SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Electronic Health Records – What’s the Big Deal? (Part 1)

Last week, I had lunch with an old friend who is, by his own definition, technologically ignorant.  While we caught up, he asked me to explain in terms he could understand what I do for a living.  I went through one of my spiels (the one usually reserved for relatives who only know that I work “with computers”), delivering a high-level talk about systems integration and ETL and some of the challenges involved in intersystem communications.  Since most of my time is spent in the healthcare sector, our discussion wrapped back around to healthcare data integration and the initiatives to integrate personal health data electronically across platforms and providers.  My friend, being a non-technologist and an outsider to the healthcare world, asked a revealing question: 

“So, you’re just talking about lining up the different fields to make sure that they match?  If so, what’s the big deal?”

Alas, if only it was that easy.

There is a great deal of noise surrounding electronic health records right now, and for good reason.  Everything is electronic these days: my local grocery outlet can analyze my purchasing history to generate customized coupons at check-out; local law enforcement systems are integrated with auto insurers which allows officers to immediately verify insurance coverage; my local dealership tracks my Explorer’s mileage and, based on my estimated milestones, automatically sends me reminders to change my filters and have my transmission checked.  Common sense would dictate that our healthcare systems would have at least as much capability as the local Ford dealer, but in practice it seems that this isn’t the case.  A visit to the local clinic often requires that I provide the same information several times at various points of care, and this drill must be repeated at each encounter.  My family doctor is unaware of any information gathered or treatment performed by my podiatrist, and vice versa.  Further, and most irritating, is that a single doctor visit or trip to the hospital will generate a handful of different bills from numerous entities, which often cross over and bill several times for the same specific procedure.

While it may sound like there’s a real dysfunction with healthcare information systems (HIS), the truth is that the situation is not as bad as it appears.  I’ve dealt with some outstanding HIS products, and, while they all have their quirks and shortcomings, many of them are mature and highly stable.  In my analysis, there are two key issues that cause the most headaches: lack of adoption and system interoperability, each of which bring along their own problems and opportunities.  I’ll discuss each of these in turn in the next 2 posts in this series.

As an aside, it’s clear that the electronic health record challenge is not new.  I recently developed a networking friendship with a retired physician who spent several years as a hospital chief of staff, and he tells me that he was providing counsel to EHR vendors almost 25 years ago.  Even though the issue of electronic health records spans the generations, it’s still a very exciting time to work in this field because of the challenges and opportunities to be a part of some creative solutions.

In my next post on this topic, I’ll discuss the issue of technology adoption, and talk about when an electronic record really isn’t.

Tim Mitchell

Tim Mitchell is a business intelligence consultant, author, trainer, and Microsoft Data Platform MVP with over thirteen years of data management experience. He is the founder and principal of Tyleris Data Solutions.

Tim has spoken at international and local events including the SQL PASS Summit, SQLBits, SQL Connections, along with dozens of tech fests, code camps, and SQL Saturday events. He is coauthor of the book SSIS Design Patterns, and is a contributing author on MVP Deep Dives 2.

You can visit his website and blog at TimMitchell.net or follow him on Twitter at @Tim_Mitchell.


Posted by Alvin Ramard on 20 October 2009

It's going to be interesting to watch the progression to more electronis health records and the sharing of those records.  I can't help but wonder how many hurdles HIPAA will throw in front of that train.

I'm looking forward to reading your next posts.  I spent 7 years doing similar work, working for a state medicaid contractor.


Posted by Steve Jones on 20 October 2009

I certainly would like to cut down on the amount of information I provide, but I'm definitely concerned about security and accuracy of records. I would be interested to know if there is some type of checksum that can be generated for individuals.

Posted by vliet on 21 October 2009

Working as a DBA in the health care in the Netherlands we now face the dawn of medical data exchange based on social security numbers. At this moment it does only complicate things, but in the end it will probably pay off as names of people can so often be written in various ways and birth dates get mixed up so easily. Still we see SSN of man and wife exchanged in our records, and many more hurdles to correct these errors since the introduction of the SSN in our health care. I'm also curious about future development in information exchange, security and accuracy of these records in the bright future that lays ahead of us.

Posted by Albert Gorlee (Netherlands) on 21 October 2009

The government here thinks they can solve this problem by providing a "nationwide" solution.

But I think one of the main issues here is: who is the owner of this information? The patient? The doctor? The insurance company? The hospital? The state?

I guess Microsoft and Google are approaching this issue in the right way: a "neutral" organization, providing the datastore and the tools (according to some global standard). And the patients (organized in some "league") to decide about what is going into the datastore and what not.

If the "patient league" is well organized, they are the only "force" - in my opinion - who can avoid the domination of one of the other stakeholders.

Posted by JMasciantoni on 21 October 2009

Tim, In the case of your Explorer think what your life would be like if each component of the vehicle sent you information independantly instead of your local dealership combining it for you.

That concept may provide some hope for making an individual's health record more "consumable".

The company for which I work is both an HMO and a healthcare provider and we use an enterprise EHR product.  I get the opportunity to wrestle with the EHR complexity day in and day out :-)

Posted by Richard Bradford on 21 October 2009


They've tried this in the UK under the auspices of the Department of Health. At a cost of billions of pounds and the drop out of a number of contractors it still has not got off the ground and this is with a population of only about 60m.

There are horrible issues with data protection and security of this highly sensitive data let alone scanning in past medical histories (could be decades of them for each patient), how to scan in reams of xrays, CT scans etc and doctors notes (most illegible so no OCR). Lastly how to key all the various aspects of health services provided to the patient such as drug regimes, diagnosis and treatments (and the dangers of miss-keying such data)... and I've not even mentioned the costs/difficulties of keeping the data up to date as people move around the country changing service providers. Also a problem remains on how to include non-nationals who don't hold a national health or national security number or its equivalent but do have "rights" to treatment.

It is a big bag of worms likely to bite back and cost vast amounts of money for any organisation attempting to do this, in the UK's case the tax payer.

Posted by Jagdish.Lokhande on 21 October 2009

I would say the patient (you and me) will ultimately responsible for his/her healthcare data and he/she is the one directly or indirectly pays for getting that data. He/she is the one can verify the correctness of the data, maybe with some services provided by doctors and labs. So I would say somebody need to come up with killer applications that will make individuals collect and maintain their own healthcare data.

Posted by skjoldtc on 21 October 2009

As a technologist, it makes perfect sense to integrate systems and make the data easily available; however, I do not want my health and personal data to be more "consumable". The individual needs to own their own information and be responsible for keeping it secure. I have no trust in any bureaucracy to keep the data private. It is a real pain to have to complete multiple forms and tell one's medical story multiple times. But, once the data is centralized, it can be used against you.

This is all too 1984-ish to me.

Posted by bwillsie-842793 on 21 October 2009

I've got news for you.  Moving to electronic records doesn't stop them from asking you for the same information over and over.

All of my healthcare needs are handle through a clinic and hospital that is completely wired.  My complete history is available online to any of the providers in that clinic.

However, every doctor of clinic visit I get asked the same questions:  Are you alergic any medications, what medications are you taking, Have you ever had any major surgery, etc.  

You name it, they ask it.  Again and again.

Must be a conditioned response endemic to all health care providers...

Posted by jcWang on 21 October 2009

Hi Tim,

It is very nice to see a practical business related topic in SQL Server Forum. I have developed a PMS (Practice Management System) 10 years ago and have started to develop a EHR (used to called EMR) 4 years ago. While researching and developing EHR, I have seen many EHR products in the market (the most popular and big one is AllScript).  The problem for most products can be summarized as follows:

1). Developed for a long time ago and the UI is out of date.

2). So tedious that it is not practical used by most of physicians.

3). No security concept built in.

4). The screen is too complicate for office staff to use and requires a lot of training.

Among those shortcomings, the most critical, just like most of comments fromt this topic is security.  Based on my research, there are some guidelines for EHR security and privacy provided by EHR Technical Committee.  Among these guidelines, the Electronic Health Record-System Functional Model, Release 1 (Feb 1, 2007) describes detail requirements for EHR. I will be happy to share this to anyone who is interested in this topic. I am looking forward to seeing your next article.


February 2007

Posted by Daniel Bates on 21 October 2009

I don't see how a solution of sharing Medical Records will ever occur with the existing HIPAA regulations in place.

Posted by Tom Garth on 21 October 2009

It's not surprising to see concern expressed about security, and ownership of the information.

I believe it to be a fact of life that once your personal data is shared and input into any information system, it will NEVER be under your control again.

We should try to figure out how to make it EXTREMELY painful for anyone to abuse the use of the data.


Posted by Frank Buchan on 21 October 2009

In Canada here we just throw money against the problem of eHealth without accomplishing anything, largely because none of the stakeholders wants to. There is some fundamental resistance to the provision of good information, almost always tied to "concerns about privacy." And yet, at most coffee shops, just by sitting quietly I can formulate a fairly strong medical history of anyone over 30 who tends to yap aloud to their neighbours about their most recent medical adventures.

At some point, I suspect that if we just recognise this record keeping for what it is (raw record keeping), it could be done easily, but as it stands (in our pursuits north of the border) we are expending vast resources trying to create a one-off perfect system rather than a useful one.

Posted by Phillip.Rosen on 21 October 2009

EHR - U.S. Department of Veterans Affairs (DVA)

Hi Tim, Two articles about the DVA EHR and how it may be upgraded and how it could be used as a model to develop a national EHR.

Deploying and Modernizing VistA– A Case Study for Legacy System Transition


Industry group meets to consider upgrading VA patient record system


Like JMasciantoni I also have the pleasure of wrestling with an EHR on a daily basis.


Posted by jcrawf02 on 21 October 2009

bwillsie-842793 said: "However, every doctor of clinic visit I get asked the same questions:  Are you alergic any medications, what medications are you taking, Have you ever had any major surgery, etc."

jcrawf02: These are part of the medical history component of the E&M (Evaluation & Management) that they will bill you for. If they don't ask these, they can't get paid. Part of a larger discussion around health reform and payment for quality of service, not quantity.

Jagdish.Lokhande said: "I would say the patient (you and me) will ultimately responsible for his/her healthcare data and he/she is the one directly or indirectly pays for getting that data. He/she is the one can verify the correctness of the data, maybe with some services provided by doctors and labs. So I would say somebody need to come up with killer applications that will make individuals collect and maintain their own healthcare data."

Jcrawf02: I agree in theory, but I disagree completely in practice. Patients don't understand what is being done to them, they just do what the doctor says they need. Most don't even act as intelligent healthcare consumers, but just follow orders. I'm not saying that people *shouldn't* verify that what is on the bill is what happened, but what is required for billing and what happened in real life may not exactly mesh. Having to become experts in medical terminology and coding requirements is not going to happen to your general populace.

Although I am with most of you that I think we need to have stringent security around these datasets, I look forward to electronic records and billing. Having the ability to communicate healthcare events between disparate physicians will VASTLY improve the care that we receive, as long as your physician takes the time to read it.

Now we just need to figure out a way to incentivize them by paying them to focus on how well they take care of you, instead of how many procedures they perform in a day.

Posted by hbredbenner on 21 October 2009

I've been in this industry for years and have heard all the argument both for and against EHR systems.  In the US our healthcare system is so fragmented with for-profit payers, cost-cutting providers, and patients with multiple types of coverage, that it is not possible to automate things.  Most EHR systems, including those being funded by the $48b now being doled our By Joe Biden, are focused on the provider-payer interface, not the provider-patient issue.  Docs are more interested in getting paid quicker and easier than they are in having faster access to all the patients data.

The government funded systems, and the doctors that will be paid to implement them, alreay have stipluations on what types of data must be provided to Health and Human Services. For example, reports on compliance for diabetics by patients is one of the many data sets the systems must provide HHS. The government sponsored EHR systems that are being built right now already have requirements that should cause heart attacks for civil libertarians!  If the VA EHS is to be our model, we're all in for trouble.  Examine the privacy and security features that apply to that system.  What recourse does a vet have if his data gets disclosed without his permission?  None.

The best solution I have heard of puts the data on a card carried by the patient (like the Carte Vitale) in France.  Its a national solution that is focused on patient care, not the financial issues of providers and payers.  The patient owns the data and discloses it only when they want to.  This system has worked for years in France and Germany but doesn't meet our government's need for control, so its not been part of the current health care reform discussions.

If we are truly interested in Health Care reform, why do we always spend money on either the admin side of things or on mechanisms to create centralized control?

Posted by Paul Stafford on 21 October 2009

I would second what Jack said above.   The biggest problem with most of the EHRs I've seen is not having any concept of security.   This problem is compounded by the fact that the main certifying agency CCHIT provides certification to these products as meeting all necessary security requirements to make them eligible for federal funding.   I know of 3 different products that store patient information on Windows network drives, and the application will only function if permissions on those drives are set to allow full control to everyone.

Posted by rbrubaker on 21 October 2009

bwillsie-842793 said: "However, every doctor of clinic visit I get asked the same questions:  Are you alergic any medications, what medications are you taking, Have you ever had any major surgery, etc."

A good portion of that repetion is based on lawsuit avoidance.  They often have the answers to those questions in front of them and are looking for a different answer than they already have.

One of the South Florida VA centers had a fairly advance medical records system including digitized test results.  Problems are often with the staffs' technical comprehension (among other things).

Posted by Robert Frasca on 21 October 2009

I currently work, in a data architecture capacity, for one of the largest vendors of healthcare IT solutions (including EHR) in the US and the data issues are daunting.  Whether your data is stored in one of our systems, in a competitor's system or only in a filing cabinet, there are data security issues and I'm afraid it's pretty naive to think that your information isn't being disseminated elsewhere.

Remember, HIPAA doesn't say that the information can't be shared.  It simply says that we can only share it with people who, in effect, have a need to know.  You can start with your doctor, add the providers of any other associated treatments, diagnostic tools, or laboratory tests, and then throw in your medical insurance company, medicare, and medicaid.  Of course, if you're trying to get life insurance you also have to reveal this information to them.  Ditto for your dentist, chiropractor, pharmacy, and even your personal trainer and massage therapist.  We even have to provide our public schools with healthcare information if it might become an issue.

EHR isn't as much about safeguarding your information as it is about protecting you from physical harm by providing a consistent medical history.

With all due respect to Mr. Stafford, the security of the disk drives holding this information is the least of his worries.  By the way, those are poor implementations of those products.  There is no requirement for any product that I'm aware of that the security of a disk be wide-open for a product to function.  It should be noted that we make recommendations for installing and securing our products but we can't make them spend the money to purchase state-of-the-art equipment or hire top IT talent to help safeguard the information.  When we encounter sloppy implementations we bring it to the client's attention and help them fix the problem, assuming they will allow us to help them.

Posted by Mark Starr on 21 October 2009

My sister in law works as a dba for a healthcare organization - tells me of the burden of tracking data access: per user anytime a piece of data is looked at, much less who changed it: also the security involved such that one cannot leave one's desk while the workstation can access any data... I'd hate to work in that industry.

In the industry I do work in, Hotel/leisure, we have an interesting (albeit still antiquated) information distribution system: most hotels' data (rates and amenities, etc.) is stored 'centrally' (on one of a very few large Central Reservations Systems(CRS); that data is accessed through the various (4 or 5) Global Distribution Systems (GDS) by those person who are booking rooms- from individuals to travel agents to corporate travel managers.

So, I wonder if moving towards a setup where, at least, each person's desrcriptive data (name address, insurance carriers, - not medical info) might be carried 'centrally' so as to reduce duplicate data and hopefully achieve better accuracy. Seems like that might be a workable first step.

Posted by Kelvin John on 21 October 2009

I say this is some nice readings and sharing for host and respondents. Even small population, Caribbean states have their challenges with the HIS. Imagine 100,000 people in small island and there is no electronic record, not even the date of birth - Albeit, i think someone have to start this from point of the "owner of the info" - and the owner has to buyin if he is interested. Otherwise, let he tell his medical stories over and over ...

After all... a man has to decide if he wants all that data to be so well organised/centralised or just have it in some storage space locked far away.

Posted by Karen Cote on 22 October 2009

Working for a large medical center info systems department, I see (and attempt to deal with) the inside issues here.

However, also being a patient of a techno-savvy doc, I've got access to my consolidated records online, integrated to a local repository, and it's extremely helpful!  WHen I go to the office, I can tell them that I've looked online and my info is correct (though they will print it for me to check if I like),   I can email my doc and get answers and appts online, she and her on-call partners can see my latest info anytime, anywhere should I need to call on the weekend.

When it works, it works.  Rather than trying to move the mountain, conquering the hills seems to be working well for some!

Posted by Ed Salva on 22 October 2009

It should be interesting.  

We still have issues with vendors sending data via HL7 standards even at the 2.2 level(how old is that?).

And we still argue about what the contents of segment and fields represent and how to use that data.

Posted by jcrawf02 on 22 October 2009

Regarding Robert Frasca's comments: Something for all to keep in mind, each of those entities that are disclosed PHI should be required to have a signed agreement stating that they are following HIPAA regulations, and the patient has a right to know who their information was disclosed to.

Regarding starunit's comments: "the security involved such that one cannot leave one's desk while the workstation can access any data... I'd hate to work in that industry."

I work in healthcare, and it's really not that bad. Locking down your monitor when you get up from your seat is easy to turn into a habit, and not leaving patient information lying around is just a good idea, and not that hard to overcome.  

Personally, I look forward to being able to share my medical data in one location consistently, for the reasons that kcqwilter mentioned.

Leave a Comment

Please register or log in to leave a comment.