Government and health planners are currently working with district health boards to ensure that planning and solutions for electronic transfer of data are put in place as a high priority. This is a stepped process, with many of the deliverables already overdue. The health bodies of the Western world are moving in this direction, albeit slowly, at great cost and without any perceivable uniform plan. There are problems with definitions, and issues surrounding privacy and individual rights that seem, to many, to be insurmountable.

It makes complete sense to evaluate our current situation by identifying strengths and weaknesses (Table 1), to ensure that any new concept has very significant benefits to the consumer, the clinician and the health planner. For the concept to be worthwhile the benefits must outweigh both financial and intrinsic costs.

The main disadvantages of the paper-based system relate to the fact that the paper version can be in only one place at any time, and often storage factors mean that it is not readily available to any clinician at short notice. The result is that clinicians tend to keep their own records – specific to their particular involvement in the patient. The cardiologist has a cardiological record for his hospital clinic, and this is completely separate from the general practitioner’s record. Of course there are many parts of both of these records that are not of interest to the other clinician, and it is for this reason that any electronic record must be capable of being ‘focused’ upon various aspects, whilst still enabling access to the whole record – for the authorised person. It does not make any sense, for example, to store copies of radiological images in an electronic record itself, even though the authorised clinician will need to examine them from time to time. A secure link to the radiology laboratory storage is all that is needed. The clinician will gain access to his patient’s radiological images by clicking the mouse button over the appropriate link from within the patient’s record.

The power of the electronic record is its ability to store and retrieve information, and allow user queries to be flexible. It can retrieve information and sort it in a myriad of ways: availability, transfer, retrieval, linkage of disparate data sources and databases, storage, data views, abstraction, reporting, data quality and standards, decision support and audit facilities. In this way it differs from the paper version, which is usually chronological but in sections that often require further sorting to get the ‘full picture’. Remember too that the paper version will often be incomplete, and this could result in danger to the patient. In the USA the cost of medical error is estimated to be as much as $200 billion per year.1 This represents 20% of the health budget. Furthermore, deaths due to medical error are estimated by some at between 44 000 and 98 000 per year.2,3 Whatever the exact figures, there is no doubt that medical error is a significant health problem in itself, and anything that can help reduce it should be supported. The electronic record can have built-in business rules that reduce the risk of medical danger, for example, inappropriate prescribing and duplicate laboratory testing. These rules currently extend to disease management systems where, for example, the diabetic patient can enter monitoring data that can be automatically analysed and, if a value falls outside agreed limits, warnings can be sent to the patient and clinician.

At present patients have little, if any, interaction with their paper records. In some countries, for example the United Kingdom, the health system claims to ‘own’ the records. In others there is limited patient access; but with the electronic record the patient can have complete control of the record, if desired. There are some issues relating to patient access, and many examples can be given, from the practitioner needing to record sensitive material such as a possible risk of child abuse, to annotating the record with possible differential diagnoses. Often clinicians will think of serious conditions such as cancer or HIV only to ensure that they are eliminated in the workup, but it is unlikely that the patient will understand this process. Clinicians will need somewhere to store this information, and perhaps in future it will not be in the patient’s record.

The cost of a paper health record per patient is often seriously underestimated. The UK Audit Commission estimated in 1995 that 15% of hospital budgets were spent on records and record-related activities.4 In determining its cost, one must consider the following aspects: stationery and printing, storage, retrieval and re-filing, transport to and from the point of clinical interaction, duplication of parts of the record to populate other parts of the same patient’s file, loss of part (or whole) of the record, clinician time awaiting arrival of the record, patient danger whilst awaiting arrival of the record, duplication of laboratory tests because of the need for manual filing of results, misfiling of laboratory results, and many more. We estimate that the record of one person who has only two admissions to hospital after birth will cost US$500 over their lifetime. Of course, many patients have much more interaction with secondary and tertiary care institutions, and their record costs increase substantially. There will be a significant setup cost for the electronic health record that cannot be avoided. Once up and running, however, the cost on a per record basis is likely to be trivial. Add to this the substantial ‘human’ benefits, and the proposition looks very cost effective.

An electronic record will hold numerical data and text. Neither of these is expensive in terms of computer memory and, with links to storage systems containing the relevant digital images, the whole ‘file’ is available without being either duplicated or unnecessarily full of data. Laboratory systems can automatically populate the electronic record, thereby virtually eliminating transcribing risk, or risk of loss. The risk of misfiling is also much lower than that associated with the paper version. This means that even the most ‘complex’ electronic record is not likely to tax even the current electronic storage systems, and the material is instantly available to authorised persons.

Critics have often cited security as a significant risk with the electronic version of the health record. They suggest that whilst a paper version can be (and often is) left unattended so that unauthorised persons can examine it, the electronic record could be inadvertently made available to vast numbers of people with as little as a single keystroke. Comments such as these come mainly from those who use email for transmitting information. Email is inherently insecure and would be quite inappropriate as a vehicle for transmitting health information, but these risks are almost eliminated by the use of secure network systems. Commercial banking systems use the same level of security, and whilst it is agreed that these systems are never totally secure, the level of security is high. The good thing is that it is not necessary for any user to purchase either expensive hardware or specific software to achieve both access to the record and a high level of security. Web browser technology with free downloadable software achieves both of these objectives. All one needs is a computer and access to the Internet.

At present many health workers do not have access to any health records, yet they are responsible on a day-to-day basis for patients’ welfare. Examples include community health workers managing people in the patient’s own home, with conditions such as diabetes, chronic lung diseases, renal, cardiac and hypertension problems.

Before considering the principles of designing an electronic health record (EHR), we need to be sure that we are all talking about the same thing. There are several products currently available in which clinical data are stored electronically, including the electronic medical record (EMR), which is interchangeable with the electronic patient record (EPR), and the practice management system (PMS) where some clinical data are also recorded.

The EPR and the EMR describe hospital-based electronic resources, and usually have a local function within the institution, for example laboratory data, radiology and discharge reports.

The PMS is essentially designed to handle the business aspects of clinical practice, especially for private general practices. It has facilities for billing, stock management, appointments and patient demographic details. It usually has only limited clinical facilities, and no ability for the patient to interact with the clinician. Some have diagnostic coding facilities, and there is some capability for analysis.

An EHR must be designed to enhance the useful and important aspects of all the electronic systems currently in existence and this enhancement must be demonstrable before one could consider any changes to be worthwhile.

The Good European Health Record was an initial attempt at prescribing the features of the EHR. This has been renamed the Good Electronic Health Record (GEHR).5 The GEHR has never in fact been built, but remains as a standard for the EHR. There have been refinements to the recommended design; some aspects have been identified as ‘currently impossible’ and others as unreasonable, but it remains the gold standard.

The challenging elements of the GEHR mainly involve security issues. There needs to be protection for all of those interacting with the record. The consumer, most of all, must know that their record is available only to authorised users, and that any publication, either paper or electronic, must be only with their informed consent. This matter will be discussed in more detail below.

Unauthorised examination of their record is always of concern to the consumer, and whilst the ‘audit trail’ feature of the EHR will enable one to identify exactly who has looked at their record, this will be after the fact and discovery may take place only after the damage has been done. It is obviously important, therefore, to make unauthorised entry as technically difficult as possible, and the punishment for such an offence severe.

The banking/financial sector is another area where the consumer is sensitive about unauthorised access. There has been wide acceptance of the Internet banking concept, and banks themselves are confident that their security levels are ‘adequate’. The EHR should have similar levels of security, and those levels should increase as more sophisticated systems become available. On a more pragmatic note, financial information about a consumer is probably more interesting to the potential hacker in the vast majority of cases, so it is likely that security will be ‘tested’ in the financial sector first.

An EHR could be invaluable to the health planner. Real data can be available to enable the planner to apply specific funding and resources focused upon regions or consumers of proven greatest need. Presently these very limited resources are applied on a ‘best guess’ basis and often not even the outcome is measured.

Obviously the planner should have no access to clinical material, or be able to identify any individual consumer, unless that consumer has given appropriate consent. Cross-sectional data can be examined in such a way that the individual cannot be identified, and yet the planner can see focused data. The consumer needs to be educated and reassured about this utilisation of their data in this way.

Of course this information is already being used with consumer consent in clinical trials but these involve only a small segment of society. Efforts need to be expended to inform the public about this issue.

We have already mentioned some issues that must be dealt with in any implementation process, such as security and consent, but there are many others within the broad heading of ‘management of change’.

Assuming that it is agreed that an EHR should be provided, all those involved in the current systems will be affected. It is likely that any decision will be made at a government level, and this should follow consultation with experts, user groups, the public and health planners. Whilst several bodies have been established in NZ to guide the implementation process, we are concerned that they are not yet fully representative and this may be a reason that progress seems to be slower than planned.

Compliance by clinicians will be a potentially difficult process. Not only will they be resistant to change, unless they are convinced of the potential value of a new system, but as advocates for their patients they will be able to generate significant public outcry if they perceive the process not to be worthwhile.

If possible the new EHR should include as many of the current (legacy) systems in use as possible, and extra work including learning how to use a new system should be minimised. If extra work is required, the person involved must see an immediate benefit to themselves, or at least an obvious general benefit. If none is clearly identified, and those wishing the implementation to go ahead are convinced of a benefit, those persons being asked to do more work must be rewarded, financially or otherwise.

The whole process of implementation is vitally important to the success of any EHR project. It must be choreographed by experts, and will be an expensive but unavoidable part of the project.

The management of change is a vast topic and will be the subject of another paper.

Despite the issues surrounding its design and implementation, it is likely that there will be significant moves towards the introduction of some kind of EHR system within the next few years. The success of the venture will depend upon how the issues are addressed, but the enhancements to the health system in general could be immense.

The concept of the consumer ‘owning’ their record brings them into the ‘therapeutic team’ and implies a personal responsibility for one’s health. It is an exciting concept to have a record that lasts throughout life, holding all relevant material. Add to this the technical, social and medical benefits of having one’s record available wherever and whenever the record is needed.

The EHR is the future of health, and may well play a very significant part in the resurrection of the public health system.

Author information: John Gillies, Director; Alec Holt, Lecturer, Health Informatics Group, University of Otago, Dunedin

Correspondence: Dr John D Gillies, Health Informatics Group, Department of Information Science, University of Otago, P O Box 56, Dunedin. Fax: (07) 858 0779; email: jgillies@infoscience.otago.ac.nz