Balancing patient privacy with quick physician access to records is a challenge.
Technology has provided both benefits and challenges to doctors, regardless of specialty or location. While tech has modernized patient records and made it easier to access them, privacy safeguards in HIPAA limit what can be done. As a result, there are a number of obstacles that must be overcome to get physicians quick access to vital records in a timely manner. Medical Economics spoke with Christopher Maiona, MD, chief medical officer, PatientKeeper, about how technology is being applied in health care and how it can be improved.
Editor’s note: The transcript has been edited for clarity and brevity.
Medical Economics: How has HIPAA created challenges for a digital healthcare world?
Christopher Maiona: One of the initial goals of HIPAA was to limit access to personal health information to those that had a legitimate reason for viewing, and as such, HIPAA is a both a regulatory and a moral mandate. For physicians, we certainly owe it to our patients to protect their data. But that security does come with a price. The countermeasures on the secure communication needed for compliance with HIPAA can negatively impact the rapid access to data and the ability to share the data that we would need to in the course of treatment of a patient. I'd argue though, I trained in the days of paper, and that here in the digital age, even with these quite necessary protections, it is far easier for me to obtain data now than it was trying to get some dusty old record out of the bowels of the hospital. And certainly we do have a number of strategies that are assisting us in freeing up this data. Every year that goes by, it seems to get a little bit easier from my standpoint as a clinician and a chief medical officer.
ME: Is there a way to balance patient privacy protections with the need to quickly access health care information?
Maiona: Certainly there are a number of technologies that are making it quick and easy for health care IT personnel to authenticate users. Data biometrics have made logging into apps quick and easy, a quick finger scan on a mobile device and you can be in, and if you pair that up with the passwords that we originally had to use, well, now you have two-factor authentication. And there are even some third-party vendors that have some very nice apps for authenticating a user that with a single tap can provide the appropriate credentials to get you access into your system. Single source login within an app has made access to data significantly easier. Consider a physician in an EHR and they need to view a chest X-ray. Well, with single-source login, the EHR can pass along my credentials to the system and bring that image over. There's no need for me to sign out and then sign into a separate system or sign in every time I need to see my documents. Certainly the ability to maintain audit logs is very useful, I think in providing some education to providers, because sometimes we do go astray and don't realize that we committed a breach. I would say though that the real key to adoption and compliance here is simplicity. Make tools that are easy to use, then incorporate them into the physician’s process and workflow—those are the ones that tend to be utilized.
ME: How challenging is it for physicians to be HIPAA compliant while accessing patient information in a timely manner?
Maiona: That's an interesting question because I think a lot of it depends on the host environment. Unfortunately, there are still a significant number of breaches that are due to physicians utilizing texting on their phone using non-secure text. And the simple reason is because it's easy, right? A physician wants to reach out and communicate with a colleague. You don't want to have to struggle and break that train of thought. I think that we've made great strides in providing access to data in a physician's home network, and the EHR, if you will, in their local environment. But I think where the challenge still remains is in accessing data outside of that home network. So do I need data from an ambulatory system? Do I need data from a PCPs office? Can I get records from another health system? These can be rather challenging. And perhaps one of the solutions here is employing a system of engagement that's capable of incorporating data from all these disparate sources and presenting it in a manner that's more familiar to the provider. It's awfully difficult to find that needle in a haystack when you don't even recognize the haystack. So additional progress on interoperability would also go a long way to helping us in time. But I think in essence, we need to provide physicians with access to data that facilitates the thought-to-action approach. So I have a patient, I have data that I need to collect, and there's maybe a colleague that I would like to consult, and I want to maintain my train of thought, and do all of this in the moment. I don't want to be distracted by how am I going to find this data? How am I going to contact that provider? Because when that happens, the train of thought is gone, and things get missed.
ME: What types of technology would improve functionality and be most beneficial to physician users?
Maiona: I'm a fan of mobility. I think mobility affords convenience, and any function that makes access to data to a physician more convenient, where a physician selects a mobile platform over a desktop, that's beneficial and I think drives adoption. Of course, there's always going to be need to cover the basics—access to the EHR data, your ability to share data with colleagues, the ability to push data back from a mobile device into the host EHR. The next step though is where it really gets interesting. How do you manipulate that data? Consider a system of engagement that has an optimized user interface for that specific user with selective alerts for specific data thresholds, so you're not constantly checking back to find your data; the data is coming out to find you. But you want to avoid that issue of alarm fatigue. Integrating data into FHIR apps on mobile has a number of really interesting ways of manipulating data. A lot of times physicians will leave an application to use a calculator to maybe assess cardiac risk. And then you have to take all your data with you and plug it into that calculator. Why not bring that right into your EHR and right into your mobile phone and have that access in front of you? Why not provide video integration to bring back true provider-to-provider communication. One of the things that has happened over the years is we've lost the ability to speak with each other. When I trained some time ago, if I needed to speak with a consultant, the consultant was in the building. You would see them in the cafeteria in the morning or perhaps in the lounge in the afternoon. You could ask questions. If you knew they're in the building, maybe it was just a short walk down the hallway to find somebody and get an opinion or get some immediate help. As medicine has changed, we've become a little more siloed and it's been more and more difficult to contact folks. Yeah, we had alphanumeric pagers, but then you just play phone tag all day because when I'm in a room, somebody else is calling back, and it pulls you away from patients. Now we have an opportunity with secure communication and you add video as another layer to be able to communicate face to face, maybe even bring in other benefits such as I-Pass, which is a gold standard for sign in. And let's not forget, for physicians, one of the things that they're struggling with in this time of burnout is that loss of community and having the ability to establish and maintain relationships through face-to-face communication. And then finally, we need voice recognition because we have these mobile platforms and it would be helpful for a simple navigation.
ME: Why has healthcare been wary of adopting technology that's become commonplace in other industries?
Maiona: Well, medicine generally doesn't move at a blistering pace, and certainly doesn't move at a pace commensurate with other parts of society. I think the prime driver here is the ramifications of error. I'll give you an example. If I log in to schedule a business trip, and perhaps I miss-key the destination or something simpler, like the time of the flight or even if the system makes an error, I have recourse 24 hours later, right? I can still amend the trip. I can reach out to the airline and say, hey, you've got me down for something incorrect, you need to fix this. A little irritation, but everything is fine. A banking app, perhaps it messes up a $50 deposit. I know that with a little agitation in dealing with the bank, in 24-48 hours, I'm going to get a new $50 put in my account. Now contrast that with medicine, where there isn't an ability for recourse, there isn't the option for a do-over, if you will. We have to build in the checks and balances to try and prevent the error before it even happens. If we were placing a medication order, maybe for a narcotic, adding a zero or two accidentally in the mid dosage could be catastrophic without something in place to catch it. All of this has to be built into that system. So it's much more complex and as a result, the pace is a little bit slower, but complex processes and higher stakes mean we don't get to move at the pace of society.
ME: How will technology make physicians lives easier in the future?
Maiona: So this is where it really gets interesting. For me, it’s when we transition from EHR 1.0, if you will, the meaningful use, check the box, system. Yes, we have a system, it's in place, but now we move on to EHR 2.0, where we have the ability to finally address the needs of the end-user. At a minimum, there will be access to data whenever and wherever it's needed. There will be progress on interoperability, and collaboration between purveyors of data would go a long way in achieving this end goal. There's also opportunities here for improved efficiency. For example, we still struggle in medicine with hospital-acquired infections. Catheters get overlooked, maybe between shifts. Providers coming on and off shift leave something in a little too long and that increases that patient's risk of developing an infection. How about an alert that comes out of the system? Just so when on that busy day, it's like, hey, Chris, I want to take a look at that catheter. Another goal is to take on more of the administrative tasks that are burying us, as physicians, and documentation is going up and up and up, even though there is some wonderful attempts at finally decreasing the documentation load on physicians coming out of Washington. These are some things that technology can start at least giving the physician a head start. And the challenge is that the body of medical knowledge is growing exponentially larger. Some reports I've read show that it's growing faster than our ability as humans to process it. And we need some assistance there with bringing in the appropriate data for a specific patient and helping us as clinicians become a little sharper. Is it doing the work? No. But again, as patient volumes and patient acuity, as they increase, a little nudge here and there may just be the thing that puts you on the right track or something you wouldn't notice until maybe even a couple hours later, it gets you moving, and perhaps saves a life.
I call it clinical-decision support, and it’s kind of a nebulous term, depending on who you speak to. But the point is that the EHR is a tool and who doesn't want a tool that makes caring for patients not only easier, but safer?