Can EHR Workflow Issues and Security Issues Be Fixed?

I’ve listened over the years to many health care providers, small and large. The EHR roll out has been a nightmare in my opinion and is a direct result of pressure from DC that had too little experience about real world business needs of the medical profession.  But the effort as usual had the best of intentions, even though it was trying to improve on something that really didn’t need to be fixed, unless it could have turned out to be a much more efficient method for the users. Creating something better is always the goal. Paper records were working quite well at the time on their own, archaic as it may have seemed in concept.  Certainly paper health records had a giant leg up on EHR in one regards – they were very secure.  And as paper record keeping is by nature, it was very easy to adapt paper record keeping to new procedures, new types of care, and new ideas for increased efficiency.  Instead this mandated computerization of complex work flow processes did little it  seems to consider either security or enhancing patient care in it’s early stages.  Did it increase work flow efficiency?  There doesn’t seem to be clear agreement on that.    As I remember it was all about a supposedly futuristic vision of saving money and giving the economy a boost in the Economic Recovery Act of 2008.  But, what have we learned?   You can’t mandate a move to computerization of an industry that is to be implemented on dates set in stone?  Is that the lesson to be learned?   The only flexibility I’ve seen on the EHR implementation process is delays in mandates on security procedures required, or coding requirements.  Security is the last thing that should be delayed. What we have ended up with in EHR is something that is filled with holes, poorly designed, rushed to market, and not filling the basis needs of an implementation that and enhanced productivity should be leading the adoption rates of the technology. Market pressure should have set the implementation progress of EHR, not politicians without experience in healthcare solutions. So what we have now in the healthcare we have the biggest cybersecurity mess that has likely ever been  created by forced computerization. It will take every single ounce of concentration by the best minds in computer security industry to fix this. As of today, the best minds are saying why bother?  Why not wait until the system is completely broken and the current administration is out of the picture. As things go, EHR is failing because of academics without hardcore real time experience in the industry didn’t have the right priorities, and the politicians likely had some serious issues regarding political motive.  And that resulted in a lack of common sense in implementing a better solution.  I’m a huge critic of mandated software roll outs. They never work. Just look back at Windows Millennium Edition, or Windows Vista, two products that were released because someone said they had to be on a certain date, ready or not. And look at the failure that resulted.  At least private industry can admit their failure, and move on to real solutions.

I’m involved in Healthcare IT Security for a different reason. I don’t care to explain it. My C level clients in the Healthcare Industry are the ones I’m loyal to. They don’t like being bullied nor pushed around by politicians. You have to remember health records was an industry that was primarily paper based. I’m sure you remember computerizing businesses 20 to 30 years ago. It took massive study and great effort for the training required to succeed.  Commitment of the users is required for success. Involving the users at very stage of design is required for success.  A fulfilled and kept promise of a better solution to work flow problems is required for success.

Many private practice Doctors I have spoke to have outright refused to use an EMR, until they find one that enhances taking care of the patients, not disrupts the process, in their opinions.

The constant breaches in health care data show an obvious pattern and a serious problem. Health care records that were paper were extremely secure. They were scattered in many locations and the chance of any breach was almost zero as a result. The locations were typically brick and mortar, certainly more secure than cyberspace. Any EMR system design should have held dear that same premise of security and privacy and created a system where maintaining privacy was priority one.

Instead priority one was rolling out something, anything, before the federal government mandates required it.

It’s not too late to fix EMR. But those who pushed for mandated EMR should bow out of efforts to fix the mess. Let the best minds in security and in IT design find real world solutions that enhance work flow, improve patient care, and insure record privacy. This isn’t a political issue. It’s common sense issue. Washington has tried to create something and failed.  From all the medical record breaches evident in the last year EHR has obviously failed on the issue of privacy. It’s time for those who made the mess to step aside.  Unless they are only playing a waiting game. Eventually if medical records continue to breach at the current rates, there will be no medical records that are still private. And if that was the goal, congratulations. We are almost at that point.

Instead I say let the lawsuits proceed.  Let the checks and balances of creating failure be the impetus to fix the problems and make EHR secure guaranteeing at minimum the future privacy of patients medical conditions.