Fact Sheet: Electronic Health Records and Privacy

Personal healthcare information is extremely private and consumers should expect the government to protect it from falling into the wrong hands. With the nation’s transition to an electronic health records system, privacy concerns are now taking on an entirely new dynamic.

Personal Health Records (PHRs) are essentially medical files about a person ‘ which have until now largely been in paper form. PHRs can include data like:

‘    the names and phone numbers of your health care providers
‘    your insurance identification, policy number and phone number,
‘    emergency contact numbers
‘    a list of your medications (including any over-the-counter drugs or supplements),
‘    any allergies
‘    a list of your most recent surgeries or hospitalizations and
‘    Immunization records, lab results, X-ray films, notes from doctor’s visits, and even advance directive papers.

Transitioning to an Electronic Health Records System

With the passage of the American Recovery and Reinvestment Act of 2009, as much as $27 billion over ten years will be expended to support adoption of electronic health records (EHRs). Under the Health Information Technology for Economic and Clinical Health Act (HITECH), federal incentive payments will be available to doctors and hospitals when they adopt EHRs and demonstrate use in ways that can improve quality, safety and effectiveness of care.   

Since enactment of HITECH in February 2009, the Office of the National Coordinator for Health Information Technology (ONC), the Centers for Medicare & Medicaid Services (CMS) and other HHS agencies have been laying the groundwork for the massive national investment in EHR’s.

Most medical records are still stored on paper, which means that they cannot be used to coordinate care, routinely measure quality, or reduce medical errors. Also, consumers generally lack the information they need about costs or quality to make informed decisions about their care. Transitioning to an electronic system offers a host of advantages, most notably reducing medical errors ‘ such as prescribing the wrong medications.

The National Academy of Sciences’ Institute of Medicine estimates between 44,000 and 98,000 people in the United States die each year because of errors such as being prescribed medicine to which they are allergic.

The problem with paper records ranges from ineligible handwriting to patients not being able to access vital data when needed. While we can’t be sure how many of these lives could have been saved due to an electronic system, a study by Health Affairs found that such a transition could eliminate 200,000 adverse drug events a year.

Electronic health records (EHR’S) also offer an easier way to collect, double-check and complement the information you receive from your physician. At the very least, your records can help you speed through waiting room forms and prompt important conversations with your physicians. If your doctor writes a new prescription, you can use your current medication list to ask about any interactions with the new drug.

EHR’S can also allow you to access your health information to prepare for medical appointments. It can enable you to communicate better with your healthcare providers about your medical needs. People with chronic health conditions may use them to keep track of such things as how their medications are affecting them, or how they’re feeling from day to day. People with hypertension might want use it to track their blood pressure readings. And the list goes on.

Privacy Implications and Challenges

Such a transition also poses significant privacy threats due to so much private data stored in a national network and shared across the country ‘ because in order for the records to be readily available and accessible they would have to be linkable and searchable.

If medical records fell into the wrong hands they could be used for a host of purposes unrelated to improving health: advertisers might flood our email inboxes with even more spam and patients may not feel so comfortable having an honest conversation with their doctor if it could end up for all to see. This treasure trove of personal information would also be a goldmine for insurance companies, drug companies, data mining companies, identity thieves and software companies.

Data breaches are becoming increasingly common place – with more surely to come. The downside of centralized databases was dramatically demonstrated recently in the UK, where records of 25 million people’s private, personal health records were compromised, with an estimated value to criminals of $3 billion. An impressive list of privacy breaches have occurred in the US already too, with many involving the theft or misplacement of healthcare information and records.

The research is unambiguous: medical identity theft exists, and electronic health information exchanges pose a high risk for this crime. Unfortunately, unlike financial forms of identity theft, medical identity theft poses direct health risks to patients, and risks to providers. It is crucial to patient trust and well-being that mitigation tools are in place in HIE projects at the outset.

Coming fact sheets will deal with the specific efforts in California to ‘harmonize’ state health privacy laws with our national one (i.e. Health Insurance Portability and Accountability Act, or HIPAA)), the growing number of electronic health record data breaches, what consumers can do to best protect their health privacy, and more. 

Sources: World Privacy Forum, Patient Privacy Rights