As privacy advocates and IT experts try to address concerns over the security of electronic health records, a Toronto family physician is storing all of his patients’ records off-site with a service provider.
Dr. Sol Werb takes all of his notes on a Toshiba M200 Protégé tablet PC, using Electronic Medical Record (EMR) software made by Nightingale Informatix Corp. of Markham, Ont. He is connected to his office printer over an 802.11 wireless network, and saves all the data to Nightingale’s data centre over the Internet on a connection secured by 128-bit encryption.
Dr. Werb scoffs at the notion that storing medical records off-site is somehow less secure than storing paper files in an office.
His office has been broken into three times by burglars who were evidently looking for drugs to use or to sell. In one case, they got away with allergy medication, though he’s not entirely sure how that was useful to them.
“Look at my office,” he said to an ITBusiness.ca reporter during an interview in his waiting room. “How secure is it?”
With the files stored off-site at Nightingale’s data centre, a thief could steal his tablet or one of the two office PCs and not get any patient information, he said. All they would find is an Internet bookmark for Nightingale’s logon screen, and they would need two levels of passwords and an RSA security to access anyone’s file.
All Internet transmissions are protected using Secure Sockets Layer (SSL) and customers have the option of purchasing virtual private networking (VPN), said Peter Tyson, Nightingale’s vice-president for development and IT.
Nightingale’s medical software is designed to comply with standard government IS security requirements, Tyson said, adding they can block access from certain machines or restrict access to certain users or groups of users.
But information security was not the main reason Dr. Werb chose Nightingale EMR. The 57-year-old practitioner was ready to retire from medicine because he was spending too much time writing notes by hand to comply with the requirements of both the Ontario Health Insurance Plan and the College of Physicians and Surgeons of Ontario.
Before he bought the system, he was spending nearly 30 hours a week maintaining patient files, often working until 10:00 pm and taking files home with him.
EMR saves time because it has reusable forms, he said. For example, when interviewing a patient during an annual physical exam, he can record answers by filling in yes or no answers on the electronic form. When he needs to make detailed notes, he can then enter information into a field using either a keypad or the handwriting recognition feature of the tablet.
He has set up his own form for a common cold, which, for a typical patient, lets him take proper notes in 30 seconds. Using pen and paper, it took him four minutes to take proper notes. It all adds up when he sees 25 patients with common cold symptoms in a typical day.
He can then print off notes and save the files to the patient’s off-site electronic medical record. Not only does this result in a complete medical record on a patient, but it also comes in handy if inspectors from OHIP or the College of Physicians and Surgeons pays a visit, Dr. Werb said.
OHIP and the College will do spot-checks of patient records to confirm the procedures which were billed to the province were done thoroughly, he said, adding doctors are required to note all negatives.
For example, if a patient undergoing a complete physical reports no foot problems, the doctor must note there are not foot problems.
Nightingale sells EMR using the application service provider (ASP) model, where a customer pays a setup fee and a monthly service fee. A typical customer would pay about $450 per month.