Electronic Health Record (EHR) systems hold great promise. However, like many new technologies, the difficulty of achieving EHRs' promise has been vastly underestimated, as have the risks. The current national initiatives pushing for widespread EHR implementation may be leading us into an unmapped minefield.
In the course of its EHR function research and educational endeavors, my organization, Advocates for Documentation Integrity and Compliance (ADIC), has demonstrated the necessity for due diligence when purchasing and using EHR systems, aggravated by the limited uptake of EHR standards and the low thresholds for current EHR certifi cation. In the course of our work, we have also provided responses to various national publications’ suggestions that clinician stubbornness, not rational market behavior, is the primary cause for the slow uptake of EHRs in the US. We have also provided referenced documentation refuting statements that EHRs necessarily improve care quality measurement or reduce medical legal risk as based on unsound information. However, given the current national enthusiasm for an EHR silver bullet, suggesting a rational, critical, analytic approach to EHR uptake is like suggesting due diligence on dotcom companies pre-crash, like suggesting that relieving mortgage sellers from risk is a bad idea, or like suggesting that the puddle in a New Orleans yard is levee water leaking. These national enthusiasms, however well-meaning and sincere, blind us to readily apparent contrary information. America is enthralled with the future of EHRs and partying like its 2014, and we’re “mission accomplished” per President Bush’s 2004 EHR decree. In the hope that not everyone is at that party, ADIC welcomes each opportunity to speak to the thoughtful in hopes of lessening the effects of the looming EHR bust.
The EAR party now underway
Dr. Don Simborg, co-founder of the standards development organization Health Level 7, presented on the subject of intra-Beltway “irrational exuberance” for EHRs at the Th ird Annual Leadership Summit on the Road to Interoperability, held in Boston the week of July 23rd. Following up on earlier published statements, he described in his keynote address “EHRs and the National Agenda: Changing the Focus” the current national policy as “EHR adoption regardless (aka EAR).” He then projected the coming EAR-ache that will result unless we change the message that any EHR is better than no EHR.2 By way of illustration, Simborg pointed to the Offi ce of the National Coordinator’s (ONC) failure to act on recommendations in an ONC-commissioned report he co-wrote, designed to avoid the EHR-caused increase in healthcare fraud predicted by an earlier ONCcommissioned report.
Where the rubber (painfully) meets the road
The EAR-ache problem is acute and concrete. ADIC receives calls for information and for help from clinical facilities, payers, and the occasional conscientious EHR firm about repairing EHR systems that cannot meet basic requirements for assuring medical—legal validity. Th e truth is that many EHR systems were not designed to meet the well-established requirements for valid, admissible legal records. Furthermore, we fi nd that EHR users rarely test to make sure their own institutional requirements for valid medical records are met. Very few purchasers and users of EHRs who have identifi ed gaps in their systems proceed to develop means of mitigation to support basic validity requirements.
The United States faces a vast and growing, but unmeasured, medical-legal risk cost due to EHRs’ likelihood of being impeached or otherwise determined to be unreliable when used to support a legal action, such as defense against allegations of malpractice, billing fraud, employment discrimination, or any of the host of legal cases in which medical records form an important body of information and evidence. However, because of the way the risk projection and the risk insurance marketplace work, until there are many actual losses, there is no way to estimate that risk. Even more troubling is that these same functional requirement gaps have corollary data quality implications insofar as the same integrity requirements are also protections against falsifi cation, misuse, or innocent errors in medical records. Minimizing these data quality, integrity, and reliability functions also risks making them less trustworthy as clinical records.
We have had a “coalmine canary” event thanks to one brave institution, which published its fi ndings about its own problematic EHR that was a signifi cant contributor to both a family’s distress and that institution’s loss.
Why is the focus of EHR adoption so heavily weighted toward assuring fi nancial return on investment (ROI), rather than on reducing the risk a patient takes when stepping into a US hospital or clinic? The oft-quoted Institute of Medicine report “To Err is Human” advises that we are killing somewhere between 50,000 and 100,000 people annually due to medical errors in hospitals. Another report, by an independent healthcare quality firm, surveyed 37 million records and concluded that the average for 2000—2002 was closer to double the upper end of the Institute’s estimate. Apparently, the best we can do today is for insurers to refuse to pay for hospital injuries that never should have occurred in the first place. A rational EHR policy should worry less about doctors’ and hospitals’ revenues and focus more on patient safety and care quality improvement.
So, why aren’t we implementing EHRs with risk mitigation and patient safety as the critical objectives, and with valid, accurate, trustworthy primary records as the foundation of interoperability? Why are current EHRs functionally unable to meet even the most basic requirements for valid business records? Or, paraphrasing another author’s plea, “Why not ‘operable’ (EHRs) before worrying about ‘interoperable?’” This subject alone merits lengthy study, but simply put, it is because the current EHR marketplace places insuffi cient value on making sure the source data is valid, accurate, reliable, and therefore worth securing according to available standards, laws, and records management practices. Data quality fundamentals are widely minimized or ignored, as are the medical-legal risks deriving from poorly designed and improperly used EHRs. The current EHR marketplace is similar to the dot-com bubble pre-2000 and the high-risk mortgage bubble pre-2008. Entities that are supposed to be protecting the public interest and assuring industry accountability are (at best) quiescent and confl icted, or (at worst) compromised. So, like those previous booms based on irrational exuberance and poor due diligence, the EHR “boomlet” now warming up will inevitably lead to a crash. At that point, healthcare institutions that followed the fad and did not apply due diligence or act with appropriate caution will suffer. The market will sort the wheat from the chaff and then the boom can reasonably follow, unless some entity ignores the moral hazard of rescuing the irresponsible and instead institutionalizes the dysfunctional, prolonging the process of creating a trustworthy, reliable national health information networking capability.
EHRs exist (and can be certifi ed) that permit the over-writing or deleting of original medical record information when that record is amended or corrected. A record that can be altered in this way can also be deemed inadmissible in court or impeached as an invalid record. If such a record is part of an investigation of a medical malpractice or fraud claim, the user of that system is potentially at risk of losing simply on the basis of a defective record system, just as if they were found to have destroyed parts of a paper record. The difference is that an EHR can be used routinely and properly and still may destroy part of a record, whereas it is difficult to use a paper chart routinely and properly and still have “normal” actions destroy part of a record. Furthermore, many EHRs are also capturing damning information awaiting discovery, but unknown to the users.
Another difficulty with EHRs is that they can be readily used to effi ciently generate medical records with the appearance of the highest quality. This attribute will inevitably be utilized by overt criminal enterprises already (conservatively) stealing an estimated 3%, or as much as 7%—10% of all healthcare dollars. With current annual national healthcare expenditures exceeding $2 trillion, that means overt theft represents perhaps $140 to $200 billion stolen annually, yet the national policy remains EHR adoption regardless.
A third difficulty is that electronic documentation systems are still relatively new, and until a given institution has a lot of experience with them, it can fi nd itself learning the hard way about dysfunctions and misuse during the legal discovery process, as occurred with the previously noted academic center for whom the result was an $11 million-plus settlement.
How to avoid getting burned in the coming EHR bust
Step One: Ignore fads. Take more care with your patient record functions than you do for your billing, accounting, inventory, and other record functions, which operate under more evolved, comprehensive standardization.
For large organizations, this means making sure internal auditors, compliance offi cers, health information managers, and the IT department are deeply involved in EHR decision-making processes. EHR due diligence is early in development, but tools are available (see sidebar). The Centers for Medicare and Medicaid Services (CMS) has also issued specifi c guidance on known defects in EHR-generated documentation, such as so-called “cloning.”
For smaller organizations, the process can be complicated by the lack of specialized risk-reduction staff . Collaborating through local medical societies may help. The AMA and the professional societies (excepting anesthesiology) have so far been less oriented to the risk aspects of EHRs, as have the medical malpractice carriers, with some notable exceptions.
Step Two: Review your existing medical records policies and procedures, as well as your billing compliance functions. Larger organizations, especially those billing Medicaid more than $5 million annually, are already required to have specifi c anti-fraud compliance plans, which include aggressive anti-fraud analyses for EHR systems. For smaller organizations, updating medical records policies and procedures may present challenges.
Step Three: Due diligence. At this point, it is a reasonable choice to forgo EHR adoption until EHR standards are more widely implemented in commercially available systems and until certifi cation is more substantial and robust. However, where you have well-documented, measurable needs and objectives for improving your documentation systems, the lesson here is simply that the risk remains high and the due diligence burden remains entirely with you. Thorough testing is required to make sure that your validity and integrity requirements are met by any given EHR before entertaining its purchase and use. Furthermore, since EHR standards and requirements will expand rapidly in the next few years, EHRs will only improve. If you implement sooner, your due diligence requirements are greater, but in all instances, sustaining a continuous due diligence effort will be vital. With that in mind, make good use of your wait for better products, and begin assessing readiness now. Then, take incremental steps forward, calculating return on investment with both EHR product risk and patient care risk foremost in mind.
Going forward Given the concerns over EHR deficiencies I have outlined here, it is exceedingly unfair that doctors who don’t implement nonstandardized, non-interoperable, minimally certified EHR systems are called obstructionist Luddites. At the national policy level, we must rethink the current “EHR adoption regardless” stance urged by the non-critical exuberant and replace it with a more analytic approach directed to improving data quality through appropriate standardization and more robust certifi cation. We must first assure that EHRs can function as patient records at least at the level of integrity of other business records systems. At the local and individual organization level, the marketplace currently does not require the best designed and carefully implemented EHR. This is because there is minimal market awareness or transparency for fundamental compliance functionalities—first as a trustworthy medical record for patient care and for clinical business supports, and then as an interoperable record for uses secondary, tertiary, or beyond. Because nobody is currently doing this globally and comprehensively for you and your organization, you’ll have to do it yourself.
Dr. Gelzer is co-founder of Advocates for Documentation Integrity and Compliance, an EHR education, advocacy, and consulting group.References:1) Simborg, Donald W., “Promoting Electronic Health Record Adoption: Is It The Correct Focus?” in Journal of the American Medical Informatics Association, Dec. 20, 2007.
2) Monegain, Bernie, “Healthcare IT leaders urge industry to tackle fraud issue” in Healthcare IT News, July 25, 2008.
3) Research Triangle, Inc., and Foundation of Research and Education, American Health Information Management Association (FORE, AHIMA) (2007) Recommended Requirements for Enhancing Data Quality in Electronic Health Records, Prepared for The Office of the National Coordinator, US Department of Health and Human Services.
4) Foundation of Research and Education, American Health Information Management Association (FORE, AHIMA) (2005). Report on the Use of Health Information Technology to Enhance and Expand Health Care Anti-Fraud Activities. Prepared for The Office of the National Coordinator, US Department of Health and Human Services. Chicago, IL: Foundation of Research and Education, American Health Information Management Association.
5) Stephen D. Persell, MD, MPH; Jennifer M. Wright, MD; Jason A. Thompson, BA; et al, “Assessing the Validity of National Quality Measures for Coronary Artery Disease Using an Electronic Health Record” in Arch Intern Med/Vol 166, Nov 13, 2006.
6) Vigoda MM, Lubarsky DA., “Failure to recognize loss of incoming data in an anesthesia record-keeping system may have increased medical liability,” in Anesth Analg. 2006 Jun;102(6):1798-802.
7) Vigoda MM, Lubarsky DA., “The medicolegal importance of enhancing timeliness of documentation when using an anesthesia information system and the response to automated feedback in an academic practice”, in Anesth Analg. 2006 Jul;103(1):131-6.
8) Institute of Medicine, To Err is Human: Building a Safer Health System, National Academy Press, 200, p. 1.
9) HealthGrades Quality Study: Patient Safety in American Hospitals.
10) Personal e-mail exchanges and conversation with Dr. Stephen Levinson, August 17-18, 2008 about the phrase “Operable and Interoperable” discussed in his book Practical EHR, Electronic Record Solutions for Compliance and Quality Care, AMA Press, 2008, Appendix I.
11) National Healthcare Antifraud Association (NHCAA) informational brochure “Who We Are.”
12) Sparrow, Malcolm, License to Steal: How Fraud Bleeds America’s Health Care System, Westview Press, 2000.
13) Health Insurance: Vulnerable Payers Lose Billions to Fraud and Abuse. GAO-HRD-92-69 (1992).
14) Healthcare Fraud: A Serious and Costly Reality for All Americans, National Health Care Anti-fraud Association.
15) Dimick, Chris. “E-Discovery: Preparing for the Coming Rise in Electronic Discovery Requests.” Journal of AHIMA 78, no.5 (May 2007): 24-29.
16) Personal conversations with Dr. Michael Vigoda MD, MBA, Director, Center for Informatics and Perioperative Management in the Department of Anesthesiology at the University of Miami, May 2008.