Analysis: Health IT's privacy factor

By ROSALIE WESTENSKOW, UPI Correspondent  |  June 13, 2007 at 8:05 PM
share with facebook
share with twitter

WASHINGTON, June 13 (UPI) -- Uploading healthcare records nationwide to an electronic system could increase efficiency and lower cost but, if done incorrectly, may pose serious threats to patient privacy, experts say.

Health IT has emerged as one of the most bipartisan aspects of healthcare reform and could save the nation $162 billion annually by increasing prevention, chronic care management, efficiency and safety standards, according to a recent RAND Corp. study.

Several policymakers have proposed legislation this session that would encourage rapid adoption of electronic health records. However, despite the benefits associated with upgrading the healthcare industry's recordkeeping abilities, the effort could undermine patient privacy, said Deborah Peel, founder and chairman of Patient Privacy Rights, a foundation that promotes secure health records.

Electronic medical records currently in use already have serious security concerns, Peel said.

"Today we know databases of medical records are not safe," she said at a meeting Wednesday on Health IT and patient privacy sponsored by the Progressive Policy Institute. "The problem is, the major use of electronic records today is not to take care of sick people."

Health records can be accessed by a number of entities, and often the information contained in them is sold for research purposes. Secondary uses include data mining by pharmacies to enhance marketing efforts and employer access to their employees' medical information.

"Over 4 million health-related businesses, government agencies, etc., are legally allowed to use and access your medical records without notice, without consent and even if you object," Peel said.

For the most part, though, these groups say the data they use and sell cannot be linked to any individual. Thomson Medstat, a data-analysis company, only uses de-identified data, said David Wilkins, a company spokesman.

"These data cannot be used to identify specific individuals or personal health information," Wilkins told United Press International. "Our data de-identification processes have been audited by an external academic expert."

But privacy activists like Peel say these measures aren't sufficient, and patients should have the right to chose whether or not their information is shared, even if it truly is de-identifiable.

Illegal access to records, such as hackers who break into the system, also present privacy problems.

One proposed method to safeguard medical data would be to utilize health record banking, in which new electronic record systems follow a bank model for security and dissemination of medical information. This would help ensure sensitive material, such as abortions, chronic disease treatment and mental health history, could not be accessed without the patient's consent.

A piece of legislation in the House proposes the formation of independent third-party trusts to compile complete, personal electronic health records. Government would monitor the trusts, which could be both for-profit and non-profit entities, and grant accreditation only to secure operations, said Rep. Dennis Moore, R-Kan., the author of the Independent Health Record Act.

"Patient privacy has to be paramount," he said. "The patient should be in total control here as far as who sees his or her records."

In addition, joining a trust would be voluntary.

"Persons would have the option of signing up for an account to be managed by a health record trust similar to how banks operate credit card accounts," Moore said.

Other important safeguards in the plan include barriers to employer access and a requirement that trusts provide patients with a list of everyone who has had access to their records.

Privacy measures such as these should play an important role in any Health IT legislation proposal, because electronic records potentially grant far more people access to their contents than paper records do, said David Kendall, senior fellow for health policy with the Progressive Policy Institute.

"We have walls around our examination rooms to protect us when we're naked in front of our doctor," he told UPI. "If we don't have walls around our data, then we'll feel naked to electronic surveillance."

The health IT trusts proposed in Moore's legislation would also allow patients to control who could access their medical records and what sections they would be allowed to see. However, this would not prevent emergency care from being administered effectively, Kendall said.

"It allows patients to set their record on 'automatic' when it comes to emergencies, so emergency personnel would be able to access" patients' histories if they were unconscious or otherwise unable to permit them access, he said.

Other Health IT bills currently in Congress include a measure proposed by Sen. Tom Carper, D-Del., that grants federal employees the right to access their medical information via electronic records. Currently, that right only extends to paper documents.

Five safety provisions, similar to those laid out in Moore's legislation, are also included in Carper's bill.

Related UPI Stories
Trending Stories