Technology Gone Bad? False Starts, Poor Design, and User Error in Health IT

MDNG Primary Care, March 2007, Volume 9, Issue 3

New healthcare technologies promise to make the practice of medicine safer, more efficient, more transparent, and more effective. But what happens when things don�t go according to plan?

In fact, medical identity theft is so significant, it is the first information crime that could actually jeopardize your life. In the face of this growing epidemic, healthcare companies are jumping on the security bandwagon with RFID (radio frequency identifi cation devices) technology, bar-coding, and related identity management schemes.

According to Healthcare IT News, this response is due in part to new advances in healthcare that are outpacing security procedures, leaving companies vulnerable to identity theft and other forms of data theft. The remedy? Tracking devices complete with patient medical history and identification that is electronically embedded on the medication bottle.

RFID provides a response to this frightening trend in identity breaching with tags that can be attached to a product for the purpose of identification, using radio waves. Chip-based RFID tags contain silicon chips and antennas. The tags have their own internal power source, used to fuel an outgoing signal, transmitting high-powered radio waves with an average battery lifespan of 10 years. As a result, this technology permits optimal tracking of medications in and out of warehouses and supplier divisions.

Pfizer is one of several pharmaceutical companies eager to implement such a technology. In preparation for its first RFID trial, Pfizer has started tagging individual bottles of Viagra. Th at way, supply chain partners can easily collect information for identifi cation when working with the company. Pfizer has also partnered with SupplyScape's RxAuthentication Service to verify the authenticity with RFID tags on the drugs they receive. The Service assigns a serial number to every pharmaceutical package, referred to as an Electronic Product Code (EPC), which can be authenticated before consumer distribution. It makes use of RFID tags to store the drug information, which can be verified by pharmacies through the Internet. To date, more than 300,000 authentications have been performed on RFID-tagged Viagra bottles. I guess you could say they're "raising the stakes."

"The use of reliable, high-performance RFID adds an important security layer [in combating counterfeit products and preserving brand integrity]," says Dimitri Desmons, VP for RFID Marketing at Impinj, Inc., a public relations and communications company. "Impinj's UHF [ultra-high frequency] Gen 2 products are ideal for pharmaceutical applications, because they are field-proven, exhibit high performance, meet or exceed rigorous industry standards and pass robust interoperability and functionality tests," he says. Impinj is a fabless (meaning they do not manufacture their own) semiconductors company, whose Self-Adaptive Silicon" technology is responsible for the output of their RFID products.

Founder and Editor of RFID Journal, Mark Roberti, advocates RFID use. "Kimberly-Clark is now tracking promotional displays using RFID and has found that in some cases the retailer gets the display out on time 99 percent of the time, and sometimes it is less than 60 percent of the time, depending on the type of promotion and product involved," he says. "K-C is now acting on the RFID data to get the displays to the retail floor on time when the promotional advertising hits." Kimberly-Clark was the fi rst US company to ship an item tagged with an EPC off a commercial line, in April 2004 (www.kimberly-clark.com).

Since then, the international organization has established the standards for RFID tags. The company is already able to selectively tag more than 144 of the items in its product line and has even built a 5,000-square-foot warehouse for the sole purpose of testing its use of RFID. Surely that's enough radio waves to power even the highest definition TV set.

Crime Keeps on Slippin'...

The next time you're at Wal-Mart arguing with the cashier over the posted price of granola bars, ($.06 less in the weekly circular than at the cash register), remember the barcodes don't lie. In fact, it's more likely the employee assigned to snack foods that week forgot to scan the new price into the system. A barcode is a machine-readable representation of information imprinted on a product (say a medication bottle), in the form of patterns of dots, circles, or hidden within images. Barcodes can be read by scanners called barcode readers, and are widely used to improve the accuracy of computer data entry. Medical Bar-code Systems, LLC, is making headway in identity theft with their barcoding TrackIt inventory management system. TrackIt is designed to track all physician or patient use, maintain a perpetual inventory, and replenish medication.

In the hospital setting, TrackIt provides inventory on a per-patient basis at each nurses' station and automatically replenishes hospitals' supply stock. The system also allows for manually created purchase orders to be tracked. "By incorporating [barcodes] directly into the package, the drug manufacturer has inventory visibility from the moment of receipt of the bottle--even before it is filled," says Desmons. "Higher tag throughput rates and higher read reliability allow manufacturers to improve filling line speeds and accuracy. Customers also benefit from the extensibility of a single system to support global supply chain applications from items to pallets and from the fill line to the pharmacy shelf. These benefits flow through to distributors, wholesalers, and pharmacies in the form of improved labor efficiencies and more accurate return and expiry control."

Federal Computer Week magazine calls healthcare identity management the "Holy Grail of healthcare administration." The seriousness of that management, as it applies to medication errors, is not lost on hospital staff. Northern Michigan Hospital in Petoskey, MI reduced medication errors significantly in 2006 with the use of barcoding, preventing 400 serious medical errors. Since implementing the technology in 1998, more than 21,000 medication errors and fi ve fatalities have been avoided at Northern. A reduction in medication errors can truly mean the difference between life and death.

...Into the Future

The application of RFID-based systems is projected to grow substantially in the United States from $2.7 billion in 2006 to $26 billion in 2016. A 2006 report by Booz Allen Hamilton predicts improved productivity and increased efficiency as a result of a continued need for data accuracy in healthcare.

According to Roberti, "RFID has been around for several decades. It has been a niche technology that's been used to solve specific business problems, such as ... tracking work in process and so on. When I launched RFID Journal five years ago, the market for low-frequency and high-frequency tags was pretty well-established. There were standards for access control systems and contactless payments, but using RFID in open supply chains, where the same tag is used to identify the goods as they move from manufacturer to distributor to retailer, was only a concept. Since then, the introduction of UHF tags with longer read range and standards for sharing RFID data has created a lot of optimism that RFID can bring new efficiencies to the supply chain, and there is now a tremendous amount of innovation in tag design, reader design and software."

With regard to the "ideal" RFID products for pharmaceutical and healthcare applications, Desmons mentions EPCglobal's Generation 2 (RFID). "The first development is the ratification and adoption of [Gen 2] specifi cation," he says. "A single, open standard with worldwide compliance that meets the requirements of high-volume supply chain users, Gen 2 defines the air interface and communications protocol used by RFID tags and readers to exchange information. Gen 2 resolves all of the shortcomings of the previous ... specifications by innovating and improving on global compliance, tag throughput, rewritability, security, privacy and robustness in high density reader environments." The emergence of products that operate exclusively in the UHF band is also making RFID a reality for healthcare professionals. "UHF products are far more robust and flexible than legacy high frequency (HF) products, and they also address security and authentication requirements," says Desmons. "UHF Gen 2 RFID products, such as the Impinj GrandPrix solution, also improve track and trace capabilities at the case, pallet, and item-levels and are, therefore, ideal for healthcare and pharmaceutical supply chain applications."

Safety First

E-discovery--which involves electronic metadata discovery and how electronic data is stored--also plays a critical role in the healthcare security environment. E-discovery specifically concerns the access, use, disclosure, preservation, and litigation of data--including e-mail and other computer-generated documents that is transmitted, stored, and backed up electronically (www.physiciannews.com/law). New rules went into effect on December 1, 2006 concerning the format in which documents are produced as it applies to e-discovery. What this means for the world of healthcare technology is that electronic documents are now subject to discovery proceedings in litigation. Medical practices and other healthcare providers will be required to produce all relevant data under subpoena. The rules present an opportunity for Health Information Management (HIM) professionals to consult with legal counsel and information technology representatives in the development of policies and procedures that conform to these regulations.

In other words, after being converted to electronic formats such as "tiff" (tagged image file format) images or "pdf" (portable document format) files, documents must also be produced in an easy-to-use electronic format that facilitates searching and analysis. The argument, of course, is that this format somehow degrades searchability options and limits its user-friendliness. Gone are the days of hard copy documentation. The American Health Information Management Association (AHIMA) published a report in the September 2006 issue of the Journal of AHIMA, which suggested that healthcare professionals should follow certain policies in the destruction and storage of electronic records management. These policies include: "Identifying and documenting the method, location and native file format of information created (eg, .pdf, .tiff , .gif); Determining "good faith operations" of a company or organization's electronic information system; Establishing controls to measure compliance with records management storage, retention and destruction; if not followed, there is a potential liability.

The Coleman v. Morgan Stanley & Co., Inc., case of March 2005 set a landmark in e-discovery. The jury placed a $1.4 billion judgment against Morgan Stanley due to the financial company's misconduct and concealment surrounding potentially damaging e-mails. Following such a revolutionary case, HIM professionals are being called upon to ensure a systemized approach to electronic record management that conforms to state and federal legal requirements. HIM professionals should maintain ongoing competency in recognized electronic healthcare applications, such as HL7, HIPAA, ASTME, ANSI, and CCHIT. It is further suggested that HIMs establish a subpoena response plan for objections to producing certain types of data, including requiring a court order when expensive data requests are made. Because they are so aware of the ever-changing compliance responsibilities, there is a momentum to stay on top of e-discovery policy.

With change comes resolution, however. E-discovery provides the means to cover your ass--legally speaking. Bar-coding and RFID utilize monumental systems of reliability and authentication, respectively. As far as the likelihood of medication errors are concerned, these security measures have you protected from even the slyest identity thieves.