story (actually a press release, on closer scrutiny) in the Wall Street Journal's Market Watch talked about "Crippling Access to Physician's Actions" allowed by tattle-tale Electronic Health Records. Among the horrors described by IT consultant Dr. Sam Bierbock:

EHRs ... can also be audited to examine how long it took them to act after an abnormal lab result came in, if the doctor checked on on-line references before making a clinical decision, what was said in every email and how long the doctor took to respond, and even how long the doctor looked at a screen or scrolled down to read an entire document.

And this is a bad thing?

Fortunately there are patient advocates in the medical informatics industry. One is Scot Silverstein, MD, of Drexel University, who trained as a doctor in intensive care units, which have heavy demands for up-to-the-second monitoring information on the desperately ill patients they care for. Dr. Silverstein wrote a well-informed blog post on the real problems with EHRs and why it won't wash to make plaintiff attorneys and malpractice lawsuits the whipping boy for the industry's troubles.

Our firm represented a patient's family last year in a particularly tragic malpractice case where we used the hospital's "audit trial" of EHR records to show that a nurse was claiming to be in two places at one time. Her neglect led to the stillbirth of our family's child.

The alarm of IT consultants like Dr. Bierbock over the ease of auditing health care brought about by EHR's is really a false alarm. Yes, there will be closer scrutiny of medical decisions. But audit trails will lead to more accurate understanding of what happened in any tragic injury, and that should lead to better care for all.

First published on Technorati.

There’s an app for that.

Ever since Apple claimed primacy over the smartphone universe, we’ve all become familiar with that refrain. And as noted in a recent report on NPR, mobile medical applications are hot property. Even the stodgy American Medical Association (AMA) has introduced an iPhone app that keeps track of your medications.

It’s all good. Or is it?

We’ve discussed the benefits of electronic medical records. But when it comes to apps, as convenient as such medical assistants might be, there is reason to be concerned about breaches of privacy. That might not induce worry if your techno assistant is helping you adhere to a healthful diet, but some monitor blood sugar, blood pressure and screen for depression. Are you comfortable with strangers having that information?

Medical apps aren't covered by HIPAA, the federal privacy law that controls how doctors and health-care providers store and share patient health information. "They are offering to store and share some pretty sensitive information," Deven McGraw, director of the health privacy project at the Center for Democracy and Technology, told NPR.

Because of that hole in the law, what you consider private, personal information might be little more than marketing data to a medical app manufacturer. As McGraw said, "If their privacy policy says, 'From time to time we will share your information with advertisers,' they can do that."

And what if you lose your phone? What if it’s stolen? What if you share your phone so someone else can peruse your photos—what’s to prevent him or her from perusing other information you might otherwise choose to keep private?

Some app developers, including the AMA’s, offer password protection. That’s good but not impenetrable. Here’s what the AMA app disclaims:

When you purchase this application, you will be responsible for protecting the privacy and security of the information that you enter, and for deciding who to disclose, and give access to, the information. The AMA assumes no responsibility, and shall have no liability, for protecting the privacy or security of the information entered in the application or shared with others either intentionally or unintentionally.

Some med apps invite users to share their medication info with their doctors, pharmacist, family, etc., via email, but anyone who hasn’t recently moved here from Jupiter knows that email is hackable. And who hasn’t made the mistake of sending an email to the wrong recipient? A survey of doctors’ email habits concluded that most didn’t even follow AMA email protocol.

You’d think oversight of med app privacy would fall to the FDA, but last summer that agency was considering limiting its watch-dogging to apps that “could present a risk to patients if the apps don’t work as intended.” If it’s a consumer convenience and not a medical device intended for treatment, the FDA is going to pass.

That leaves the protection of your privacy up to you. In the era of sharing, of Facebook, of tweeting every thought that crosses your mind, the security of medical information seems awfully vulnerable.

Last week, the New York Times summed up pretty well what a lot of people have been thinking: “Poorly designed, hard-to-use computerized health records are a threat to patient safety, and an independent agency should be set up to investigate injuries and deaths linked to health information technology, according to a federal study…”

The paper was referring to “Health IT and Patient Safety: Building Safer Systems for Better Care," a report by the Institute of Medicine (IOM) calling for greater oversight of health-care technologies.

The U.S. Department of Health and Human Services (HHS) requested the IOM to evaluate electronic health records in the first place out of concern that some such products raised safety risks for patients. Practitioners were wondering if the boom in digital record-keeping is fostering a rash of medical errors thanks to balky, difficult or malfunctioning technology.

The report doesn’t decry the move – for reasons of both cost and care efficiency – from paper to electronic records, it just emphasizes that oversight must be part of the deal: “To achieve better health care, a robust infrastructure that supports learning and improving the safety of health IT is essential. Proactive steps must be taken to ensure that health IT is developed and implemented with safety as a primary focus. If appropriately implemented, health IT can help improve health care providers’ performance, better communication between patients and providers, and enhance patient safety, which ultimately may lead to better care for Americans.”

The IOM said an investigative agency -- like the National Transportation Safety Board, which investigates airline accidents and examines safety issues -- should be established for health-care technology. And that it should include tracking the safety performance of electronic health records.

So far, such efforts have yielded mixed results: There are tales of success, such as hospitals that use computerized, bar-coded prescription systems, but also tales of patient harm, such as delayed treatment due to lost data and/or problems with human-computer communication.

The IOM advised the Department of Health and Human Services (HHS) to devise a plan within 12 months to monitor patient safety risks associated with health IT, and to report on that progress every year. If, within a year, such progress is insufficient, the scientists’ group said the FDA should regulate these technologies, and that the agency should start planning for that now.

The IOM report is big on transparency. It is the government’s job to ensure that the private sector demonstrates concern for consumers by freely exchanging information about product use, “including details relating to patient safety.” You can’t establish a body of knowledge and develop a functioning market of safe products if you don’t share details of their risks.

This is thwarted today by the common practice of including nondisclosure clauses in contracts with vendors of IT health products. Such provisions impede efforts to improve safety by discouraging users from sharing information.

The report notes that clauses that limit liability (known as “hold harmless”) also undermine best-product practice by shifting liability “from the vendor to the users when an adverse event occurs.” As the story in The Times said, “Such language often limits the freedom of doctors and hospitals to publicly raise questions about software errors or defects.”

No one wants to stifle technological developments or the will to manage health care more efficiently. The key, as the IOM says, is to foster innovation without compromising safety.

Check out this graphic display of some of the statistics of hospital hazards. Infections, malpractice, errors due to poor record keeping, medication errors, mistakes due to sleep deprivation of trainee doctors: It's all displayed here, courtesy of a group called Medical Billing and Coding Certification.

Pharmaceutical companies love dish about doctors and patients almost as much as they love drug profits. One source of information they like to plunder to expand their markets is doctors’ prescribing histories. These “who,” “what,” “why” reports are one component of so-called “data mining” that has gotten much attention lately as a sometimes sneaky way to unearth potentially sensitive information.

The companies buy the reports from prescription drug intermediary (PDI) agencies that, as explained in an article in the New England Journal of Medicine, collect the prescription records from pharmacies and link them to physician information purchased from the American Medical Association.

Pharma sales representatives crunch the numbers in order to refine their sales pitches when they visit doctors’ offices. Critics of this process, known as “detailing,” claim that it:

• raises costs by increasing the use of brand-name drugs;


• jeopardizes patient safety through wider uses of drugs that haven't been studied appropriately; and


• compromises the privacy of doctors and their patients.

As the NEJM writers note, several states have passed laws to curtail detailing and restrict PDIs from providing prescribing information that identifies physicians. One PDI/pharma effort challenged a law in Vermont that prohibited pharmacies and PDIs from selling/licensing/exchanging prescriber-identifiable prescription information and from permitting its use for drug promotion. The case ended up in the U.S. Supreme Court on the claim that it unconstitutionally restricted free speech.

How information that is supposed to be private between a doctor and a patient can qualify as free speech seems preposterous on its face, but the court ruled in favor of the commercial interests in a long and carefully parsed finding that Vermont was biased against detailers and their free speech.

The authors of the NEJM article looked at both sides of the issue. “If laws like Vermont’s were to become widespread,” they wrote, “they would undercut pharmaceutical companies’ ability to detail physicians effectively, with the probable consequence that detailing would be greatly reduced. Although this outcome might well reduce the cost of prescription drugs, it would also reduce the amount of information that doctors receive. … detailing can have educational value. For all its problems, detailing — like its troublesome cousin, direct-to-consumer advertising — is probably of some benefit to patients.”

They explain that PDI databases are used to benefit public health as research material, and if PDIs were deprived of data-mining income, they might not invest in keeping such complete records. They also explain that landmark legislation to protect patient privacy remains strong. “[T]he Court defended the patient privacy provisions of the Health Insurance Portability and Accountability Act (HIPAA) of 1996, noting that HIPAA imposed a general ban on disclosure except in ‘a few narrow and well-justified circumstances.’ Although the Court did little to define the boundary between unconstitutional laws such as Vermont’s and sacrosanct ones such as HIPAA, it is clear that some restrictions on data sales will, if tailored finely and fueled by strong governmental interests, survive.”

The writers suggest that data-mining prohibitions could survive judicial scrutiny if they:

• broaden the ban so as not to finger only drug marketers; and


• sharpen the focus on privacy issues.

In other words, the authors found reason for hope that this one decision does not establish an impenetrable precedent for commerce to boost drug costs, pose a threat to public safety and invade private files.

Of course, doctors can always close their doors to sales reps, but that’s more pipe dream than likelihood. Because even if doctors are as loath to open their files to Big Pharma as the industry is hungry for the information, and even if doctors know that a sales pitch is less than objective, they still can learn something new, and they value the free samples.

If you’re concerned about this issue, and your doctor prescribes a drug:

• Ask if there is a generic option, and if it’s suitable for you.


• Ask if he or she embraces the AMA’s Physician Data Restriction Program (PDRP), which allows doctors to withhold prescribing data from sales reps but still share it for research purposes. According the NEJM, only 4% of physicians have signed on, probably because “the AMA’s financial interests cut against strongly promoting the program.”


• Tell him or her that you’re uncomfortable with your drug history being shared, and request that he or she not entertain pharmaceutical sales calls.

These measures alone probably won’t change anybody’s practice, but they will let your caregiver know that you’re informed and concerned. And that you can always find another doctor.

Here's a case that opens a window on how tabloid newspapers get intimate details of celebrity's medical lives: They pay hospital employees to rifle through private medical records.

The University of California, Los Angeles (UCLA) Health System has agreed to pay the federal government $865,000 to resolve allegations that its employees violated patient privacy, according to investigative journalists at ProPublica.

Between 2005 and 2008, UCLA employees repeatedly snooped in patient medical records, including those of celebrity patients Farah Fawcett, Britney Spears, Michael Jackson and former California first lady Maria Shriver. ProPublica had reported earlier how Fawcett (now deceased) had set up a sting operation to catch leaks to the National Enquirer about her cancer. In 2010, a former UCLA employee pleaded guilty to four counts of illegally reading private and confidential medical records.

The agreement with the U.S. Department of Health and Human Services requires UCLA to train health system employees who have access to patient records, to sanction those who break the rules of the Health Insurance Portabilityand Accountability Act (HIPAA) and to assign an independent monitor to assess its compliance for three years.

One person, two scenarios: the first almost effortless, the second chock-full of hassles. And with those hassles comes the danger of a malpractice event and a preventable patient injury. Consider:

Our Patient -- we'll call her OP -- had an appointment for a chest X-ray in the morning, and an appointment for a blood draw in the afternoon. The radiologist was on time, the procedure took mere minutes and it required only a small co-pay. Can a medical visit get any better?

Yes! When OP asked for a copy of the image for her own records, the office manager offered to put it online via an IT service that manages their office records on the cloud--an Internet data storage system accessed by log-in, enabling patients and doctors to share information.

Now for Scenario No. 2: After Our Patient had the blood drawn at the doctor's office, she was told to wait three days before calling for the lab results. When she asked that copies of the whole blood panel be sent to her for her records, she was told there would a processing charge unless she wished to make an appointment to make her own copies at the office. There was no option for online file sharing.

Lots of patients at that point would say to heck with it and would skip getting the lab results, with possible negative consequences for their health if the results showed something abnormal and the test result slipped through the cracks at the office of the ordering doctor -- a frequent problem with offices deluged with paper test results.

Last autumn, we reported about a study by the Institute of Medicine (IOM) to identify best policies and practices for improving health-care safety and reducing malpractice when using electronic health records. Its focus is the prevention of health IT-related errors, rapid reporting of patient safety concerns and methods to promote safety-enhancing features of electronic health records. Although the study results and recommendations are several months away, electronic record-keeping remains front and center.

Despite a vigorous campaign by the federal government and some large health-care providers to move the nation’s patient records from the Jurassic Age of paper to the Electronic Age of digital communication, most physicians and clinics have been slow to embrace the transfer. Apart from radiology, which the Los Angeles Times notes leads the digital charge, there are two overriding reasons for the health-care establishments to lag other industries in digital record-keeping.

The concern for patient privacy resonates with many people, especially in light of what seem to be daily disclosures of hackers compromising the customer data base of a bank, a social media platform, a large retailer… Both health-care providers and patients rightfully wonder about privacy and security.

The second impediment to efficiently computerizing medical records reflects the labyrinthian nature of codifying a wide variety of medical specialties and medical office practices to be organized by a myriad of IT companies vying for the business. According to MarketWatch, “Critics say the architects of the plan left out a means of ensuring that the systems in the emerging patchwork of proprietary software will be able talk to each other. On top of that, the very act of digitizing millions of patient histories represents a technological leap for the legions of doctors who remain attached to paper record-keeping.”

Because health care represents one-sixth of federal spending, and because, according to federal estimates, 80% of doctors and hospitals had yet to embrace even rudimentary measures to computerize records, the federal economic stimulus in 2009 included incentives for doctors to digitize their records. It’s hardly been a resounding success, and one physician’s experience might indicate why: His practice purchased a system from a small vendor for $400,00 ($80,000 per doctor), but looks to recover only one-sixth of the cost from the feds. “There’s no uniform code by which the medical community is operating, and no widely used software standard like Microsoft’s Windows being used,” MarketWatch reported.

So it might be a while before patients and their caregivers can access all of their records with efficiency and security. If you are considering keeping and transferring your records in electronic form, here, according to the Los Angeles Times, is what you need to ask to ensure they’re secure:

• *Is the IT company managing the records legitimate? Find out from the practitioner or facility that recommended it whether they have a "business associate agreement" with the vendor. This is a contract required by the federal Health Insurance Portability and Accountability Act (HIPAA), which spells out when health-care providers may share protected health information with other people or companies. The details of how that information is secured are established in a business associate agreement. Such a contract signals that the company that stores your medical information is HIPAA-compliant and that your privacy is being protected.


• *Will your data will be stored in the United States? Will all information will be encrypted before being sent across the network? “Yes” is the only acceptable answer to both.


• *Is contact information available on the vendor’s website? If the company’s site does not include staff member names, a company address and telephone number, decline its services.


• *What happens if something goes wrong? If the company goes bankrupt or is acquired by another, what happens to your data and who owns it? If the contingency isn’t clear or treats your records like a tradable commodity, decline its services.

Article first published as The Too-Slow Evolution of Electronic Medical Records on Technorati.

Medication errors in a hospital’s psychiatric unit were cut drastically with two techniques: an electronic prescription drug ordering system and a computerized method to report adverse events, according to new research from Johns Hopkins University.

The leader of the study, Geetha Jayaram, MD, MBA, an associate professor of psychiatry and behavioral sciences at Johns Hopkins School of Medicine, says that “with the use of electronic ordering, training of personnel and standardized information technology systems, it is possible to eliminate dangerous medication errors” altogether.

The findings published in the March issue of the Journal of Psychiatric Practice illustrate how the psychiatric unit at The Johns Hopkins Hospital in Baltimore went from a medication error rate of 27.89 per 1,000 patient days in 2003 to 3.43 per 1,000 patient days in 2007. And none of the medication errors during the study period caused death or serious, permanent harm, Javaram notes.

“Having something typed eliminates bad writing — and most errors — immediately,” she says. “It’s a good reason for going electronic.” Medication errors, which can be lethal, are known to be caused by illegible handwriting, misinterpretation of orders, fatigue on the part of medical personnel, pharmacy dispensing errors and administration mistakes. A pharmacy may misread what a physician has written or give the wrong medication or the wrong drug dose to a patient.

The computer program used in the psychiatric department also includes integrated decision support for drug dosage selection, drug allergy alerts, drug interactions, patient identifiers and monitoring — things that can be lost with a manual system that relies on layers of human beings to ensure the correct decisions are made, Jayaram says. The more the number of steps involved in the process, the greater the likelihood of mistakes.

Source: Scienceblog

You can read the complete study here.

The Institute of Medicine (IOM) will conduct a year-long study to identify best policies and practices for improving healthcare safety and reducing malpractice when using electronic health records. The study will focus on prevention of health IT-related errors, rapid reporting of patient safety concerns and methods to promote safety-enhancing features of electronic health records.

After reviewing the available evidence about how health information technology (HIT) affects patient safety and care, the study will issue recommendations to maximize the safety of HIT-assisted health care services. In addition, the study will discuss the potential effects of government and private sector HIT efforts.

Highlights of the study are expected to include:

• Summary of existing knowledge of the effects of HIT on patient safety;
• Identifying approaches to promote the safety-enhancing features of HIT while protecting patients from any safety problems associated with HIT;
• Identifying approaches for preventing HIT-related patient safety problems before they occur;
• Identifying approaches for surveillance and reporting activities to bring about rapid detection and correction of patient safety problems;
• Addressing the potential roles of private sector entities such as accrediting and certification bodies as well as patient safety organizations and professional and trade associations; and
• Discussion of existing authorities and potential roles for key federal agencies, including the Food and Drug Administration (FDA), the Agency for Healthcare Research and Quality (AHRQ), and the Centers for Medicare & Medicaid Services (CMS).

The study will be carried out under a $989,000 contract announced today by the Office of the National Coordinator for Health Information Technology, the agency charged with coordinating U.S. government HIT efforts.

Source: Earth Times

You'll find more information about the Institute of Medicine’s activities and projects here.

Many patients (and a few doctors) continue to be amazed that the law requires that patients be able to obtain a copy of their own medical records. And reading them is good for your health, I and other patient safety advocates maintain.

Here's what I wrote on a New York Times blog about this:

Getting and reading your own medical records is Step One of the advice I give patients to become involved, intelligent, and actrive in their own care. There are at least three things the patient learns:

1. Am I communicating well with this doctor? Is the history of my problems recorded in the records recognizable to me and reasonably complete?

2. Is there some lab test result that I need to know about where the communications has fallen through the cracks somehow?

3. Are there any errors that need correcting?

These are vital questions that help patients get to the right doctor and make sure tragedies don’t occur. Top providers like Brigham & Women’s Hospital, the Cleveland Clinic and the Veterans system make it easy for patients to read their own records online. Eventually, we will all read our records routinely, and we’ll be healthier for it.

Read comments from other Times' readers here.

A lot of doctors fret about patients reading over their shoulders, but as a non-physician who reads medical records every day, I can say without doubt: It's a good thing.

One hundred thousand preventable deaths from medical errors in hospitals each year: That is the usual statistic cited by patient safety advocates. It comes from a 10-year-old report issued by the Institute of Medicine of the National Academy of Sciences. The fact is, though, that the death and injury rate could be substantially higher. No one is sure, because no one is counting "adverse events" in a rigorous, systematic way, and evidence keeps piling up that hospitals under-report these events to health authorities and worse, cover them up.

An investigation by the New York Daily News of the city's municipal hospital system -- with eleven hospitals and 1.1 million patients treated last year, the nation's busiest city-run system -- found dozens of examples of failures to report egregious errors, and subsequent cover-ups including alteration of medical records to make it look like nothing had gone wrong.

The Daily News reported:

The coverups hid a trail of human suffering among patients who were maimed and relatives who were never told the truth about how their loved ones died or were injured unnecessarily.

The newspaper found a pattern of failures by state health authorities to act on evidence of fraudulent behavior in covering up the injuries. Moreover, it found that the state reporting agency itself was dysfuctional. According to the article:

The state is supposed to track and analyze all medical incidents and implement improvements. The problem is this oversight system — the New York Patient Occurrence Reporting and Tracking System (NYPORTS) — is a disaster.

Since 1999, all New York hospitals have been required to self-report a long list of medical incidents to NYPORTS, which in turn analyzes the incidents and implements patient safety reform.

Sunday NYPORTS barely functions. The Statewide Council that oversees it hasn't met in more than two years. Though NYPORTS is supposed to release "annual" reports, the last one filed is dated 2004.

To avoid needless injury, patients have to be vigilant about their own health care. That is why I wrote my book, "The Life You Save," which lays out a system of nine simple steps for patients to follow to get the best medical care and avoid the too-frequent disasters that happen in our fragmented care system.

A column in the New York Times by Pauline Chen, M.D., relates how a colleague of hers named "Ed" crashed and burned on his way to becoming a general surgeon, seemingly because of his difficulty in learning from his own mistakes.

The blog comments by both doctors and patients are revealing. Many make the point that physicians can deal with the stresses of medical practice, and become better at their craft, by being less obsessed with perfection and more open to working with others in a supportive, teamwork environment. I particularly enjoyed a comment (No. 121) from "Susan," that linked the issue to the recent story by Jane Gross in the Times about the Sisters of St. Joseph near Rochester, New York, who have figured out that putting the patient's wishes at the heart of the enterprise makes for more humane and better health care.

Here is the comment I posted on the Times' site:

Susan’s comment is right on target. A team ethic, and the recognition that “we’re all in this together” — patients included, goes a long way toward making the inevitable small mistakes a teaching moment rather than one step toward a disaster for the patient. And when disaster does happen, honesty is always the best policy. I represent patients in lawsuits against hospitals and doctors, and can say emphatically that the medical industry could greatly reduce its exposure to legal actions if hospitals and doctors would just respond with maturity and complete candor when mistakes happen.

One more change in philosophy could help reduce the toll of medical error. If patients were more involved at every step of the process, we could help nip a lot of disasters in the bud and get better care for ourselves and loved ones. There is much that we can do, starting with reading our own medical records. I just wrote a book about this called “The Life You Save: Nine Steps to Finding the Best Medical Care — and Avoiding the Worst.” Chapter One can be read at http://www.lifeyousave.com.

Evidence continues to pile up for why patients need to read their own medical records. A new study finds it is distressingly common for primary care practices, especially big ones, to fail to inform patients about abnormal test results.

The study was published in the Archives of Internal Medicine and was reported by Nicholas Bakalar in the New York Times. The study was also featured in Tara Parker-Pope's "Well" blog at the Times, which features a number of horror story comments by readers.

Overall, the study found seven times out of 100, abnormal test results were not conveyed to patients. In two large primary care practices, one in four abnormal test results were never mentioned to the patient.

Bottom line: Patients who don't hear back the results of their testing can never assume that no news is good news. People need to ask for a copy of their test results from either the doctor's office or the lab where the test was done.

Getting and reading your own medical records is Step One in the nine-step system I recommend for getting the best medical care, in my book, "The Life You Save: Nine Steps to Finding the Best Medical Care -- and Avoiding the Worst."

The NY Times Well blog has a podcast of Dr. John Hickner, professor of family medicine at the University of Chicago, discussing why patients should always call their doctors to follow up after having a medical test done.

We have previously discussed the issue of medical test results getting lost in transmission: the patient will expect the doctor to call if there is bad news, and will feel reassured if he or she hears nothing, while the doctor's office will wait for the curious patient to contact them, or will simply forget, and the patient "falls through the cracks." As a result, the patient may not hear about important test results.

The best way for patients to deal with this is to remember to call their doctors after testing and keep in mind that no news is not necessarily good news.

Another thing that patients can do is always ask the testing facility for a copy of the test results. Some laboratories and radiology offices resist this, but every patient has a right to their own records.

Serious injuries can happen to patients from delayed treatment due to these failures of communication, so it's important for patients to be pro-active about their test results.

A new study from the journal Quality and Safety in Health Care, and discussed in the NY Times Well blog, reveals common testing mistakes by primary-care doctors. Of course, the same kinds of errors can happen in hospitals and other health care settings.

Out of close to the 1,000 mistakes experienced by 590 patients, the following testing mistakes were the most common:

-13% involved ordering the wrong test or failing to order a test

-18% involved performing the right test, but doing it improperly

-25% involved delays in getting tests back from the laboratory, failure to get the tests back at all, or errors on the results report

-7% involved failing to follow up with patients after receiving results from the laboratory

-75% of the mistakes caused the patient to suffer (through delays in proper treatment, greater expense, physical pain or worsened overall health).

What can a patient do about this? A possible solution would be to carefully ask and write down what specific test your doctor has ordered for you. Ask when the results of the test are expected from the lab. Then make sure you call to follow up after the doctor's office should have received the results. Read the results report, if you can get hold of it, to see the name of the test and make sure that the results are for the same test that was ordered and performed. All of these things might help reduce your risk. Calling the doctor to follow up is probably the most important item on the list, as Dr. Lamberts says in his quotation in the linked NY Times blog post.

Alisa Miller at Nursing Online Education Database has an article on how to start taking control of your health records. "Taking control" in this case means storing, updating and sharing them in a way that is convenient for you.

The article is chock-full of useful links on the following subjects:

-what are the options for electronic health records, how they work and how you can use them

-which resources for medical record storage are available for free

-which resources for medical record storage are available, but charge money

-which services are available for people with specialized illnesses or needs

-which services are available for health care professionals

Checking the article out and browsing the links would be very helpful for anyone interested in learning more about these topics. Getting and reading your own medical records is a key step in making sure you receive high quality medical care.

Tara Parker-Pope has an article on the privacy implications of big companies like Microsoft and Google entering the medical records storage business. We have discussed this issue before, stressing the importance of patients needing convenient access to all of their medical records.

Parker-Pope, however, discusses a potential downside to this development: a loss of privacy for patients. Violations of medical privacy have been in the news lately. See, for instance, UCLA Medical Centers' employees' violations of the privacy of several well-known patients. If data is stored in Web-based systems by the same companies that track users' online activities, what kind of privacy can patients expect? These concerns become even more pressing when you consider that HIPAA--the law that guards patient privacy--did not anticipate and most likely will not apply to these proposed personalized Web-based systems. As Parker-Pope comments:

Even more surprising is the response of Peter Neupert, the vice president in charge of Microsoft’s health group, who resisted the suggestion of extending Hipaa to newcomers like Microsoft and Google.

This resistance is predictable but disturbing, to say the least. Privacy should be a huge concern for both creators and users of these systems, and customers should insist on Google and Microsoft addressing these issues.