With Debbie Anderson's permission, I re-post her in-depth discussion of patient data management issues that was originally posted on npinoz in January this year. Here is Debbie:
It all starts with the patient booking system, and gets complicated from
there. Bridget did a nice introductory summary of booking systems on
the neuropsych geek blog in September last year, if you are interested
in more on that.
Just a word on snail mail – I have a friend who tracked deliveries
through Australia Post (yes I attract obsessive number-crunchers like
myself) and found that an incredible percentage (20% if memory serves
correctly, and I have also heard a similar number presented in the
media) of mail is just not delivered – presumably lost (… imagine where
it could be…). Our experience is that mail is incorrectly delivered
frequently, so that also does not re-assure me very much.
With regards to cloud based information storage, despite using
Q-interactive to administer and score the Wechslers (I believe it uses
the Canadian cloud) I am concerned about exposing my more detailed
clinical information (ie the report, rather than just patient details
beyond name, dob & uninterpreted scores that QI stores) to the
outside world. So we have all that stored on a computer that does not
access the internet (with two backups), and bookings are made the old
fashioned way, via phone with secretary putting an appointment into
Outlook. But we are expanding and need a booking & records system
that can cope with more than one clinician, and that’s where it gets
tricky – because most of the patient management systems are in the
Patient data management/diary:
With regards to patient data management systems (ie bookings, data
collection, notes) I have investigated MANY different options both here
and overseas. The majority of them are in the cloud – over months of
research I could only find two that were not cloud based. One is from
the UK which was very clunky and upset my computer network, and another
that was very expensive and the vendors were unresponsive to my
questions (that’s the APS recommended one) – so I have given up hope of
finding a non-cloud option. I have in the past had one custom-made and
am considering it again, but that has significant costs attached.
Anyway, talking to lots of clinical psychs who run fairly large group
practices, they all seem to use the cloud-based patient management
systems such as PowerDiary & HealthKit (Coreplus is also an option
but not popular in Qld). Those systems are both for managing a diary,
storing patient information and making notes. Now if you want to have a
nightmare, just think about how much information a hacker could get if
they had access to all those therapy notes …. The vendors say that they
offer a good level of security, and not being an expert I have to
assume that they are being honest/accurate (they are all marketed at
medicine/psychology/allied health, so must meet a reasonable standard).
However, I remain reluctant to move over fully to the cloud (although
my accountant has insisted that I do for the financials … that is
another example of how we just can’t get away from it). When I sought
independent expert IT advice last year, they were flabbergasted at my
to move to the cloud – and essentially said that everything is going
that way, there is no getting away from it, and remember that your
office might not be all that secure (ie someone could break in and steal
your files (or computer).
Some of the patient management systems have inbuilt access to secure
messaging (see communications below) so the potential exists for an all
in one solution. But…
Communications – sending & receiving referrals and reports:
With regards to receiving referrals and sending reports: currently my
preference for reports is hard copy via snail mail. Most doctors seems
to use fax, some use email.
As was pointed out in a previous email, a secure communication system
exists for the medical profession, but my reading of it is that there
are at least three different sorts (Argus, Healthlink& Medical
Objects) and they don’t talk to each other. They are also quite
expensive, Coreplus (using Argus & Healthlink) charges per message
received (plus the ongoing cost of their system) and Medical Objects has
an annual fee. (ie some of these are attached to the patient record
management systems [above], some are independent – eg Medical Objects).
The problem is that if you sign up for one, but your referral source
uses another … you are back to the same problem! I have been reluctant
to make a choice for this reason, but am going to collect data for the
next few months to see if there is one that is more common amongst our
referrers. I understand that for the medical practices (and psychs)
that have one of these systems, they prefer to send referrals and
receive reports via it. The problem for neuropsych is that we (well in
my case) tend to get referrals from a range of doctors, and thus they
use different systems (or none at all). Argh!!! So, unfortunately it
isn’t the straightforward solution it would seem.
Lawyers, who on the one hand seem to be very concerned about security,
regularly send us records and request that we send them reports via
email – without any password protection (ie full medical records,
possibly more dangerous than a simple referral letter). Only one of my
many legal referrers password protects it. Obviously, its not ok to say
just because they don’t keep to the standard we prefer its ok to act
like them (but we have been emailing reports :(), so this year I have
been considering the idea of adding at least password protection to the
pdf reports in email.
I have also been investigating having a secure page for exchange of
information through my website, and whilst I know its possible, I’m not
up to speed technically. It also may not be any more secure than a
document with a password.
I am also trialing an American (HIPPA compliant) medical records
system/diary/document exchange system, which says it has secure
messaging – and lets you create a patient portal for them to send &
receive documents & messages – so that could be good. I think it
assumes communication with referrers is within the system, but I’m still
to establish that (because that won’t solve the report communication
So the result of all this long winded research is that there is no
single standard solution for electronic communications – it looks like
we are all still fending for ourselves individually.
Alex, I will look into sync as a stand alone solution, but I was hoping for an integrated solution.
It might be a good thing for the CCN to have a committee/discussion
group to come up with some recommendations for our members, so we are
not all wasting time on the same research??
Obviously it is our job to protect our information as best we can, and a
good start is high quality security for our computer system, and yes
(in my view) you really need to pay for it. I have one that often tells
me that it has detected a ransomware attempt, so I feel that I’m making
a reasonable effort there. I think all we can do is demonstrably take
reasonable precautions, but we do live in a world that communicates
electronically, and that has associated flaws.
I hope that helps, and I’d like to hear how others have resolved this.
Thank you, Debbie.
Feel free to comment or I'd be happy to upload other people's thoughts on the topic in separate posts - just email me (IzaWalters at gmail.com).