Your data or your life

Your data or your life


Your daughter has just been in a car crash. She falls unconscious on her way to the hospital, but not before she is able to tell the paramedics the name of her doctor. This is vitally important because the emergency room won’t know that she’s an insulin-dependent diabetic with a penicillin allergy, but her doctor will be able to give them her relevant medical history.

Or, at least he would be if he’d renewed the tech support contract on his medical records software. He didn’t, though, and now his information—and your daughter’s—is locked away in a proprietary database he can’t access.

As unlikely and alarmist as this sounds, it could really happen. Intracare is the publisher of a popular practice management system called Dr. Notes. When some doctors balked at a drastic increase in their annual software lease, they were cut off from accessing their own patients’ information.

This situation is completely unconscionable. There can be no truly open doctor-patient relationship when an unrelated third party is the de facto owner of and gatekeeper to all related data.

In the short term, cases like the example above are all too possible, and simply unacceptable in every way. With today’s large practices built around large numbers of patients, many using multiple prescription medicines, these practice management systems are absolutely critical and can’t be permitted to be held ransom. Additionally, doctors in the United States are saddled with a giant bureaucratic tangle known as HIPAA. Even if a doctor and her software vendor are working happily together, the government may take a dim view of an outside party controlling access to patient records.

In the long term, patients could lose their own medical history as doctors migrate from one proprietary system to another by simply starting over rather than paying thousands of dollars for expensive data format conversion. Even if you have an excellent personal relationship with your doctor, a relocation or changes to your insurance could make you need a copy of your records to give to a new doctor’s office. Your old physician may know to monitor that funny looking spot on your shoulder, but might not have entered it into the new system he put in place since your last visit.

Finally, practice management software can be extremely expensive. Doctors have to pass these expenses along to their patients, increasing treatment costs for all involved.

Fortunately, the situation isn’t entirely bleak. New online communities are developing to build and market free software solutions. LinuxMedNews is a regularly updated online forum for discussing industry news. GPLMedicine is a similar site maintained by Fred Trotter, project manager for the Free software ClearHealth management system. A project by Canada’s McMaster University, OSCAR, became the first IT system certified by OntarioMD.

Although these don’t have the name recognition among the medical community of commercial ventures such as Dr. Notes, they’re available for testing and implementation—free of charge and usage restrictions—today.

If you are a doctor or other healthcare provider, you owe it to yourself and your patients to take a look at these forums and applications. At the worst, you’ll find them uninteresting and unuseful. However, you could also find ways to protect your patients’ and your own best interests—all while saving money.

If you are a patient, print a copy of this blog and hand it to your doctor next time you see her. She may not be aware that there are viable alternatives to the expensive, restrictive systems she’s been leasing. If she’s not interested, you’ve lost nothing. If she finds something useful, though, then you may have done a real service to yourself, your doctor, and your fellow patients.

Category: 

Comments

Fred Trotter's picture

My project is now called MirrorMed thanks for the mention! The scenario you have referenced is very common, but usually not recognized for what it is. Once healthcare provider see that vendor lock-in is the result of ignoring the software freedoms, I think things will start changing.

Fred Trotter

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

I too agree with you that things will start changing but not by the same reasons.

I think that vendors will start to see that they have plenty of good and easier to modify applications in the area and that costs with code maintenance and development could be deminished so they will do -- as IBM, SUN and Novell did -- the slow move to supporting F/OSS instead of developing it single handed.

This will cause more awareness on the healthcare systems costumers side and the company that offers the best support and/or integration will win more costumers. Also, having employees in the developer teams will be more and more a marketing issue also for those companies.

On the other hand I see many projects but few can cooperate between then.
A good example is how could this project relate with other healthcare projects like Care2x?

Another doubt I have concerning your project is if it isn't just like ClearHealth, which is also released under GNU/GPL? What is different in your Mirromed that would make people choose yours instead of ClearHealth?

About Healthcare and the many issues with that I let you here the link to e-HealthExperts that may be of any use.

Terry Hancock's picture

"On the other hand I see many projects but few can cooperate between then.
A good example is how could this project relate with other healthcare projects like Care2x?"

I'm not sure about the particular situation here, but free software often has multiple projects covering the same basic territory. However, unlike commercial companies, they don't compete destructively.

They do compete constructively, trying to create new and better functionality. However, they have strong motivations to cooperate, and since the code itself is free to share, any sufficiently good idea will be incorporated into multiple packages.

This is particularly true at the data storage level -- projects with any kind of maturity will usually have interchangeable or at least importable/exportable data formats. If it hasn't happened yet with this particular application, it is likely to happen pretty quickly (OTOH, asking questions about it is a start on getting the developers to realize there's a need).

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

This happened at Lewis-Gale Clinic in Salem, VA. Nobody got hurt or died because of it, though... but they weren't paying their bills to their transcription company and got locked out of their patients' information.

Fred Trotter's picture

Please contact me (Fred Trotter) about this offline. This is exactly the kind of thing that I want to document on GPLMedicine

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

A simple device that doesn't require you to even be awake to notify emergency medical personnel that you have a medical condition.

Dave Guard's picture
Submitted by Dave Guard on

When a life is at risk, isn't it worthwhile having as much backup as possible. A bracelet doesn't convey your entire medical history. "Sure" you'll say "but make at USB bracelet". And then your doctor has to update it everytime you go and you can't get it wet, or fall off, or get damaged, or ... on and on.

I'd still prefer a solid backup. The best backup I can think of is a complete medical history on file, available and accessible 24/7 in a central (secure and backed up) database. This data should never be held by a license that could in anyway prevent or delay access... EVER. It should also be available in an open format so that every piece of software in every doctors surgery, lab or hospital can read it, and so that if I move country my data is still accessible and readable.

This is an ideal situation and might not be easily achievable (at least not in the near future) what with all the regulatory redtape and different stake holders needing to agree on a solution. However, I'd still prefer steps be taken to head in that direction.

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

Fred Trotter is no longer managing Uversa's ClearHealth system, although he is still active in the industry.

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

I think you should write this as:

"Or, at least he would be if he’d renewed the lease on his medical center. He didn’t, though, and now his information�and your daughter’s�is locked away in an office he can’t access.

As unlikely and alarmist as this sounds, it could really happen. Intracare is the landlord of a popular medical office park in Anytown, PA. When some doctors balked at a drastic increase in their annual lease, they were cut off from accessing their own offices.

This situation is completely unconscionable. There can be no truly open doctor-patient relationship when doctors can contract with an unrelated third party as the de facto owner of and gatekeeper to their physical location."

Or you could substitute computers, cars, cell-phones...software and data storage are useful things that people often PAY FOR. I'm not opposed to them selecting open-source solutions if that what they prefer...but if they make a bad choice that is *their* responsibility. Ask your doctor what software they use, and if you don't like their choice, switch healthcare providers.

Kirk Strauser's picture

Or, at least he would be if he’d renewed the lease on his medical center. He didn’t, though, and now his information�and your daughter’s�is locked away in an office he can’t access.

In an emergency, you can break a window or ask a security guard to let you into a building. To continue your analogy, what's the software equivalent of a human security guard, and do you know whether you doctor's office management system has one?

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

A better analogy would be if, when a doctor decided not to renew the lease, the landlord wouldn't let him remove his files from the building.

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

Pay our licensing fees or you will die!!

There's nothing wrong with making a little money from your hard work, such as a medical info. system that works very well, but this is a bit much. This may be splitting hairs, but I'm in no way against using proprietary software, as long as it's the best product. I do, however, have a major problem proprietary file formats. The information contained in those files does not belong to the proprietary vendor, and the end user should be able to easily take their dollars and info. elsewhere if the vendor is essentially extorting them because they have a monopoly.

I wonder if the programmers of the GPL'd med systems have given any thought to making an attempt at reverse-engineering some of these proprietary databases for compatibility?

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

Pay our licensing fees or your patients will die !!

slightly more sinister

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

I don't understand why you are blaming the proprietary software industry itself for the lack of foresight of the medical community. Doctors should understand the terms and length of their contract, have a backup plan for when that contract expires, and make sure that they can at least move the data elsewhere should they decide to stop using a particular vendor's storage solution.

Kirk Strauser's picture

So it's your opinion that tragedy is OK as long as you can assign blame? I'm of the opinion that it's far, far better to prevent the problem than to decide who's fault it was afterward.

Mitch Meyran's picture

I know that in France at least, an old law called 'Informatique et Libertés' (litterally, computing and freedom) says that an individual must have unrestricted access to read, modify or delete any information about him/her - separating actual data from software. In such a situation where there is no access whatsoever to the data, the company responsible for hosting the data would be liable not only for data theft, but also for not helping a person in a perilous situation...

While doctors should indeed read their software support contracts more closely, they should retain legible access to their patients' files even after software support goes bye-bye.

It is also unfair to tie software use to technical support: if you paid for your software licence but decide to deal with bugs, breakdowns and updates on your own, that's your problem. Would you consider it fair that your refusal to pay a plumber every month to keep your pipes nice and tidy (even if the plumber actually does nothing because you did all your repairs yourself) would result in your water supply being cut? No. HEre is the very same situation taking place.

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

When we (BFMC) went to an EMR/EPM solution we stipulated that we have a fully documented database schema with non obfuscated data. This allows us in the event of application failure (for any reason) to have access to all data entered into the system.

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

...they're all too busy adding a reporting facility to our software."

I've run into real-life situations very close to this, where doctors (and staff) have guess-only access to appointments and zero access to patient data following a business application failure. My GP used paper records on the day; remarkable that they still kept them, in a way.

marienoelleb's picture

Thank you for this very likely scenario. I fear that seeing it happening somewhere over the world is just a matter of time.

I witnessed something comparable several years ago, while I was working in a university hospital. This one was managing an official emergency call desk for emergencies and ambulancies. The call desk was (and still is) reachable through a single phone nimber. In one case, the national phone company did not integrate correctly the periodic payment they received, and a fairly low level employee decided to cut this emergency line which is handling cases of life an death! By chance, the problem was detected very quickly and it was quickly fixed. Later there was a serious explanation, behind the scene, between the hospital and the phone line.

So, even if the scenario you propose could be considered as data theft, at least according to the continental law system, it is likely to happen, just because of uncompetent and unsensitive clerks.

It is even likelier to happen as doctors are neither lawyers nor computer sciencists, most still consider computers as an unavoidable chore and they are very unlikely to understand the need and the subtleties of an extensive sevice level agreement with their provider.

IMO, the only way to avoid this problem are some very strong legislative measures, which would force service providers to:

_ Register medical file services (so that no medical data could be placed somewhere else)

_ Guarantee the strict protection of the privacy of medical datas (in any circumstance) and to guarantee read access to their data 24H/24 7days/7 to their clients, even in case of contract break, at least for a period of several weeks/months,

_ In the case of contract interruption, the delivery of their data to the client on a media and in a format agreed by the client.

I am not sure that there will be many interested providers.

Marie-Noëlle Baechler
Belmont-sur-lausanne / Suisse

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

I find it hard to imagine that the medical "professionals" in the US take the time to review your records to any great extent! Obtaining your own records and storing them yourself with access via a card, tag or bracelet with critical information would be in the best interest of the individual patient. Would it really be realistic to imagine the Doc or hospital staff taking the time to review massive amounts of data for just one patient?

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

I just read a similar example of the perils of using proprietary software at Wired magazine
http://www.wired.com/news/technology/0,71554-0.html?tw=wn_technology_3".

Giant robot imprisons parked cars

The robot that parks cars at the Garden Street Garage in Hoboken, New Jersey, trapped hundreds of its wards last week for several days. But it wasn't the technology car owners had to curse, it was the terms of a software license.

The garage is owned by the city; the software, by Robotic Parking of Clearwater, Florida.

In the course of a contract dispute, the city of Hoboken had police escort the Robotic employees from the premises just a few days before the contract between both parties was set to expire. What the city didn't understand or perhaps concern itself with, is that they sent the company packing with its manuals and the intellectual property rights to the software that made the giant robotic parking structure work.

Michael Britt
Image Mechanics
blog

MaryADavis's picture
Submitted by MaryADavis on

You are right. Doctors should upgrade their programs and the data base. I myself have many allergies to all sort of medicine I might be given if I crash. I'm always afraid I;ll die in the hospital because the doctors had no idea of my allergy status.
---
Mary-Anne Davis

johannabartley's picture

This type of info should be stored in an online database accessible by all emergency units. Imagine that you're out of the country and something happens. You don't really know the language or you can't talk. What happens then?
___________
E Verify

ceejay2005's picture
Submitted by ceejay2005 on

This will cause more awareness on the healthcare systems costumers side and the company that offers the best support and/or integration will win more costumers. Also, having employees in the developer teams will be more and more a marketing issue also for those companies. I'm not sure about the particular situation here, but free software often has multiple projects covering the same basic territory. However, unlike commercial companies, they don't compete destructively.
http://doctorfinders.com/doctors-phoenix-az.html

Author information

Kirk Strauser's picture

Biography

Kirk Strauser has a BSc in Computer Science from Missouri State University. He works as a network application developer for The Day Companies, and runs a small consulting firm that specializes in network monitoring and email filtering for a wide array of clients. He has released several programs under free software licenses, and is active on several free software support mailing lists and community websites.