Research Presentation: Keith Pillow

Electronic Medical Records: Sacrificing Patient Privacy for Efficiency

An Introduction

As technology is developing at a seemingly frenetic pace, the World Wide Web continues to remain a centerpiece. The internet has, and will, remain prominent as it is the collective channel through which scientists and the general user meet. A majority of publicly employed technologies are utilized directly through the web. Everything from banking to ordering take-out seems to be migrating to the internet, but why? The answer is simple, efficiency. Ask any college student the last time they physically ventured to a library to conduct research. Few will be able to give relevant dates and many will not recall their last visit at all. Current freshmen possibly may never embrace a library during their college tenure. Why spend hours interacting with librarians and searching through dated shelves of collected text when the same information can be accessed from home.

Technology, specifically the internet, has given value to the cliché “time is money”. The efficiency that the internet entails has elevated its need in any business model. Perhaps the most fitting model for integration of the internet is that of medicine. In medicine, efficiency is the golden standard. Doctors want more efficient nurses, nurses want more efficient clinical support, and clinical staff want more efficient data systems. Such efficiency is difficult to sustain in a fast-paced field. This is where the internet takes its cue; enter the electronic medical record or EMR. EMRs offer substantial upgrades in comparison to traditional charts. Creating, accessing, and updating patient records can be accomplished with the click of a mouse. With traditional charting, the same actions require much more time and diligence. EMRs allow a wider scope of physician’s to collaborate on complex cases and also provide the patient greater access to their own record. By modernizing medical records, the internet serves as a tool in handling the increasingly complex and demanding medical setting (Turkle 151).

While accessibility and efficiency are upsides of EMRs, these characteristics are also two main sources of negativity regarding the technology. Does such accessibility concerning patient medical records jeopardize patient privacy? The research conducted for this presentation suggests that it does, in a variety of ways. EMRs diminish patient privacy by bypassing informed consent, creating secondary users of medical information, and by fueling the personal health record industry.

Defining Patient Privacy

In examining how EMRs diminish patient privacy, there must be a common understanding of what patient privacy encompasses. The Oxford English Dictionary defines privacy as “the state of being alone, undisturbed, or free from public attention, as a matter of choice or right”. While this definition does not directly define patient privacy, it does offer a central foundation. Patient privacy addresses the relationship between patient, physician, and patient records. As a patient, one assumes the right to control who has access to a medical record outside of the providing physician. For purposes of this presentation, patient privacy will be defined as the ability of patients to regulate the viewing or sharing of medical records beyond initial providers.

Informed Consent & Secondary Users

With traditional paper records, patient privacy is protected by the federal Health Insurance Portability and Accountability Act, often referred to as HIPAA. Under HIPAA, patient records must be protected in accordance with set limitations regarding use and disclosure of those records (Jingquan & Shaw 46). These limitations ensure that patients hold some control in who accesses their charts. Collaboration among physicians is permitted under HIPAA, but the transfer of health documents is strictly regulated to minimize unnecessary exposure. With healthcare demand at a high level, healthcare professionals have a high working need for available data and simply cannot afford the time to abide by cumbersome security measures (Barrows & Clayton 142). HIPAA guidelines impede communication between healthcare providers. These guidelines are also believed to be the source of many errors that plague the healthcare system, such as receiving wrong medications or repetitive testing (Jingquan & Shaw 46-47).

As many in the healthcare industry have become caught up in the complications HIPAA can create, its purpose of protecting patients has taken a back seat. Electronic documents stored outside of the healthcare system are not covered under HIPAA, allowing providers to openly share information contained in many EMRs (Steinbrook 1655). As a result, informed consent becomes a thing of the past as there are no regulations in place that necessitate it. With the ability to bypass informed consent, patient privacy is virtually nonexistent. It may be an exaggeration to think Dwight Shrute can freely access your medical record, but not by much. You may not feel violated if your physician shares your information with another health professional for a second opinion, but you will take notice when you learn of the other partners that commonly stem from collaboration. More and more patients are finding that their information is being shared with researchers, pharmacies, and even insurance companies (Ashton). Third party access to medical records through EMRs is not as limited by consent as compared to paper records.

The third parties mentioned above are becoming known as secondary users and are only few of many. Employers, licensing agencies, public health agencies, the media, medical researchers, educational institutions, rehabilitation and social welfare programs, and legal organizations have all gained access to medical records as EMRs have developed (Barrows & Clayton 143). Traditional records permit only two so-called owners of health information, the patient and the provider. EMRs create many owners of one’s medical record, as all of the listed agencies can not only access health information, but use the information for many of their own purposes. It is difficult to fathom a society where employers can discriminate based on health history, but EMRs are quickly shaping that reality. Technology is driven on the basis of expanding horizons and healthcare is not excluded. EMRs look to connect physicians and ultimately allow greater information to be efficiently stored and used to provide better care at lower costs. The accessibility EMRs provide makes such improvements possible. Outside agencies realize the new level of accessibility and are looking to capitalize on their opportunities as well. Unfortunately, this new business venture involves capitalizing on accessing medical records without consenting with rightful owners, the patients.

Personal Health Record Industry

As seen with secondary users, the ability of EMRs to efficiently store greater amounts of patient data has led to a greater demand for such data (Ashton). This demand is being met with a business venture becoming known as the personal health record industry. Dossia, Google Health, and Microsoft HealthVault are three major companies looking to benefit from the trillion-dollar U.S. healthcare system. These companies are putting forth the idea of online repositories which allow patients to store, retrieve, manage, and share health information over the internet (Steinbrook 1653).

Dossia is founded by AT&T, Intel, Wal-Mart, and five other large U.S. employers. Dossia aims to offer a voluntary method of storing personally controlled health data to employees and associates of participating employers. Dossia’s long-term goal is to create a portable and lifelong record that will be accessible regardless of an individual’s employer, insurance plan, or preferred providers. Microsoft HealthVault is very similar to Dossia and allows patients to collect, store, and share their health information with family members and participating healthcare providers. Google Health is much of the same as it will collect all records in one place, making communication with providers, pharmacies, and online health applications much easier (Steinbrook 1654).

These repositories simply build upon EMRs by enhancing their accessibility, especially for the patient. All three allow patients to store records in one place opposed to having numerous EMRs at different healthcare practices. A common portal is used by patients and physicians to upload medical information. This portal would also allow employers and secondary users to access the same information. Falling outside of the healthcare system, these companies are not regulated under HIPAA jurisdiction. Google Health offers the following consent agreement:

“When you provide your information through Google Health, you give Google a license to use and distribute it in connection with Google Health and other Google services. However, Google may only use health information you provide as permitted by the Google Health Privacy Policy, your Sharing Authorization, and applicable law” (Childs, Chang, & Grayson).

Despite stating that health information will only be used in accordance with company policy and applicable law, there is no law under HIPAA to regulate the information stored by these companies. Being able to compile all of one’s health information in one place does improve efficiency and quality of care for patients, but without regulation patient privacy is a vast concern. Storing an immense amount of health information in a single repository allows secondary users to access information even easier than with traditional EMRs. Funding for these repositories rests on companies looking to advertise. In order to attract supporters, access to the repositories is a tactful incentive. Insurance companies are able to pick and choose which patients prove to be most valuable while employers can make judgments based on aspects such as psychiatric history. Patients can be grouped based on certain characteristics, family histories, past procedures, or even medications used, making a repository a gold mine for physicians looking to reach out to possibly lucrative clientele. Placing medical records on such a public stage transforms medical information into business statistics. This type of transition only exploits the underprivileged and eliminates the hallowed trust that once existed between patient and physician.

Moving Forward

From a cumulative perspective, the pros of EMRs do outweigh the cons. The only way for the healthcare system to handle the demand of tomorrow is to improve efficiency. EMRs have proven very efficient and useful for providers and patients. Providers are able to quickly access patient charts and more easily collaborate as needed. Patients are granted access to their medical record, keeping them up-to-date with appointments, medications, and even doctor’s notes regarding their progress. Although efficient, we still cannot sacrifice patient privacy. A medical record should only be used by individuals authorized by the patient. The purpose of an EMR is to improve cost and quality of care a patient receives, not to allow employers and insurance agents to use them as references for business decisions. The personal health record industry may prove invaluable in the near future, but under current HIPPA regulations such repositories do not provide sufficient patient protection. A solution may be easier said than done, but the idea is there. Technology must not be the only aspect to develop. In order to safeguard patient privacy, we must be willing to develop regulations even if they are not as efficient as the technology they regulate.

Works Cited

Ashton, Jennifer. “No Privacy with Digital Medical Files?” Somebody’s Watching You. CBS News Online, 2009. Web. 1 March 2013.

Barrows Jr., Randolph C., and Paul D. Clayton. “Privacy, Confidentiality, and Electronic Medical Records.” Journal of the American Medical Informatics Association 3.2 (1996): 139-148. Print.

Childs, Dan, Haeree Chang, and Audrey Grayson. “President-Elect Urges Electronic Medical Records in 5 Years”. ABC News. 2009. Web. 1 March 2013.

Li, Jinquan, and Michael J. Shaw. “Electronic Medical Records, HIPAA, and Patient Privacy.” International Journal of Information Security and Privacy. 2.3 (2008): 45-54. Print.

OED Online. Oxford English Dictionary. Oxford University Press: United States, 2013.

Steinbrook, Robert. “Personally Controlled Online Health Data- The Next Big Thing in Medical Care?” The New England Journal of Medicine 358.16 (2008): 1653-1655. Print.

Turkle, Sherry. Alone Together. New York: Perseus Books Group, 2011. Print.