NOSH ChartingSystem

A new open source health charting system for doctors.


How to fix the EHR mess we’re in – Part Two

Dr. Matthew Hahn writes on his blog page about the current state of today’s EHR’s and rightly points out many of the same reasons that I have identified in my previous posts:

  1. The negative impact of Meaningful Use (MU) since 2009
  2. Poor usability of EHR’s

In the comments section, there are several other important concerns that have been left unanswered by our current Health IT offerings.

  1. Patient privacy and control of their health records
  2. Interoperability

Government Pipedream?

The solution Dr. Hahn proposed is one that hinges on the hope that government will abandon MU (unlikely given this political climate), and create a whole new EHR development program based on a national competition and then for the government to subsidize the cost of that winner EHR for physicians to use.

Subsequently, this national competition will engage physicians so that they have control over their destinies in designing the EHR of their dreams.  But is this realistic to hope that government will support such an endeavor?  Although I’m a believer that government should and ought to play a role in setting fair rules and be accountable to the public (for the many and not the few) and not to be overrun by lobbyists and those with the most money and influence who can rig the system, I doubt this solution will see the light of day with our currently polarized politics and the continued, large influence of big money interests in government today.

Movements as Inspiration

Here is my proposal that leverages existing platforms and technologies (but that most physicians may not be aware of) without hoping for the government to intervene today (or yesterday).  Only until a community of patients, physicians, and developers that have a common goal of creating an EHR that works for both physicians and patients, that we ultimately compel the government to support (financially) the further development and adoption of this type of system.  Those who have studied previous movements (such as the LGBT social movement, thee Civil Rights movement, and the women’s suffrage movement) took a group of like-minded individuals from different walks of life who struggle together, make their voices heard, participate, and ultimately control the cultural narrative to the point that government had no choice but to abide to the sea change that has already taken place.  This is where physicians and patients have to start.  And we have the tools to start the change as we see fit.

Open Source to Start the Movement

So rather than a national competition, let’s take an existing software development framework that’s called open source.  Open source is analogous to peer review in the medical world.  The software code is public for all to see, to poke at, to test drive, to criticize, and to improve upon.  It’s not proprietary (like almost all other EHR’s are) and one can take a base code and improve it and customize it as they please and donate back to the base code all the good features and code in the custom project that everyone else can share.  No need for reinventing the wheel.  Open source code and the ideas behind it already exists!

Another benefit of open source is that physicians can learn to be okay with learning something new, even coding.  Software code does not have to be a “black box” and hoping that some “magician” can save our souls.  It’s a directive, like a physician’s order – nothing more and nothing less.  Open source just pulls the curtain behind so one can learn how to code and learn how it all works.  Open source makes all of us (patients and physicians) more informed about the tools that we use.  Personally, I owe a lot to the open source movement, which is where I learned to code despite being a busy family physician.   I didn’t have to go to a class.  I just go on GitHub where most open source code projects are stored and published and away I went.  It can be done!

Lastly, open source is not expensive.  There is no license fee.  There is no entrance fee.  Physicians and patients do not have to belong to a secret membership or society to play…anyone can join.  This is how this community of physicians, patients, and developers is born.  This community is where we begin to discuss the common interests that we all have to improve our health care technology sphere beyond the current framework of rent-seeking middlemen, trust entities, and monopolistic EHR companies. The open source ethos is inclusive, not exclusive.

But, gosh, you might say, “it’s daunting to create an open source EHR from scratch”.  But I’ve got you covered…there are already several different fully developed EHRs for different scenarios and countries but the one of interest here is NOSH ChartingSystem project coupled with HIE of One.

What makes HIE of One coupled with NOSH ChartingSystem unique?  It addresses the issue of patient privacy and gives control back to the patient over the sharing of his or her protected health information to others.  How does this work?  To start with, let’s point out the current state of EHR’s today.

The Current State of EHR’s

EHR’s are typically owned and operated by an entity (large or small) where they store more than 1 patient chart at a time.  This could be a small solo practice, a hospital, a HIE (Health Information Exchange) and even the EHR vendor.  What’s the problem with this framework?  Aside from physician’s eternal gripes of poor design, two key issues: Patchwork privacy and security concerns.

Patchwork privacy is a situation where a patient belongs to an entity and has health information stored in one EHR and that information may or may not be shared to a patient-designated provider or person.  This is where interoperablity will likely be unachievable in our current EHR framework.  It’s also possible that there are instances where the patient may not know that their health information is being shared to someone else (and this is not OK!)  The patient literally has no control over their health information!  Furthermore, a signed HIPAA agreement or release of records does not guarantee that the patient has control of his or her health information and where it’s directed to.  It’s perfectly reasonable for patients to be suspicious for having their records stored in a central database just for this design reason.

Security concerns with current EHR’s are based on the idea that a system containing more than 1 patient will create a “honey pot” of data.  Imagine that you are a malicious hacker who wants to get data (social security numbers, demographics, medical diagnoses, etc.).  The chance that the hacker can break into a system without having to do it multiple times and on multiple systems is much less when they are trying to hack a central server with multiple patient records.  They only have to crack the code once to get maybe a million records.  It’s like robbing a bank versus robbing a home.  Which is more efficient for the hacker?  What you are seeing in the news these days of data being held at ransom due to malware is not new and will continue to be an ongoing threat.   We must move away from honey pot or centralized data systems if we are going to seriously address the issue of health information security.

The Fix

A national competition for an EHR system for doctors will never seriously address these key design issues because the traditional or current EHR system itself is a flawed framework to begin with.  The best solution is actually a complete inverse of the current EHR framework.  Imagine each patient having their own electronic data container that contains data for only one person (hence HIE of One) that belongs to him or her and not by anyone else unless they designate an individual to control it.  Let’s also imagine that these data containers can talk to each other (this is called a distributed network – such as peer-to-peer) and to other entities (hospitals, government, corporations, FitBit, health device company, you name it) but only at the behest of the patient.  Imagine that approved physicians can access, add, and update their patient data container (which is a single patient EHR, NOSH ChartingSystem) at any time irregardless if the patient is physically there (so it’s not a physical device carried around by the patient, like a USB key, because, you know, sometimes people don’t carry things with them all the time, especially if they are seriously hurt, unconscious, etc).  Imagine this data container being similar to a health journal that a patient would carry around with them and make the physician jot and update their medication list, allergies, problem lists, immunizations, medical history and it’s a running list that is up-to-date, not of dispute, and that the patient can verify.  Of course, I know only a handful of patients who diligently keeps their own medical records, but can you imagine solving the patient data reconciliation process if every person had their own legal health journal?

And that is what HIE of One coupled with NOSH ChartingSystem hopes to be.  HIE of One and NOSH ChartingSystem can be deployed on a small, secure web server (like a cloud virtual machine, or a physical appliance such as a router) that is on 24/7.  Using the latest encryption technologies, one can access this data on a web browser, smart phone, or tablet.  Using self-sovereign technology (which in our project case, performs as an independent electronic notary service for the person signing a prescription, encounter,  or document), any entity can go back and verify that indeed such an activity took place and was notated legally by the patient-allowed physician or user.

Is This A Dream?

No, we are actually closer to reality with what I proposed than the dream of a government sponsored national EHR competition.  The code already exists.  There is a working demonstration of this technology from start to finish.  But the catch here is that the word must get out and that a community supports this endeavor because without it, the project will only  be a small demonstration of what it could be.  Without buy in from almost everyone, we could all lose.

Who wins?

Physicians because they now have control over the design of their EHR for good because it is now in alignment with the patient and physician’s best interest, not administrators, insurance companies, or even government entities.

Patients, because they now have control over their health information and who gets to see or use it and who doesn’t.  Patients win because they can communicate with their physicians in a secure way without compromising their privacy and security.

Hospitals (yes, hospitals) and insurance companies (yes, insurance companies) because they no longer have to be liable for security breaches each time a nefarious hacker or Big Brother goes after their data.

Government (not to be confused with Big Brother) because there is now true alignment between patient and physicians which can potentially reduce health care costs for the entire population due to reduction of unnecessary or duplicate testing, better communication between a team of physicians working on one record for one patient…you get the picture.

Who loses?

Hackers with malicious intent, because it’s magnitudes harder to crack a server one by one just to get one patient record.

Rent-seeking middlemen, because their technology proposals to go between the patient and provider will no longer be relevant.

Big Brother, because patients now have control over who uses or sees their health record and not stored in some centralized database system without patient knowledge or control.

In a nutshell

So the current state of EHR’s clearly put physicians and patients on the sidelines – sowing seeds of discontent.  The fix involves the use of open source code, community support, with a novel distributed network model using one patient, one record, self-sovereign identity, and single-sign-on technologies.  The fix puts physicians and patients firmly back in the driver’s seat, kicking hackers, middlemen, and Big Brother to the curb and without needing to hope that government will open their eyes today and see the wisdom of aligning the interests of patients and physicians who care for them.