Electronic medical records — different perspectives sharing the same news pages

“How could this happen?” As security experts know, no data system is completely invulnerable. — Express Scripts

Within weeks:

● medical providers with Blue Cross Blue Shield of Massachusetts learned that they will be required to adopt electronic prescriptions;

● the federal government has mandated that all doctors who provide care to Medicare recipients adopt electronic prescriptions or else they will incur increasingly steep financial penalties;

● AMNews of the American Medical Association reported that only 6% of doctors have been willing to adopt electronic prescribing, with reasons that include costs and slowed efficiency with little return, having to maintain multiple systems, and inability for patients to fill prescriptions at smaller pharmacies;

● the country’s largest electronic pharmacy management company revealed a massive security breach and theft of the personal prescription records of millions of people that are being used to extort money from the company or else the information will be publicly released, including their names, birthdates, social security numbers and prescription/medical records.

Do we want to make all of our medical records, lab and diagnostic results, and pharmacy records electronic and linked into a national Health IT database?

Doctors offices have been slow to adopt electronic medical records, despite continued efforts of the government and insurers to overcome their reluctance. Estimates of just how many doctors are adopting EMR systems and the components they are utilizing have varied, however. Researchers led by Dr. Catherine M. DesRoches, Dr.P.H, at the Institute for Health Policy in Boston with the Office of the National Coordinator for Health Information Technology of the Department of Health and Human Services conducted a survey of a nationally-representative sample of 2,758 physicians across the country, with the goal of gathering accurate information. It was a mailed survey of conducted from September 2007 to March 2008. The results were reported in a July issue of the New England Journal of Medicine and found that only 4% of physicians had a fully functional electronic records system and 13% had some type of basic system. Another 16% said their practice had purchased a system, but not implemented it. “As of early 2008, electronic systems had been adopted by only a small minority of U.S. physicians, they concluded.

The most significant barrier to adopting EMRs doctors, reported by two-thirds of respondents, was the costs and then the uncertainty about the return on investment. Loss of productivity, difficulty finding an EMR that met the needs of their practice, and difficulties implementing the system were among the other major barriers cited.

As the News Record in Greensboro, North Carolina, reported just over a week ago, Moses Cone Health System estimates that for a typical physician’s practice, the costs of a system, the licensing and implementations fees are more than $36,000. Practices also must pay their own support and maintenance fees, beginning at about $5,500 annually for a solo practitioner, said John Jenkins, a Moses Cone vice president and chief information officer. The costs may be more than their practice can absorb, said Dr. Richard Aronson with Guilford Medical Associates. To pay for it, “you’ve got to cut costs, see more patients or suck it up.”

While the government and Department of Health and Human Services is calling for the health records of every American to be in its national electronic database by 2014, claiming enormous cost savings from $81 billion to $2 trillion a year, a nonpartisan investigation by the Congressional Budget Office concluded the savings won’t be that big. “Office-based physicians in particular may see no benefit if they purchase (an electronic-records system) — and may even suffer financial harm.” One reason, besides the enormous start-up costs, the study found, is that an insurer or patient might see savings, but not the doctor.

Politicians and stakeholders have different perspectives, it appears, from the majority of medical professionals when it comes to electronic medical records. Doctors largely recognize that EMRs and electronic-prescribing primarily benefits third-party payers and pharmaceutical benefit managers, in increased efficiency and compliance with their performance measures and drug formularies. A study by the Center for Technology Leadership, a Boston-based health care research organization, found that while physicians bear all the costs, they get only about 11% of the savings from EMRs, the real benefit goes to insurers and third-party payers.

Even fewer physicians are using electronic prescribing — only 6% AMNews said last week. Those were the findings of the nation’s largest provider of e-prescribing services, SureScripts, survey of physicians in December. Other reasons for physician’s' resistance mentioned in the American Medical Association news article were that only one in four small pharmacies are set up to receive e-prescriptions, and e-prescription vendors have found Medicare’s formularies difficult to incorporate into their programming as required for certification, which requires them to hire programmers to build databases individually. Presumably, this makes the systems for e-prescribing EMRs more expensive to physicians.

The AMNews article was reporting on the National E-prescribing Conference hosted by the Centers for Medicare & Medicaid Services last month. As most doctors know, but perhaps consumers don’t, is that beginning in January, Medicare launches its financial incentive program to compel doctors caring for Medicare patients to adopt e-prescribing. [Covered here.] Immediately, doctors will no longer be permitted to fax prescriptions to Medicare. At first, doctors will get a 2% bonus for using e-prescribing for their patients receiving prescription benefits under Medicare Part D, then the bonuses will be cut in half and half again before ending. But in three years, those who fail to comply will begin to be financially penalized and their Medicare pay docked by increasing amounts to 2%.

“You can accept it and survive or you can lead and prosper,” Health and Human Services Secretary Michael Leavitt reportedly told physicians at the conference.

The state with the highest e-prescription compliance rates among physicians is Massachusetts, according to SureScripts. That was attributed to Blue Cross Blue Shield of Massachusetts’s instituting an e-prescribing incentive program in 2004. Last week, doctors in Massachusetts learned from BCBS that in order to qualify at all, they will be required to move to e-prescribing. BCBS is one of the founders of eRx Collaborative, working to promote e-prescribing in Massachusetts, which, according to Healthcare IT News, has the support of politicians as a means to save money, time, paperwork and lives.

Meanwhile, as all of these stories have been in the news, the pharmacy benefit manager that handles prescriptions for 50 million Americans revealed to the media that it has called the FBI for help to deal with an extortion attempt. Express Scripts received a letter that included the personal information on 75 members (including social security numbers) and claimed to have the electronic personal information on millions of its customers and is threatening to reveal it unless the company pays up. According to E-Commerce Times, this could be one of the more damaging cases of data loss on record and “may raise red flags for industry hopes of putting more health care information online in an effort to control costs.”

Steve Duncan, senior product manager for Entrust, told the E-Commerce Times that as soon as companies move their processes electronically trying to save money, “you have to have things in digital format and stored in digital format, and there's the opportunity for data theft. I think we'll hear a lot more about this.”

The Wall Street Journal reported a few days ago that this isn’t the first such extortion attempt against a big company, nor the first to involve private health information. The stories have become increasingly frequent. Last month, for example, the FBI said it had made an arrest on the theft of a computer server from Medical Excess, LLC, a subsidiary of AIG, that contained “personally identifying and health care sensitive information” of more than 900,000 people and had similarly tried to extort the company for money.

Express Scripts has been proactive in communicating openly with its members and the public, and has launched a support website to keep everyone updated on developments and offer resources for protecting against identify theft. As it says: “We deploy a variety of security systems designed to protect that information from unauthorized access. However, as security experts know, no data system is completely invulnerable.”

But things are getting worse and the blackmailers behind the Express Scripts extortion attempt appear to mean business, the Wall Street Journal blog reports this morning. Some of its customers have begun to receive anonymous threats as part of the extortion attempt, and the letters include their personal information, including birthdates and social security numbers. The letters are said to be similar to the one the company received.

One commenter noted: “This security breach is yet another example of how widespread implementation of electronic medical records will be our worst nightmare… your most personal details of health like abortions, psychiatric care, drug addiction therapy, cancer, etc are kept in databases easily accessible to tens of thousands of low-level employees. Worse yet, this information is actually marketed to third parties.”

A New York City doctor commented earlier at the WSJ: “Sure makes me want to make sure all medical records are electronic and linked. Not.”