Healthcare professionals have traditionally kept records in paper charts. As a clinic expanded, so did its patient base, and record-keeping rapidly became a bottleneck hindering further development. Hospitals had entire rooms and stacks dedicated to archiving old records. Clearly, the healthcare system needs to take advantage of electronic mechanisms that have already been demonstrated to be useful in other fields. A number of companies provide electronic health record and practice management functionality to help doctors switch to computer systems, and the United States government even offers incentives for meaningful use of such mechanisms. A number of obstacles remain, however.
Most extant clinics still rely on paper charts, and it is a daunting task to convert all existing charts to computer files. A common approach to work around this problem is to maintain a hybrid system that keeps track of all new patients electronically while referencing paper charts when necessary. This way, the paper archive would not continue to expand. Old charts would be retrieved only when necessary, since it is a relatively expensive operation compared to a database search. While this method cleverly sidesteps the need to perform any conversion, it does not make the mountain of paper any smaller; a small modification solves this problem nicely. When a paper chart is ready to be archived again after being retrieved, it is scanned into a computer file instead. Only the actively-used charts are converted, greatly optimizing future lookups while saving resources.
Another problem with electronic medical records is authentication and authorization. Digital files are very easily modified and copied, so they need to be properly protected. In addition, many common methods of exchanging such files, such as email, are inherently insecure. Public-key cryptography provides two ways to protect data integrity and authenticity. Firstly, digital signatures using the public-key infrastructure can only be applied by the signer (who holds the private key), but could be verified by anyone (using the public key). Secondly, the public-key infrastructure may be used to set up encrypted communication channels that are resistant to eavesdropping.
Finally, there is a problem with how electronic health records are handled. Most clinics that use such systems currently outsource record-keeping to other companies. To protect their commercial interests, these companies do not document how to access stored data. This is fine if a clinic keeps using the same company, but there is no way to make backups, for example, in preparation of switching to a different company. By entrusting business records to third-parties that have purely commercial interests in mind, clinics allow these parties to hold their business hostage. Some companies do provide backups in exchange for payment, but this is hardly flexible.
Thus, there is a pressing need for an open source record keeping and practice management system that is flexible, secure, and transparent. Some people assume that transparency of protocol means insecurity. On the contrary, there are many secure systems whose programming is fully open for auditing. One question remains: how is such a system commercially viable? By closing down the interface and creating vendor lock-in situations, current medical record-keeping vendors are able to ensure a constant revenue stream in the short run. However, there is much business to be done providing hosting and support for these systems. Most physicians would not want to maintain their own systems, and would rather rely on service providers. Those who are more knowledgeable in software development may even be able to contribute to the project. Canonical, for example, offers a totally free and open operating system, while continuing to grow because of their successful support business.