Electronic Medical Records and the Potential for Cyber-Attacks

Editor's Corner

Submitted on Wed, 03/15/2017 - 22:58

<p>Craig Walker, MD<br />
Clinical Editor<br />
Interventional Cardiologist&nbsp;<br />
Founder, President, and&nbsp;Medical Director<br />
Cardiovascular Institute of the South<br />
Clinical Professor of Medicine&nbsp;<br />
Tulane University School of Medicine<br />
Louisiana State University School&nbsp;of Medicine</p>

Welcome to the March edition of Vascular Disease Management. There are multiple interesting articles in this issue. I have chosen to comment on Dr Kumar’s article “Cyber-Attacks: Rising Threat to Health Care” as I think this article is of great importance to all physicians, health-care providers, and patients, particularly in this era of mandated electronic medical records. Subsequent to the submission of this article, a major security breech was reported at a prestigious United States health-care institution with more than 200,000 patient records compromised and submitted for ransom to be paid in bitcoins. This latest breech clearly confirms that Dr Kumar’s concerns are not theoretical or esoteric. Dr Kumar points out that up to one-third of all electronic medical records may become compromised this year. The potential adverse consequences of EMR breeches go far beyond simple financial and privacy concerns.

Electronic medical record pundits have effectively argued that EMRs result in improved health care. Based on these arguments, EMRs have been essentially mandated by many insurers (utilizing improved compensation for physicians and hospitals only if EMRs are utilized). 

The positives of EMRs are many. These positives include the ability to rapidly access all stored data, the ability to access the data easily from remote locations, the ability to incorporate simultaneous billing, and the ability to include oversight regarding best medical practices. Potential drug interactions with built-in alerts can be included. Poor handwriting, problematic with most prior charts, is of course avoided. Access to all prior testing is simple.

Unfortunately, the negatives of EMRs have not been presented with the same vigor. EMRs have resulted in many capable physicians choosing retirement. These physicians have found it difficult to negotiate the records and have found that EMRs have resulted in a dramatic decrease in patient throughput. Technical support during the initial rollout is often suboptimal, particularly on weekends. The office electronic records require that a physician “badge in” in each exam room and then search through a list of patients to choose the patient to be seen, then open that chart. At a minimum, at least 90 seconds are required per patient to do this when the computers are functioning perfectly. Unfortunately, there are times when computer glitches result in dramatic delays, resulting in significant added wait times for patients and creating patient dissatisfaction. Hospital rounds are also at least initially dramatically more difficult to complete in a timely manner. Many patients complain that care seems to be less personal, with nurses and doctors focusing more attention on entering data in computers than actually interacting with the patient.

Patient EMRs are expensive and the costs have been increasing at a dramatic rate. Relatively small hospitals are paying more than 50 million dollars each to acquire EMRs for the first year of implementation, with subsequent costs as well. Individual physician offices often spend millions of dollars implementing EMRs. One must question whether these EMRs have any chance of lessening health-care costs as has been touted, when the initial and subsequent cost of implementation is so great. The concerns over the security of these charts, as pointed out by Dr Kumar, are legitimate. Security breeches have financial, personal, and health-care consequences. There are many who would argue that anything that is electronic has the potential to be hacked.

The value of EMRs is hotly debated among physicians, but despite the debate, most physicians are being mandated to utilize EMRs by hospitals. It will be crucial to have better protection from hacking and diminish the exorbitant upfront costs if we are to move forward into the “EMR age.”