Obama’s Electronic Health Records initiative could usher in a new wave of ID theft

I work in the IT department of a Healthcare system serving 5 hospitals and multiple physician's offices. We have 3 of the 5 hospitals on EMR now and are moving more and more in that direction. I can tell you it is a HUGE undertaking and requires more than just software, but an entire assessment of the infrastructure and large amounts of user training...and that's just for our little piece of this huge puzzle. However, it definitely is worth it when it comes to reducing costs and mistakes.

My idea would be some kind of a clearinghouse, a third party similar to that which handles the transfer of mobile phone numbers from one company to another. Then, hospitals and physicians would be free to use whatever software makes sense for them, so long as they are able to upload the patient's record in a common format (probably XML or some other standard format). Then, when a request comes in for that patient's record through the 3rd party, the hospital or physician uploads the file in that format to the clearinghouse, which is responsible for verifying the validity of the request from the other side. The other side, once cleared, downloads the file and then is responsible for translating it into whatever format their system uses. This way, we wouldn't be opening up our systems to every single other hospital or doctor's office.

With so many people/parties having access to your medical records, there needs to be a standard procedure in place for investigating, noting, and correcting errors in patients' medical records. Incorrect information in your medical records can affect the quality of care you receive, as well as (depending on the error(s)) negatively affect your health. I did not know this was a problem until it happened to me, while seriously ill. At this large hospital in a major US city, there was no standard procedure in place to even look into errors, I filled out forms (got me nowhere), called the head of Health Information Management (got me nowhere), wrote many letters with copies of the forms I had filled out, as well as dates/times/names of people I spoke with on the phone (got me nowhere). The next thing I did was send registered letters (with copies of the forms/letters/documentation of calls) to each doctor who had seen me at that hospital informing them that there were errors in my medical records that I had taken several steps to try and have corrected, and that they are formally being notified that the records of this particular hospital visit should not be regarded as factual. At the same time, I sent registered letters to the head of Health Info Management, as well as the two people who worked under him. I let them know that I had formally notified my doctors that my medical records from that hospital visit should not be taken as factual, that no one would even look into this, that this could compromise my future quality of care, and that by leaving my medical records with incorrect information that they have been notified of numerous times, they are liable for any of my future compromised care. What they finally did was send me the original (inaccurate) records, with the untrue part crossed out in pen, and initialed?????????!!!!!!!!! I do not think that is going to come up on the computer (the "crossed out" marks) when the doctor brings it up on the screen!!! I am sick of fighting with them, and I wonder how many others (who do not know they should periodically check their medical records) this has been done to. This particular mistake involves pain medication that I was *not* given (controlled substance). That substance is in a locked cabinet and has to be signed out. I think that is why they are sweeping it under the rug. I want to know **who** received this supposed "dose", while I had to suffer through a horribly painful allergic reaction???? Did they give this to the wrong person? Do they possibly have an addict working on that floor?

Any suggestions on where to go from here would be appreciated.

This HITECH Act -- and $19 billion down-payment – is a grand first act toward establishing pervasive electronic health records throughout the U.S. Salting the mine with incentives for Medicare and Medicaid patients surely gets providers using HIT and building an EHR infrastructure (along with streamlining care for seniors and uninsured.)

But, will that Medicare/Medicaid dose be enough to change the system for everyone else, most especially those in their teens, 20’s and 30’s who will benefit most from wellness, preventive care, and complete medical records over their lifetimes? How will such efforts expand beyond rural areas and selected populations? Are we ready to start creating portable records for uninsured children, or are we going to let them slip through the cracks in our imperfect information environment? The goal of comprehensive care first requires comprehensive records. Learn more: www.healthcaretownhall.com

I am a solo family physician who "went digital" four years ago. To date, some 2700 active patient files are in my system. I can access and send pertinent medical data from anywhere in the world with an Internet connection to anywhere in the world with a fax machine, 24 hours a day in a secure and rapid manner. I neither need nor ask for another information system to improve the quality of care I afford my patients.

Having considered the matter at length, I think I can speak with some authority on the impact that this ill-considered Act will have on the practice of medicine.

Trust is the lynchpin of the physician-patient relationship. Once the door to the examining room is closed, patients must feel comfortable that they can frankly and honestly disclose whatever we deem necessary to their care. When a centralized, government-run system of reporting, evaluation and "guidance" (a euphemism for having unlicensed individuals mandating how to practice medicine) is in place, trust will be lost and the relationship with patients will be irrevocably damaged.

I will no longer be granted confidence by patients for acting in their best interests. Rather, I will be viewed as a technician who is an extension of an intrusive State and whose allegiance lies beyond the immediacy of their care. In return, I will be increasingly pressured not to think of them and their unique presentations and circumstances, but rather how I can fit them into the practice guidelines that will be imposed on me.

I will not tolerate this. No physician or patient should. If this matter goes unchanged, I will simply quit private practice.

Regarding concerns involving identity theft for electronic medical records (EMR), my company has solved this issue with our proprietary BioMedKey, which has been developed specifically to secure EMR. Our portable storage device is currently being introduced at the RSA Conference in San Francisco. More info can be found at www.biomedkey.com.