Thursday, 28 August 2014 00:00
If you’ve visited your doctor in the last year, then you probably had to fill out a ridiculous amount of paperwork - most of it seemingly redundant. The cause of this is the push from the federal government for medical practices to adopt an electronic medical record (EMR) system.
An EMR is a platform, either cloud- or software-based, to collect patient information all into one place, making evaluation of a patient’s overall health, in theory, a simpler task. However, such platforms have the potential for privacy risks if the proper security precautions are not taken. Although the government has required physicians to adopt EMR systems, as of now the responsibility for maintaining Internet security and privacy lies with the health provider.
The federal government has required health providers to meet the standards of HIPAA (Health Insurance Portability and Accountability Act) compliance. Now, the U.S. government has made it an objective to ensure that all health information curated using EMRs be just as scrupulously protected. Doctors always had to adhere to HIPAA laws, but EMRs have introduced a new aspect: computerized medical data.
The new guidelines ask doctors to perform risk analyses to identify threats regarding cybersecurity. Predictably, the resources needed to achieve utmost security have become burdensome to most medical practices.
“It’s not just the software. It’s the computers. It’s the server. It’s the backup power source. It’s the duplication of drives, because you can’t really look at a patient and say ‘sorry we lost your files because the server went down and we didn’t back it up,” says Tom Selva, chief medical officer at University Hospital in Missouri.
As a result of moving patient records to the computer, doctors are now faced with many burdens that did not exist before. Furthermore, in order to meet data security measures, doctors’ offices must address many technological issues like data encryption, review of user activity, and daily virus checks.
The distinction between software- and cloud-based EMR platforms helps illuminate possible weaknesses. In the first scenario, software is installed on computers and access to the central server is key. Cloud-based EMRs require an active Internet connection to access the cloud server to create and modify patient data. All involved parties (vendors, user entities, and regulatory agencies) are responsible for ensuring that our personal and medical data stays private and is not wrongfully obtained due to weaknesses in the network.
Additionally, positions in a doctor’s office are incredibly specialized and an individual that diverts time from their own job to fulfilling these measures means that a certain position is not being performed at an optimal level. In sum, EMRs can become overwhelming to the point of deteriorating the quality of performance.
IT professionals are well versed in the nuances of cybersecurity, and thus, capable of meeting these measures. A new position should officially be created for an IT person to manage theses tasks in all doctors’ offices.
However, the average IT consultant will ask for hundreds of dollars to complete a single project. Along with overhead costs such as staff salaries, equipment and software cost, supplies, and rent payments, this additional cost for an IT professional will be too much for our neighborhood private practices to bear. I propose that since the government is requiring the widespread use of EMRs, it provide the IT staff and/or salary for such a position.
The government should be involved in supplementing the associated costs (i.e., employing an IT professional) of the newly mandated goals. This seems to be the most practical and multi-purpose solution available. Although this amounts to a taxpayer funded subsidy, the alternative is far more repugnant.
Without government assuaging the imposed burdens, private medical practices will fail and, ultimately, patients may have to face losing their doctor.
(Medical billing clerk in a Carle Place medical office)