Concern About Medical Records Is Not Misplaced

In her letter of March 30, Mary Grealy, president of the Healthcare Leadership Council, implies that Dr. Deborah Peel is being alarmist and hysterical about fears of electronic medical records (EMR) privacy (“Your Medical Records Aren’t Secure,” op-ed. March 24). Ms. Grealy makes the fantastic assertion that EMRs are less vulnerable than paper ones. Nonsense.

I do not recall many news stories of trucks hauling away 10,000 or 100,000 paper charts for diffusion to identity thieves, but massive IT security breaches and computer thefts involving tens of thousands of records or more are increasingly common. As one example, your Feb. 18 article “Global Attack Snags Corporate, Personal Data,” tells about how hackers in Europe and China broke into computers at more than 2,400 companies and government agencies over the last 18 months, as well as at 10 U.S. government agencies. It is quite realistic to be concerned about how hospitals, generally an IT backwater, will fare.

IT’s surprising leader in patient privacy

IT vendors will make billions of dollars on electronic health records (EHR) – if we can get people to use them. But vendors are mostly silent on the issue of health privacy…

The problem
Dr. Deborah Peel, a psychiatrist and founder of Patient Privacy Rights said in a recent column in the Wall Street Journal:

In 2002, under President George W. Bush, the right of a patient to control his most sensitive personal data—from prescriptions to DNA—was eliminated by federal regulators implementing the Health Insurance Portability and Accountability Act. Those privacy notices you sign in doctors’ offices do not actually give you any control over your personal data; they merely describe how the data will be used and disclosed.

But patients are right to fear the release of potentially embarrassing information on such health issues as STDs, depression or substance abuse problem, abortions or miscarriages and other issues that should be between a patient and their doctor – not a mortgage company or an employer.

Your Medical Records Aren’t Secure

Published March 24, 2010

I learned about the lack of health privacy when I hung out my shingle as a psychiatrist. Patients asked if I could keep their records private if they paid for care themselves. They had lost jobs or reputations because what they said in the doctor’s office didn’t always stay in the doctor’s office. That was 35 years ago, in the age of paper. In today’s digital world the problem has only grown worse.

A patient’s sensitive information should not be shared without his consent. But this is not the case now, as the country moves toward a system of electronic medical records.

In 2002, under President George W. Bush, the right of a patient to control his most sensitive personal data—from prescriptions to DNA—was eliminated by federal regulators implementing the Health Information Portability and Accountability Act. Those privacy notices you sign in doctors’ offices do not actually give you any control over your personal data; they merely describe how the data will be used and disclosed.

In a January 2009 speech, President Barack Obama said that his administration wants every American to have an electronic health record by 2014, and last year’s stimulus bill allocated over $36 billion to build electronic record systems. Meanwhile, the Senate health-care bill just approved by the House of Representatives on Sunday requires certain kinds of research and reporting to be done using electronic health records. Electronic records, Mr. Obama said in his 2009 speech, “will cut waste, eliminate red tape and reduce the need to repeat expensive medical tests [and] save lives by reducing the deadly but preventable medical errors that pervade our health-care system.”

But electronic medical records won’t accomplish any of these goals if patients fear sharing information with doctors because they know it isn’t private…

Read More at The Wall Street Journal

There is no need to choose between the benefits of technology and our rights to health privacy. Please support YOUR right to decide who can see your electronic health information: sign the ‘Do Not Disclose’ petition now!