Thursday, February 23, 2017

Patient data management

With Debbie Anderson's permission, I re-post her in-depth discussion of patient data management issues that was originally posted on npinoz in January this year. Here is Debbie:

It all starts with the patient booking system, and gets complicated from there. Bridget did a nice introductory summary of booking systems on the neuropsych geek blog in September last year, if you are interested in more on that.

Snail mail
Just a word on snail mail – I have a friend who tracked deliveries through Australia Post (yes I attract obsessive number-crunchers like myself) and found that an incredible percentage (20% if memory serves correctly, and I have also heard a similar number presented in the media) of mail is just not delivered – presumably lost (… imagine where it could be…). Our experience is that mail is incorrectly delivered frequently, so that also does not re-assure me very much.

Current situation:
With regards to cloud based information storage, despite using Q-interactive to administer and score the Wechslers (I believe it uses the Canadian cloud) I am concerned about exposing my more detailed clinical information (ie the report, rather than just patient details beyond name, dob & uninterpreted scores that QI stores) to the outside world. So we have all that stored on a computer that does not access the internet (with two backups), and bookings are made the old fashioned way, via phone with secretary putting an appointment into Outlook. But we are expanding and need a booking & records system that can cope with more than one clinician, and that’s where it gets tricky – because most of the patient management systems are in the cloud.

Patient data management/diary:

With regards to patient data management systems (ie bookings, data collection, notes) I have investigated MANY different options both here and overseas. The majority of them are in the cloud – over months of research I could only find two that were not cloud based. One is from the UK which was very clunky and upset my computer network, and another that was very expensive and the vendors were unresponsive to my questions (that’s the APS recommended one) – so I have given up hope of finding a non-cloud option. I have in the past had one custom-made and am considering it again, but that has significant costs attached.
Anyway, talking to lots of clinical psychs who run fairly large group practices, they all seem to use the cloud-based patient management systems such as PowerDiary & HealthKit (Coreplus is also an option but not popular in Qld). Those systems are both for managing a diary, storing patient information and making notes. Now if you want to have a nightmare, just think about how much information a hacker could get if they had access to all those therapy notes …. The vendors say that they offer a good level of security, and not being an expert I have to assume that they are being honest/accurate (they are all marketed at medicine/psychology/allied health, so must meet a reasonable standard). However, I remain reluctant to move over fully to the cloud (although my accountant has insisted that I do for the financials … that is another example of how we just can’t get away from it). When I sought independent expert IT advice last year, they were flabbergasted at my reluctance to move to the cloud – and essentially said that everything is going that way, there is no getting away from it, and remember that your office might not be all that secure (ie someone could break in and steal your files (or computer).

Some of the patient management systems have inbuilt access to secure messaging (see communications below) so the potential exists for an all in one solution. But…

Communications – sending & receiving referrals and reports:
With regards to receiving referrals and sending reports: currently my preference for reports is hard copy via snail mail. Most doctors seems to use fax, some use email.
As was pointed out in a previous email, a secure communication system exists for the medical profession, but my reading of it is that there are at least three different sorts (Argus, Healthlink& Medical Objects) and they don’t talk to each other. They are also quite expensive, Coreplus (using Argus & Healthlink) charges per message received (plus the ongoing cost of their system) and Medical Objects has an annual fee. (ie some of these are attached to the patient record management systems [above], some are independent – eg Medical Objects).
The problem is that if you sign up for one, but your referral source uses another … you are back to the same problem! I have been reluctant to make a choice for this reason, but am going to collect data for the next few months to see if there is one that is more common amongst our referrers. I understand that for the medical practices (and psychs) that have one of these systems, they prefer to send referrals and receive reports via it. The problem for neuropsych is that we (well in my case) tend to get referrals from a range of doctors, and thus they use different systems (or none at all). Argh!!! So, unfortunately it isn’t the straightforward solution it would seem.
Lawyers, who on the one hand seem to be very concerned about security, regularly send us records and request that we send them reports via email – without any password protection (ie full medical records, possibly more dangerous than a simple referral letter). Only one of my many legal referrers password protects it. Obviously, its not ok to say just because they don’t keep to the standard we prefer its ok to act like them (but we have been emailing reports :(), so this year I have been considering the idea of adding at least password protection to the pdf reports in email.
I have also been investigating having a secure page for exchange of information through my website, and whilst I know its possible, I’m not up to speed technically. It also may not be any more secure than a document with a password.
I am also trialing an American (HIPPA compliant) medical records system/diary/document exchange system, which says it has secure messaging – and lets you create a patient portal for them to send & receive documents & messages – so that could be good. I think it assumes communication with referrers is within the system, but I’m still to establish that (because that won’t solve the report communication problem).
So the result of all this long winded research is that there is no single standard solution for electronic communications – it looks like we are all still fending for ourselves individually.
Alex, I will look into sync as a stand alone solution, but I was hoping for an integrated solution.

It might be a good thing for the CCN to have a committee/discussion group to come up with some recommendations for our members, so we are not all wasting time on the same research??

Computer security
Obviously it is our job to protect our information as best we can, and a good start is high quality security for our computer system, and yes (in my view) you really need to pay for it. I have one that often tells me that it has detected a ransomware attempt, so I feel that I’m making a reasonable effort there. I think all we can do is demonstrably take reasonable precautions, but we do live in a world that communicates electronically, and that has associated flaws.
I hope that helps, and I’d like to hear how others have resolved this.

Thank you, Debbie.  
Feel free to comment or I'd be happy to upload other people's thoughts on the topic in separate posts - just email me (IzaWalters at


No comments:

Post a Comment