Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Medical practitioners lack e-signatures for federal law

By Saxifrage in Internet
Tue May 15, 2001 at 02:22:07 AM EST
Tags: Politics (all tags)
Politics

By October 2002, U.S. federal law will require medical care providers, insurance companies, Medicare, Medicaid, and other government programs, to shuffle and cross-file administrative paperwork electronically. However, the law passed some years ago, in 1996, and it does not contain any provision for electronic signatures of the documents. In other words, no one can be sure of whether or not the document is valid, which poses a certain level of risk to patient and to practitioner alike.

For some of the background information, before I discuss some interesting ramifications of electronically filing and signing of medical documents, see the New York Times (free registration required) story called "Digital Signatures Spark Debate", dated 14 May 2001.


Just to give a little more in depth detail, for those of you who reject the Times on the basis of free registration, the story cites several sources as saying that the issue should be worked out by the market, not the government. Additionally, it appears that these exchanges have been happening, on the scale of three billion payment claims per year, but on private networks only; there is some uncertainty as to the suitability of the greater Internet for the exchange of data.

In looking at the situation, I see two heartening aspects of digital document exchange between these organizations, and three frightening things. They are detailed below.

    Positive Things
  • There are so many documents that filing electronically will save precious trees everywhere.
    Unfortunately for those trees, mandatory electronic filing may mean increased power consumption. This is, of course, tied to the energy crisis that President Bush and Vice President Cheney are working to solve, but their solution means consumption with higher production of fuel, rather than conservation. Those trees, it appears, may be saved from the paper mill to die of pollution.
  • Sunshine laws and demand for access combined with the Internet may be able to give us access to medical records, and may be expanded to include other records as well.
    One luxury the Internet can provide that nothing else can is utterly simple access to such things. Of course, it would be necessary to have access control along the lines of what is currently present in obtaining paper documents. Additionally, other kinds of documents filed -- corporate expenditure and loss reports that go to the SEC, for example -- would be subject to sunshine laws, and therefore we could obtain them without having to go through or across jurisdictions, as in many cases.
  • Negative Things
  • Using the Internet, rather than a fully private network, creates the potential for intercepting transmissions.
    Whether signed or not, encrypted or not, the federal government is placing our personal information at risk by making the organizations transmit them over the Net. An individual intercepting would be bad enough, but just imagine what would happen if, say, DoubleClick intercepted a document that my doctor filed with my insurance company, in which it was observed that I was a diabetic. I've already been filed in their database, we can safely assume, so if they notice that I'm that person, they can start sending ads about all sorts of insulin products; and they can advertise whatever they want to me. It need not be something that works -- quacks could flourish. It could happen with any disease.
  • There is no standard for the format, transmission, encryption or signing of the documents.
    Without any sort of standard at all, havoc could break out. -- Insurance company: "Sir, we never processed that prescription from your doctor. It was sent to us using PGP 6.x, and we use PGP 5.x here, and were unable to decrypt it." It might just be a convenient excuse at that; there's no proof they could or couldn't decrypt it. If the federal government wants things filed this way, they should create all of the following items, and standards for them:
    1. Document format
    2. Private network, a la Internet2, for interagency transmission
    3. Document encryption
    4. Document signatures
    Without these things, there is no guarantee that any of the documents can be processed.
  • The market cannot create standards in a reasonable time span.
    As the instant messenging and IE/Netscape battles have proven, on the Internet a common standard takes time, and lots of nasty battles, to develop. Frequently, a standard is created by some neutral organization, and then ignored-- the W3C and Jabber have both been mostly ignored by the companies competing in the organizations' relevant markets. IE5 for Windows is still somewhat noncompliant, and AOL, in prime position in the IM marketplace, has done nothing with Jabber, despite its incredible potential. Asking the market to come up with a standard for something like this requires time, and will require infusions of capital that no one in any of the industries involved in this legislation are prepared to invest.

My surmise is that the federal government will not take a leading role on this, as they have encouraged the free market wholeheartedly to take care of such things on their own, but that worries me. What is going to happen to our medical documents, and eventually, I'm sure, the rest of the government-filed documentation, if they float around on the Internet without any standards?

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Poll
How should we sign e-documents?
o Using PGP 34%
o Using a federally developed standard (not necessarily PGP) 23%
o Using a market-developed standard 7%
o Not at all 2%
o Using an e-pen, dummy 31%

Votes: 38
Results | Other Polls

Related Links
o Digital Signatures Spark Debate
o Also by Saxifrage


Display: Sort:
Medical practitioners lack e-signatures for federal law | 10 comments (10 topical, editorial, 0 hidden)
Non registration link to Times (3.66 / 3) (#1)
by starbreeze on Mon May 14, 2001 at 01:19:31 PM EST

The non-reg link for the times is substituting a channel for www. The newslink is here, for those who don't want to register.

~~~~~~~~~
"There's something strangely musical about noise." ~Trent Reznor

Don't worry about it... (none / 0) (#2)
by trhurler on Mon May 14, 2001 at 01:19:35 PM EST

The technology to do this exists. It has weaknesses, but so does the present paper system, and of the two, the paper system is easier to abuse than a good electronic one. They're both easier to abuse than any of us would like, but that's life.

Why hasn't a system come together? Well, start a company that can make one and then try to get ANYONE in the health care industry to buy it at a price that will allow you to stay in business. These people honestly think a complete solution should maybe cost a couple hundred bucks. They're stupid, cheap, and occasionally dishonest too, but supporting those points would involve revealing information that I'm pretty sure I could be fired over, so I'll let that go:)

--
'God dammit, your posts make me hard.' --LilDebbie

Electronic billing and privacy (4.50 / 2) (#3)
by slakhead on Mon May 14, 2001 at 03:10:44 PM EST

My mother is actually in charge of doing all the billing for my father's optometric practice and there are currently two insurance companies that offer online billing.

Both deal with the security issue in extremely different ways. The first insurance provider is Medicare. Medicare has an old DOS program that has been around for 5 or 6 years now that allows endusers to compile all their billing information on their computers, dialup to a central server, and transfer the information in a matter of seconds. The handshaking process between the computer and the server takes longer than the information transfer and it is very secure. The only problem with the program is its dependence on a dialup connection. The other insurance provider is Vision Service Provider (VSP). They use an alternative method that involves setting up a secure internet connection and using forms on their website to receive information. I have dealt with this system before and it is awful. Although anyone with an internet connection (dialup or otherwise) can access the VSP website, the idea of processing all the information server-side is a nasty concept to witness in action. The web servers are often down or running at such a sluggish speed as to render the service unuseable and there is a massive javascript and browser dependency that limits the endusers to using Netscape with javascript turned on.

Obviously neither method is 100% effective. My mother's computer system at work is setup with a cable modem but she cannot access Medicare because she has to dialup. And even with a cable modem the VSP website is a task to prepare a cup of coffee for because you can be assured their will be long waits in between data entry.

What worries me is government mandated electronic billing. It is a wonderful idea to do all billing online. It can be fast, it cuts down the annual postage expenditures, and it is easier to process on both sides (sending and receiving). There are programs that overcome the weakness of the aforementioned methods however their pricetags are in the thousands of dollars area and it is more than any small business would be able to spend.

There are two ways this might end up:

The government will enforce electronic billing and as a part of the program insurance providers will be required to make billing programs effcient and available free of charge

or

The government will stop at enforcing the e-billing and insurance companies will put thousands of practices into debt with their outrageous prices.

Does anyone see any other way?

More power used because stuff is filed online? (3.00 / 1) (#4)
by br284 on Mon May 14, 2001 at 05:28:50 PM EST

I would suspect that because things filed online would have new energy costs associated with servers and transmissions and such. However, I do doubt that the final cost will be more than the current energy cost of cutting trees, making paper, transporting the paper, ..., sending forms via postal services, copying costs, etc. I think your first point is stronger than you think.

But that is just my nitpicking.

-Chris

Paper energy costs (none / 0) (#9)
by kmself on Thu May 17, 2001 at 10:02:24 PM EST

In a former life I did technical writing for an energy efficient technologies report for the California Energy Commission (coauthored by Amory Lovins, FWIW). In the category of printers and copiers, the largest single net powersaving feature was duplex copying. The energy cost of generating a photocopy is negligible compared to the manufacturing costs of the paper itself.

--
Karsten M. Self
SCO -- backgrounder on Caldera/SCO vs IBM
Support the EFF!!
There is no K5 cabal.
[ Parent ]

Standards (5.00 / 2) (#5)
by fossilcode on Mon May 14, 2001 at 08:03:06 PM EST

It would be easy to conclude from this article that there are no standards at all governing medical records. There are in fact a large number of standards, and many of them are still evolving. Also, federal and state mandates and the requirements of various private insurers add complexity to the task of defining a single standard for exchanging information.

For more information on ANSI standards for healthcare information see the HL7 website at www.hl7.org.

More on the US government's HIPPA requirements, including the final rule on transaction privacy can be found here.
--
"...half the world blows and half the world sucks." Uh, which half were you again?

Ignore it and it will be made to go away... (2.00 / 1) (#6)
by cmoyer on Tue May 15, 2001 at 05:02:32 PM EST

This seems to be the standard way of dealing with government mandated issues, especially if they are going to cost money.

In my former field, environmental compliance, companies often ignored mandates until past the deadline. When brought to question, they would play dumb or poor... which often got them aid from the government in the form of $$$ or government personel planning the project.

What will the government do? Fine these medical companies so much that all the voters have to face (more quickly) raising health costs? There's almost no incentive to take care of this now.

Corrections (4.00 / 1) (#7)
by VP on Tue May 15, 2001 at 07:23:30 PM EST

The very first sentence in this article is incorrect - HIPAA does not require electronic filing and interchange of healthcare insurance information, it requires the organizations who do file this information electronically to use certain standards. It may very well be that the federal agencies (e.g. Medicare) will only accept electronic filing after HIPAA becomes mandatory, but the private payors can still do the paper shuffle as before, if they wish.

Furthermore, the law explicitly specifies which standard formats should be used for the particular information filing (mostly the X12 ANSI messaging standards), and also requires proper security for exchanging this information over the internet, and for proper access control.

The standards are developed by industry organizations (HL7, ANSI X12, NCPDP, etc.) and the HIPAA regulations remove most of the ambiguity from which some of these formats have suffered.

It also seems that there is some misunderstanding about digital vs. electronic signature. Digital signature implies all the nifty crypto stuff which makes it directly linked to the person who signed a particular piece of information, while electronic signature just means that there was an explicit computer based action with regard to certain piece of information in electronic form - e.g. one's click on the Accept button of an EULA is electronic signature.

Lastly, take a look at www.freemed.org - they sure can use some help in implementing some of the formats required by HIPAA.

This is news to me... (none / 0) (#8)
by Saxifrage on Thu May 17, 2001 at 09:08:31 PM EST

I apologize to anyone I misled with my article; it was utterly unintentional. As it happened, I was working on the basis of the <em>New York Times</em> article where the information first appeared; I probably did some subconscious mental fill-in-the-blanks when I ran into any kind of gaps in information.

Thank you for pointing that out. Correctness is always appreciated-- so are corrections.

"I may disagree vehemently with what you say, but I will fight to the death for your right to say it." - Francois-Marie Arouet de Voltaire
[ Parent ]
Discussion anyone? (none / 0) (#10)
by VP on Fri May 18, 2001 at 02:38:57 PM EST

I don't think apologies are really needed, as the NYT article was not very informative. And I wouldn't expect anyone to read HIPAA on their own free will :-)

Which brings me to another point - why isn't there more discussion on using technology in Health Care, on whether HIPAA is really a good thing, on standards in healthcare, etc.? For example, it is really strange to me that in the US, a person's medical record is not considered that person's property. Do people think that their medical records are none of their business, or is it assumed that it is of no use for a person to have the full results of their last blood test?

[ Parent ]

Medical practitioners lack e-signatures for federal law | 10 comments (10 topical, 0 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!