For more than 30 years electronic medical records have been the holy grail of medical informatics. In the last few years they have become a practice reality and their use will increase dramatically over the next decade. Electronic records offer quick retrieval, compact storage, and the ability to aggregate huge amounts of medical data to look for trends and statistical correlations.

There are four major hurdles to the effective use of electronic medical records. The first is that they demand highly structured input if the output is to be useful. This is not unique to electronic records, it is just that the expectations are higher. Everyone who does research in traditional paper records quickly learns that the data are very difficult to retrieve and require a sophisticated review to decipher and code into standard format so they can be analyzed. There is an expectation that data in electronic records will automatically be in a standard form for searching and use, even if the medical care practitioners who use the electronic records type in the same stuff they hand-wrote or dictated into the paper records.

The second problem is getting the medical care practitioners to complete the electronic records properly. This is deadly work for those who do not type because there is only so much you can do with checkboxes. Paper records, especially dictated ones, are easier, especially because there is no electronic nanny making you really enter all the data. This will only be solved by time and the demand that all medical care practitioners learn how to type.

The third problem is that electronic records are especially easy to alter or otherwise manipulate, unless they are designed to make this impossible. They are also difficult to authenticate, unless the computer entry ports have biosensors, such as fingerprint or retina scanners. This makes it hard to tell if the correct provider really entered the data. Electronic records also allow the use of form data such as a canned review of systems designed to support billing for a given diagnosis. Again, properly designed records will prevent this, but it will be years before there are adequate standards and certifications for medical records software.

The fourth problem is privacy. All medical care practitioners know that medical privacy is more of a myth than a reality. Too many people see records and it is too hard to secure them to ensure real privacy for any specific record. On balance, however, the system is fairly secure because the difficulty of retrieving and copying more than a few records makes large-scale information theft impossible. In an electronic system, however, a breach in security can mean the theft of all of the data, without even a warning that it is gone. Given a big enough selection of records and the means to fish through them electronically, an infovandal could do real harm. This might be in the form of public embarrassment or humiliation, or in blackmail demands to keep the information secret.

Medical care practitioners who use electronic records systems must ensure that the records are secure. This means both electronic security and physical security—many serious breaches of computer security can be traced to passwords and operating information that was retrieved from dumpsters or stolen by cleaning staff. In many offices the easiest way to steal the data is to just walk out with a backup tape. The requirements for proper computer security are beyond the scope of this book. Any office that uses electronic records must work with a computer security expert to ensure that the system is secure. It is important to not just take the word of the vendor, but to get an independent evaluation of both the system and the general security in the offices.