Just a simple vanilla blog site from a physician

Archive for December, 2009

Digital sharing of data and compliance conundrum

The Situation

Saw one of my partner’s patients (new to me), a 71 year old woman with a history of hypertension, late in the afternoon with an 8 hour history of abdominal pain. She’d thrown up once but other than the epigastric pain was not that uncomfortable.  Vitals were stable, EKG normal and acute abdominal films were unremarkable.  Drew basic labs including pancreatic and liver enzymes and discussed with her the broad differential.   She elected to go home and wait for the labs to be resulted.  We batch our labs at the end of the day and since she was the next to last appointment of the day expediting the labs by ordering STAT would only add expense without improving the turn-around time.
Drove home, had a cocktail and enjoyed a meal with my family and then logged in to review that day’s labs (which by now were being resulted).  To my dismay her liver and pancreatic enzymes were in the thousands.  Called her cell phone to advise her to go to the emergency room right away.  The patient’s choices were many including the hospital with whom I share an EMR.  However, she was at her daughter’s home and there were two other hospitals very close by and she elected one of them rather than drive an hour to my own hospital.

Called the ER to discuss the case with the attending who said this was a “slam dunk” admission and transferred me to the Transfer Team so that the hospitalist could be notified. The hospitalist accepted the patient and asked if I could fax my visit note, recent labs, patient’s Face Sheet and summary to expedite care.  No problem, I quickly gathered that information together, assembled them into a document while the physician was on the phone and was about to click the SEND on our e-mail and paused …

The Problem

Was I doing HIPAA compliant?  Probably not.

Even though I had the patient’s verbal consent to do “whatever was required” to get her into the hospital I doubted whether that would pass not only our own internal compliance officers but any state and federal regulator’s judgement.

Our system does have a HIPAA compliant Medical Record Printing (MRP) function that gathers all of the HIPAA variables (who, what, to whom and why) but only allows us to FAX to those devices that have been tested and validated.  It doesn’t allow an end user to key in a new fax number.  The MRP function has 2 options:  Print and FAX.  And then only to defined printers and fax numbers.  There isn’t a way to generate a password protected PDF file that can be sent to where it’s needed.  Nor can it generate HTML documents that could be sent to a secure web server into which anybody downstream who is given the correct password could log in to retrieve it.

Our system also comes with a patient portal allowing patients to access and then do whatever they want with their own information including a function that lets them share the record with another physician who can then log in as a new user and view that record.  Over 80% of my patients are taking advantage of this but this was an elderly patient of my partner who is less aggressive in enrolling her patients.  This patient didn’t have an account and therefore the other option of sharing her record with the next physician wasn’t available to her.

This information would significantly speed up the admission and workup process on this patient and it was needed in a matter of minutes, not hours or days.  I had everything ready to go to the physician with one click of the SEND button.  Should I? Which is more important?  Compliance with old paper-based regulations or patient care?

Damn the torpedoes

I clicked the SEND button with only a little hesitation and felt good as the hospitalist thanked me profusely, complimented me on the thoroughness of the note which included the patient’s picture, all of the labs, radiologist’s preliminary interpretation and an image of the EKG.  She wanted to know why more referring physicians weren’t more accommodating and suddenly realized how important leveraging technology was.


There have been years of discussion in Healthcare Information Technology circles about standardizing communications between Health Information Systems, numerous detailed proposals and countless arguments on how Patient identifiable Health Information (PHI) should be transferred from one system to another.  In the meantime these types of situations happen thousands of times each day.  The overwhelming majority of them are accomplished by Medical Records department personnel locating a paper chart, scanning and faxing the appropriate material to another provider’s fax machine and then taken to the requesting physician.  This process take time, often many hours transpire between the request and the fulfillment of that request and often involves many people and supplies.  The process is at the mercy of the resolution of the scanner and fax machines so many times the data in the hands of the requesting physician is barely legible. All this time there are low cost solutions using everyday tools that enable the transfer of this information directly between the two physicians who are involved in the care of the patient.

Surely we can come up with better regulations to let us care for the patient without having to worry whether some compliance officer or regulatory will spank us after the fact.

Any ideas would be welcome and passed on to our vendor and our compliance officers.  Uh, we’ll keep the regulators out of this one for the time being.