Advertisement

Medicine

At risk of exposure

In the push for electronic medical records, concern is growing about how well privacy can be safeguarded.

June 26, 2006|Judy Foreman | Special to The Times

PATIENTS of the land, unite! You have nothing to lose but your privacy.

There's a growing national effort to bring medical records into the 21st century by converting the paper records now scattered in doctors' file cabinets to electronic records by 2014. It's a grand idea -- in many ways.

If medical records were electronic, prescriptions would be more legible and could be filled more accurately. Public health officials could spot disease outbreaks quickly and track their spread. Doctors could speedily check a patient's record, helping to avoid wasteful repetition of tests and minimize harmful drug interactions and other errors, which kill an estimated 98,000 people a year in the United States. Scientists would have access to a gold mine of data about diseases. There could be other direct benefits too. If you're in a car accident in San Francisco, say, an emergency room doctor there could check your records in Boston to treat you correctly.

But the whole idea can be scary.

"I have spent 30 years seeing nothing but how people are harmed [in their] reputation or livelihoods when sensitive medical records are seen by anyone ... outside of the few people you trust to actually take care of you," said Dr. Deborah Peel, a Freudian psychoanalyst in Austin, Texas, and founder of the Patient Privacy Rights Foundation (www.patientprivacyrights.org), a nonprofit group. "If privacy is not fully protected, we won't be building anything except the most valuable mother lode of information for data mining on Earth."

To be sure, paper records aren't all that secure, either. Anyone in a white coat can peruse paper records and no one would ever know. At least with electronic records, there can be "audit trails," to show who has peeked at what.

Still, do we really want to make it easier for more and more people to see sensitive medical data? We know now that personal electronic information on 26.5 million military veterans, including their Social Security numbers and birth dates -- and in some cases, health problems -- was stolen from the residence of a Department of Veterans Affairs employee who had taken the data home without authorization.

In another example of the vulnerability of electronic records, we know that the National Security Agency has secretly been collecting the phone call records of tens of millions of Americans. And we know that credit card information is vulnerable to hacking and accidental release.

"If the veterans administration can't prevent the theft of 26 million names and Social Security numbers from an electronic file, why would any patient believe their personal, sensitive health data is safe online?" said Peel.

Already, roughly 150 people, including nursing staff, X-ray technicians and billing clerks, have access to at least part of a patient's records during a hospitalization, according to the U.S. Department of Health and Human Services. And 600,000 payers, providers and other entities that convert providers' raw data into billing data have some access too.

The national Health Information Technology effort, authorized by the Bush administration in 2004, is now being hammered out by four groups working through the Department of Health and Human Services.

One group is standardizing the way records are kept -- nitty-gritty stuff such as whether the patient's name or something else comes first on forms, said Dr. John Halamka, chief information officer for Harvard Medical School and chairman of this group, called the Health Information Technology Standards Panel.

Another group is working on the "architecture" of the system -- who gets to see which pieces of data and how the data can be secured.

A third is working on privacy policy, sorting through privacy protections from each of the 50 states, whose laws often offer better privacy protection than federal rules called HIPAA, which have been in effect since 2003.

(The Washington Post recently reported that the federal government has been fairly lax in enforcing HIPAA, receiving nearly 20,000 allegations of privacy violations, but imposing no fines and prosecuting only two criminal cases.)

The fourth group is working on certification -- to see that electronic products offered by vendors have all the features they are supposed to have.

At first glance, all this sounds reassuring. But there is only one consumer representative on the advisory panel, called the American Health Information Community, that is overseeing the work of the four groups. The other 16 members come from federal agencies, hospital or doctor groups, industry (Intel), an employer (Pepsi) and a state health department (Indiana). Although part of the health information community's stated mission is "consumer empowerment," most of the members of the consumer work group are not explicitly patient advocates.

Advertisement
Los Angeles Times Articles
|
|
|