Several weeks ago, I wrote about a new clinical partnership between Atrius Health and BIDMC. Today's Boston Globe has a story by Liz Kowalcyzk that provides more context for this relationship.
The article mentions the integration of our electronic medical records. John Halamka describes this in more detail on his blog:
By working with Epic and Atrius, we enabled a "Magic Button" inside Epic that automatically matches the patient and logs into BIDMC web-based viewers, so that all Atrius clinicians have one click access to the BIDMC records of Atrius patients.
No additional password required. Nothing. The entire BIDMC medical record appears. Now, computers are just tools, but it helps to have this kind of interoperability when your goal is greater coordination of care.
A gifted IT department is priceless for a hospital. The last time my mother was hospitalized, her PCP would never have received any data if I had not insisted it be copied and given to me before her discharge. Congrats for leading the way and showing how it can be done.
ReplyDeleteAs a patient ID freak, however, I wonder what parameters are used to "match" the patients from Atrius to BIDMC. For instance, names, birthdates, etc. are not unique and it couldn't match medical record #'s since they would differ between Atrius and BIDMC. E.g., is the Atrius John Smith the same as the BIDMC John Smith?
(ps John Halamka being a professional, I am sure this issue is covered; I am just curious how he did it.)
nonlocal
I'll ask John to explain. He came up with a simple algorithm.
ReplyDeleteWhen you talk to John can you also ask if he ran into any issues around patient information/privacy or JCAHO concerns around the same issue?
ReplyDeleteI've been learning and writing about electronic medical records in rural hospitals, especially the critical access hospitals. What a challenge. In addition to technical expertise, EMR calls on the hospital's adaptability to change and tests its workflow processes--not to mention the need for funding.
ReplyDeleteJane
Happy to answer these questions.
ReplyDelete1. For patient matching we use two approaches
a. For the Magic button - exact match of first name, last name, date of birth and zip code. We get 90%+ matching this way and no false positive mismatches
b. For our enterprise systems which link our hospitals - probabilistic matching using the Initiate.com algorithm. This allows for variation in spelling of names and common keystroke errors in birthdates. It provides a 95%+ matching with no false positive mismatches.
2. We grant Atrius access to patients who receive care at both Atrius and BIDMC, ensuring that a pre-existing clinical relationship is demonstrated before patient data is exchanged. This is consistent with the HIPAA "Payment, Treatment, and Operations" confidentiality rule.
How is patient privacy protected with such an open system? How do you ensure the pre-existing clinical relationship is authentic?
ReplyDeletefirst & last name, DOB and zip codes are all easy to find on anyone. Every provider in the system (not to mention the support staff) does not have permission to see my medical records - EVER - unless I say so.
I want additional protections on my record - where my personal permission must be granted - via some sort of passkey than I control - before anyone can access my record - And, I want to see a complete record of every individual whose accessed my record whenever I request it. Emergency override available in the case of a true emergency.
I am somewhat disappointed in your Magic Button algorithm. I am no mathematician, but I submit that as n becomes large enough, you will begin to encounter false positives.Particularly in certain populations where names overlap such as the Hispanic and Asians populations. There may be no harm done as long as critical clinical decisions are not made on this basis, but I can tell you if I were a blood bank director I would insist on a redraw to confirm blood type rather than relying on that merged history. (ps we would do that anyway, currently, but who knows when the budget ax will fall on that too). Long term followup will be interesting.
ReplyDeletenonlocal MD
Anon 4:53,
ReplyDeleteI'm sure John will reply, but this is not an "open" system. Only authorized providers have access to it, and anytime anyone gains access to the system, there is an electronic audit function that records that access and the purpose to which it was put.
Your concerns apply to any electronic medical record system in any physician group or hospital, especially one that is part of a larger integrated health care delivery system. That's why protections are built in.
Nonlocal,
I'm sure John will likewise reply to you; but I will offer you my probability-trained opinion that I disagree with your concern.
Paul;
ReplyDeleteAs I said, I was never any good in math, but are you saying that given a database of what, several hundred thousand or so that you will never find 2 people who share all 4 parameters? What if you selected out an equivalent # of Asians or Hispanics?
I know there are equations to calculate this probability,but I don't know what they are!
I only have my clinical experience to fall back upon,but the scary experiences are why we had fail-safe blood bank-specific armbands when patient ID was life-critical.
nonlocal
A few more answers
ReplyDeleteTo violate patient privacy, a group would need to conspire to register patients with identical demographics in both institutions. Even if they did this, we audit every lookup, recording the BIDMC and Atrius credentials of those who do lookups. It is truly good enough
Patient matching algorithms are described in this website
http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_000071.hcsp?dDocName=bok1_000071
Truly, we're using the best technology available.
Well, my mathematics-minded husband says that you are right and I am wrong. Perhaps I am just gun shy from too many bad experiences. I yield to superior minds. (:
ReplyDeletenonlocal
It is inevitable that some authorized or unauthorized user will get into the system and sell someone's medical record to the Enquirer. And someone will eventually hack the system to gain access and sell a lot of records.
ReplyDeleteThere must be laws that make it a serious felony to access medical records without authorization, with long prison sentences and a lifetime bar from the profession.
Mr. Levy - thank you for your response. I was assuming it wasn't an open system, and that it is similar to other EMR's. My concerns are the same for all EMRs. Perhaps I am not understanding the file sharing between Atrius and BIDMC - it seemed that any authorized healthcare worker at BIDMC may access any record from Atrius - simply with the name, DOB and zip code of a patient. Excuse me - but there are bad actors in any organization - even yours I am sure - though you work hard to weed them out. And, I might add, I admire your leadership.
ReplyDeleteWill I be permitted to see the record of who has accessed my records any time I ask to see that record? If I see access that seems unnecessary will it be explained to me? Will I be told if my records have been accessed when they ought not to have been? Who will be watching the watchers?
Why may I not have a passkey that I dispense as I see fit - thus allowing only those individuals whom I authorize access to my records? Will I have full access to my records?
From Facebook:
ReplyDeleteBeverly: It appears from the article that Atrius is partnering with and therefore rewarding a hospital which displays the qualities (transparency, commitment to quality, returning the patient) it desires. This is true market competition; I only wish it occurred more often.
Will I be able to KNOW if my boss, or other co-workers - who have access to the system, have looked at my medical record? Because if so, I want my record deleted or locked.
ReplyDeleteIn general will I, as the patient and "owner" of the record be able to see what you see - that is - who has accessed my records and why?
Dear anon 1154;
ReplyDeleteI don't live in Boston, but I fear you misapprehend access to medical records everywhere. In most hospitals anyone who knows your medical record # and has inside access to the hospital record system (e.g. employees) can look at your electronic record within the hospital (not outside, since that requires guarded remote access). Why do you think all these employees in California and elsewhere have been fired recently for looking at celebrities' records? But if you tried to guard it from everyone and made access difficult, it would impede your care. There is nothing special about the Atrius/BIDMC arrangement that is less secure than usual, as I understand it.
I don't see that you being able to sit home and see who has looked at your records would help. Would you know the names of all the variety of caregivers and administrative staff who are authorized to look at your record? No. Even if you are an employee of the hospital, as you seem to indicate. My advice, which I took myself in my state, is to receive your care at another hospital than where you work, if you are that concerned about it.
nonlocal MD
It would be helpful to know who has accessed my records because I, of all people, would know if there were unauthorized access - and it would act as a deterrent for anyone tempted to do so.
ReplyDeleteIf employees know that the patient will know who looked at their record - and question it - well then - that would be some sort of deterrent. As it is now - I would have to trust that someone in the system is monitoring access on all the records all the time and is going to notice if someone accessed who shouldn't - I doubt that's going to happen.
And now that Atrius and BIDMC are linked - how do I keep my record from being accessed? I want it locked or deleted somehow - and I'll transfer my care elsewhere.