Today's Date: Thursday, November 20, 2008
Report: Electronic Medical Records Have Potential for Misuse
Monday, March 27, 2006
YONKERS, N.Y.,-- An investigation in the March 2006 issue of Consumer Reports magazine has found that a national system of Electronic Health Records (EHRs) being developed by the federal government, states, HMOs, and PPOs to link the medical records of every American has potential for abuse. The Consumer Reports article found that while such electronic medical records systems could save lives and billions of dollars in health-care spending, it may also jeopardize the security of personal health care information.

Those potential benefits have spurred many state government agencies, hospital chains, and health-care providers to develop their own electronic records systems.

But troubling questions come with the promises: How will the system be safeguarded from marketers, fund-raisers, or potential employers? Could computer hackers release the information onto the Internet for everyone to see? How will patients be able to control access to or find out who has viewed their medical records?

Consumer Reports found that in absence of safeguards, marketers could use electronic medical records to sell patients new drugs to treat their illnesses; fund-raisers could target those newly diagnosed of a disease and encourage them to contribute to their cause. Lenders and employers could also use such information to disqualify people with health problems from obtaining loans and jobs.

The Potential Threats to Medical Privacy

Anyone who has recently examined his or her credit report knows that errors are common and often significant. Errors in a medical record could be fatal. The likelihood of errors could also increase when lots of people have the ability to enter data into a record.

The Healthcare Information Technology Standards Panel, the agency in charged of setting standards for exchange of information over the new electronic medical records network, insists that security will be tight. Without such safeguards, some consumers might be reluctant to seek treatment for certain conditions out of fear of discovery.

However, the Health Insurance Portability and Accountability Act (HIPAA) regulations allow medical information to be shared by hundreds of thousands of people without a patient's knowledge -- to treat and to process billing. But the data can also go to health-care-related businesses. That's troublesome because according to the Department of Health and Human Services (HHS) there are about 600,000 such businesses in the U.S., and they can share electronic medical records with their affiliates. Medical information could also be included in health- care research without a patient's knowledge.

Privacy advocates worry that sharing allowed under HIPAA could allow insurers to share data with its affiliates, which could be the patient's bank doing health-care consulting, or a potential employer. Corporations acquiring a pharmacy group or insurance company, or a data warehouse sharing consumer information with drugmakers looking to improve marketing are also not sufficiently regulated by HIPAA law.

The information may include name, diagnosis code, and how much a patient paid. That could be enough to derail the prospects of a loan, mortgage, or job. According to experts, it would be impossible to prove medical information was shared since HIPAA does not require a disclosure audit.

The Promises of Electronic Health Records

The advantages of EHRs are many, according to Consumer Reports. More precise patient care from doctors, greater participation by patients, and an early-warning system for medical disasters such as the appearance of avian flu are among the hoped-for achievements for an electronic medical records network. Another is the potential savings in health-care spending of $77 billion annually, according to the RAND Corporation, if 90 percent of doctors and hospitals adopt the system.

Much of the savings would come from shorter hospital stays prompted by better-coordinated care and fewer redundant tests and procedures. Fewer prescription errors, another benefit of computerized systems' warning doctors and pharmacists of potential adverse drug reactions, could save an additional $4 billion.

Are These Signs of Things to Come?

Advocates of Electronic Health Records say the system will have the tightest possible security. But recent large-scale thefts of credit card and banking information have shown that all databases, even those with state-of-the-art security protections, can be compromised. Electronic medical records systems now in operation have already sprung some serious security leaks. In 2003, a medical transcriptionist in Pakistan threatened to post patient records from the University of California San Francisco's Medical Center on the Internet unless she was paid for her work for a transcription service company hired by the university.

The dispute was resolved but meanwhile patients had no idea their records were being sent overseas. In another breach, two computers that held a disc containing the confidential records of close to 200,000 patients of a medical group in San Jose, California, were posted for sale on Craigslist.org. The FBI recovered the information and the medical group informed current and former patients of the theft.

The full report on electronic medical records appears in the March 2006 issue of Consumer Reports which goes on sale February 7, 2006 wherever magazines are sold. The investigation will be available online to subscribers of ConsumerReports.org at http://www.ConsumerReports.org?source=CR68

© 2005, HipaaBulletin.com

Click here to Contact Us