Why I Hate Secure Email Portals

Many health care enterprises are using secure email ‘portals’ to send, or should I say ‘tell the recipient to come get,’ information and attachments in a way they were told would be ‘HIPAA Compliant’. What I mean by ‘portal’ is a third party to which plain text and any attachment is sent over a secure connection (‘plain text’ is unencrypted information; it can be formatted text that is just not encrypted). The ultimate recipient receives an email inviting them to visit the portal to see the content over a connection that is also encrypted. [Read more…]

Epic Quote

“To us, the only reason to have an NDA are if they’re going to tell you something that otherwise they wouldn’t want people to know (for example the possibility that they might sell data downstream) or they want to make sure that their intellectual property doesn’t conflict with ours, and that kind of lack of transparency did not sit right with us.”

Peter DeVault , Director of Interoperability, Epic Systems Corporation, Madison, WI
Tuesday, March 17 2015
Full Committee Hearing – America’s Health IT Transformation: Translating the Promise of Electronic Health Records Into Better Care

Security for me but not for thee?

Bruce Schneier has penned another excellent piece on encryption called The Democratization of Cyberattack. He makes the point that technology can be developed by governments for what we consider ‘good’ uses, but that others will be able to do the same things. And he give excellent examples, too. If you’re at all interested in the topic, please go read the article. Here’s just one quote:

We can’t choose a world where the US gets to spy but China doesn’t, or even a world where governments get to spy and criminals don’t. We need to choose, as a matter of policy, communications systems that are secure for all users, or ones that are vulnerable to all attackers. It’s security or surveillance.

Should Britain limit encryption?

In the wake of the Islamic Radical terrorist attack in France, many are calling for governments to do more to protect their citizens…including perhaps limiting the use of encryption by citizens or demanding a back door. I just read a terrific blog post from an expert, John Ackerly, CEO of Virtru. He says the following:

Yet degrading encryption and requiring a carte-blanche backdoor to every messaging medium is not the answer for free societies. Smarter regulations make sense, updated requirements for warrants make sense, but throwing out individual freedom in the name of greater “security” is not an option we should accept.

Please read the whole post: Sorry Mr. Cameron. Encryption Backdoors Are Still Not The Answer.

If this topic interests you, please also consider watching this TEDTalk: Why privacy matters.

Attention Matters in Anesthesiology

Different fields in medicine rely on different cognitive abilities. One might posit that a successful internist would be good at integrating information; a surgeon, three-dimensional representations of anatomy; an anesthesiologist, being vigilant to events that will harm the patient.
selective attention

The American Society of Anesthesiologists defines our mindset as ‘Vigilance’ and maintaining it is the Holy Grail of our profession. Google give the definition of vigilance as:

The action or state of keeping careful watch for possible danger or difficulties.

to which I would add ‘over an extended period of time.’

In a nutshell, that’s what anesthesiologists do in the operating room–remain vigilant. Vigilance is composed of several components. One is the ability to divide one’s attention among several things at once (divided attention). Another is the ability to focus one’s attention on a particular aspect of the environment (selective attention). During a case we shift back and forth between divided attention and selective attention tasks to various degrees.

An additional aspect of attention is whether it is automatic or controlled. This can be especially challenging at the beginning and end of the case when we have lots of things to do (a so called “high task density”).

Psychologists have made great strides in understanding how the human mind works when it focusses attention, and it contains some surprises! In the operating room we have a constant stream of sensory data coming at us. How do we decide what to pay attention to and what to ignore?

Dan Simons, Ph.D. has done wonderful experiments often described as the Invisible Gorilla. Perhaps you’ve seen it demonstrated?

In the classic experiments, the viewer is asked to watch a video of two teams passing basketballs. Black-shirted players only pass to other black-shirted players. White-shirted players only pass the basketball to other white-shirted players. The subject is asked to count the number of time the ball is passed between the black-shirted players only, for example. As you can imagine, it takes quite a bit of concentration to count only the passes that one team does and not the other as they are playing in the same area of the court.

What the subject isn’t told is that a man clad in a gorilla suit will walk across the video screen. After counting the number of times the basketball is passed from one member of a team to another the subject is asked if they saw anything unusual. Tellingly, roughly half of the subject did not even notice the man in the gorilla suit.

What are some real-world events that can be explained by this phenomenon called ‘Inattentional Blindness’? Imagine the teenager borrowing his father’s car and focussing so keenly on not exceeding the speed limit that he doesn’t see the deer standing in the middle fo the road (and hits it). Or the driver texting in a moving vehicle and losing all situation awareness and creating an accident.

Approximately twelve years ago, I was so interested by this phenomenon that my wife, Mary Roman, Ph.D., and I did some experiments to see if we could reproduce these results in a health care-related task.

Now, anesthesiologists love pulse oximeters. “The machine that goes ping” in the operating room is not the ECG but the pulse oximeter. This is so because the pulse oximeter gives early warning when the blood oxygen content is falling. Instead of waiting until a patients’ lips turn blue, we can listen for the pitch of the pulse oximeter monitor to tell us when the oxygen saturation of blood drops from 97% to 93%, for example. (Cyanosis only becomes apparent when the oxygen saturation had dropped significantly; below, say, 85%)

We wondered if the ability of an an individual to detect a significant change in pitch of the pulse oximeter tone (signifying a patient whose blood oxygen content was dropping) would be affected by asking them to sum single digit numbers provided by a recorded voice (the so-called Paced Serial Addition Task). As the speed at which the numbers are read to the subject increases, it become harder and harder and requires the subject to concentrate more and more. We found that even very experienced anesthesiologists would fail to detect any significant drop in the pulse oximeter tone when the PASAT required their full attention.

The lesson I took from this was to become very aware of what I was doing in the operating room in terms of my attention. To be vigilant to all the things that could harm the patient or affect the surgery, I need to jealously guard my ability to divide my attention and focus my attention as necessary. Attention matters, and things that negatively influence my ability to pay attention and to shift attention impair patient care, in my opinion.

Which brings me to the electronic medical record…but that will be another post.

Hospital Mergers: Caveat Emptor

Hospital mergers are once again in the news in Central Pennsylvania. A proposed new enterprise consisting of the Milton S. Hershey Medical Center and Pinnacle Health was announced on June 26 and hopes to receive regulatory approval within one year. On June 23rd, Holy Spirit Hospital and Geisinger signed an affiliate agreement. Both announcements trumpeted expected improvements in quality, efficiency, and the provision of more capabilities and resources. Central Pennsylvania is not alone in experiencing these changes. Nor is it the first time in recent memory that health systems have merged and claimed the same advantages as the above mentioned parties have. Historically and nationally we have information available to inform our opinion about whether the proposed mergers will actually do what executives claim.

A recent Journal of the American Medical Association article titled Hospital Consolidation, Competition, and Quality asks the question: “Is bigger necessarily better?” The article is available to the public and I encourage readers to access it for themselves at: http://jama.jamanetwork.com/article.aspx?articleid=1884584 or at the shorter http://goo.gl/LvQeCI . The article provides ample reasons to be skeptical about claims of cost savings, quality improvements, or resource availability.

Along similar lines, the Robert Wood Johnson Foundation published their own Impact of Hospital Consolidation Update in 2012. This, too, is publicly accessible via the web at http://www.rwjf.org/en/research-publications/find-rwjf-research/2012/06/the-impact-of-hospital-consolidation.html or at the shorter http://goo.gl/jlz11n. This study is an excellent review of the subject of hospital mergers and forecasts higher prices if mergers proceed.

Both publications suggest we should take promises of lower costs and increased quality with a grain of salt. The wrangling over whether these mergers are in the public interest will take place largely in non-public documents and board rooms. I encourage readers to learn from the past and apply it to the present.

On Hospital Facility Fees

I’ve been following the Angry Orthopod on Twitter for quite some time. He (or she) recently had two posts that were real eye openers:

1. Employed Physicians and Facility Fees, Part 1 and
2. Employed Physicians and Facility Fees, Part 2

One excerpt:

With the rapid migration of doctors from private practice to hospital employment, the percentage of outpatient visits eligible for facility fees is soaring. More employed docs, more facility fees, more money.

Is your password still considered strong?

I admit it. I have been using the same password for some web sites for over a decade. But software and hardware capabilities have grown exponentially over that same time. This fact was made plain to me recently when I used a online password analyzer which estimates how long it would take a modern computer with current cracking software to break my oldest password. Zero point four six seconds. Apparently, a six character mix of letters and numbers is not adequate any longer.

If you’d like to check your own password, point your browser at https://howsecureismypassword.net/

But wait! Is this safe? Yes, for two reasons: [Read more…]

Peri-op Cardiac Evaluation Guidelines Updated

The ACC/AHA have just released updated guidelines on perioperative cardiac evaluation and management for non-cardiac surgery patients.

…recommendations in the updated guideline address elective non-cardiac surgery, which should be delayed 14 days after balloon angioplasty, 30 days after bare-metal stent implantation, and optimally 365 days after drug-eluting stent implantation