The NewStandard ceased publishing on April 27, 2007.

Electronic Patient Data System Raises Privacy Concerns

by Shreema Mehta

July 25, 2006 – To the chagrin of privacy advocates, the Bush administration is making moves toward creating a nationwide system of electronic medical records that that would allow access to a patient’s data anywhere, any time.

Toolbox
Email to a Friend
Print-friendly Version
Add to My Morning Paper

The administration argues that electronic conversion will help reduce medical error and improve emergency care by making patient data more immediately accessible. Government agencies will also be able to better monitor outbreaks with electronic records that can be transferred immediately from a hospital to an agency like the national Centers for Disease Control, allowing them quicker access to critical data

Medical-privacy advocates, however, say digitized patient data linked on a nationwide or even statewide scale could threaten patients’ privacy rights, especially in conjunction with loosened medical privacy laws. "The more data is linked up, and the more we build an electronic superhighway, the more people can tap into it," said Deborah Peel, a psychiatrist and founder of Patient Privacy Rights.

Peel and other privacy advocates are worried that if a system lacking strong safeguards is launched, patients will begin limiting the amount of information they tell their doctors for fear that information will haunt them in other parts of their lives, such as insurance or employment.

In April 2004, the Bush administration appointed the first National Coordinator for Health Information Technology to use the federal government’s leverage as a major purchaser of healthcare services to encourage hospitals to use electronic instead of paper records.

"The more data is linked up, and the more we build an electronic superhighway, the more people can tap into it."

The Office of the National Coordinator (ONC) seeks to eventually build a national network of health data by encouraging the development of "regional health information organizations" that enable local healthcare entities to share data. The ultimate goal is to then link those regional networks with each other.

This week, the ONC is holding another round of public meetings to discuss how best to encourage the conversion to electronic records and how to build a national network of groups that share patient data.

An ONC report released last month stated, "By bringing personal health information about patients, evidence about treatments, and preventative and research information to healthcare professionals, electronic health records and other health [information-technology] tools can substantially improve care delivery by reducing errors caused by lack of information and by reducing costs from redundant care."

But Peel said digitizing and sharing patient information can overexpose records to loss and theft, as well as violate privacy rights. She also called the Bush administration’s argument that an electronic system is crucial to providing emergency care, such as during hurricanes, a "very red herring."

Peel says the potential benefits of an electronic system are being touted to push a scheme that is overbroad in terms of who will ultimately have access to the records.

Many regional data-sharing organizations include insurers among their collaborators, giving insurance companies the same easy access to data that doctors will have.

"Of course, having more medical information in an emergency is helpful," she said, but the federal government is using that "single, isolated case to justify opening up the medical records of 290 million people."

But Susan Stuard, who oversees health information technology for the Greater New York Hospital Association, said that when digitizing patient data, hospitals implement safeguards, including passwords and audit trails that allow them to track who viewed which patients’ records.

"Privacy concerns for the paper record are already very strong," she said. "So when you go from paper to a person’s electronic [record], you’re modifying these processes, and the privacy restrictions are just as strict."


But privacy groups say that current privacy regulations are not strong enough. In addition to doctors and nurses, health-insurance companies, employers that fund their own health plans, and law-enforcement agencies can get access to patients’ records without their express permission.

In 2002, the Department of Health and Human Services removed the patient-consent requirement of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The Act required healthcare workers to obtain a one-time authorization from patients for the disclosure of their health information to insurance companies or business associates from then on. But under the revised rules, healthcare providers no longer need their patients’ permission to disclose data to authorized third parties.

Peel said that while the 2002 HIPAA modification left patients more vulnerable to privacy-rights violations and possible employee discrimination, the creation of a linked electronic-data system that insurance companies and employers can easily access will make the problems worse.

Advocates say that because the government is still drafting its plan, the severity of privacy threats is still unclear.

Many regional data-sharing organizations include insurers among their collaborators, giving insurance companies the same easy access to data that doctors will have.

The Department of Health and Human Services defines regional health information organizations, or RHIOs, as collaborations between healthcare providers. But the RHIO Massachusetts eHealth, for example, counts Blue Cross Blue Shield Massachusetts and the Massachusetts Association of Health Plans – two insurance providers – among its members.

Peel said these RHIOs will exacerbate the problem of insurers using personal health data to exclude people from coverage.

"It’s true that insurers and employers are collecting information [from paper records], but it’s laborious with the paper system. They have to get [documents] faxed and sent to them," she said. "If they tap into the database, they don’t have to go through somewhere else."

Advocates say that because the government is still drafting its plan to encourage the shift to electronic records and the creation of a national network of patient data, the severity of privacy threats is still unclear.

Joy Pritts, founding director of the Center of Medical Record rights and Privacy at Georgetown University, said, "It all depends on how the system shakes out, and it’s not clear how this will develop in the long run."

Send to Friends Respond to Editors or Reporter

The NewStandard ceased publishing on April 27, 2007.


Online Sources
This News Article originally appeared in the July 25, 2006 edition of The NewStandard.
Shreema Mehta is a staff journalist.

Recent contributions by Shreema Mehta:
more