Review the following case study and answer the following question:
Question 1: What concepts in the chapter are illustrated in this case? Who are the stakeholders in this case?
Question 2: What are the problems with America's current medical record keeping system? How would electronic medical records alleviate these problems?
Question 3: What management, organization, and technology factors are most critical to the creation and development of electronic medical records?
Question 4: What are the pros and cons of electronic patient records? Do you think the concerns over digitizing our medical records are valid? Why or why not?
Question 5: Should people entrust Google with their electronic medical records? Why or why not?
Question 6: If you were in charge of designing an electronic medical record keeping system, what are some features you would include? What are features you would avoid?
Case Study: Ethical and Social Issuesin Information Systems
During a typical trip to the doctor, you will see shelvesfull of folders and papers devoted to the storage of medicalrecords. Every time you visit, your records are createdor modified, and often duplicate copies are generatedthroughout the course of a visit to the doctor or ahospital. Take a look at your doctor’s office and chancesare you’ll see a bevy of clerks bent over desks filled with paper forms, mostly insurance claim documents. Themajority of medical records are currently paper-based,making effective communication and access to therecords difficult: only 8 percent of the nation’s 5,000hospitals and 17 percent of the nation’s 800,000 doctorsuse computerized health care records of any kind.Americans made well over a billion visits to doctors andhospitals over the past year, with each American makingapproximately four visits on average. As a result, there are millions of paper medical records lining the corridorsof thousands of local medical practices, and for the mostpart, they cannot be systematically examined, and theyare difficult to share.
Now for some good news: the administrative wastecould be largely eliminated by a massive investment in anationwide health care record system based on standardizedrecord formats, and the participation of all elementsin the health care provider industry.The United States spends about $2 trillion on healthcare,and about $700 billion or one-third is “waste,”loosely defined as costs that could be shed if the healthcareindustry followed best practices. This waste is amajor reason why the United States has the highest-costmedical system per capita in the world. Among the many sources of waste are fraud, duplicate tests, unnecessarycare, medical mistakes, administrative inefficiency,redundant paperwork, and a paper-based health recordssystem. The outdated administrative procedures andrecords situation causes an estimated 25 percent of thetotal “waste,” or about $175 billion a year.There’s more good news about medical records: thenew Obama administration in February 2009 set aside$19 billion to fund a Health Information Technology program as a part of the American Recovery andReinvestment Act of 2009. The goal: computerize allhealth records by 2014. And the major technologycompanies are banding together and offering up solutions,responding to the opportunity of billions of dollarsof government contracts. IBM, Google, Microsoft,and a consortium of medical device makers and othercompanies have formed an alliance to create a softwareplatform that will allow medical data from at-homedevices like glucose meters and blood pressure monitors to be sent automatically to Google Health(Google’s online medical record system) or other personalhealth records systems online. It’s a broadreaching software platform that will bring data portabilityand medical records interoperability in direct conflict with a huge industry entrenched in siloeddata.Estimates are that the Health Information Technologyinitiative will create over 200,000 jobs in MIS andsystems, and the 10-year cost is $75–$100 billion. Theproject should pay for itself with an estimated savings of$175–$200 billion a year. The Health InformationTechnology initiative is arguably the largest managementinformation systems project in the history of theUnited States since the computerization of the Social Security System records in the 1950s. What’s involved isnot just dropping PCs on doctors’ desktops and operatingtables. Instead, a massive investment in organizationand management, cultural change, software, andinterface design is required. In short, the skills you learnin this book will be highly valued!The bad news is that the health of your personalprivacy will probably decline, significantly. You willmost likely lose control over what private medicalinformation about you is distributed, and you will notbe able to restrict its distribution. Your medical recordswill be a very efficient, instantly accessible, “semipublic” document accessible by millions of health care workers whom you will never meet or know about.And you won’t ever really know who has access toyour records, or understand how they are or might beused.The health-care industry is notoriously bad at keepingmedical records private. Georgia Blue-Cross introduceda change in its medical information systemwithout testing, and sent thousands of patient recordsto the wrong fax machine in a neighboring state. Aformer billing clerk at Cedars-Sinai Medical Center inLos Angeles was arrested in November 2008 andcharged with stealing patient records and using theidentities to steal from insurers. In 2009, the KaiserPermanente Bellflower Medical Center in Los Angeleswas hit with a $187,500 fine for failing to preventunauthorized access to confidential patient nformation— employees were improperly accessing the medicalrecords of NadyaSuleman and her eight children.This is the second penalty against the hospital. EvenBritney Spears has not been spared: UCLA MedicalCenter was embarrassed to disclose that employeeshad sifted through the medical files of more than 30celebrities, including singer Britney Spears, actressFarah Fawcett, and California First Lady MariaShriver. There are occasional horror stories like thoseof Patricia Galvin that reinforce the worries many peoplehave about the privacy of their medical records.Galvin attempted to acquire disability benefits for herchronic back pain but was turned down on the basis of her psychologist’s notes, which were supposed to beconfidential. The number of monthly medical privacycomplaints received by the Department of Health andHuman Services has been steadily approaching 750per month over the past several years, up from 150 in2003. People fear that a switch to electronic medicalrecords could be even more vulnerable to securitybreaches and privacy violations.Privacy advocacy group Privacyrights.org documented248 serious personal data record breaches in 2009, andabout 24 percent of those involved medical serviceproviders—doctors, hospitals, and insurance companies.In October 2009, the New York Times published a table illustrating 32 different groups who have “legitimate”access to your medical records, a staggering array ofdoctors, business associates, government agencies, anddata miners (including pharmaceutical companies andtheir sales staffs). It is conceivable that over a million people have direct access to medical records throughoutthe United States.These privacy concerns are far from unfounded.HIPAA—the Health Insurance Portability andAccountability Act of 1996—provides very limitedprotections for personal medical records. HIPAA basicallylegitimizes rather than constrains the near unlimitedflow of information between healthcare providers,health insurers, and clearinghouses for payment processing.HIPAA makes it all legal and then asks you to sign off on it as a condition of receiving medical treatment!There are no federal privacy protections for patients whoset up personal health records online, say at Google orother Web sites offering medical record services. Evenhospitals and practices that currently use electronicstorage formats report a high incidence of securitybreaches, with a quarter of healthcare technology professionals reporting at least one security breach in thepast year. According to a 2006 Federal TradeCommission study, about 249,000 Americans had theirpersonal information misused for the purpose ofobtaining medical treatment, supplies, or services.Google has put itself center stage in the health recordsarena. In March 2008, Google announced an applicationthat it hopes will alleviate the inefficiency of the currentmedical record storage system: Google Health.Google Health will allow consumers to enter their basicmedical data into an online repository and invite doctorsto send relevant information to Google electronically.The service is free to users. Features will include a“health profile” for medications, conditions, andallergies; reminder messages for prescription refills ordoctor visits; directories for nearby doctors; and personalizedhealth advice. The application will also be able toaccept information from many different record keeping technologies currently in use by hospitals and otherinstitutions. The intent of the system is to make patients’records easily accessible and more complete and tostreamline record keeping.
Google has proven that it is very good at what it does.It is, among other things, one of the largest advertisingfirms in the world, and the largest Web tracker ofindividuals in the United States. But what if Googlewere seeking personal information about you? Youmight not feel as good about Google’s quest to organizethe world’s information when you consider that some ofthat information is information you’d prefer remain private.Google’s development of its Google Health application illustrates the conflict between itsself-avowed mission and the individual’s right to privacy.Would you trust Google with your health records knowingthat a potential employer, or current employer, mightbe able to access those records?Proponents of electronic health records argue thatcomputer technology, once fully implemented, wouldenhance security rather than threaten it. They also believe that it is more important to first get the systemup and running than to worry about privacy matters.Congressional Representative Joe Barton of Texas, anadvocate of legislation that would speed the developmentof such records, said that “privacy is an importantissue, but more important is that we get a healthinformation system in place.” Lawmakers like Bartonfeel that the benefits of systems like Google Healthoutweigh the privacy risks, and that further legislationto impose privacy controls can be added after the fact.Some experts disagree with that stance, saying thatunless an electronic system has sufficient privacycontrols from the outset, it is less likely to becomeuniversally used. Even if the system’s security controlsare sufficient, it is important that consumers are awareof those controls and confident that they can use thesystem without fear of their records being accessed byunauthorized parties. Creating an electronic healthsystem without the proper security controls would notonly be an unacceptable privacy risk, but would bedoomed to failure because potential users would beunwilling to cooperate with the informationrequirements of the system.Google is not the only company to set its sights ononline medical records. Microsoft and Revolution HealthGroup LLC, founded by AOL co-founder Steve Case,among others, are also launching similar sites whereusers can maintain online health profiles. As of yet it istoo early to tell whether any of these ventures will besuccessful in the long term. The federal office in charge of creating a national network of electronic healthrecords, the Office of the Coordinator of Health Information Technology, announced in March of 2008that it plans to integrate its system with both Google andMicrosoft’s healthcare databases, among others.One way or another, private industry and governmentwill likely move forward slowly towards a nationalmedical record information system. The ethical andmoral dilemma posed by this national system involvesan inherent conflict between two closely held values:medical care efficiency and effectiveness versus theprivacy of your personal medical information.