Uncategorized

Consumers Need All of the Facts in the Privacy Debate

The economic stimulus package that President Obama has signed contains upwards of $20 billion to create electronic health records for most Americans within five years. The president has been very outspoken in his belief that EHRs are essential to health care reform and that the subsequent savings they’ll generate will help to strengthen the larger overall economy.

Whenever the subject of proliferating EHRs catches the national spotlight, you can bet that debates about privacy aren’t far behind. Indeed the privacy issue has already started to gain some traction in the media. In this video clip, CNN’s Campbell Brown and Elizabeth Cohen examine how easy it is for someone to obtain private medical information online by simply using someone’s Social Security number and date of birth.

While this assessment may be accurate, it’s a bit light on the fairness
scale. Brown and Cohen only make a very brief mention of facts like
President Obama’s plan to appoint a chief privacy officer and to
implement unprecedented privacy controls to safeguard the EHR
transformation. Instead they emphasize the more sensational angle
implying that electronic health information just isn’t safe. They also
seem to downplay the fact that a simple thing like creating a password
can protect one’s private information.

I suspect the privacy issue is going to reach a crescendo in the coming months, and it’s very important that Americans have all of the facts. There are unfortunately people in the world who are going to try to illegally obtain and misuse private health information. But that doesn’t mean we should just write off EHRs as a bad idea. We simply need to be vigilant and proactive in incorporating the highest security measures into the planning process — which the president has done. To borrow an analogy from a close colleague: we don’t stop building roads because some people drive drunk. We punish the drunk drivers and continue building roads because of the tremendous benefits they bring to the rest of our law-abiding society. There is too much at stake for the health care system and the nation’s economy to allow over-dramatized and misperceived weaknesses in EHR security to thwart progress.

Additionally, to make the privacy debate a fair one we must ask what’s more dangerous: the potential misuse of information or simply not using information at all? Should we put the privacy of an overwhelming minority of people ahead of safer, more efficient, more affordable and potentially life-saving health care for the overwhelming majority? In reality, the only people who stand to be harmed by an unlikelyEMR privacy breach are celebrities and other high profile individuals. Even if someone were to gain access to the average person’s health information, there isn’t much they could do with it, other than cause that person some personal embarrassment. In a very real sense, the question then becomes whether we value the privacy of information more than its potential to help us lead healthier lives.

Without question we must make ensuring privacy a top priority in any plans to implement EHRs. I’m confident that the Obama plan does so and, in fact, I think we’ll see even stronger controls than we may have previously imagined. No EHR is going to come with guaranteed safety, but I would argue that the risk level is the same or less than that associated with online retail and banking transactions. The public needs to understand this. It is up to those of us in the industry to ensure that the facts are clear and readily available. Hopefully the media will choose to report all of them so that Americans can form opinions based on complete information.

David St. Clair founded MEDecision, a leading provider of collaborative health care management solutions, in 1988 and has served as the chief executive officer since 1988. You can learn more about MEDecision at www.MEDecision.com, and contact David at david.stclair@MEDecision.com.

Livongo’s Post Ad Banner 728*90

Categories: Uncategorized

Tagged as: ,

14
Leave a Reply

14 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
13 Comment authors
Gary LampmanPeter Sherfy MillingtonJaz-Michael Kinginchoate but earnestDr. D Cook Recent comment authors
newest oldest most voted
Gary Lampman
Guest
Gary Lampman

I think that Privacy is important and we should give more consideration in the patient viewing their own records. The legislative and professional staff have exceedingly excluded the patient from viewing their own records.Although, their is control of employers regarding discriminatory Practices. It has done little to address the peer view of insurance Companies, third Parties and institutions. Most patients don’t have a clue who is viewing their personal information.Reports of activity should be mailed to the patient as to whom was involved and date of activity. I believe that patients should have the right to (read only) their records… Read more »

Peter Sherfy Millington
Guest
Peter Sherfy Millington

For the past 20 years, I have kept my own medical records and I believe that everyone has ultimate ownership of responsibility for records and data pertaining to one’s healthcare. There are minor exceptions allowed by HIPAA. I have done this to minimize duplicate tests, the lack of communication between clinics and pharmacies, to inform new physicians with whom I consult about my health, and to inform Emergency Services clinicians. Concurrently, I established medical records, especially prescription medicines and lab tests, for persons for whom I have managed their care. Not as a provider, I empower people to be active… Read more »

Jaz-Michael King
Guest

I enjoy the position of being involved in HIT, clinical and claims data, *and* being one of the afore-mentioned hackers. Please distinguish hacker from malicious hacker or “cracker”. The term “hacker” has no negative connotation in the community. That said, I’d like to promise you all this: When we’re done, your health information will be as private and secure as your credit card information. It will flow across secured networks using portions of the public Internet. It will be covered by copious security policies, all well-intentioned, and few implemented fully. It will be accessible to you, the patient, electronically. A… Read more »

inchoate but earnest
Guest
inchoate but earnest

Dr Sucher wins 2 thread prizes: most concise post, & wisest. At present “healthcare privacy” is a wraith, a boogeyman, & like most boogeymen, it is foisted upon the innocent by people, by institutions, that would retain power over them. The unknown deserves respect, but rarely fear.

Randall Oates, M.D.
Guest

I prefer to facilitate the move to EHR’s. We can’t have any real health reform without more HIT and saner forms of rationing. National efforts have largely failed primarily because policies have been hostile to the small practices where most patients receive care. I am eager to see evidence that shows support for the planned road maps to security and interoperability (i.e. by more than just a subset of a minority of the community). Otherwise, the American efforts will fail just as they have in the U.K. Theoretical business models and ROI analyses will be a hard sell to most… Read more »

Dr. D Cook
Guest
Dr. D Cook

To answer your question Randall Oates, there is the business model out there for practices to implement EMRs using the current HITSP AND cut overhead through stream line medical billing. Rather than thinking “can the average practice afford to convert to EMRs?” it will be, “who can afford not to?”.
http://www.doctorsxl.com/technology.php

James
Guest
James

Massive amounts of health care data is already available in electronic formats in databases ranging from insurance and government claims systems to hospital records systems. One may construct a very accurate patient record using just claims info, especially if you add in lab data as attached files with the claims submissions. Claims-based EHRs are actually fairly common these days in both the private sector (look at Availity) and even within some state Medicaid programs. The abuses that some people worry about are already possible with the information that is already collected and stored. EHRs are not something that is “coming”;… Read more »

Cassie Harman, Nuesoft Technologies
Guest

I think there are three separate concerns that tend to be lumped together when people start debating the privacy of electronic health records, and we need to address all three to convince the doubtful that EHRs can keep patient data secure. The first concern is that of hackers independent of a practice or medical institution somehow accessing patient data care for malicious purposes. The chances of a hacker accessing Internet-based EHRs and client server-based EHRs that don’t transmit their patient data across the public forum of the Web are miniscule (note that the security differences between Internet-based and Web-based applications… Read more »

Jeff
Guest
Jeff

I disagree with the statement “Even if someone were to gain access to the average person’s health information, there isn’t much they could do with it, other than cause that person some personal embarrassment”. This information, made public, could be used to discriminate against people (hiring, credit, insurance, etc.) Nearly every day you hear more about security breaches in companies that have implemented “security”. I believe that the real problem is the tremendous administrative overhead. Insurance companies should have to pay for all health claims. They should only be allowed to look for fraudulent/abusive claims. Imagine all of the money… Read more »

Randall Oates, M.D.
Guest

What evidence has been collected that a typical practice (i.e. those with 1 to 3 physicians) are willing to implement the security and privacy constructs as defined by HITSP?
Has there been any analysis as to what the typical costs would be?
What evaluation has been done to determine what percentage of typical practices would be willing to purchase such systems?

Glen Marshall
Guest
Glen Marshall

As someone who is directly involved with healthcare privacy and security — in HL7, HITSP, and CCHIT — it’s very clear that we already have the technology standards and processes necessary to enforce privacy policies. We don’t need more technology. We need what we have defined to be widely implemented. One key problem is the lack of coherent policies. We have a crazy quilt of overlapping and sometimes conflicting rules among the states and too-vague Federal policies. The policy constructs for healthcare consumer data-disclosure consents are immature. We need to correct the regulatory policy logjam. Then we will have better… Read more »

Rob
Guest
Rob

As a patient, I’m concerned that any personal information, once aggregated, can be used to judge me in absentia. The problem isn’t with data collection; it’s with judging people with a narrow, mail-slot view of their character, and the only way to avoid that is to be very careful about data collection. Witness how many good jobs now require a background check, which can, yes, shed some light on a person’s background, but not necessarily on their work ethic or abilities. Car insurance rates are based partly on your credit rating. Your chance of getting a good-paying job is, too.… Read more »

Joseph F. Sucher, MD FACS
Guest
Joseph F. Sucher, MD FACS

I find it interesting that people talk about privacy in a very nebulous fashion. There is no direct discussion that asks what are patients concerned about as it relates to their personal health information? Let’s air out the exact concerns and address each one. Just talking about privacy like its the boogey-man doesn’t get us very far as it relates to coming up with solutions that address distinct and finite issues.
JFS

Imee
Guest

I like the stimulus package, but I’m not so keen on the idea of losing my privacy. Do we really have an honest enough group of people that won’t abuse the power being given to them?