Portable storage media, the scourge of patient privacy
LA Times: “Altogether, 16,288 patients’ information was taken from the home of a physician whose house was burglarized on Sept. 6, according to the UCLA Health System.
The data were on the physician’s external hard drive, officials said. Though the hard drive was encrypted, a piece of paper with the password was nearby and is also missing. The physician notified UCLA the next day and officials began identifying patients affected.”
I am continuously amazed at the number of security breaches involving patient healthcare information caused by careless use of portable storage media like external hard drives, flash drives, and even laptop hard drives. Patient information should never be stored or transported this way. I believe that utilizing cloud computing with simple browser access is a much better solution.
What makes this particular incident so bad is the cause; reckless behavior by a physician. This wasn’t UCLA’s fault, per se. Sure, the medical center must accept a share of the responsibility, the lion’s share of the blame falls in the lap of the physician. Not only did the physician have sensitive patient information on an external hard drive, but was dumb enough to have the password to access the drive on a piece of paper next to it. Kind of defeats the purpose of encryption and passwords, doesn’t it.
For an eye-opening look at the magnitude of data loss and security breaches drop by DataLossDB.org sometime. It’s scary stuff.
Patients still not diggin’ the idea of an EHR
EHR outlook: “Patients are still worried about how secure their data will be when stored in an EHR systems, a new study suggests. Xerox Corporation found that of 2,720 poll respondents:
- 80% were concerned with stolen personal information
- 64% were concerned with lost, damaged or corrupted files
- 62% were concerned with the misuse of information”
I’m not surprised by the numbers. In general people are afraid of change and the unknown. With that said, I think all you need to do is walk a patient through the paper processes that we use now to give them some insight into how bad things really are. Stolen and lost personal and medical information is a major problem within the current healthcare system. It’s not uncommon in any given week to hear about patient records that have been lost or stolen. And as far as misuse of information, well lets just say that’s all too common as well.
The advantages to an EHR outweigh the concerns listed above. Just sayin’.
Data visualization and dashboards
A wise colleague of mine once told me that lots of people collect data, but few people know what to do with it. I didn’t understand what he was talking about at the time, but I’ve come to have a better understanding over the years. It basically boils down to the difficulty that many of us experience when it comes to the best way to handle information. Our brains do some amazing things, but fail to “see” things when the perspective is all wrong.
Data surrounds us. It’s in everything we do, from the bank statements we receive in our personal life to the mountains of data collected by every healthcare institution. Regardless of the data collected, there are basically three things that can be done with it. Data can be ignored, it can be archived or it can be used. Unfortunately only one of those three things is truly useful; using it. Many people chose to ignore or archive data not because the information isn’t valuable, but because they are overwhelmed with the amount of information they receive and the way that the information is presented.
Read more …
Quick hit: approaches for standardized healthcare data
When my brother, Rob and I get together it often brings our wives to tears with boredom as we often get deeply engrossed in long conversations about computers, software and technology in general. Super Bowl weekend was no different. Rob and I started talking about strategies for connecting various pharmacy systems to other hospital systems and the issue of a lack of standardized information in healthcare came up. I mean we have standards, right? Of course we do. There’s SNOMED-CT, RxNorm, ICD-9, ICD-10, LOINC, GLNs, GTINs, NDC, bar-code “standards”, HL7, NCPDP SCRIPT standards and so on and so forth ad infinitum. I realize the list above includes a hodge-podge of standards that don’t really belong in the same category, but I did it to illustrate my point. And that point is that we have too many stinking standards. Trying to figure out which standard to use is an exercise in futility. Standards typically make sense to the people that invent them or study them, few others. And someone always has an idea for a better standard, hence the plethora of standards.
As healthcare inches forward interoperability of systems will hold a key role in the success of the government’s plan for electronic health records. So as Rob and I discussed how to integrate various services and products we pondered how one goes about creating a standard that everyone can live with. Well, how does one create a standard that everyone will use? Heck if I know, but we decided that there are basically two approaches. The first is to create a standard and try to cram that standard down everyone’s throat. Microsoft has been fairly successful with this approach. With that said, few people have the resources that Microsoft has to throw at a problem. The second approach is to offer the standard as part of a free solution that comes with your product; this way people can use your product and use your free, open-source solution to tie the systems together. I assume this is the smart approach for companies that have limited resources; kind of a grassroots approach. Of course it would be wise to build this free, open-source solution on top of an existing standard that’s prominent in the market, otherwise you’re trying to re-invent the wheel. And we all know what happens when someone re-invents the wheel. Uh, you get a wheel. We don’t really need any more of those. Both approaches have pros and cons.
Now the question becomes which standard makes sense as you design your solution. If only I had a crystal ball. We’re at least a decade away from having a truly inter-operable healthcare system; optimistic, I know. Ultimately, the standard of choice won’t be driven by what makes sense, but rather will be driven by adoption rates. Things often become a standard without even trying.
The cloud still slow to gain acceptance in healthcare
There’s an interesting article at InformationWeek about healthcare and the cloud. The article talks a little bit about the concerns surrounding security in the cloud and what I believe is an undeserved fear of using cloud based services and storage for healthcare information.
In the article a pediatrician that is also director of clinical informatics for Atrius Health is quoted as saying “At the moment I’m not convinced that there’s a secure enough place in the cloud or that the functionality exists for us to do everything that we need to do in the cloud. The cloud allows for a tremendous amount of interconnectivity between computers because it’s using data storage that’s free amongst different networks and I wouldn’t want healthcare information being scattered in a way that I couldn’t protect it appropriately.” I’m not sure I understand the perceived insecurity of the cloud as the existing infrastructure for storing patient information in healthcare is, by design, insecure.
Read more …
More thoughts on standardization
I’ve mentioned this before several times on this blog, but feel like I have to say it yet again; we need to start standardizing certain things about health information technology. The lack of standardization reared its ugly head at me again last week when our Pyxis med stations kept dropping medications off of patient’s active profiles. It appeared to always be the same drug, IV ketorolac. It took me a while to figure out the problem, but it turns out that Pyxis and our pharmacy system don’t agree on certain basic elements of time. Go figure.
Read more …
What we need is a system-neutral data structure for healthcare
During a web browsing session the other day I came across a very interesting blog post by Louis Gray titled “The Future: Operating System And Application-Neutral Data”. I enjoy reading Louis’ posts because I think he has a great vision for the future of personal computing, data, and “the cloud”
The blog speaks specifically to the ownership of personal data versus allowing companies to sit on it and possibly hold it hostage secondary to a lack of compatibility with other systems. The information you throw onto the internet defines who and what you are, more now than ever before, and you need to be able to move it around anytime from anywhere.
Read more …
Cool Technology for Pharmacy
Pandora Data Systems (PDS) is a company that, in the past, has designed software solutions to take information from automated dispensing cabinets (ADCs) like Pyxis, store it, manipulated it, run queries against it and produce reports that allow pharmacy departments to view medication usage trends; including trends to identify diversion.PDS now appears to be expanding their role with the introduction of PandoraVIA.
PandoraVIA is the next generation of data crunching software from the company. According to the PDS website “PandoraVIA is the new, full-featured reporting system from Pandora Data Systems. It’s designed to be a highly scalable and affordable platform built with Microsoft’s latest technologies. These technologies take the full functionality from our Pandora (Legacy Edition) and PandoraSQL products and move them to the next level.”
The new software framework is designed to accommodate various modules depending on the needs of the customer. The system currently supports Pyxis, AcuDose, Omnicell, MedDispense and Cerner. However, after spending some time with the Pandora representatives at AHSP Midyear they informed me that their new system could add custom data from almost any source based on need.
PandoraVIA utilizes XML, SOAP, and WSDL to meet the needs of the healthcare system, and is capable of a host of reports that can be exported in a variety of formats.
A system that can aggregate data from many different sources offers real value to many healthcare disciplines, especially pharmacy which is often driven by data. Data mining is important, but not always easy because of the myriad of systems utilized and the general poor quality of integration. In addition, many IT departments aren’t equipped with the necessary resources to handle a project of this magnitude; believe me, I’ve tried.
Data I would like pulled into such a system include our Alaris Smart Pump data, our pharmacy information system (Siemens Pharmacy) data, our automated dispensing cabinet (Pyxis) data, our carousel, packaging and inventory control (Talyst) data, and our bar code medication administration data. Aggregate data from these systems could be mined for an infinite number of possible trends and uses.
Getting pharmacists to lay down their 3×5 cards
The decentralized pharmacy model brings with it the opportunity for pharmacists to be an integral part of the medical team. This includes following teams of healthcare provides, physicians, nurses, respiratory therapists, etc, on morning rounds. And like all good little pharmacists we like to be prepared with as much information as possible about the patient. Several methods for collecting data have been developed over the years, including the all time favorite; the 3×5 index card. The problem with this system is obvious; it’s prone to human error. Taking information from one source and transcribing it somewhere else simply increases the chance for error. In addition, the information may be inaccurate as things can change rapidly with hospitalized patients, especially in areas like the ICU.
Read more …
