Thursday, March 29, 2007

Effectiveness of eHealth Systems

Do computerized clinical decision support systems (CDSSs) make a difference? An article published in the Journal of the American Medical Association (JAMA) titled Effects of Computerized Clinical Decision Support Systems on Practitioner Performance and Patient Outcomes concluded that "Many CDSSs improve practitioner performance. To date, the effects on patient outcomes remain understudied and, when studied, inconsistent."

This article is available for free download from the JAMA website. Definitely more work is needed to determine whether or not eHealth systems have a measurable impact on patient outcomes.

Thursday, March 22, 2007

Risk of Obsolescence

The following quote is from the president of the British Computer Society, Professor Nigel Shadbolt. In a keynote address to Healthcare Computing in Harrogate this week, he offered these definitions: “State-of-the-art is any computer you can’t afford; obsolete is any computer you own; a microsecond is the time it takes your state-of-the-art computer to become obsolete.”

Tuesday, March 20, 2007

Best Buy - Standards

I've been heads down the last couple of weeks preparing for my risk workshops at the University of Waterloo. In my research I've found that the best site from which to buy standards is the ANSI (American National Standards Institute) eStandards Store. I was able to buy Security Standards ISO 17799 and ISO27001 for $30 USD each (the price on the Standards Council of Canada Website was $199.98 CDN and $131.75 CDN respectively). Other risk management standards I think are useful and will be integrated into the eHealth Risk/Opportunity Report card are:

ANSI/AAMI HE74:2001 - Human Factors Design Process for Medical Devices
IEC62198 - Project Risk Management - Application Guidelines
IEEE1490 - IEEE Guide - Adoption of PMI Standard - A Guide to the Project Management Body of Knowledge

There are also two relevant standards being developed by ISO TC215 WG4. They are at a very early stage of development. You might be able get them if you know someone on the committee ;-) They are:

Health Informatics - Application of risk management to the manufacture of health software; and

Health Informatics - Guidance on risk evaluation and management in the deployment and use of health software.

Thursday, March 8, 2007

Privacy Commissioner's Order re: Laptop Theft

The Ontario Information and Privacy Commissioner released an order today (Order HO-004) to Toronto's Hospital for Sick Children following the theft of a laptop containing personal health information. Her closing comment: "There is no excuse for unauthorized access to personal health information due to the theft or loss of a mobile computing device - any PHI contained therein must be encrypted."

The Order goes into considerable depth concerning the obligations of Health Information Custodians with respect to a number of issues. Its worth the read. If time is an issue the press release provides a good summary.

Wednesday, March 7, 2007

Electronic Medical Records - Who Cares?

One of the greatest risks to the implementation of eHealth systems is the lack of awareness by decision-makers about what is happening in the real world - a lack of understanding of what the real users - patients and caregivers - really think.


Cybercitizen® Health is a syndicated consumer study and marketing data set of Manhattan Research, primarily focused on key research topics and trends impacting the ehealth market. they have recently released their annual Cybercitizen® Health report.

The following is from the ScribeMedia website.

"When asked about their interest in accessing health records electronically, only 1% of U.S. adults report currently using electronic medical or health records, while 64% report they are “not at all interested in using” an EMR.

Given the lack of consumer interest, can we expect EMR adoption will instead be driven by physicians? The story there is not any more encouraging: only 26% of primary care physicians use electronic medical records in their office, and almost one-third of PCPs have no interest in using electronic medical records in the future.

What does this mean for the future of the health IT movement? Adoption of electronic health records will clearly not be driven by consumers, who are not convinced that electronic health records are necessary; nor will adoption be driven by physicians, who in many cases, are unwilling to foot the bill or invest the time and resources required for such a substantial change in practice management – and especially heavy burden for smaller practices.

Instead, the electronic medical record movement will have to be driven by government legislation or by incentives from payers, who stand to benefit from the vast opportunities for data mining that could be made available through electronic medical records."

Sounds right to me.

Tuesday, March 6, 2007

COACH Guidelines Updated!

The COACH Guidelines for the Protection of Health Information, Canada's definitive guide to security and privacy in healthcare has been updated in a new 2006 edition. This is undoubtedly the most comprehensive reference for any health CIO, Security or Privacy Officer. It is highly recommended.

Saturday, March 3, 2007

Do No Harm!

In thinking about eHealth risk I am first drawn to Hippocrates' admonition to "do no harm". What harm can befall a person because of eHealth? The possibilities are limited and closely interrelated. The ones that come to mind are:
  1. Harm to a person's physical and mental well-being - this is the classic "safety" issue. We can cause personal physical or mental damage to people because we don't build or use our eHealth systems properly.
  2. Harm to a person's financial well-being - personal health information can be used to steal a person's identity, making them vulnerable to financial attack by identity thieves.
  3. Harm to a person's reputation - which can impact physical, mental and financial well-being. Release of personal information can impact a person's social standing, cause varying levels of embarrassment, and result in stigmatization.
I've strained my brain and I am challenged to add to this list. Of course, this is from a human being point of view. Organizations, many of which have the status of "natural humans" in law can also be subject to such harms, though the physical and mental well-being issue only applies in a very limited sense (an event so serious may occur that the organization might go out of business, or die).

At this stage I'm more interested in the human impacts, because addressing human health, be it physical, mental, financial or reputational, is the whole point of implementing eHealth systems in the first place.

Comments are welcome.