Computing Applications

Health and Biomedical Informatics

Instant access to authorized electronic medical records promises faster, better, more affordable care.

  1. Lead-in
  2. Introduction
  3. Privacy in Practice
  4. Pay First, Save Later
  5. Protocols, Standards, Interoperability
  6. Reporting, Remotely and in Real Time
  7. International Informatics
  8. Author
  9. Footnotes
  10. Figures
'Wholebody' dataset visualization

In the U.S. alone the number of people whose lives are cut short by preventable disease is more than 10 times the number lost to violent crimes like shootings and terrorism, though it’s the crimes that are regularly splashed across the headlines.

When we think of advances in medical technology we often imagine futuristic machines that readily diagnose and treat complicated diseases. But all the modern diagnostics, cutting-edge surgical techniques, and billion-dollar medications in the world are only so good. Knowing when and how to use them—both in general terms across the population and in very specific terms for each of us as individuals—requires lots of data. Collecting it and, more important, stitching it together into useful knowledge is the herculean task facing medical informatics.

It is easy to pay lip service to the idea of upgrading modern medicine to the digital age—”Electronic health records for all!,” say the politicians—but just how to do so involves a daunting set of challenges, from how to codify a complex science to protecting privacy to sharing costs. The intersection of IT and medical care may not make for a catchy headline, but the fact is real lives—potentially tens of millions worldwide—are at stake.

Many of us see a doctor only when we’re sick or injured, but medical treatment does not (and should not) always involve the equivalent of emergency care. Proper, proactive, preventive care requires a deep knowledge about our overall health and medical history. Do we take medications? Do we have prior or chronic health conditions? Without answers, even the most well-intentioned care might miss the mark, with consequences ranging from ineffectual to misleading to deadly.

Despite living in the information age it might be surprising to know how little information is available to our caregivers. An estimated 85 percent of primary-care physicians in the U.S. still use regular, old paper charts to record patient histories, a system essentially unchanged since the ancient Greeks. It is still difficult to, for example, spot errors or inconsistencies on paper. Sharing charts among multiple medical providers is a low-tech process, potentially resulting in delayed or even outdated information. Plus, different sets of records may be kept by different doctors, radiology results with one, cardiac results with another, adding further barriers to developing a coherent view of our health or treatment situation, especially at a time of urgent need. Moreover, doctors’ famously indecipherable handwriting can itself pose potential perils.

Fortunately, there is an emerging digital alternative to analog record keeping—the electronic medical record (EMR), sometimes referred to as PHR (personal health record), PMR (personal medical record), or even EHR (electronic health record). No matter what it’s called, the EMR promises to be a digital portfolio of our medical records, from health history to test results to images, all accessible and updatable from anywhere at any time as needed.

In principle, an EMR offers benefits to patients, doctors, and insurers (both private and public). Since most patients lack access to their doctors’ charts, the status quo results in a firewall between us and our own medical information. In contrast, with the right software, patients could securely view their own EMR from anywhere, potentially helping them be better informed participants in their own healthcare, especially when communicating with medical professionals.

For doctors EMRs provide administrative benefits; for example, office staff are freed from manually managing paperwork, allowing them to focus on more important tasks. Plus, storing large volumes of paper charts takes up costly real estate; with EMRs stored “in the cloud” records management becomes much less cumbersome and potentially cheaper.

Administrative efficiency is nice, but the more significant benefit to doctors is that EMRs promise to improve their ability to provide care. With instant access to comprehensive patient data, decisions can be based on a more complete picture of a patient’s condition. Additionally, the software that stores and manages EMRs can apply program logic to help guide diagnoses or even catch errors; for example, if a doctor prescribes a drug contraindicated with another by type or dose, the EMR could signal whether further review is warranted, potentially catching dangerous mistakes. Prescribing the wrong medication—an often touchy subject in medical circles—was addressed in a 2006 report by the Institute of Medicine, which stated that more than 1.5 million Americans per year are harmed by “errors in prescribing, dispensing and taking medications.” Electronic health records could go a long way toward reducing such mistakes.

Closely related to digital records are electronic prescriptions, or “e-prescriptions.” As with paper charts, patients easily forget or lose the scribbles they carry from doctor to pharmacist; moreover, at least some percentage of medication errors are the direct result of errors in reading or entering prescription information. These problems could essentially disappear with e-prescriptions sent directly from a doctor’s office to a pharmacy, yet as of 2008 only about 6 percent of U.S. doctors used e-prescriptions, despite the fact that more than 70 percent of pharmacies—including all major chains—accept them. To further accelerate e-prescribing, the Medicare Improvements for Patients and Providers Act of 2008 includes bonuses to be paid by Medicare to doctors using e-prescriptions.

Pushing medical providers to go digital attracts political support; U.S. politicians from both the left and right, including President Barack Obama and former House Speaker Newt Gingrich, have publicly given theirs. Indeed, the Veterans Administration uses an EMR system called VistA to serve four million patients, making it the largest single medical provider and EMR user in the U.S. However, when it comes to enlisting medical providers, EMR-adoption details must still be worked out, along with the other aspects of health informatics. We might call such details “the three Ps”: privacy, payment, and protocols.

Privacy in Practice

In our digital culture of unsolicited marketing, data breaches, and identity theft, news headlines regularly remind us about the risk of storing digital information. Our health information is at once an especially personal and intimate account that must be shared to some degree for us to receive proper medical care. It can also make a tempting target for identity thieves and other snoops.

How personal medical data might be exploited runs the gamut. For example, prescription data may be sold to marketers, a practice currently allowed by U.S. law when data is “de-identified,” or personally identifying information is removed. But studies suggest de-identification does not always achieve anonymity, even when following requirements. Pharmacies like Walgreens and CVS Caremark buy and sell prescription data, theoretically bound by privacy laws that require it to be de-identified before it can be distributed. But no law prevents companies or individuals from attempting to “re-identify” data. Researchers Paul Ohm of the University of Colorado and Latanya Sweeney of Carnegie Mellon University have found that supposedly anonymized data can be rebuilt when crossed with publicly available information like census data, potentially allowing marketers to circumvent medical privacy laws.

Private medical information might also be exploited by insurers or employers looking for a window into our health, now or in the future. Though an extreme possibility, it’s easy to imagine an employer making hiring or layoff decisions that factor in a candidate’s medical status. This is why doctor-patient confidentiality is critical; patients who don’t trust the system may hold back information, including illegal drug use, risky sexual activity, or other “socially unacceptable” behaviors. Yet without such information doctors may be at a disadvantage in providing the best care possible and cannot share relevant disease-related data with public-health authorities.

In the U.S., the extent of privacy protection for patients is defined by the Health Insurance Portability and Accountability Act of 2003, or HIPAA. The HIPAA privacy rule defines so-called “protected health information” as most routine types of identifiable patient data, dissemination of which is regulated by organizations affected by HIPAA, including most insurers and medical providers. Individuals are given the right to request their own protected-health-information data and to be notified when it is shared.

One notable criticism of HIPAA is its lack of teeth; in 2006, the Wall Street Journal reported from the time the law was enacted in 2003 to November 2006, the U.S. Department of Health and Human Services had fielded nearly 40,000 privacy complaints, closed 75 percent of them on the basis of finding no fault, and took no action against the remaining violators.

Another limitation of HIPAA is that new entrants into medical informatics can work completely outside the regulatory system. For example, Google Health and Microsoft HealthVault, in coordination with various partner medical providers, provide attractive EMR management features directly to end users. But neither Google nor Microsoft is regulated under HIPAA, meaning they are in no way bound by existing U.S. medical privacy laws.

In the face of skepticism, both Google and Microsoft have argued that their own privacy terms meet or exceed HIPAA regulations, meaning in effect they voluntarily regulate themselves. But there is no way to prevent them from changing their policies and, say, leverage patient data for their own marketing purposes.

It would be tempting for governments to impose digital locks to maximize EMR data protection. But there is enormous value in all that EMR data, which is difficult or impossible to fully exploit through paper charts alone. Consider the example of predictive medicine, as in the Intelligent Histories project at Harvard, a computer model that looks for distinctive patterns in aggregate medical histories. By analyzing anonymized EMR data for a half-million people over six years, the researchers filtered out patterns that could be used to predict future medical risks. For example, one set of risk data is highly correlated with victims of domestic abuse. Because the abused often go to great lengths to hide their injuries, it can be difficult for a medical professional to know what is really going on when a patient presents with an acute problem like a bruised arm. But the information mined from large databases of EMRs means a computer model can apply it to flag a patient as high risk, helping guide doctors how and where to look further.

As of 2008 only about 6 percent of U.S. doctors used e-prescriptions, despite the fact that more than 70 percent of pharmacies—including all major chains—accept them.

The website aims to employ such “crowdsourced” data to support patients with the rare and incurable lung disease lymphangioleio-myomatosis. Besides community building, patients actively participate by providing personal medical data to a growing medical database, essentially creating a “bottom-up” approach to medical research that begins with the patient, rather than the (more usual) other way around.

Without aggregate access to EMRs, we could lose a great deal of valuable epidemiological research, whether cutting-edge computer models like Intelligent Histories or projections of the spread of viruses like H1N1. The key to crafting new privacy controls for EMRs is how to balance personal privacy against the public good, and is, as so often the case in matters of computer security, easier said than done.

Pay First, Save Later

The U.S. spends more on healthcare than any other industrialized country (and, many critics say, receives less benefit). Data from 2007 compiled by the Organisation for Economic Co-Operation and Development based in Paris shows that the U.S. spent more than $7,000 per capita on healthcare. Nearly double the next most costly nation, Norway, and more than double the average (just under $3,000 per capita) for most industrialized nations.

Many factors contribute to the high costs, including a doctor’s payment system that incentivizes potentially unnecessary procedures, insurance to protect against malpractice liability, high drug prices, advanced technology, and increasing numbers of uninsured people unable to access affordable preventive care. Though these factors are all politically loaded, some 28 percent of healthcare costs are due to the combined contributions of program administration (7 percent) and physician services (21 percent), according to the Kaiser Family Foundation based in Menlo Park, CA.

But even if EMRs were able to reduce operating costs in the long run, the initial investment is significant. Doctors not yet using EMR and related digital services face a potential investment averaging $20,000 to $40,000 each to acquire the software, hardware, IT support, and training to implement a system. As a result, EMR adoption is highest among large medical groups better able to afford it, like Kaiser Permanente and the Mayo Clinic. Much more resistance is found across the thousands of small and individual practices in the U.S.

Because both sides of the political aisle seem to agree that EMRs can reduce at least some of the expense of U.S. healthcare, the provision in the Obama administration’s recent healthcare reform proposals to allocate $19 billion to subsidize EMR adoption is among the most likely to be included in any final legislation.

The federal subsidies would reimburse doctors up to $44,000 each for adopting and using government-approved EMR systems. But even this would require that doctors contribute the costs of up-front acquisition. In any case, government money won’t begin to flow until after healthcare reform is enacted, if it ever is.

Anticipating a boom in EMR adoption across the U.S., vendors ranging from Dell to G.E. to IBM—plus many specialized players in hardware and software, like eClinicalWorks (used by Wal-Mart)—are positioning themselves to sell and service these systems. In the past, one factor driving the costs of EMR adoption was installation and maintenance of server hardware. But the newest products are designed to use “cloud computing,” meaning medical offices would need only lightweight clients communicating with remote servers, a potentially lucrative data-center market for companies like Perot Systems and telecom giants like Verizon.

Protocols, Standards, Interoperability

Looking beyond the considerable challenges of protecting patient privacy and paying for mass migration to EMRs, electronic recordkeeping and guidance systems will be limited if they’re unable to communicate with one another.

EMRs require at least two levels of standardization: one for data exchange to ensure applications read data provided by other applications; and one for terminology called “controlled medical vocabulary,” or CMV, to ensure that different providers use the same terms to describe the same medical conditions.

One such CMV—SNOMED CT (Systematized Nomenclature of Medicine-Clinical Terms)—is a coding system that describes more than a million terms for diseases, diagnoses, procedures, and medications. The system consists of hierarchical medical concepts assigned to ID numbers; for example, ID 208892001 translates as “closed traumatic dislocation of hip (disorder).” These “canned” concepts are coordinated with other systems, such as Health Level Seven, an international organization that defines standard terminologies for many subspecialties in medicine. The SNOMED CT syntax allows practitioners to use standardized forms to describe details and conditions not specifically available in the canned hierarchy. This means of defining and collecting medically relevant details allows the system to encode individual cases in a machine-readable form, so cases stored in EMRs can be read and processed by other compliant applications.

Exchanging data between electronic medical systems requires their use of protocols like DICOM (Digital Imaging and Communications in Medicine), which defines the handling of medical imaging, including a file format to store images and a network protocol for transmitting them across TCP/IP networks. DICOM can be viewed as something like a specialized combination of TIFF and FTP, bundling imaging and network communication, along with rich metadata attributes describing the associated patient.

The Department of Health and Human Services is backing global adoption of SNOMED-CT through its participation in the International Health Terminology Standards Development Organization and officially recognizing recently adopted standards relating to emergency responders, EMR transmission between providers and patients, and real-time patient information.

In a field as technologically, politically, legally, and commercially complex as medical care—with data spanning such diverse domains as imaging and billing—interoperability between systems is likely to pose a challenge for some time to come. One helpful tool is Laika, a free, open-source testing application designed to help debug the process by testing EMR software against the interoperability certification defined by the Certification Commission for Healthcare Information Technology (CCHIT), a U.S. nonprofit organization formed by HHS in 2005 to advance IT adoption in the healthcare sector.

Reporting, Remotely and in Real Time

If the EMR is a patient’s digital hub for medical care, then data must be able to flow in at least two directions. That is, adding and updating information in the EMR need not be limited to visits to the doctor. Some of the information might be updateable directly by users and other authorized caregivers from the comfort of home (or anywhere else).

For many patients with ongoing monitoring needs (more common in geriatric care), some trips to the doctor are only for updating basic measurements, like weight, temperature, heart rate, blood glucose, and blood pressure. Further testing may be needed but only when these readings show deviations or suspicious changes. It would save both time and money for patients and doctors alike if this sort of monitoring could be uploaded directly into a patient’s EMR without involving a trip to the office.

One technology that might be an essential platform for remote reporting of health informatics data is the body area network (BAN), sometimes called medical body area network (MBAN) and wireless body area network (WBAN). As futuristic as it may sound, BANs are being developed today from existing technology combining monitoring with communication. Wearable sensors for monitoring vital signs are commercially available, but for BANs to achieve widespread application the sensors must shrink to a size that is either easily portable or even implantable. Moreover, they must communicate via wireless RF to some sort of base station, also potentially wearable. The base station itself would then process and transmit data to the patient’s EMR via the Internet.

Potential complications include the power needs of the sensors, both to monitor the patient and to communicate with the base station. Early BANs (such as those engineered by the Irish company Intelesens) rely on Bluetooth for wireless communication, but in practice Bluetooth is way overpowered for a BAN application because it was designed for wireless communications over an area up to five times the size of even a large human body. This means Bluetooth is power hungry, when in fact a much-smaller-scale wireless network with less need for power would be better-suited to the job of monitoring individual human bodies.

The preferred solution will involve creating a new wireless protocol for BAN use, including a reserved frequency range. Today, frequency blocks are allocated by the U.S. government for all sorts of applications, from FM radio to emergency responders to wireless computer networks, but no such frequency block has been dedicated for BAN use. In July 2009 the Federal Communications Commission launched a public request for comments on several items related to establishing BAN frequencies. Initially up for consideration are ranges between 2300Mhz and 2483Mhz, much of which is already used by other technologies (sharing is not precluded), and 5150Mhz and 5250Mhz, used primarily for aviation navigation.

When and if the FCC formally allocates a frequency block to BAN use, vendors might be motivated to build an ecosystem of interoperable products, including low-power body sensors. Eventually, we may see BANs expanded to support a variety of body information systems; imagine, for example, a contact lens with a tiny LED display showing our vital signs in real time as reported by various body sensors communicating over a BAN. As much as it may sound like science fiction, researchers at the University of Washington are working on the foundations of just such a system today.

International Informatics

Despite world-class medical research and educational systems in the U.S., the healthcare delivery infrastructure is often more nimble in other industrialized nations. One need look only at EMR adoption to see the difference; for example, in The Netherlands, 99 percent of physicians use electronic medical records, and in the U.K, it’s 89 percent. Indeed, evidence suggests that as these countries began to go digital, both healthcare costs and outcomes simultaneously began to improve.

For body area networks to achieve widespread application, the sensors must shrink to a size that is either easily portable or even implantable.

Advocacy and coordination of medical informatics initiatives throughout the European Union are led by the European Institute for Health Records. Though some EU member nations enjoy advanced healthcare systems, IT investment across the EU varies widely, and member nations do not all share the same protocols, thus presenting a major challenge in promoting interoperable EMR adoption.

Likewise, China has invested heavily in healthcare IT, but the nationwide system is decentralized, relegating electronic recordkeeping to individual hospitals. As a result, the overall medical system suffers from widespread duplication of resources, with many providers having to reinvent the wheel to implement their own standards and address the inability to easily share data.

As the current healthcare reform debate rages in the U.S., other countries offer valuable lessons. One is that embracing medical informatics promises positive benefits, both economically and for individual quality of life. But going digital is also very difficult technically, financially, legally, and, of course, politically. Modernizing medicine is a global challenge. But then, if we’ve learned anything from visits to our own doctors over the years, it’s that doing the hard work now is good for us in the long run.


UF1 Figure.

UF2 Figure. Predicting heart behavior from measurements on the body. Electrocardiogram of angioplasty treatment before (left) and after (right) of a partially occluded coronary artery measures electric potentials (voltages, red positive, blue negative) of a normal heart and the same heart experiencing a severe heart attack.

UF3 Figure. Contact lenses could eventually deliver augmented-reality-style information about the wearer’s vital signs.

Join the Discussion (0)

Become a Member or Sign In to Post a Comment

The Latest from CACM

Shape the Future of Computing

ACM encourages its members to take a direct hand in shaping the future of the association. There are more ways than ever to get involved.

Get Involved

Communications of the ACM (CACM) is now a fully Open Access publication.

By opening CACM to the world, we hope to increase engagement among the broader computer science community and encourage non-members to discover the rich resources ACM has to offer.

Learn More