September 8, 2014
Electronic Health Records: Stop the Bleeding!
By Michael D. Shaw
Over the past two years, this column has examined some of the serious—and as yet unresolved—issues connected with the massive rollout of health IT, notably electronic health records. The hysterical fanboys of the forced conversion from paper to computer predicted that merely by doing this, an annual savings of $80 to $120 billion would be realized. No doubt, proponents advanced the analogy between paper ledger accounting and computer-based accounting. But this is a false analogy.
Calculations, of course, can be fully automated, but medical record keeping, at best, can only be computer-assisted. Moreover, medical parameters are infinitely more complex than financial parameters. Insider blogs are chock full of horror stories detailing the limitations of electronic health record (EHR) systems. Some are fatal, some are life-threatening, and some are just very annoying, such as this gem from the recent past:
An ER nurse was attempting to document how she dosed a patient with heparin. As she relates on a union website: “The doctor stated he wanted 4000 units bolus [all at once] and then a 1000 unit per hour infusion. The order in Paragon [an EHR system] stated 5000 units of heparin. I was given the option to decrease the dose, which I manually changed. However, I had to pick a reason why I decreased the dose. There was a drop-down box, and the only option was ‘Insulin decreased per protocol.'” But, she wasn’t dispensing insulin!
After consulting her manager, it was decided that she do a capture of the errant screen, and then separately document that she in fact dispensed heparin and not insulin. She notes that the conversation with her manager took nine minutes, and, as described on the union website: “That’s nine extra minutes away from the bedside, just to document one medication—and to document it inaccurately, to boot.”
In light of our contrasting medical parameters with financial parameters (as above), consider this observation from Twila Brase, R.N., president and co-founder of Citizens’ Council for Health Freedom—echoed by many others:
“The EHR is nothing like what Big Government, Big Data, and Big Health said it would be. They promised convenience, coordinated care, fewer medical errors, more efficient medical practice, and portable medical records. They never meant it and it hasn’t happened. These data systems were created for billing, data collection, and government control of doctors, not patient care.”
Fair enough, but ultimately, functional issues, legion though they may be, are fixable. Security issues, however, require a different tack. EHRs provide the perfect platform for medical identity theft, by far the most devastating form of identity theft. I recently had an eye-opening conversation with Randy Reaney, founder, president, and co-CEO of Impervio Technologies Inc., an exciting software company founded in October, 2009. Its newest breakthrough product is Impervio E-IRM—Enhanced Information Rights Management, offering Stealth rated, 100% data security protection.
According to Randy: “There are two absolutes in the world today. First, it is impossible to provide 100% network security protection because there are simply too many entry points which a hacker can breach. The second absolute is that all data protection systems are based upon a certified industry encryption algorithm protection standard that can be hacked in as little as two to four hours, therefore providing zero data security protection.”
As Impervio explains it: Advanced Encryption Standard (AES) is not secure. If the encryption key is stored, Echelon Hackers can very easily hack the encryption protection by requesting a file, reading the source code and retrieving the encryption key that has been stored in memory. (2-4 hours.) Once this key is obtained, the hacker has access to all the protected files. Note that this is not the “brute force” method of hacking, which is assumed in the calculation of how many years it would take to break the security.
Impervio couples million-year rated stealth technology with state of the art copy protection systems, and surrounds those by eight top secret levels of echelon-targeted security. As such, every piece of data it protects is wrapped in 36 layers of the highest grade security ever developed. This technology would have prevented the Bradley Manning and Edward Snowden security breaches, not to mention all known instances of medical identity theft.
The new technology is currently being evaluated by a large and prestigious Ivy League health network, as well as certain governments and commercial organizations. We wish Impervio much success in bringing true data security to health care.