As we move to Electronic Health Records (EHR), the debates over security and privacy are becoming more frequent and more poignant. We of course have HIPAA laws on the books and ONC has a Tiger team assembled to recommend privacy and security policies to Secretary Sebelius. CIOs and entire IT departments are all focused on protecting the privacy of patients and their Personal Health Information (PHI). This is, of course, as it should be, but how about privacy of those taking care of patients? Do physicians have a right to privacy too?
As EHRs become more prevalent and interconnected, increasing amounts of clinical and administrative data will be flowing out of doctors’ offices and into the great beyond. Most of this data is indeed patient data, but some of it could be combined, sliced and diced to derive pretty extensive information about doctors. For example, and in no particular order:
- Prescribing patterns – Prescription data has been collected and sold to pharmaceutical companies for decades. EHRs will make this much easier to accomplish and the data will become richer and more granular, since it will contain the exact nature of the visit where a particular drug was prescribed or discontinued, including physician notes on the subject. Of course, such information finding its way to public websites would present a novel difficulty if, say, we can look up Dr. X and see that she wrote 30 prescriptions for contraceptives last month, half of which were for girls under 16 years of age.
As data becomes richer and more liquid, more possibilities to monetize physician data will emerge, just like monetization of patient data will become rampant. Fortunately, patient privacy is central to all new standards and policies being created by the Government. By contrast, physician privacy is not even an afterthought. While physicians have always been morally and legally obligated to protect their patients’ privacy, perhaps the time has come to also consider the doctor’s privacy in this brave new digital world.
Margalit Gur-Arie blogs frequently at her website, On Healthcare Technology. She was COO at GenesysMD (Purkinje), an HIT company focusing on web based EHR/PMS and billing services for physicians. Prior to GenesysMD, Margalit was Director of Product Management at Essence/Purkinje and HIT Consultant for SSM Healthcare, a large non-profit hospital organization.