ELECTRONIC HEALTH RECORDS SYSTEMS: TESTING THE LIMITS OF DIGITAL RECORDS’ RELIABILITY AND TRUST
Barbara Drury, Reed Gelzer, and Patricia Trites
ANNOTATION
George L. Paul
The United States healthcare system accounts for nearly twenty percent of our nation’s Gross Domestic Product. Its vast information ecosystem comprises nearly 700,000 physicians; over fifteen million healthcare workers; 5,900 hospitals; 16,000 nursing homes, and numerous other facilities; enormous insurance interests; mandated, untested national technology strategies; and hundreds of millions of critically concerned actors—all combining in interlocking, information networks. It is a system worthy of examination. Is the evidence created by this vast information ecosystem reliable?
The following Article summarizes systemic defects in our nationally mandated healthcare information systems. The authors examine the critical doctrines animating our current evidentiary rules. Time after time our medical records systems are revealed to be defective. Authenticity is suspect as an endemic matter, just as is trusted reliability for clinical and business purposes. Certainly there is a looming evidentiary defect undermining the very purpose for the records’ existence.
Why are there such catastrophic failures? Here, the authors make their original and lasting contribution. Viewing the issue as more than the reliability of discrete records, the authors examine the invisible societal processes causing records-systems’ dysfunctionality. They demonstrate our current system is unrealistic in that it ignores the complexity in our economy. As one example, our system purposefully ignores the fact that healthcare records are used arguably as much to obtain payments as they are to document clinical facts. The authors demonstrate that a more realistic approach is necessary if we are not to delude ourselves. In this regard, the Article is an example of an updated empiricism—informed by more advanced, appropriate, and prudent ideas about technology.
INTRODUCTION
Electronic records systems are bringing unprecedented changes to the United States Healthcare Industry. As an objective of economic stimulus legislation, under the American Recovery and Reinvestment Act of 2009 (ARRA), billions of taxpayer dollars are leveraging additional billions of private dollars to accelerate clinicians’ and clinical organizations’ uptake of these as yet non-standardized and minimally regulated systems. The history and the rationale for the uptake stimulus, as well as risk considerations, have been thoroughly reported elsewhere. Of particular note is that the stated objectives of ARRA address the security and exchange of information from Electronic Health Records (EHRs), and are effectively silent on whether the information originates from a reliable and trustworthy source.
This Article is unique from prior summaries, including those detailing risks, in focusing specifically on EHRs as sources of records for United States legal proceedings and processes, and therein offering exemplary illustration of how EHRs can pose unique challenges to those legal proceedings. The resulting challenges derive from, generally speaking, fundamental operational characteristics of these systems that can vary widely from records management and digital records norms, giving rise in turn to potential impeachability on grounds of unreliability and untrustworthiness, as well as unfitness for the stated business of the industry itself, clinical care, whether by design or by use, known or unknown. The Article will also note direct and indirect market forces for preferentially selecting “unfitness” in the evidentiary capacities of electronic health records management systems...
CONCLUSION
Our subject here has been to introduce the concept of EHR systems as an illustration of why digital records systems, most especially EHRs, may, as a matter of routine, merit testing for reliability and trustworthiness as a precondition for, as an example, accepting the validity of records systems under Rule 901(b)(9) or deeming their outputs admissible under Rule 803(6). Other industries, with simpler business rules, more systematic auditing guidelines, and external references for credibility may share some or all of the vulnerabilities of EHRs as sources of truth. In all instances though, organizations are obliged to make certain that their records systems originate, retain, and preserve records by such means and for such lengths of time as required by the rules, regulations, and common practices deemed pertinent to their line of business.
Currently there are no regulatory health information technology requirements or Federal HIT program qualifications for these systems that assure, or reference, their fitness as business or clinical records. While some regulatory reference exists to supportive functions, such as “audit trails,” at this writing, their use is not required in deployed systems, meaning that evidentiary non-reliability will persist as a challenge to e-Discovery and to all business record-supported or dependent processes in the healthcare industry for a long time.
There is a substantial body of resources for due-diligence in records management systems for supporting reliability and trust. Eventually, federal oversight entities, or accumulating case law, will assert their influence on assuring reliability in IT in general, perhaps beginning with Healthcare IT. Thereafter, trustworthy EHRs will, all patients hope, become a norm as the marketplace gains increasing transparency to reliability defects so that superior systems and superior applications of those systems can accelerate. In the meantime, in the absence of an authoritative source of meaningful EHR reliability regulation or certification, health care enterprises, which represent nearly twenty percent of all United States business activity, must exercise additional institutional rigor and discipline in achieving digital business records reliability. The benefits to business records are the subject here. Great value will accrue through other means, such as displacing inferior systems and stimulating better systems, while also lowering patient, organization, and provider/user risk through improvements in clinical care, patient safety, and healthcare enterprise effectiveness.
__
Link to the full 33 page Law Review pdf.
My comment at iHealthBeat:
ANY time ePHI is created, viewed, modified, transmitted, or deleted, there must be an audit log trail capturing who, what, and when. That's not "ARRA," that's HIPAA (which, btw, has been updated to include the policy provisions of ARRA HITECH 13400 et seq). Whether the data are in fact accurate (per 45 CFR 164.3 et seq) is a separate matter, and is why we have an HHS OCR and OIG, and civil and criminal legal systems.
Oh, yeah, let us not forget:
Seriously, people?
From the MedScape piece:
None of which is to discount the general concern aired. My pick is with the shoddy scholarship -- and the mindless re-reporting of it. We don't need TMZ journalism in health reporting. "Endemic?" "Looming evidentiary defect?" "Catastrophic?"
Seriously? How about some dad-gumbed data? Y'know, say, "a recent nationwide HHS/OIG audit of the EHRs of 3,000 randomly selected providers found x% suspected fraud, y% confirmed fraud, z% simple data entry errors, t% unclosed encounter notes open for more than a week... These results are stratified in Table 1 by EHR vendor..."
Nah. That would be empirical science.
Look; given the ease of inappropriate manipulation of digital data relative to paper-based antecedents, yes, there are new issues to be dealt with. But the significantly improved ease of digital forensic analysis has also lept forward from the days of having to shlep and gumshoe through truckloads of boxes of paper records in search of the perps.
BTW, FROM CO-AUTHOR GELZER'S WEBSITE
Witty, 'eh? I guess my Clinic Monkey EHR has competition. But, at least I know how to spell "diligence."
CODA
If you're up for another cognitive hernia howler, read this Ave Maria Law Journal article by co-author / annotator Georg Paul:
Forty pages of modestly "seminal" noggin-scratching surreality. There are numerous good reads on the societal promise and perils of tech advancement. I've cited a good number of them in prior posts.
___
More to come...
Link to the full 33 page Law Review pdf.
My comment at iHealthBeat:
A 33 page legal article pertaining to Health IT and its purported forensic defectiveness and not ONE mention of HIPAA?
Page 275:
"Currently there are no regulatory health information technology requirements or Federal HIT program qualifications for these systems that assure, or reference, their fitness as business or clinical records. While some regulatory reference exists to supportive functions, such as “audit trails,” at this writing, their use is not required in deployed systems..."
"Not REQUIRED"? Really? We're supposed to take these authors seriously? See 45 CFR
§164.308 Administrative safeguards.
§164.312 Technical safeguards.
Just for starters.Compliance with 45 CFR 164.3, .4, .5 is most certainly "required in deployed systems." MU Certified or not. This poorly written "Article" (love how they always capitalize it) is replete with vague generalizations, blinding glimpses of the obvious, and flat-out misstatements. Oh, and "data" is not the plural synonym of "anecdotes."
ANY time ePHI is created, viewed, modified, transmitted, or deleted, there must be an audit log trail capturing who, what, and when. That's not "ARRA," that's HIPAA (which, btw, has been updated to include the policy provisions of ARRA HITECH 13400 et seq). Whether the data are in fact accurate (per 45 CFR 164.3 et seq) is a separate matter, and is why we have an HHS OCR and OIG, and civil and criminal legal systems.
Oh, yeah, let us not forget:
§164.306 Security standards: General rules."Integrity" means, among other things "accuracy." While IANAL, it strains credulity to assume that congressional "legislative intent," while explicit via the setting forth of provisions relating to the security and privacy of ePHI, was indifferent to the completeness and accuracy of ePHI. And, again, there is a huge volume of federal, state, and local law and regulation pertaining to precisely such concerns. Yes, there are forensic problems associated with digital information that do not mirror those pertaining to its paper-based forebears. Some more coherent legal writing would help here.
(a) General requirements. Covered entities and business associates must do the following:
(1) Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity or business associate creates, receives, maintains, or transmits.
Seriously, people?
From the MedScape piece:
EHRs Not Reliable for Legal Cases, Experts SayHaving cut my professional teeth writing apps and doing QC in a forensic-level radiation lab in Oak Ridge in the 80's, I know just a tad about digital evidentiary standards (we specifically trained to Frye). The fact that digital frauds (and simply data slop) abound antedates EHRs by decades.
Ken Terry October 03, 2014
Electronic health record (EHR) documentation has a wide range of reliability and authenticity and should be verified before being admitted into evidence in legal proceedings, argue health information technology and compliance experts in an article published in the Summer 2014 issue of the Ave Maria Law Review. However, it is unclear whether evidence taken from EHRs has ever been disqualified in a malpractice case.
The central contention of the authors, Barbara Drury, Reed Gelzer, MD, MPH, and Patricia Trites, MPA, is that EHRs are designed to maximize payments to providers and therefore do not necessarily reflect the care that was actually provided to patients. They also note that the "litigious atmosphere in healthcare" offers incentives to use EHRs that can "amend representations of events, according to considerations other than accuracy and reliability as legally sound records..."
None of which is to discount the general concern aired. My pick is with the shoddy scholarship -- and the mindless re-reporting of it. We don't need TMZ journalism in health reporting. "Endemic?" "Looming evidentiary defect?" "Catastrophic?"
Seriously? How about some dad-gumbed data? Y'know, say, "a recent nationwide HHS/OIG audit of the EHRs of 3,000 randomly selected providers found x% suspected fraud, y% confirmed fraud, z% simple data entry errors, t% unclosed encounter notes open for more than a week... These results are stratified in Table 1 by EHR vendor..."
Nah. That would be empirical science.
Look; given the ease of inappropriate manipulation of digital data relative to paper-based antecedents, yes, there are new issues to be dealt with. But the significantly improved ease of digital forensic analysis has also lept forward from the days of having to shlep and gumshoe through truckloads of boxes of paper records in search of the perps.
BTW, FROM CO-AUTHOR GELZER'S WEBSITE
Witty, 'eh? I guess my Clinic Monkey EHR has competition. But, at least I know how to spell "diligence."
CODA
If you're up for another cognitive hernia howler, read this Ave Maria Law Journal article by co-author / annotator Georg Paul:
SYSTEMS OF EVIDENCE IN THE AGE OF COMPLEXITYGeorge L. Paul
The global economy is transforming in unprecedented fashion. Persistent, exponentially advancing technologies now rival the invention of the printing press in their importance to society. Indeed, respected economists declare that what is happening is the biggest development in the history of economic activity. The result? Complex systems will soon define reality and a new civilization is emerging. And what is happening in the legal realm? Our system of evidence now fails to comprehend the emerging complexity that may soon overwhelm us. Accordingly, the rule of law is in jeopardy...
I. THE NEW LIFE OF INFORMATION
Seven years ago, I co-authored the article, Information Inflation: Can the Legal System Adapt?, with Jason Baron. It has been cited over a hundred times in cases, articles, legal briefs, and in a decision by the Supreme Court of at least one nation overseas. Some consider the article seminal because it forecast how the legal profession would evolve so as to comprehend the data created by the inflation of information. The technologies the article predicted have come to pass and have been commercialized. They are studied in institutes and discussed in federal court decisions.
Information Inflation did more than predict how the legal profession would plumb vast new seas of information in discovery. It highlighted evidentiary concerns. Its second paragraph stated: “As problematic as quantity are the diverse new forms of writing which emerge constantly as a consequence of information inflation."...
More to come...
No comments:
Post a Comment