May 2017

Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      

« Tablet PCs - Slates vs. Convertible Laptops | Main | Have paper records passed their expiry date? »



This is a major step in the use of EMRs. Consider the situation that a patient has been seeing a physician using an EMR for many years. The patient moves and starts seeing a new physician using an EMR. It makes sense that the old records should be imported into the new EMR. Consider another situation of a physician moving from one clinic to a different one. This physician would like to bring along records of several thousand patients into the new clinic. Then there is the less happy situation of having to change from one EMR system to a different one. What happens to years and years of carefully collected data.

For these reasons we need to have some standards on how the clinical data is stored and the ability to extract and import it.

Scot Mountain

This is one of many good arguments for remote storage of medical records and online access. It is a lot easier to simply allow a new provider access to a record than it is to have to transfer the entire record. And if a physician moves his office, all his records automatically travel with him. In addition, consulting physicians can have access to the entire record without any transfer of documents.

Of course, many people have ongoing security concerns about this type of offsite storage. To my knowledge, there have not been any well documented instances of unauthorized access of remote records, which certainly cannot be said for paper records.

Does anyone know of any significant instances of hacking into remotely stored medical records? How about locally stored electronic records in an office (or hospital)?

Alan Brookstone

Scot, I am not aware of any specific incients of hacking into physician 'owned' remotely stored EMR. The breaches in security to date have generally been due to negligence. E.g. the hard drive that is taken out of an old PC, not destroyed or effectively formatted and someone finds the information.

That being said, it is just a matter of time before one of these breaches occurs as EMR becomes more prevalent. Best practices are our only real protection against breaches of medical information. It is also a matter of tolerance. The public consumer accepts a degree of credit care fraud, but I believe has a lower tolerance for their personal health care information being accessed and distributed.

Tim Janzen

Over the past 6 months, our clinic group of 19 physicians has been implementing an EMR solution to our three sites by way of a remote server farm that is administrated by a third party IT specialist.
Recently, I covered the issue of Internet breaches with the IT Administrator and he made the same point as above that most breaches occur from users within the network and careless disposal practices. However, he also indicated that their relatively small server farm takes 20 questionable hits per day that they classify as malicious attacks or hack attempts.
A colleague of mine that is administering their own computer system and inter-clinic network indicated that after 3 months of operation, they had reviewed their logs and found thousands of hits from outside of the clinic system.
The point being is that while there have not been any publicized cases of EMR information being released it is highly likely that many Clinic systems have been compromised at some time.

Also I agree that patients probably hold medical clinics to a higher standard than the banks. Certainly in Alberta, the Privacy Office has outlined that it can fine a clinic up to $50,000 per instance of information breach. At an information session I attended the presenter indicated that a single patient chart would be considered one breach. Given the number of patients our information systems hold, we need to exercise extreme diligence.

Peter Hutten-Czapski

This is important but hardly a new development in any country with a mature EMR community with high market penetration. The fact that the transference occured from two places with the same EMR limits its appeal.

Not sung in the news, Australia has long had a de facto standard for transferring the entire record, between the same or differing programs. It is a XML standard which allows for different database schemas between EMR solutions. With such a transference standard data quality degredation is limited to the ability of the new program to accept it.

For example if your new EMR doesn't hard code say the diagnosis (Don't laugh there are still some programs on the Canadian market that don't!) the ICHPIC or in this case DOCLE code can be filtered out by the recieving program and the diagnosis placed in the new program as free text. Only the value of the coding (which is substantial) is lost. Obviously for transfering a chart from one EMR program to the same program on a different computer the transfer is loss less.

Canada would benefit from such a standard. It was set in Australia by a program that has majority market share and majority market penetration. Most of the business out there were people on that EMR so competing vendors developed the ability to convert the entire chart to attract business (Little new business left).

In Canada we will be locked in by vendors for years unless adherence to a provincial data standard becomes a competative advantage either by regulatory fiat or funding requirement.

The comments to this entry are closed.