Medical Records

@”Victo Dolore” recently posted an entry (here) in which she “confessed” that she wanted to move from doctoring (except for the part about seeing patients) to health policy or electronic health records (EHR). These are both areas that need vast amounts of attention. One comment that I have on EHR is that to be safe and effective, ultimately, a universal patient identifier (UPI) will be needed.

I spent many years in computer security, and one of the things that happened near the beginning of that time (in the ’70s) was the war over the use of the Social Security Number (SSN) as a universal identifier for all sorts of things government related (or even commercial). That war took years and, in the end, was a loss for everybody—activities that really needed the SSN didn’t get it; activities that didn’t need it got it; and the SSN was diminished as a result.

I predicted then, and still believe, that a universal identifier is needed for patient records, and that the battle over such a concept will be bigger and longer lasting than the SSN battle.

The UPI battle hasn’t really begun yet, but a pair of columns in the New York Times, even though they didn’t discuss this issue, suggested to me where it may occur. In this morning’s Times (2014/11/09) Elisabeth Rosenthal had a column entitles Medical Records: Top Secret. This was the second column dealing with a man named Peter Drier, who received a surprise bill of $117,000 from an out-of-network surgeon who assisted in his back operation—a surgeon he had never heard of. That situation begs comment on several levels, from ethical to legal, but that is not my objective here.

Rosenthal’s second column, was about the difficulty Mr. Drier had getting his own medical records from the hospital. It took him 6 weeks during which the hospital hid behind HIPPA (the privacy protection law intended to protect Mr. Drier, not the hospital), charged him $100 for copying (he would have needed a truck to carry $100 worth of copying), and made him appear in person to obtain the records. Ok, questionable legal ground—the hospital had 30 days to comply, according to the law, but when the clock starts is unclear, outrageous fee, and murky ethical ground (well, not really very murky), but in the end he got the records.

Suppose that, instead of the hospital, he had been dealing with his insurance company.

You can suppose that the insurance company had access to pretty much all of the medical record—they had to assess it to decide what they would pay. But, you don’t know what they did with the records. Did they look at them, make a decision and then destroy what they had. I don’t think so. Would you do that if you might be required to answer questions later? How do you know that the records they attached to your name were actually records pertaining to you (this is where the UPI comes in). How would you find out? If you suspected an error (even organizations as well meaning as your insurance company make mistakes), how would you get it corrected? You have access to your credit records and a mechanism to correct mistakes (it ain’t easy, but it is possible). Do you have access to the records held by your insurance company and a mechanism to correct them? If those things exist, I’ve never heard of them. And, the insurance company isn’t going to volunteer to give them up. Legislation will be required. Strong public opinion will be required to prevail in the face of lobbyists at least as well funded as oil company or banking lobbyists.

So, here’s my unsolicited career advice to Victo Dolore (my unsolicited advice to the rest of you is to go and read her blog , it’s pretty interesting): forget health policy (98% politics) and go do something about electronic records (probably no more that 75% politics, woo hoo). We badly need help in that area. We need it so badly that we don’t yet even realize that we need help. And, you won’t have to work with Ted Cruz.