Centers for Disease Control and Prevention (CDC) website states that if you have or suspect you have Covid-19, to inform your doctor. However, who do you tell that you actually received your shot?
If you get the shot at a local hospital that is affiliated with your doctor, the vaccination information might show up in your electronic health record (EHR). However, if it doesn’t, or you get the shot through a pharmacy like CVS, your vaccination information may end up stranded on the little paper CDC vaccination card you receive with your shot. The onus will be on you to give your doctor your vaccination information, which will have to be manually (hopefully without error) entered into your EHR.
It was not supposed to be like this.
When President George W. Bush announced in his 2004 State of the Union address that he wanted every U.S. citizen to have an EHR by 2014, one of the motivations was to greatly improve medical care in case of a public health crisis such as a pandemic. The 2003 SARS-Cov-1 pandemic had highlighted the need for the access, interoperability and fusion of health information from a wide variety of governmental and private sources so that the best public health decisions could be made by policy makers in a rapid fashion. As one Chinese doctor remarked in a candid 2004 lessons learned article, in the spring of 2003 SARS had become “out of control due to incorrect information.”
Today, President Bush’s goal that nearly all Americans have access to electronic health records has been met, thanks in large part to the $35 billion in Congressionally-mandated incentives for EHR adoption set out in the 2009 American Recovery and Reinvestment Act. Unfortunately, EHRs have created challenges in combatting the current SARS-Cov-2 pandemic, and at least one doctor is saying that they are proving to be an impediment.
In a recent National Public Radio interview, Dr. Bob Kocher, an adjunct professor at Stanford University School of Medicine and former government healthcare policy official in the Obama Administration, blamed EHRs in part for problems with Americans not being able to easily schedule their vaccinations. A core issue, he states, is that most EHRs are not universally interoperable, meaning health and other relevant patient information they contain is not easily shared either with other EHRs or government public health IT systems. In addition, Kocher notes, key patient demographic information like race and ethnicity may not be captured by an EHR to allow public health officials to understand whether all communities are being equitably vaccinated.
As a result, the information public officials need to determine who has been vaccinated, and where scarce vaccine supplies need to be allocated next, is less accurate and timely than it needs to be. With Johnson & Johnson’s Covid-19 vaccine rolling out this week, the need for precise information increases to ensure the vaccine is allocated to where it is needed most.
It is a bit ironic that EHRs have not been central in the fight against COVID-19, given how much President Bush was obsessed with preparing the U.S. against a pandemic. Even back in 2007, researchers were outlining how EHRs should be designed to support public health crises and the criticality of seamless data interoperability. However, the requirement for universal EHR interoperability was lost in the 2009 Congressional rush to get hospitals and individual healthcare providers to move from paper medical records to adopt EHRs. Consequently, EHR designs were primarily focused on supporting patient-centric healthcare and especially on aiding healthcare provider billing.
A myriad of other factors has exacerbated the interoperability situation. One is the sheer number of different EHR systems used across the thousands of healthcare providers, each with its own unique way of capturing and storing health information. Even hospitals themselves operate several different EHRs, with the average reportedly having some 16 disparate EHR vendors in use at its affiliated practices.
Another is the number of different federal, let alone state or local public health IT systems that data needs to flow among. For example, there are six different CDC software systems, including two brand new systems, that are used for vaccine administration and distribution alongside the scores of vaccine registry systems that the states are using. With retail pharmacies now authorized to give COVID-19 vaccinations, the number of IT systems involved keeps growing. To say the process involved in creating timely and accurate information for health policy decision makers is convoluted is being kind.
In addition, the data protocols used to link EHRs to government vaccine registries are a maddeningly tortuous mess that often impede information sharing rather than fostering it. Some EHR vendors like Cerner and Epic have already successfully rolled out improvements to their EHR products to support state mass vaccination efforts, but they are more the exception than the rule.
Furthermore, many EHR vendors (and healthcare providers) have not really been interested in sharing patient information, worrying that it would make it too easy for patients to move to a competitor. While the federal government has recently clamped down on information blocking, it is unlikely to go away anytime soon given the exceptions in the interoperability rules.
Yet another factor has been that state and local public health departments have been cut steadily since the recession of 2008, along with investments in health information systems. Many, if not most, existing state public health IT systems for allocating, scheduling, monitoring and reporting vaccinations have proven not up to the task of supporting the complex health information logistical requirements in a pandemic, and have required significant upgrades or supplemental support. Even then, these supplemental efforts have been fraught with problems. Of course, the federal government’s IT efforts to support state vaccination efforts in the wake of such obstacles has hardly been stellar, either.
Perhaps the only good news is that the importance of having seamless health IT systems, from health provider EHR systems to state and federal government public health IT systems, is now fully appreciated. Late last year, Congress authorized $500 million under the Coronavirus Aid, Relief, and Economic Security (CARES) Act to the CDC for its Public Health Data Modernization Initiative. The Initiative aims to “bring together state, tribal, local, and territorial (STLT) public health jurisdictions and our private and public sector partners to create modern, interoperable, and real-time public health data and surveillance systems that will protect the American public.” The Office of the National Coordinator for Health Information Technology will also receive $62 million to increase the interoperability of public health systems.
The $560 million will likely be just a small down payment, as many existing EHRs will need to be upgraded not only to better support a future pandemic or other public health crises, but to correct existing issues with EHRs such as poor operational safety and doctor burnout. Furthermore, state and local public health organizations along with their IT infrastructure will also have to be modernized, which will take years. This assumes the states are even willing to invest the funding required given all the other funding priorities caused by the pandemic.
One last issue that will likely come to the fore is whether it is now time for a national patient identifier that could be used for uniquely identifying patient information. It would make achieving EHR interoperability easier, but creating one has been banned since 1998 over both privacy and security concerns, and more recently, arguments that it isn’t necessary. While the U.S. House of Representatives voted to overturn the ban again last summer, the Senate has not followed suit. If they do decide to overturn the ban and boost EHR interoperability efforts, let us also hope Senators keep in mind just how vulnerable healthcare providers are to cybersecurity attacks.
Contributing Editor Robert N. Charette is an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Along with being editor for IEEE Spectrum’s Risk Factor blog, Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.