Ricochet is the best place on the internet to discuss the issues of the day, either through commenting on posts or writing your own for our active and dynamic community in a fully moderated environment. In addition, the Ricochet Audio Network offers over 50 original podcasts with new episodes released every day.
A Slow Death from Bad IT Infrastructure
My hospital’s IT infrastructure is absurd. The best satirist could not describe it, although it conjures up scenes from Mike Judge’s Office Space, if one replaces progress notes with TPS reports.
It is 6 am and I get my portable computer on wheels for my morning rounds. The bulky machine includes a full desktop PC, battery pack, monitor, keyboard, and mouse. It weighs about 75 pounds and is to be my millstone for the next several hours.
I log in. Password regulations dictate my 24-character string of letters, numbers, and emojis be changed fortnightly. I am habitually typing the old password. On eventual success, the computer takes a full minute to reach the log-in to the virtual desktop. Once again, username and password and a minute-long wait to reach the virtual desktop where resides the electronic medical record (EMR) application. Now, to log into the EMR, another flurry of keystrokes, username, password, and a minute-long wait. The radiology software also requires the familiar pattern of taps across the keys followed by a delay.
My coffee has cooled to room temperature. We are nearly ready to begin rounds.
As I wheel my albatross to the first patient room, I introduce myself to the patient. They are unlikely to remember my face, as it is obscured by the large monitor. I type as we converse, recording the various bits of information needed to maximize our billing department’s reimbursement for my note. The more information I include, the lower my chances of nasty emails telling me to add to my documentation. Fewer than emails a day is a victory.
I apologize to the patient for the lack of face-to-face care. There is limited time before I’m needed in the operating room. I’ve tried not typing while talking to the patient. Typing between patient rooms delays progress enough to make completion of rounds prior to surgery impossible. Typing after a full day in the OR brings a host of other problems: provider teams lack documentation of my daily plan; I forget things; I end up typing from home, late into the night.
So, I type and talk. I fill out my essay, the only evidence of my hard work, my only valuable product according to the billing department. No note, no money. (I am occasionally reminded how valuable my notes are; If an emergency comes in and I am tardy on my signature, I immediately receive nasty emails stating my neglect is costing the hospital some ungodly seven-figure sum of money.) After completing my documentation, I assign it a diagnosis code and a billing code (another 30 clicks or so to complete) so my employer can eventually sell the note, either to an insurance company or the government.
I walk into one of the many Wi-Fi dead zones in the hospital. My screen freezes and I pray that is all. If my virtual desktop drops, it is another few minutes of frustrated password typing and annoyed waiting. These drops and freezes conveniently happen at the doorway threshold of every patient room, down the major hallways, and in front of the elevators.
A patient needs an MRI order. Another 80 clicks consume the next two minutes of my time. Not only must I complete the various fields in the order (when, where, how, and why), I must assign another diagnosis code and fill out the “appropriate use criteria (AUC),” mandated by the federal government. The AUC program came about since some politician decided doctors were ordering too much imaging. Now, to order a CT or MRI, in addition to the cumbersome EMR ordering process, I need to justify my choice of imaging. There is nothing like a computer algorithm questioning one’s clinical judgment to get the blood running hot. “Because I’ve completed eight years of neurosurgical subspecialty training, published multiple textbooks, and am an expert in the field” is not a valid reason for ordering the MRI, apparently. It is another 20 clicks or so to navigate the popup boxes, find the “appropriate” diagnosis code and order the scan. The system has no shortcuts when a patient is actively dying, either. The clicks just become more furious.
I then need to book a patient for surgery. There go another 100 clicks. I still manage to get the booking wrong and will need another 5 phone calls with the OR front desk to rectify it.
Every click was sold to us as “only taking a few seconds.” Administrators and bureaucrats were not lying when they said that. They simply forgot to mention that they will keep adding clicks: another popup box to navigate, another order entry field to complete, another variable to document. The clicks add up to minutes and hours.
Of course, the government decreed that nurses or less-highly-paid staff cannot put these orders in themselves. The physician must do it. So, I remain tethered to my computer.
When I finally leave the hospital, I am not off the hook. I take calls, from home, for a week straight. I am on my couch and the ER calls me. There is a patient with a head trauma and the ER doctor is trying to describe a head CT over the phone. I need to see the images myself, as my own visual interpretation is the difference between me breaking the speed limit to get to the hospital or a leisurely drive. The only possible way I can see the CT is if the ER doctor scrolls through the scan while I watch over FaceTime.
No other industry has harnessed technology to decrease efficiency like healthcare has. The regulations around EMR have stifled what should be a highly competitive market. The billing and quality metric reporting regulations make an oppressive documentation burden for doctors and nurses alike. Forcing EMR on hospitals via governmental mandate has led to unsuitable infrastructure.
I have better Wi-Fi coverage in my house than our billion-dollar-a-year hospital has. My $500 personal laptop is both lighter and faster than the behemoth computer lassoed to my neck. I can watch the entirety of Breaking Bad on my cell phone almost anywhere in the country, yet there is no way to send the greyscale images of a CT or MRI over an app.
These are not failures of the free market. They are textbook examples of government regulation stifling an industry. The documentation burden is secondary to Medicare rules on billing and quality metric reporting. For example, in one year of trauma surgery, it takes 73 full 24-hour days to complete the required documentation for billing alone. In ambulatory practices, physicians spend two hours on the computer for every one hour of patient time. There are 2,266 quality metrics used by CMS and over $1 billion has been spent developing those metrics. Meanwhile, physician practices spend $15 billion annually just reporting their metrics. These are regulations that take physicians away from the bedside and, ultimately, lead to burnout.
As I type my 24-character password for the 18th time in a day or am squinting to interpret a CT scan over FaceTime, I feel that burnout. How much better would my life would be if I just took cash-pay or liability patients. I could make a good living doing medicolegal expert witness work. There is a reason doctors, especially those older and financially secure, are leaving the industry in droves.
For now, I deal with the satirical infrastructure, password reset reminders, and Wi-Fi dead zones. At the very least, they provide fodder for my rants here.
Published in Healthcare
It’s work to you – and an unreasonable burden unrelated to your professional expertise. But to me – a potential patient perhaps – it sounds like a zillion clicks, each of which is an opportunity for error, each of which relies on a human to notice and correct it. The cynic here suspects that those leaving the industry are the Few, the Trained and the Competent.
It is amazing how much it sucks..
Correct.
Absolutely correct.
Brilliant post.
As a patient I have noticed lately that most of the doctors spend 90% of the visit typing and about 10% actually examining the patient. I had one doctor who had a scribe, as he did his exam he dictated to her. I suppose it would be challenging and expensive to find people qualified for this.
As a former member of the hospital IT department, I agree with you.
I manage IT infrastructure for a large manufacturing company. So I know thing or two.
Wi-Fi: It is easy and cheap to fix. That should never be a problem. If it is, there’s either laziness on the part of the IT staff, or someone put a number in a spreadsheet somewhere (read: budget) and nobody knows how to overcome that number. Or your IT folks are understaffed and simply can’t get to it.
Passwords: Well, I have little sympathy for people who can’t remember their passwords. Unfortunately, that 24 character requirement is likely coming from some audit, though I have to say it seems a little excessive. That said, I have a suggestion for you: pick a passage from the Bible or your favorite novel, a line from a movie, etc. Make your password the first letter of each work. You can easily get the character requirement, and it becomes easier to remember.
100+ Clicks-to-Money: That’s not IT Infrastructure. That’s poorly designed / implemented software. I’ve seen it a 100+ times. The term “fit for purpose” never seems to enter in to these people’s brains.
You are right about regulatory over-reach. It is obviously on full display where you work. Reminds me of the old saying “If you think it costs a lot now, just wait until it is free!”
Well, there are a number of reasons your equipment is slow. All the computer hard drives should be encrypted. It will have anti-virus software. As the PC launches, it will require connections to a LOT of servers. Whether you need that particular connection or not. Your personal devices don’t have these requirements.
Also, the IT staff has been downsized due to reduced revenue during Covid. It was already smaller than in the past. Many of the staff now work from home. And of course, they were required to get the vaccine, even the ones who worked from home. A few declined and the IT dept got even smaller.
Agreed. The IT department doesn’t control much of what they are required to maintain. Most of the decisions are made by Management, and the Accountants.
I also recall doctors who used dictation machines and who felt such systems served their needs pretty well.
There were a number of employees (transcriptionists) who would type the dictation into the patient records. The Doc would proof read and approve.
Then some bright spark realized how much money could be saved by hiring transcriptionists in India. They spoke English and had good technical skills. But when they needed help or clarification they would call the hospital in the middle of the night. The IT or Medical staff would return their calls during the middle of the night in India. That didn’t last too long.
Now the dictations are interpreted by voice recognition software. It’s amazing technology, but far from foolproof.
What about the requirement to change it on a regular basis? And they often have to include both upper-case and lower-case letters, plus numbers, and/or symbols.
My wife asked why not use two thumbprints instead of a password.
The problem is that neither scribes nor dictation software can take care of the order entry or imaging review. Order entry must be done by a physician, unless a hospital is willing to forego that rule and it’s monetary bonus. Scribes are also incredibly expensive. Dictation software is OK but it doesn’t take away the fact that 95% of what I write in a note is solely for billing purposes and has nothing to do with patient care. So I’m still dictating as much useless junk as before.
Great points. I guess my title is misleading. It’s not the fault of those who manage the IT infrastructure. It’s the fault of the government regulators & administrators.
A little off-topic. Your citing of people in India speaking English and having good technical skills brought something to mind. I’ve worked in technology for 45 years with people from all over the world. In grad school (EE department), I was given an office desk in a large room with about 24 other grads of various nationalities. A few weeks into my first semester there was a group of Indians a few rows from me having a spirited conversation in a foreign language. This went on for about 10 minutes as I continued doing my work. I wasn’t paying too much attention, then, suddenly, it donned on me…they were speaking English!
English is the universal language of India, and virtually all of the Indians I know speak better than I do, but I often have to listen carefully to tell if we are speaking the same language.
It’s not a fault to them. The situation isn’t particularly by design, but it evolves this way because it suits them.
That was painful to read–but perhaps because I just came out of a long traffic jam that went on for many miles. :-) I can’t imagine living like that every day. I would go nuts. I do not have that much patience.
I am so sorry you have to endure this.
Use the same method, and just tack the special character in somewhere that is easy to remember.
Why?
Managing passwords, logins (is it my email address? My first initial and last name? Something assigned automatically?), and online accounts is one of the towering vexations of modern life. Even using your system described in comment #7, things break down fast when every website and app a) requires an account, and b) uses different minimum strength requirements for passwords.
Frequent flier accounts, online banking/financial services, websites and applications specific to work/job, social media, entertainment subscriptions, newspaper and magazine subscriptions, online commerce, etc. This could easily total 75-100 unique login/password combinations. Yet, little sympathy from you?
Constantly forcing password changes decreases security. It is stupid.
Yup. Even NIST stopped including that in their computer security recommendations. Many organizations required password changes to follow “best practices” and continue on momentum after that is no longer considered a “best practice”. ):
Best practice now is to encourage the use of password managers, because non-unique passwords are catastrophic when some piddly little blog or private social media site gets hacked, and some users’ logins there match what they used for banking.
I’m not a fan of the common cloud password managers, either, as they rely on browser security. ):
I personally use KeepassXC, fwiw. There’s way more than 100 entries in mine.
KeepassXC – my choice also.
But probably not an option in a hospital or corporate environment.
I only have 74, but I’m in a good situation as far as not interacting too much or too often.
Sounds awful. I think there are a lot of companies in a lot of industries in which the IT systems act like a dragging brakeshoe on the business, but this sounds pretty extreme.
Education does a pretty good job of harnessing technology to decrease effectiveness.
Think about the value of an MDs time. You could probably pay a good scribe $25 an hour if you improve the doctor’s productivity by 15%.
None whatsoever. I have to deal with all of that myself, as an IT guy. And just because I’m an IT guy doesn’t mean I have some magic ability to remember dozens of passwords. I have three passwords that I remember: the password to my network account at work, the password to my primary bank account, and the password to my LastPass password vault. I almost never have to flop around trying to figure out what variation of “the password I always use” that I used for whatever the thing is in the moment. Bottom line: I take the time to manage my passwords.
As a side note, if you are still doing the “variation of the password I always use” thing, you need to stop. Get yourself a good password manager, and create a new, long password for every system / site and store it there.
Try telling the SOX auditor that. ;-)
No doubt–too much changing requires writing them down or keeping them really simple. Writing them down makes them accessible to enterprising third parties, and keeping them really simple makes them accessible to hackers.