[PLUG-TALK] About the medical software you see in your physician's office

Keith Lofstrom keithl at kl-ic.com
Sat Dec 22 21:59:06 PST 2018

On Fri, Dec 21, 2018 at 12:18:38PM -0800, Rich Shepard wrote:
>   I know Keith will like this NY Times article
> <https://www.nytimes.com/2018/12/20/business/epic-systems-campus-verona-wisconsin.html>
> about Epic Systems in Verona, WI, and I expect others will, too.
>   It looks like a good approach to making long, intense hours tolerable
> while contributing to a critical need: accurate health recording.

Well.  Well.  ... and, Epic.

Providence and Legacy, the two largest medical systems
in Portland, both use Epic (I don't know about Adventist
and Kaiser).  Providence spans Alaska to California;
their single Epic system combines records of tens of
millions of people.  I'm in there.  Probably the world's
other Keith Lofstrom (near Tacoma) is in there.  If you
don't enter the birthday as well as the name, you can
get the wrong patient record.  If there are two James
Smiths with the same birthday, watch out.

The local centers aren't firewalled.  Any doctor with
access anywhere in the entire region can access any
Providence patient anywhere in the entire region.

Providence used to issue little time-coded security
dongles to limit access.  They failed too often, at the
wrong times, and sick patients weren't treated on time.
So, Providence got rid of the dongles.  Now anyone with a
username/password can get in.  A nurse trying to save your
life.  Or a blackmailer.  Security and speed are opposites.

The last time I looked, Providence and Legacy could not
transfer patient records between systems.  Too customized.
They say that if you've seen one instance of Epic, you've
seen one instance of Epic.  I hope it is better now.

Worse misadventures result because of poor human factor
design and personnel cost-cutting.  The old "paper from 
hand to hand" approach increased staffing costs, but it
also implemented the "many eyes make all bugs shallow"
principle of open source design.  Now, the prescribing
doctor doesn't talk to the pharmacist or to the dispensing
nurse in the hospital ward (who may be a poorly-trained
night-shift LPN without supervision).

One story in Robert Wachter's excellent book "The Digital
Doctor" describes a doctor who inadvertently used doses
instead of milligrams for a pediatric prescription - the
unit field is an obscured dropdown in the UCSF hospital
customization of Epic.  The automated prescription-filling
robot dutifully filled a basket with hundreds of packets
of pills.  The unsupervised floater night nurse (senior 
nurses get day shift) in the pediatic ward kept feeding
the kid pills until he had a seizure and nearly died.

In the old days, doctors gathered in radiology to look
at results - with the radiologists, and with colleagues
nearby.  Again, many eyes.  Now, when the x-ray shows up
in a scrolling window on the doctor's 1024x768 screen
(the administrators get the big ones), they can't see
the whole image at once, and they look at it alone.  If
they have time to look at all ... the doctor wasted an
hour in new-version training that morning, and another
on hold with the IT department to find out where old
data disappeared to.

These are among the reasons that my doctor wife ended
her primary care practice.  Many of her colleagues have
as well.  Think about that night-shift LPN; she and the
robots will be your new doctor.  Yes, the robots can
make some diagnoses better than doctors can.  They can't
convince a patient to STOP EATING CRAP FOOD and TURN OFF

Disabling accidents are up 60% in Oregon, no-brakes rear-
ender accidents are up 400%.  American Automobile Assn.
research shows voice-assisted navigation is a dangerous
distraction.  Radar sensors on cars are hugely expensive
to repair properly, increasing total accident costs.

Besides a huge spike in distracted-driving accidents 
(Portland is in the top 5th dangerous driver percentile),
lack of human medical advice is also adding to the death
toll.  The US death rate mostly went down between 1930
and 2015.  It increased in 2016 and 2017, and is expected
to increase again after 2018 data becomes available.

There are also "free" online EMR systems.  Many doctors
use those.  They aggregate and sell patient data.  Because
they are free, doctors must sign wavers allowing this, and
indemnifying the software companies against any lawsuits 
resulting from data breaches of their software.  Thus,
the doctor is on the hook for as much as $10K per patient 
according to federal law.  Oregon Medical Association
insurance coverage is $50K per event.  Woe betide the
doctor whose "free EMR" provider suffers a systemic hack,
and who has more than 5 litigious patients among the
thousands they have seen.  Oh, and the "free EMR" won't be
free for long.  When all the patient data has been sold to
snoops, free services must raise prices ("boil the frog")
or go out of business, years of patient records gone. 

Doctors are required to keep records for 7 years ...


The sorta-good-news is that OpenEMR is an open source 
electronic medical records system.  My wife used it. 
Portlander Tony McCormick maintains it for doctors, and
contributes code.  Being free, there's no boil-the-frog
subscription price increases like EPIC uses to ensnare
and then trap doctors (or drive them into bankruptcy). 
The bad news is that OpenEMR is a spagetti-code kludge of
PHP and twisty little databases all different.  OpenEMR
could use a LOT of TLC from the rest of the open source
community, but we are too busy monetizing consumers.

Professional responsibility is obsolete.


Keith Lofstrom          keithl at keithl.com

More information about the PLUG-talk mailing list