CSS pop

Friday, February 5, 2021

EHR Primer and Minnesota EHR audit trail request by patient

 Some people are likely to read this and ask what an EHR is. another term EMRs is for this level the same 

Electronic healthcare record Electronic or Medical Record.

 

Both my upbringing and my education and my personal interest s both knowledge wise and pursuit wise or best interest wise have all kind of coincided here.

In other words I've always been into what makes things tick and computers have been a big thing along those lines. Record and data systems programming in general.

plus I turned 18 in 2006. Relevant because the bulk of the implementation of these systems what's happening while I was in high school. 

 my mom is not only a nurse practitioner but also taught nursing at the college of saint Catherines. So throughout childhood and young adulthood or any time I was home; it was pretty frequent that specifics of those systems came up at dinner table discussions. Actually the bulk of that was her upset about how terrible they were. But one can usually infer based on even complaints what's going on with a black box system.having knowledge of how similar systems are built sure helps.

A lot of the problem other than lowest bidder was Marlene never gave computers a chance or something just never clicked for her. Alternatively she just might not have cared to or somewhere in between.

Probably around 2001 the college of saint Catherine's was on her ass to switch for curriculum from overhead projector and slides to PowerPoint.

Guess who did the majority of that. which really did help with understanding a lot of the medical world.

also at times she would do things like bring home the dummy that used to teach intubation which I would usually play with.I would never want to  or attempt to try it on a person but I seem to remember I could do it on that dummy after a while.

Apparently before the dummy they used to practice on cats if I recall correctly. I digress.

HIPAA is the broad topic but it covers or mandates a lot of the things in EHR and EMR management systems

I seem to have come across there's been at least one another biggie but I haven't have time to look into it. I mean along the lines of HIPAA legislation wise.

so what is an electronic healthcare records management system?

You might have run into a blogging system referred to as a content management system (cms)

If you've ever interacted with WordPress you've interacted with a CMS. Problem is the most common use case tends to be one person setting up a business website with WordPress so you might not fully get it but you're probably aware you can make multiple logins. And that's a big part of how they're similar.

The content is your pages or if there's multiple people working on whatever it is. A business site or blog or business site with blogs the content can also be their posts

And a big part of the management aspect is keeping track of who's authorized to edit what areas who has edited what areas and the same could be said for created or so on.

WordPress also deals a lot with the look and feel of a site which if you're reading this from the medical perspective there's something in it for you to because that's what by what I can see the ehrs is lacking right now. Surprised I haven't even seen one from your view. But I have come across providers and even lawyers mentioning how pathetic it is that the chart on the screen does not in any way resemble the chart that prints out. So there probably is some area where it should take notes from other content Management systems

Or the likes of broader application frameworks or suites like Microsoft Dynamics.

but the general idea with WordPress or a content management system is a data management system with presentation control and access control

 Which is most of what electronic healthcare records Management systems do. But there's a layer of sharing with other organizations and I don't want to fully go into it here at flush that out elsewhere but it seriously needs editing for legibility and readability. The powers-that-be and the courts that allow lies try to keep me from even having a place to sit down so most of this is transcribed into a smartphone.

But as for the complaints of anyone using this as a daily driver or your organization around you I have a question:

what have we refused and refused and refused to learn about the lowest bidder?

 If you are unsure ask the Apollo 1 astronauts. Further hence the only way you're doing that is put one hand in the other as if you're praying. Pure oxygen didn't go so well.

I'm formally educated in computer science and information systems but even before that I was writing my own software. one such project was a content management system.

Today or due to the let's call an extra-legal hell that is being forced on me

my main focus is by describing it for others is the audit and access control aspect

Where did this all come from?

this all came about as far as I know because of HIPAA law which was part of Bill Clinton's for better and worse changes.

Even if you're unfamiliar with HIPAA

if you've been to a doctor you've experienced HIPAA.

if you're in your 30s you might even recall pre HIPAA.

 Just think about the waiting room.

some people might not recall but a while back it changed and all of a sudden everybody had a big gap between the receptionist and the line of sick people in misery behind them. 

Which is a small but the most public-facing part of HIPAA.

the idea is chart info like diagnosis medication or even patient identity info( I believe ) but especially the two together should not ever be discussed within earshot of someone who isn't part of the relevant care team or the patient.

For instance well I was inpatient mental ward u of m Riverside I kept over hearing other people's chart info.

Usually two staff members discussing it in a common area. 

Happened about four times in one day my response was glance bad can judge the distance so I could apply appropriate vocal level because what I wanted was their attention not to create a scene. But then whoever happened to be in front of me I would fake a laugh and ask if they've heard that joke about HIPAA volume level I was pretty sure would carry back but would not be upsetting. Keep in mind I was facing away so it took a little more than it took for me to hear it.

I got three blank stares in one devious grin from fellow or Ward patients oddly enough no one on the staff on that very funny 😂

but as a tangent and a meta-analysis one in  four patients understood when their rights were being violated.

That one also furthered my understanding those blank gazes might as well be referred to as Seroquel ed. Which is an anti-psychotic tranquilizer as far as I understand.

The above as it pertains to what HIPAA is was a top of my head summary.

 I would not try to quote me anywhere it matters on that particular aspect.

Audit Trail

The idea of an audit trail or an audit log is :a list of every action anybody does what time it happened who did it and from where. There might be more than that but that's basic understanding.

The prerequisite understanding is you go in as a patient hopefully on your own accord...

And a nurse will first see you but probably all the way back at check-in a new record has been created for this visit

so the nurse comes in does your height weight the basics for charting and a little bit more about why you actually want to see the doctor this person is auditing both your record with that organization and probably a record specific to that visit on that day there's a few different ways to implement this.remember I'm describing a system I haven't actually seen behind the hood of I'm just using logic to deduce. But there's only so many ways to collect and storeand you need logical constructs to organize or hope to have it mean anything. 

The audit logs aren't focused on the specifics of anyone record they are the metadata about how it was created and who created it or who touched the records. this data is usually linkable back to the specific change if not another copy of it but storing two copies of the same data gets expensive so they usually use things like pointers and this many places problems may arise or ways to cheat but that could be one. Now I'm way too far into that.but front-end back-end database validation let's hope they did it right

As for the info on audit log

Example of data we want loged:

What was done(changed added deleted)

Who

When (date and maybe appointment or visit number reletive to the patient the record is about)

Where (physical location,org, building, device)

every time records are touched and or transfer creative modified whatever these bits and or more of info should be recorded separately. This is the audit trail.

legislation mandates that this separate record restored for a set amount of time.

Top of my head I think it was six years 

I mentioned above that the privacy bits that you're likely to notice our things like line or queue pushed back for privacy.

Really what an audit log does is enable a system of tracking if your privacy has been respected.

At least from the used case of a patient or the intent of patient privacy.

It also could point it foul play or help track medical mistakes.

There's probably a lot to explore that I don't have time to do in the concept of is it all just smoking mirrors because this is where the real protection is but dependents on the state you might not be able to request it.


The federal legislation left it up to the state whether or not the individual patient could access or request the audit log for their records.so it's kind of like we passed an act but trust us because we did this depending on the state. Otherwise if the state requires a lawyer and the average court case price I found yesterday holds true

you might be looking at an attorney that will do it for you for maybe $200 for an hour of work or the court case of average $10,000 to find out.

More pay wallsso while we eliminate you we can price you out knowing exactly how we did it 😂

Which is supposed to be a bit of a joke.except there's another way where most people have no idea what these concepts are so that's the other aspectos trust us but don't actually don't look behind the curtain or you won't even know what curtain to look behind.

 if you look into it from a systems view that also means that how safer how private your data is really comes down to the organization and what their standards for checking that log are.

If they're not checking it and you can't access it...

Does a healthcare record in a forest of healthcare record something something the sound when it's unauthorized access?

got a few hundred to a few thousand dollars to find out?

I personally find this might be rather important because despite a professional confirming my parents mold problem...

 my nurse practitioner mother continued insisting that she would have me taken to the crisis center and or medicated or my delusions of their mold.

 she probably has substantial ability to pull and modify my records and if no one is looking for the unauthorized access...

But on a more zoomed out scale or universal one it appears I have to double-check this that the audit logs are per organization. but if you do to a new provider your records do transfer.

There's a lot of room for hell here. I hope I just haven't read correctly yet. But in covering medical malpractice if the record if the audit logs aren't universal or transferred with the records. It's a klusterfuk and there isn't a better word to describe it.

Between 100000 and 250000 Americans die every year due to medical mistakes. What's Covid at?over how long ?

 Just for some perspective.

anyway I thought I'd do anybody looking for what these concepts are favored but this link below contains the Minnesota answer to whether or not I need a lawyer to access the audit trail and or from every organization it would be relevant. A further barrier to finding the answer I'm looking for might be I'm not a patient at children's that's probably where she would have done it if she did it.

I sincerely hope I'm mistaken about how that works on a per organization basis

Because it's anything from malicious to a grave oversight if I'm not.

https://www.google.com/url?sa=t&source=web&rct=j&url=https://www.lrl.mn.gov/docs/2013/mandated/130394.pdf&ved=2ahUKEwimuprfhdTuAhXDB80KHV3QBVsQFjACegQIChAB&usg=AOvVaw1324b7ChP1mYBluTT75LPL


https://www.google.com/url?sa=t&source=web&rct=j&url=https://www.health.state.mn.us/facilities/ehealth/hras/docs/021913report.pdf&ved=2ahUKEwimuprfhdTuAhXDB80KHV3QBVsQFjAAegQIBhAC&usg=AOvVaw3sGOW0Cea60QAm3dl7j6B7


That said making them cross-compatible are transferable / org is its own set of challenges. If the requirements have been better laid out ahead of time at 1 and be but if you have an ecosystem from multiple vendors which as far as I can see is the truth and the audit trail wasn't as well thought-out you have different formats. Whereas the records for the patient's medical info itself we're more every field on their is mandated or at least in a format where if another vendor's system can't understand it it fails or degrades gracefully well one would hope😂

Again see Apollo 1 for systems built by lowest bidder

Or see bellow for something Andy Stern would probably appreciate.


Actually the first person to show this to me was the owner of a CPA office that I started doing it support for in 2004.

Why it might be bad

In case you missed where the grave issue is:

it might be the case that in the case of malpractice or medical mistake the only organization with access to and control of the records indicating who made the mistake via who put that info on the chart or the charts function of logging who performed a medical procedure..

the only organization in control of that info would be the one employing the person or people who made the mistake

With a nod to my accountant friend it's terrible systems practice. GAAP

GENERALLY ACCEPTED ACCOUNTING PRINCIPLE ack caps lock

External audits and reviews are a key tenant to prevent corruption fraud swindle you name it

a generalized idea is conflict of interest and the liable party or parties or organization having control of the records indicating they're liable is no bueno

This is the same logical issue I keep harping on with the fact that the police handle their own complaints.

Except in Minnesota that one's extra crazy because after they investigate themselves if they find there's no fault on their part they can raise criminal charges against you for complaining 

Seems legit right? A lot of the lawyers websites and live vise websites advise you to only do it through a lawyer in Minnesota. Yet again I'll pay you all to Justice or to stopping what might be harm leading to death

if you're reading this in high school in Minnesota you probably want $20,000 implanted into you because you might be surprised the police don't have to do anything about any violation.

That includes someone accessing your bank account.

if you found a surgeon willing to do that the only problem is you didn't have to work to save the amount to get the $20,000 out of you

If say like me you end up separated from everything you worked for zero notice and someone is continuously stealing felony amount from you but hopefully you don't get here

That said regardless of race or gender this is an issue that could impact everyone in Minnesota or almost everyone.

Somewhat related note to teenagers in Minnesota

It also seems Minnesota took everything we learned about what trauma does to people and said hey hey have fun now that you hit 18

Especially if it's your parents who are doing wrong to you. I haven't she not a lot but the main problem is most parents won't be that way. Most people won't believe you if they are. if you are will believe that the cops can be that way in response. 

As an only child I paid a lot of attention to people deeply the way a lot of people don't even consider

Friend of mine I didn't see it happen but I don't doubt her for a second because the person... her father... Your time's got close enough to me where it was like he was trying to become part of my clothing which is of course a threat non-verbally

He choked her to the ground shortly after she turned 18 and Maple Grove Police basically said well you're accepting stuff from your parents so they're always going to have some control

Don't think gender will save you.

It's basically safer to think about it along the lines of money who has more can generally get what they want even from the legal system. But there is an influencer to it like cops might get money for arresting males in certain circumstances where they wouldnt for females

Seems this is all kept pretty hush-hush or rather only those getting stooped by it learn of it.

I'm really not one for esoteric law or policy

psychology did come up with a very great thing that was the concept of informed consent. 

Psychology like any other thing study or physical device is basically a tool to be used for good or bad

It knows trauma is no good for you. It can leave you likely to be the one who sells out your children even though you can't fathom that now.

 Other than I don't see it done much I'm not sure whether I'm supposed to communicate any of this or not.

they're killing me anyway so hey take it or leave it but it's here

it's not that I think anyone's out to get me or you in particular .

other than the system is set up to eat You alive. Then there's the interplay of personal bias in those who enforce it.

No comments:

Post a Comment

 It just dawned on me. If you want to see evidence that black people are no more inherently violent than white people Martin Luther King and...