Report – Fifth Annual Study on Medical Identity Theft

Here is a report on the theft of medical identity data. Worth a read.


“Since last year’s study, medical identity theft incidents increased 21.7 percent. “

“Sixty-five percent of medical identity theft victims in our study had to pay an average of $13,500 to resolve the crime.”

“…victims learn about the theft of their credentials more than three months following the crime and 30 percent do not know when they became a victim. Of those respondents (54 percent) who found an error in their Explanation of Benefits (EOB), about half did not know whom to report the claim to”

“Forty-five percent of respondents say medical identity theft affected their reputation mainly because of embarrassment due to disclosure of sensitive personal health conditions (89 percent of respondents). Nineteen percent of respondents believe the theft caused them to miss out on career opportunities. Three percent say it resulted in the loss of employment.”

“…79 percent of respondents say it is important for healthcare providers to ensure the privacy of their health records. Forty-eight percent say they would consider changing healthcare providers if their medical records were lost or stolen.”

“Twenty-five percent of medical identity theft victims in this study knowingly permitted a family member or friend to use their personal identification to obtain medical services and products and 24 percent say a member of the family took their credentials without their consent.”

Why should you work here? No EMR!

This article has some great observations and sound bites, including the mention of a hospital promoting the lack of an EMR in their employee recruiting ad as a reason to work there.

Health IT is often touted by IT professionals (myself included) as necessary for the digitization, consolidation, aggregation, integration, access, and exchange of a patient’s information.

The article describes how the introduction of an anti-social third party—a computer with an EMR on it—affects the physician-patient relationship.

It also talks about the current state-of-the-art for user experience design within EMR systems.

In an example of a near fatal medical error involving an EMR, it mentions a phenomena often known as “alert fatigue”, whereby a system provides so many alerts, they become ignored (or disabled). IT professionals may have experienced this in poorly configured system monitoring solutions.

See this article for an more in depth explanation of the problem that caused the medical error.

In talking with organizations that are in the throws of EMR adoption, they are focused on data migration, interface development, pre-canned training, roll outs, organization redesign, and cost management. There is little time for reflection on user satisfaction or efficiency. Vendors trying to sell their solutions into one of these organizations often find it difficult, as resources are scarce and the motivation to add yet another system to manage/interface is low. Budget holders are reluctant to spend money on solutions if their pending EMR promises to have similar capabilities (even if this claim is yet unproven).

When I encounter an organization that is well past their EMR implementation, they are typically looking for ways to optimize their use of the EMR. This may involve configuration changes to the EMR or changes to their workflow, but often involves the use of add-on solutions to fill gaps, or “hacks” to provide alternatives to the user interfaces provided by the EMR to their users.

The above observation on how organizations differ based on where they are in their EMR adoption, makes me think about this excerpt from the article…

“In the 1990s, Erik Brynjolfsson, a management professor at M.I.T., described “the productivity paradox” of information technology, the lag between the adoption of technology and the realization of productivity gains. Unleashing the power of computerization depends on two keys, like a safe-deposit box: the technology itself, but also changes in the work force and culture.”

I think that where Brynjolfsson is recommending  that both “keys” are considered and used in parallel—at least where EMRs are concerned—we are more often than not using them serially. First, get the EMR in as quickly as possible (to save costs and hopefully to reap the rewards promised sooner), and only after we better understand what we actually bought and have, start to figure out how to do it right.

There may be no better way, given that healthcare institutions can’t just stop and “reboot” themselves with a system and staff that is optimized. But, one can imagine that living and working in that period following an EMR implementation, and before the age of enlightened optimization, can be painful and frustrating (and even dangerous, as the article shows).

So, maybe promoting the lack of an EMR may attract those people tired or afraid of the post-EMR, pre-optimization period, as there they can be happy. For a while.

What can Enterprise Imaging Learn from Radiology?

Radiology Information Interoperability for Productivity and Quality

In the early days of Radiology, data entry errors by Radiology Technologists (aka Techs) were common. Their attention was on the patient and the operation of the modality, not the clerical task of typing in data, after all. To address this, something called a DICOM Modality Worklist (aka DMWL) was developed and adopted.

Essentially, this took the textual patient and imaging procedure order information entered into the HIS or RIS (i.e. the order placer), and sent it to some system as an HL7 ORM message (an order). The structured patient/order information was then provided to modalities using the DICOM protocol (because this is the language they speak). DMWL could be provided by the RIS or PACS or some form of broker system that spoke both HL7 and DICOM.

This allowed trained clerical workers (or physicians), combined with software that validated the data entered (where it could), to pass the information to the modality workstation where it could be mapped into DICOM objects, without having to ask Techs to enter this info. The productivity and information quality gains were significant.

It is worth noting that the order provides other value than just eliminating duplicate data entry. It represents a work instruction, and it is used in scheduling and billing. Where image acquisition is not scheduled or billed for, orders are typically not created.

Enter Enterprise Imaging

As we enter the era of Enterprise Imaging, there are lots of lessons that we can learn from the solved problems in areas like Radiology.

For example, when capturing a photo in a Wound Care clinic, it has to be associated with the correct patient (obviously), but there is likely other pertinent info that should be captured, such as the anatomical region imaged and any observations by the physician.

In Enterprise Imaging, orders are often not placed. In many areas, the imaging is often not the primary task, but one that used to support clinical work.

If orders are not placed, how can we at least provide the benefit of passing textual patient data to the image capture device or application to reliably associate patient (and perhaps encounter or procedure) data?

Even if orders are placed, most of the devices and applications used in Enterprise Imaging cannot accept an HL7 message and do not speak DICOM. Some form of broker would likely be required yet again.

Enterprise Information Interoperability for Enterprise Image Capture

One hope that we have is the adoption of the new HL7 FHIR standard. Based on REST-based API design methods, it is much easier to integrate with different devices (especially mobile devices) than HL7 v2.x messaging and DICOM interfaces are. Other methods used are to generate a URL from the EMR, with all the info provided in parameters, that launches the image capture application/device in context. Another method is to use HL7 messaging to populate the VNA database with patient, encounter and order/procedure information (essentially a copy of what the EMR has), and use a tool or API (perhaps the DICOMweb™ Query API, QIDO-RS) to query this system to get the necessary information.

Don’t Forget the Metadata and Supporting Information

This still leaves the issue of how to reliably and consistently capture the information that goes with the image(s)—notes, anatomy info, findings, technical exam info, observations, etc. In DICOM, when this type of information is needed, a SOP Class is defined. The header of the SOP Class object specifies where all this metadata should go. This is one of the primary principles of interoperability: a defined format and data scheme, with a clear and shared meaning.

Assuming that not all Enterprise Images will be generated in, or converted into, DICOM format, the definition of the metadata schema may be left to be defined by the implementing vendor.

In addition to the clinical and technical data, sooner or later, someone is going to be looking for operational data for use in analytics and process improvement, so it will need to be captured (on some level of detail), as well.

Consistent Terms

And, even when we have a common schema, if the terms used within the scheme are not consistent, we end up spending an enormous amount of time doing mappings or integrating terminology services (and even then, never fully addressing all cases).

To Acquire or Not to Acquire

If we think about Enterprise Imaging that is not “ordered”, what triggers the acquisition of an Enterprise Image? Is it up to the clinic or individual care provider to make the judgement? Should a published set of best practices define this? Would the EMR have logic, based on the patient’s condition or care pathway, to prompt or force the user to acquire and store the image(s)?

Enterprise Imaging Acquisition Protocols Needed?

If we consider the different ways that images can be captured (still, video), the subject in frame (cropping, zooming), lighting, etc., and the ability to capture a single image or a set of images, do we also need some form of a book of protocols to guide the person acquiring the images? Should certain images contain a ruler (or object of known size) to allow the image to be calibrated for measurements?

The Cost of Doing Nothing

If we consider the impact of not having methods to avoid data entry errors, or not having a common schema, not having common terms, and not even having a common communication protocol or best practices for acquisition workflows, what hope does Enterprise Imaging have?

Even with options for all these things, imaging and information devices are still struggling to be interoperable with departmental and enterprise applications, as described in this Healthcare IT News article, “Nurses blame interoperability woes for medical errors”.

The Future is Now(ish)

This is why the mission and output of the joint HIMSS-SIIM Enterprise Imaging workgroup (charter in PDF here) is so important. The space needs to be better defined, with acquisition workflow practices, data formats, schemas, terms, and protocols outlined.

If we simply try to copy what is done in Radiology into Enterprise Imaging, it will create too much of a burden on the people asked to capture these images, and they won’t do it, frankly. Unlike the reimbursement in Radiology, they often have little incentive to spend the extra time to capture, index and upload images to the EMR when they are focused on the patient.

But, if we ignore the benefits that come with the controls and methods we have developed and matured over the years in Radiology, we risk having to re-learn all the same lessons again. And that would be very sad (and expensive, and wasteful, and unsafe…).

Add on top of all this the increasing need to share this data across different enterprises for continuity of care and the importance of interoperable data portability/liquidity is critical.

The fundamental healthcare informatics knowledge and business analysis skills developed by imaging informatics professionals, through on-the-job experience and membership in educational/research societies like SIIM, will be important in determining the right mix of proven concepts that apply, and new methods and innovations. Without a supply of talent to foster the change, nothing will change.

In Conclusion…

When dealing with such an undefined space, people often relish the idea of “doing it right this time”. I would urge anyone involved in this space to reflect on what has been accomplished in mature fields like Radiology, as there are a lot of “right things” that we may be taking for granted. With a little modernization, we can still get continued value out of what we have already achieved.

Enterprise Imaging – New HIMSS-SIIM Workgroup

The discussion of so called Enterprise Imaging is a hot topic. So I was very excited to read about the newly announced joint workgroup between HIMSS and SIIM. I believe it holds a lot of promise.

In my experience, there is no lack of technical solutions for capturing, managing, discovering, accessing and viewing enterprise images and related information. The challenge is discovering and sharing the knowledge on best practices of how to put it all together and how to operate the systems that manage this information.

Like diagnostic imaging exams, enterprise images are part of the patient’s medical record, so understanding how they should best be incorporated into the EMR is very important. And this is not just a technical discussion, there are lots of issues around policies and governance of the data that organizations—not their vendors—have to get a handle on.

This is why this workgroup is so important. HIMSS knows all about EMR solutions, and SIIM knows imaging informatics. A perfect marriage.

Article – SIIM: Experiment in web technologies points to future of health IT

Here is an article summarizing the way Cleveland Clinic is using REST-based APIs to solve real problems in their institution. Taken from a talk given by Mat Coolidge at the SIIM 2014 Annual Meeting.

Article – CDC on EHR errors: Enough’s enough

In this article, the CDC has issued a warning on the issues of user interface design when presenting patient information in EHRs.

As the examples in the article illustrate, having information in digital form is not enough. It needs to be presented in an effective way to ensure comprehension. After the current wave of information digitization and consolidation (moving information from disparate, departmental clinical information systems into a single large enterprise system), the next wave of effort needs to be on privacy/security, accessibility/reliability, and usability, or the incredibly high potential gains will not be realized.

Users need to trust the system, it needs to be there when they need it (wherever that is), and they have to want to use it.

P.S. Here is an infographic on EHR adoption.

The Value of Hackathons in Healthcare

Having participated in the inaugural SIIM 2014 Hackathon, I can appreciate the diverse expectations that participants have. Some think of these events as a way to learn and experiment, others a competition. Some prefer to work as a team, others alone. Some are interested in integrating existing systems and data in new ways, while others want to invent something completely new.

In any case, I found this article insightful. It explores why the concept of “hacking” is so prevalent in healthcare, and also touches on why new “apps” often struggle to make it past the hackathon stage. It even posits that a hackathon can replace the traditional RFP procurement process for identifying and selecting innovative solutions.

Healthcare Informatics 100 – Gold Rush for Health IT Vendors

The latest edition of the top 100 healthcare IT vendors, by revenue, has been released. This article provides some insight, and here is the actual list.

For some perspective, here is a blog post from the Editor-In-Chief of Healthcare Informatics, Mark Hagland, that includes and analysis of the list and some trends over the past few years.

An excerpt: “…five years ago, the 2009 Healthcare Informatics list revealed that the vendor with the highest HIT revenues had $2.98 billion in 2008 revenues, while the 100th and last on the list had $5.1million in 2008 revenues. This year, the top company reported $3.4 billion in revenues, while the 100th largest company reported $35 million in revenues. In 2009, reporting $35 million in revenues would have put a vendor company up at number 65th on the list.”