• by bcarlson@marketresearch.com
  • February 18 2016
  • EHR

Between Flint and Ransomware, Good and Bad News for EMR

Between Flint and Ransomware, Good and Bad News for EMR

Depending on the news one reads, this was either an unfavorable month for the 25 billion-dollar  electronic medical records (EMR) industry, or it was its finest hour.   The industry demonstrated its prowess in dealing with a community medical issue that would have been failed by paper records, but also had some negative publicity on IT security.  

First, this month brought news that the lead poisoning water crisis in Flint, Michigan was discovered as the result of searches conducted using data from an  Epic EMR system  (story: http://www.fierceemr.com/story/flint-michigan-kudos-ehr/2016-02-03.)   According to news accounts and the statement of the physician that discovered a problem in Flint, paper records would not have leant themselves to the kind of research needed to detect patterns if only paper was available.  

Flint’s Hurley Medical Center is crediting its EHR system for helping it detect the increase of unsafe lead levels in area children after the city changed its water supply. Pediatrician Mona Hanna-Attisha decided to review the medical records of the children whose blood had been tested at the hospital after hearing reports this past fall that Flint’s water contained more lead after it began pulling its water from the Flint River.  

The side benefit of EMR conversion (aside from cost savings) is that practice would improve and providers, academics and governments could obtain better epidemiological information.  The visibility of the Flint Michigan story provides a real-world example of the benefits oft stated during the conversion and incentive campaign.  

At the same time, recent incidents of medical information being held hostage by hackers, with the most notable being an incident at the Hollywood Presbyterian, have spotlighted fears of record conversion.  In the most recent incident the California hospital paid $17,000 to rescue its information from hackers, have spotlighted information security.  Hollywood Presbyterian was using a major vendor EMR system.  Because the initial ransom demand was in billions, the story went national.   This incident at a time when many physicians and hospitals are converting to electronic records and the Federal government has driven conversion was obviously not a postiive development.    

Still, 3 out of 4 US hospitals have a basic EMR system and most EMRs are being used without incident.  There are questions about the role of the actual EMR software in the Hollywood Presbyterian case, as to whether the hospital properly encrypted information, whether staff was properly trained in anti-phishing techniques, whether EMR use audits were conducted, and if anyone was designated as chief security officer there.   Such services and consulting offer opportunities for the industry, which has always been as much of a service industry as a software one.  As indicated the actual damages of ransomware attacks have so far been minimal, and ransomware attacks are not limited by any means to healthcare facilities as corporations and even police departments have suffered attacks.  

Kalorama sees continued growth in the EMR market.  A big focus is going to be in conversion and upgrading of EMR systems.  Our yearly look at the EMR market is here.  We are at the current time working on an industry update for April 2016 publication.