Log on and take your meds

Chronic Disease Management software is designed to help patients with chronic health conditions take increased responsibility for their own care.

By Saul Chernos

Are you tired of reminding your patients to take their medications and eat wisely? You may want to consider some of the new computer applications that physicians are using. This software, some of it web-based, is designed to help patients with chronic health conditions such as diabetes, high blood pressure, and high cholesterol levels to take increased responsibility for their own care.

Chronic illnesses present a unique challenge. They can progress in silent, significant ways, yet care is often self-administered at home, outside the supervision of healthcare professionals. Patients can be undisciplined about taking medication, following special diets or doing what they otherwise might to prevent potentially-serious flare-ups. Physicians aren’t as able to pay strict attention as they are in a hospital setting.

Province-wide patient databases and electronic medical record systems will eventually link physicians, other healthcare providers, and patients in unprecedented ways which will strengthen the relationship between all parties. For now, however, electronic offerings are piecemeal. Web-based chronic disease management tools are no exception.

High blood pressure is a classic example of a chronic health problem. According to the Canadian Heart and Stroke Foundation, five million Canadians have high blood pressure. Yet, Dr. Claude Laroche, a Montreal general practitioner, says many patients don’t take medication when prescribed, or follow physician advice.

“People aren’t generally aware of their blood pressure,” Laroche says, expressing a view common in the medical establishment. “When we tell them it’s high they don’t necessarily stick to their medication or make any changes to the management of their lifestyle. They don’t take it seriously.”

Pharmacists can help educate patients about prescription drugs, yet this is often not sufficient.

Laroche says Novartis, the drug company behind Diovan-brand high blood pressure medication, offers a comprehensive patient support program with access to a web site, www.Diovan.ca, where patients can enter and track their own blood pressure readings over a period of time and print ongoing results for their physicians.

“Patients enter their data on the site, using an identification code, and then see exactly what’s going on,” says Laroche. “They can also chart when they take their pills. Ultimately, this helps the counseling I give my patients – it helps them be compliant about taking the medication I prescribe.”

Aside from letting patients record their blood pressure readings, www.Diovan.ca is largely educational, covering everything from risk factors to the benefits of exercise and diet. “It tries to give a complete picture to the patient so that they can take care of themselves,” Laroche says.

Novartis isn’t the only drug company offering an online adjunct to prescribed medication. Pfizer maintains lipitor.ca for patients taking its drug of the same name, which helps control cholesterol, while Astra-Zeneca, which markets Crestor, maintains a site where patients can track their data and chat online with dieticians, pharmacists, and other professionals.

The pharmaceutical company sites tend to be more patient-oriented than doctor-oriented, though there are exceptions. Laroche cannot access patient information online because the data is password-protected by the patient. “I simply prescribe the medication when it’s appropriate, tell my patients about it, and get any information they print for me.”

Laroche says he sees the services as a valuable adjunct. “There’s lots of choice for good high blood pressure medication, so if you get more service from a particular company – either for the doctor or for the patient – then you’ll prescribe that medication. For me it’s a good incentive to prescribe the brand name.”

Many companies offering hand-held blood-glucose meters offer software that either doctors or their patients can download and install on their computers and, with a USB cable, transfer data from the meter to their PC.

“Once you put a test strip into the meter, the system turns itself on automatically, does the reading and stores the data in memory,” says Russ Newsome, a Bayer vice-president who oversees his company’s Ascensia-branded diabetes products in Canada. “The user can then write the reading down in a (paper) notebook or transfer it to a computer using the software.”

Newsome says patients have access to information about diabetes and a password-protected area to track their blood-glucose levels over time. Patients can provide the information to their physician or bring in the meter and cable if the physician has the proper software.

Dr. Ira Bernstein, a Toronto family doctor with a substantial diabetes practice, says he has software compatible with several glucometers and generally prefers to let his office handle the data transfer. “A lot of diabetics are older and do not use computers, and many of my patients do not speak English as their first language. Patients can get the software and hardware if they want to do it themselves, but this particular software (Ascensia’s WinGLUCOFACTS Professional) has a lot of information that I think is beyond the reach for many patients.”

Bernstein says the data is downloaded immediately and he can review it with each patient during their visit. “It only takes seconds. I can tell right away if their glycemic control is good, and I can spot trends – say, where changes in diet or medication management are making a change. For patients who are on insulin, it’s particularly helpful in dosing because you have to know glucose responses based on time-of-day. There are a lot of parameters involved in adjusting insulin.”

Bill Pascal, chief technology officer with the Canadian Medical Association, says web-based tools can help patients maintain regimes governing pill-taking, diet, weight loss or blood pressure levels. He adds, however, that physicians should be careful about relying on companies providing medication to also provide educational information for patients.

“We should try to put a wall between the product-providing companies and the provision of care and care advice,” Pascal says. “The doctor may have the patient on some type of drug regime, but the service that the patient gets access to should not be tied to a company selling some kind of product. We need to ensure that this doesn’t influence the type of healthcare paths we put people on.”

These concerns notwithstanding, Pascal sees online chronic disease management tools heading in a new direction, away from individual companies and more under the scope of regional healthcare providers and provincial health ministries.

“There’s experimentation going on in a few places in Canada that isn’t tied to any kind of medication or institution. Most healthcare initiatives are being driven at the regional level, where they’re doing all the really heavy lifting of IT systems, and most provinces are starting down the road of building the connectivity layer, the connections between all the points of care. This is becoming web-enabled, and people will be able to log on and send information back and forth.”

As Pascal sees it, patients with chronic conditions would have monitoring kits at home and be able to log into a common area and, with privacy measures in place, enter readings and other data for access by authorized members of their care team. It’s entirely possible, Pascal says, that governments will purchase rights to the systems and technologies some drug companies have put into place, or simply implement similar monitoring systems. “A province could even buy the rights to use the product, cut ties with the drug provider, and develop the system province-wide.”

British Columbia and several other western provinces have taken initial steps in this direction. In 2003, a group of 65 primary-care physicians on Vancouver Island teamed up to address quality improvement in chronic care management. With the Vancouver Island Health Authority, the B.C. health ministry, IBM and other partners, they developed a prototype patient database and toolkit for chronic disease management.

“We rapidly figured out that it was bigger than this group of 65 doctors, so we turned it into a provincial initiative,” explains Rosemary Gray of Greymartin Consulting, a project partner specializing in healthcare information management.

With 800 primary-care physicians using the system, along with close to 500 nurses, specialists and other healthcare providers, the toolkit features a database organized by patient, with one-page clinical flow-sheets that track and simplify data for individual chronic conditions.

“It provides a personalized computer print-out of the most recent data and all the key medical and clinical elements that need to be tracked,” Grey says. “Patients love it when their doctors give it to them – it brings patients to the point where they’re partners in their own care.”

Dr. George Wray, a general practitioner in Saanichton, B.C. who has been active around the provincial database and toolkit since their inception, says the toolkit helps him help his patients. “With the average patient with a chronic disease, the information was scattered throughout a paper file that was two inches thick. Now everything I usually need to know for each condition is on just one page. It’s the nuts and bolts of what I need to pay attention to.”

Each time a patient visits, Wray updates the data and charts everything on graphs. “It gives me feedback on how my patients are doing, individually and as a group. I can find out if I’m doing a good job. If I have a patient who is really at risk or hasn’t been in for awhile, I can call them for a visit and review everything.”

One of the key responsibilities in chronic disease management, Wray says, is continuity of care and keeping patients on track, educated and managing their own conditions. “If you can do all that you’re going to prevent a lot of trouble for the patient down the road.”

B.C.’s chronic disease management strategy, including the Toolkit, has attracted attention from other provinces. Under the Western Health Information Collaborative, Canada’s four western provinces are creating technical standards for managing data pertaining to chronic disease management. Separately, B.C., Saskatchewan and Manitoba are upgrading the Toolkit to implement standards across a wider geographical area.

Project partners anticipate that standardization will bring benefits, including the ability to move patient data across provincial lines – necessary if a patient travels or moves. As Rosemary Gray sees it, toolkit functionality will eventually end up as part of larger-scale electronic health records. “There will no longer be the need for a separate application like this because it will be available at the healthcare provider’s fingertips through the EMR in their practice, and any comparative reporting that integrates data from multiple healthcare providers in multiple locations will be available through the larger electronic health record.”

How soon? “It depends on how you define EHR and how far you go, but you’ll start to see this kind of movement within a year or two.” •

BACK TO THE CONTENTS LISTING

Security tips for EMR

EMR vendors give common sense suggestions to improve security on EMR systems.

By Issie Rabinovitch

For the readers of Technology for Doctors, few subjects are more important than computer and network security. Security is an issue for doctors, whether or not they are using EMR solutions. Physicians who continue to use their paper-based record keeping methods are interested because they often cite security concerns as their major reason for not computerizing.

We turned to several respected providers of EMR systems in Canada to get their latest thoughts on how doctors can best protect their data and systems and also to get a better feel for industry trends in security. We spoke with representatives of Wolf Medical Systems, Nightingale, Healthscreen, and Clinicare as well as a noted security expert at Hewlett Packard.

It seems that 2006 has already featured more major security breaches in healthcare than a typical year. No incident has attracted more attention than the temporary loss of a laptop and an external hard drive with 26.5 million patient records belonging to the Veterans Administration in the United States. That in no way diminishes the importance of the cases in Canada that have involved mere tens of thousands of records. The theft or loss of even a few records containing private and sensitive data is an important matter.

All of the interviews were conducted independently of each other and no one was aware of which other companies were being approached. There was general agreement on the major issues, but some of the experts chose to stress particular topics that the others did not. A large amount of valuable information was generated, more than can be reported here.

Everyone I spoke with said that most users of EMR software, from single doctor offices to large clinics, are sloppy in their implementation of security measures. In some cases, I was told, it was due to a lack of knowledge but often doctors and clinics knowingly lower their security in the name of convenience and saving time.

There is no “silver bullet” to combat all security threats. Good procedures, informed users, good security products implemented properly, and continued vigilance are the best that can be done. No data is ever totally safe, but everyone should strive for an acceptable level of security.

Nightingale Informatix is primarily an ASP EMR provider, the first in Canada, but also produces software which can be run on local servers. It’s the ASP version of Nightingale’s software that is typically used in doctor’s offices and clinics.

Alia Mourtada, Vice President, Product Strategy believes that the burden to ensure that data is secure shouldn’t fall on the vendor only. As she put it, “A system may be HIPAA or PIPEDA-compliant, but that doesn’t stop someone from printing patient data and leaving it in the waiting room.”

Like almost everyone else approached for this article, she mentioned the importance of encrypted backups, stored off-site in a secure facility. She recommended that a service that provides secure vehicles be used to transport the backups on a daily basis. She admitted that the percentage of clinics that do this is very small.

In Mourtada’s opinion, ASP solutions are more secure than solutions that run locally, at least for smaller institutions. “The ASP environment that Nightingale creates can’t be replicated by doctors in their offices. No data is stored locally and nothing is cached.”

Wes Stonos, Sales and Marketing Manager of Healthscreen, was very blunt in stating some of his opinions.

“Regardless of procedures in place, no data is totally secure. If someone really wants to get at something, they’ll find a way.” He also said, “Smaller practices don’t understand data security issues.” He referred to the problem of multiple users logging on with the same user name and password, which he called a bad practice and one of the biggest vulnerabilities, both to the EMR data and the network.

Healthscreen tries to educate users about this and other elements of basic security but, like the rest of the industry, it is hoping for doctors to become computer literate.

Stonos cited wireless networking as another serious vulnerability. He has sat in his car in many customer parking lots and noted that their wireless networks had no security or encryption.

Encouraging doctors to back up data daily is still a problem. In answer to the question “What do they do in the case of a system crash?” he replied, “They reconstruct the data from their paper trail.”

Stonos continued by saying, “Contrary to what some believe, computer data is more secure than paper data, provided that proper backups are in place. If someone steals your paper files you’re not able to function since there are no copies. With digital data you have a backup and you are only slightly inconvenienced.”

Devin Nate is Clinicare’s manager of network architecture. Their software, which runs on a local server, is protected by many layers of security. However, he admitted that there was nothing to stop someone with administrative logon privileges from downloading the data onto an external drive and walking out of the clinic with it. It appears that no system can prevent what happened in the infamous VA affair in the U.S.

He compared the pros and cons of an ASP model with running software from a locally housed server. On the ASP side of things, there’s excellent ongoing monitoring by security specialists but your data becomes a bigger target to hackers around the world. With a local server, it is possible to reduce exposure to the outside to a minimal level but difficult to maintain a high, professional level of monitoring.

According to Nate, the biggest security concern is user error, such as using a weak password. He can break into many systems in seconds by making intelligent guesses about passwords. Strong passwords may be less convenient for the user but they offer much greater security. Using strong passwords is even more important, in Nate’s opinion, than changing passwords on a regular basis.

Clinicare performs periodic audits of customers systems and notifies users of weak passwords. Customers who want to continue to use weak passwords, despite the risks, are asked to sign-off on this. Amazingly, a substantial number of clinics choose to stick with their simple password “strategy”. Just using strong passwords is not enough. Nate has often noticed passwords left on sticky notes placed on desks or monitors, which defeats whatever is gained by using strong passwords in the first place.

Nate raised an issue about laptop security that no one else brought up. He believes that clinics should not allow laptops to go home. Once the kids play with a laptop, it is likely to develop vulnerabilities. Like many good security practices, this makes a lot of sense but it is very hard to enforce.

Vali Ali of Hewlett Packard works full time in security, although healthcare is just one of the industries he is concerned with. His specialty is security issues involving mobile computers, and he has the fascinating job title of Distinguished Technologist. He is based in Houston.

According to Ali, security breaches on networks and applications are often related to lost or stolen notebooks. “Criminals are moving faster than we are,” he said and offered some surprising numbers: 60% of sensitive information loss stems from lost or stolen laptops versus 25% being related to network intrusion. 50% of network intrusion cases are based on information recovered from lost or stolen laptops.

The implication is obvious. Laptops need to be protected.

“There is no silver bullet to deal with all security concerns. Smart cards with biometrics are the best you can do right now, but people leave their smart cards in their notebooks – which get stolen.”

In his experience, biometrics can work well but it isn’t always a popular approach with users. “No one wants to poke his eye in a camera 10 times a day to be authenticated. Seamless challenge response with something you have, such as a wireless smartphone containing your certificate, can be a better solution. Seamless multi factor authentication is even better.”

According to Ali, the best level of security is attained when authentication rooted in hardware is required. Unfortunately, that technology is not found in many clinics. •

BACK TO THE CONTENTS LISTING

HOME - SUBSCRIBE - ADVERTISE - ARCHIVES - CONTACT US