Electronic Health Records: Can Microsoft and Google Help?

As Congress and doctors dither on electronic health records, industry heavyweights unveil another - more personal -- option.

by / February 14, 2008

Sometimes technology is as much a problem as it is a solution. In the health-care industry, electronic health records (EHRs) are causing plenty of headaches because of a lack of standards and disagreement on best practices. EHRs offer another opportunity to improve medicine, from neighborhood private practices to huge government organizations. But the promise comes with a curse familiar to other helpful technologies: People disagree about how exactly to implement electronic health records.

Interoperability and standards issues have stalled progress toward the goal of seamlessly integrated health IT. However, personal health records (PHRs) could fill some of the gap as the nation waits for Congress and the health-care industry to lead a unified effort.

PHRs are nothing more than digital versions of a file folder filled with a patient's health records, and are designed to let people be guardians of their own health information. Now, industry heavyweights such as Microsoft and Google are creating simplified services that might make it easier for citizens to collect and keep those records. Microsoft says its HealthVault PHR system already works with dozens of existing, stand-alone hospital EHRs, giving patients an online repository for electronic health information that is ready to use.

Developments such as HealthVault may spur quicker adoption of industrywide standards and best practices. In the meantime, they offer a Band-Aid for citizens frustrated with the health-care industry's inability to solve the problem on its own.

The Contenders
PHRs are, in effect, the antitheses of EHRs, which are systems that health-care providers build to electronically manage patient information. The U.S. Department of Veterans Affairs (VA), for example, has a huge and often-praised EHR system called VistA. The system manages the electronic health records of millions of veterans across hundreds of locations. Currently it's only compatible within the VA system, though work is being done to expand VistA's capabilities. It is the kind of health records management system the industry and patients desperately want to interoperate.

On the other hand, PHRs are software applications that allow individuals to store and share their own health information. A PHR can be as simple as a Microsoft Word document, or like HealthVault, a Web site for users to securely upload, store and share their health records.

The Internet has been abuzz lately with rumors of a Google PHR tool in the making. Although Google was contacted to discuss its rumored project called Google Health, company representatives offered only links to the official Google Blog. There are, however, interesting tidbits to be discovered here. In June 2007, Google announced the creation of the Google Health Advisory Council to help the company "better understand the problems consumers and providers face every day and offer feedback on product ideas and development" for managing health records. 

The Google Blog also publishes a numerous entries written by high-level employees who hint at what Google Health might feature.

"We believe that patients should control and own their own health information, and should be able to do so easily," wrote Adam Bosworth, former vice president of engineering for Google. "Today it is much too difficult to get access to one's health records, for example, because of the substantial administrative obstacles people have to go through and the many places they have to go to collect it all. Compare this to financial information, which is much more available from the various institutions that help manage your financial 'health.' We believe our industry should help solve this problem."

According to an Aug. 14, 2007, New York Times article, Google has demonstrated a prototype of Google Health to a select number of health-care industry professionals. Since then, the company has offered few details regarding when, or if, the product will go live.

Microsoft, on the other hand, already rolled out its HealthVault PHR application. Microsoft's online health records management tool is free to use, and the company says, meets Health Insurance Portability and Accountability Act (HIPAA) security requirements.

Nate McLemore, director of business development for the Microsoft Health Solutions Group, explained why the software giant is getting involved in the health-care industry:

"Microsoft, about two and a half years ago, created what we call the Health Solutions Group to create very specific solutions for the health-care industry," McLemore said. "One of the things that struck us was just the level of data fragmentation that is out there for individuals. You've probably seen a handful of doctors over the years, and if you've moved around a little bit, some of that data is in different states.

"Some data rests at a health plant, some in a doctor's office, and at the pharmacy, or at the lab. You can just imagine there is kind of a complete health-care picture that rests in hundreds of different places around the world. It's very hard for any individual to pull that all together."

Typically a PHR is described as being in a single location - a Web site, for example - where a person can securely upload and store health history data, including X-rays, and current and past prescriptions. HealthVault works like an electronic file cabinet; it's a single Web site that aggregates data contained in disparate systems like a doctor's EHR system, an insurance provider's database and a pharmacy.

Microsoft hopes health-care providers will integrate HealthVault into their business processes, allowing patients - and other physicians - to receive and store test results, upload and download health documents, and store prescription information. It's a third-party solution to the problem of incompatible EHR systems. As more providers work with HealthVault, a patient who uses it will be able, in theory, to provide practitioners with a more complete health history. For Microsoft, the more patients and providers that use HealthVault, the better - though at present, the service is free.

"This is a different model that really places the consumer at control," McLemore said. "That's what people want when it comes to security and privacy: the ability to be in control. What makes people nervous is when they feel like they aren't in control, and they don't know who's looking at their data and how it's being used."

When it was launched in late 2007, HealthVault interoperated with 45 health information storage applications in use by various hospitals. Additionally HealthVault works with organizations such as the American Heart Association to allow users to share several categories of data: blood pressure readings, weight, exercise routines, among others. HealthVault also permits users to input data from devices such as pedometers, blood glucose monitors, blood pressure cuffs, and peak-flow meters for asthmatics.

Implementing electronic health records may be even harder for government-sponsored health care than it is for the private sector, McLemore said, adding that HealthVault could help ease the pain.

"If you think about government-sponsored health care, you can imagine the challenges around data fragmentation are even more acute," McLemore said. For example, the Medicaid population may come in and out of being covered by Medicaid. So a Medicaid plan may only have fundamental pieces of one's data - the same with Medicare plans - and individuals may be paying for some services out of pocket.

If people are moving in and out of Medicaid eligibility or choosing to pay for some of their services in cash, McLemore stressed that data fragmentation is a challenge. " Often, those are the populations dealing with some of the most chronic and serious conditions."

At press time, however, a relationship between government health-care programs and HealthVault had not been established. McLemore said "high-level

discussions" are ongoing but so far, nothing concrete has been agreed upon.

Adoption Challenges
Because both PHRs and EHRs aim to better manage health information by using technology, the task of assuring patients, physicians and insurers the data is secure is probably the biggest challenge to widespread adoption. EHR systems and PHRs, like HealthVault, must be proven secure if they are going to win users. McLemore said Microsoft worked with an adviser from the nonprofit Patient Privacy Rights when it built HealthVault.

In California, discussion is under way to examine what role government should play in addressing these issues. California Health and Human Services Undersecretary Ann Boynton, whose technology background includes a long stretch as a consultant for IBM, said a critical step is instilling confidence in patients that the technology is secure.

"We know people are concerned, and this is the challenge of privacy, security and helping people understand why something like a PHR is incredibly important. We do know that there are people who are concerned that the employer will somehow have access to their medical information," Boynton said. "That's a scary thing for people. We need to assure them that even if it is an employer-sponsored PHR or EHR, their private medical information is private and we have appropriate safeguards in place." 

In the case of PHRs, the issue might be more pressing because patients would be responsible for adding data to a PHR Web site. And if, for example, a person chooses a weak password, that information might be vulnerable.

PHRs are managed primarily by patients, while EHRs are managed chiefly by physicians and/or health-care organizations. With both technologies, however, patients and doctors will play some role in the creation, management and storage of health information. Another difference: In a PHR, the patient is considered to own the data; in an EHR, ownership of the data is less certain. It might be argued that patients, providers and insurers could each stake a claim to an EHR.

The other central challenge is widespread adoption. There are numerous electronic medical record vendors and virtually no agreed-upon standards about how these technologies ought to work. So even if a patient's doctor has a functioning EHR system or a patient has found a PHR application he or she likes, these tools may not work with other systems.

In late May 2007, the House Committee on Science and Technology introduced a bill to address this issue. The Healthcare Information Technology Enterprise Integration Act, H.R. 2406, is "intended to improve technology in the health-care system by creating a national, interoperable health IT system to maintain patient health care records. The IT system could potentially benefit thousands of people a year who suffer due to medical errors, improper diagnoses, or being prescribed incorrect medications due to lack of a comprehensive family medical history or poorly maintained records."

The bill's sponsor and committee chairman, Rep. Bart Gordon, D-Tenn., said there's a general consensus that fully utilized information technology would result in lower cost and improved patient care. "Regardless of its acknowledged benefits, the use of IT by the health-care community remains low and lags far behind other segments of our economy, such as financial services, banking and manufacturing," he said. "This bill aims to remedy that problem."

In California, EHR standards are now being considered, according to Boynton, though no formal decisions have been made. She said the state is actively pursuing a strategy that will help ensure patients' privacy as health information moves from paper to digitization.

"The secretary here at Health and Human Services, Kim Belche, has established a privacy and security advisory board to look specifically at the issues around health information technology, and the factors that impact privacy and security - from a legal perspective, from

a regular term perspective, from a practice perspective, the practical implications of these issues and how those factor - how we as the state need to engage in encouraging changes in particular areas, whether that be statutory, regulatory, or otherwise, both at the state and federal level to ensure that people and their information is protected."

Risks and Rewards
In October 2007, Her Majesty's Revenue and Customs, a British agency responsible for tax collection and dispensing a variety of benefits, lost two computer disks. Those disks contained the personal information of 25 million Britons, such as names, addresses, even insurance and bank data. All British families with a child age 16 or younger had some information contained on the disks.

This sort of nightmare security breach clouds the future of electronic health records in the United States. EHRs and PHRs offer tremendous promise - reducing expenses, cutting medical errors, boosting overall efficiency. But does the promise of these systems make the risk worth it? Many in the industry say yes, but they caution that extreme care must be taken.

"Folks with chronic conditions that are used to managing their diabetes, for instance, want to manage it better," said Robert "Rim" Cothren, chief scientist for Northrop Grumman. "They know they have hypertension, and they will for the rest of their life, and they are interested in managing it better. That's a very active group of people that, given better information, really will manage their disease better. [Improved medical records] will have a positive impact on the cost of their health care and their own general health."

The key to making EHRs a reality, and PHRs to a degree, is making the systems work together. Cothren echoed the calls for standardizing electronic health data. The challenge, he said, is not dealing with a lack of standards, but managing the more than 1,000 standards that exist now.

Dr. David Donnersberger, chief resident at Evanston Northwestern Healthcare in Evanston, Ill., said his office has moved to the exclusive use of EHRs, anticipating the rewards his patients will reap outweigh the risks of digital health data. Donnersberger argues that if his bank account data can be managed electronically, his health data shouldn't be any different.    

"I think EHRs are fantastic. They hold terrific promise for the patient and the physician. Interoperability is the Holy Grail of electronic health records," Donnersberger said. "If you go to Honolulu and break your hip, your doctor in Honolulu can get on the Internet and get your records from Sarasota. The promise is the exchange of information between health-care providers for patients - geography unaffected, location nonspecific."

Furthermore, he argues, EHRs and PHRs can do things like reduce costs, eliminate duplicate tests and prevent allergic reactions by making ER physicians instantly aware of a patient's history.

Another reason advocates promote the importance of the technology is because the health-care industry is currently crippled by obsolescence and HIPAA regulations. Tom Dorsett, president of health-care solutions for Vemics Inc., said his company has launched what it claims is the world's first HIPAA-compliant, electronic medical records transport application in a product called iMedicor.

Dorsett said iMedicor is similar to an e-mail application, except it's completely secure and operates on a closed network. This allows physicians to confidentially exchange patient data with need-to-know colleagues. Dorsett said the health-care industry has been "bottlenecked by HIPAA," causing the industry to lag behind.

"Can you imagine not having e-mail?" he said. "That's really what health care has faced. We've created a driver that allows just about any electronic medical records system to interface with our portal. In lieu of taking a document out and faxing it over, they can select the document within their EHR and click 'print' and it will, through a special driver, drop that

document into iMedicor. They select their contact and hit 'send,' and the other physician has access to that."

The case for EHRs might seem open and shut - but not everyone is convinced. There are some physicians who feel the entire electronic health data industry, including EHRs and PHRs, has not matured to the point that widespread adoption makes sense. And skeptics are armed with examples to back up their doubts, as it seems almost daily a newspaper reports on a gaping security flaw that has led to the loss of millions of pieces of personal information.

Dr. Demitri Adarmes is a practicing physician in Olympia, Wash., and is board certified by the American Board of Internal Medicine and the American Board of Physical Medicine and Rehabilitation. Adarmes steadfastly refuses to move to EHRs because he believes the standards need to be in place before adoption, not after. Additionally Adarmes said that should a physician become involved in litigation, digital data may not be sufficient.

"I'm pretty familiar with EHRs," he said. "As part of my training I worked with them at the VA hospitals and several of the other university hospitals [with internal EHR systems] where I did my training. Once I finished the training, though, I went back to charts. The main reason is I do a lot of medical legal work. So when papers go to court, they want a primary source."

Adarmes said he believes paper files are more secure than digital health records.

"If somebody wants to get a document, they have to come into my file room and pull the chart," he said. "Computer systems in doctors' offices are already targeted to steal identities."

Adarmes also is concerned about who owns the data. Is it the patient's? The doctor's? Maybe it rightfully belongs to the insurance provider. His point is that there are currently too many unknowns to comfortably move to an EHR system.

Most who are observing the issue likely agree EHRs and PHRs have potential to do good. The industry's readiness seems to be the central point of debate. Boynton's thoughts on electronic medical data probably go a long way toward summing up the feelings of both advocates and opponents.

"The possibilities, I think, are endless," she said. "And as a result, so is the obligation to ensure that the information is well protected." 

Dorsett said he thinks the industry will move toward implementing PHRs instead of EHRs because of an overall trend of consumer empowerment in the United States.

"PHRs focus on the patient having the ability to store their personal health information. They have absolute control over it; they decide who looks at it. I think there is a general movement toward consumer-driven health care. It's about empowering the patient to have control over his or her information. Right now, it's squarely in the hands of the physician."

Dorsett also cites problems that have cropped up in recent attempts to implement large-scale EHR systems. Kaiser Permanente and Cedars-Sinai Medical Center tried to deploy internal EHR systems. Both systems were met with high costs, user dissatisfaction, errors and technical problems. Consequently Dorsett thinks PHRs will be the preferred technology in the near future if only because they are so much simpler.

"The technology is very expensive still," he said. "There are so many systems on the market and so many horror stories of wasted expense on trying to get up and running on EHRs, so you have a cautious market out there. The other issue is these systems, by and large, don't communicate with one another. There's apprehension in the marketplace. With PHRs, it's much easier because physicians aren't asked to adopt a PHR. Patients are."   

Chad Vander Veen

Chad Vander Veen is the former editor of FutureStructure.