Will your electronic medical record be safe?

We'll share anything online -- except for our health records.
We'll share anything online -- except for our health records.
Emmanuel Faure/Photodisc/Getty Images

In today's world, many people think nothing of oversharing. We vie to be cast on reality TV shows so that cameras will follow us around every minute. We document our daily activities on our Twitter feeds, post party pictures on Facebook and upload videos of marriage proposals to YouTube. Sometimes, it seems like there's nothing we won't share with our fellow citizens.

But mention the current effort to digitize health records and create a system of electronic medical files, and even the most committed technophile may shudder. There's something about converting from old-fashioned paper charts that makes people nervous. Survey after survey has shown that U.S. citizens don't trust systems of electronic medical records, but it's a fear that we'll have to conquer, because these systems are on their way. The 2009 economic stimulus bill included billions of dollars to create electronic medical records for every citizen.

Electronic medical records promise a wealth of benefits. They'll cut the ballooning administrative costs that overwhelm our health care system, and they'll also help doctors provide better care. Rather than having to struggle to remember the last time you had a tetanus shot or all of the medications you've ever taken, doctors will be able to access that information with a few clicks of a computer mouse. With this data at their fingertips, they can avoid ordering duplicative tests or prescribing the wrong medication. Health care professionals will be better able to monitor the preventive care patients need for their age and gender, and they'll also be able to collaborate with other physicians to manage chronic conditions.

It may sound like a good deal, but it's perfectly reasonable to have questions about the privacy of these records. Would a network like this be safe from hackers? Could all of your information end up on the Internet? And what about the most sensitive aspects of your health history -- things like abortions, drug abuse and mental health conditions -- does everyone have to see those?

The stimulus bill that included the funds for electronic medical records included a set of privacy standards that these records must meet, which the Obama administration is in the midst of finalizing. While we await the ultimate rules, let's take a look at the potential safeguards.

Electronic Medical Record Privacy

If someone's seen your medical record, you'll have the right to find out.
If someone's seen your medical record, you'll have the right to find out.
Seth Joel/Photographer's Choice RF/Getty Images

Electronic health records are already subject to federal standards of privacy. The 1996 Health Insurance Portability and Accountability Act (HIPAA) created rules for who may access health records and set criminal penalties for privacy breaches. HIPAA also included a ruling that patients must be notified whenever there has been an improper breach of a medical record. The new electronic medical records will be subject to these HIPAA guidelines, and some guidelines have already been strengthened and clarified under the new legislation.

Under the shadow of HIPAA, however, the Privacy Rights Clearinghouse reports that 5 million people were subject to breaches of their medical records in a period of 18 months [source: Pear]. Laptops stolen from medical offices, paper records that weren't disposed properly and overly curious (and sometimes malicious) employees were just some of the causes. While many people immediately think of the dangers of hackers when they contemplate a world of electronic medical records, it's important to consider that paper records aren't that safe from nosy workers or people with an ax to grind. One instance of a privacy breach in 2003 involved a medical transcriptionist holding medical information hostage until she was paid for her work [source: Wagner].

It may be impossible to promise complete security of any medical record -- paper or digital -- but digital records do have a few more safeguards in place. For example, hospitals and medical offices will most likely authorize the people who can see each person's chart. They will have a password to sign into the chart, which will allow the electronic system to monitor every single access point. And under HIPAA, a patient could request the audit trail and see a list of all of the people who have left a digital fingerprint on the chart. If someone accesses a record improperly, he or she is subject to termination, criminal charges and fines.

Under discussion is how forthcoming doctors will have to be with that audit trail. By law, a patient can request it at any time, and a patient must also be informed when there's been a malicious breach -- if, for example, your billing information may have ended up in the wrong hands. But there is some gray area. If your doctor can tell that an intern accessed a record that he shouldn't have, should the patient be notified? Or will the doctor be allowed to determine that the intern meant no harm? If the patient has extremely sensitive health information, he or she may have a different definition of harm than the doctor.

Speaking of sensitive health information, another guideline under discussion would allow patients to keep certain parts of their medical record separate. However, doctors are hoping that patients will be forthcoming so they can receive the best care possible.

Stay tuned for more on privacy of our digitized health data. If you'd like to learn more about the conversion to electronic medical records in the United States, there's plenty of information on the next page.

Related Articles


  • Angst, Corey M. and Ritu Agarwal. "Adoption of Electronic Health Records in the Presence of Privacy Concerns: The Elaboration Likelihood Model and Individual Persuasion." MIS Quarterly. June 2009.
  • Brody, Jane E. "Medical Paper Trail Takes Electronic Turn." New York Times. Feb. 23, 2010. (Aug. 23, 2010)http://www.nytimes.com/2010/02/23/health/23brod.html
  • Conger, Cristen. "Are Electronic Medical Records Safe?" Discovery News. May 26, 2010. (Aug. 23, 2010)http://news.discovery.com/tech/are-electronic-medical-records-safe.html
  • Freudenheim, Milt. "And You Thought a Prescription Was Private." New York Times. Aug. 9, 2009. (Aug. 23, 2010)http://www.nytimes.com/2009/08/09/business/09privacy.html
  • Fried, Ina. "Dragging Health Records into the Digital Age." CNET. May 18, 2009. (Aug. 23, 2010)http://news.cnet.com/Dragging-health-records-into-the-Digital-Age/2009-11393_3-6249641.html?tag=txt;mncol
  • "HIPAA Basics: Medical Privacy in the Electronic Age." Privacy Rights Clearinghouse. July 2010. (Aug. 23, 2010)http://www.privacyrights.org/fs/fs8a-hipaa.htm
  • Hoffmann, Leah. "Implementing Electronic Medical Records." Communications of the ACM. November 2009.
  • Knitz, Mark A. "HIPAA Compliance and Electronic Medical Records: Are Both Possible?" Bowie State University. April 2005. (Aug. 23, 2010)http://faculty.ed.umuc.edu/~meinkej/inss690/knitz.pdf
  • Konrad, Walecia. "Medical Problems Could Include Identity Theft." New York Times. June 13, 2009. (Aug. 23, 2010)http://www.nytimes.com/2009/06/13/health/13patient.html
  • Mann, Denise. "Technology Plays Key Role in Health Care Reform." WebMD. (Aug. 9, 2010)http://www.webmd.com/healthy-aging/features/technology-plays-key-role-in-health-care-reform
  • McCullagh, Declan. "What You Need to Know About E-Health Records." CNET. May 19, 2009. (Aug. 23, 2010)http://news.cnet.com/2009-11393_3-6249507.html?tag=txt;mncol
  • O'Connor, Steve and Dan Trevino. "HIPAA, Electronic Medical Records, and You." BMC Industry Insights. 2010. (Aug. 23, 2010)http://documents.bmc.com/products/documents/33/73/133373/133373.pdf
  • Pear, Robert. "Privacy Issue Complicates Push to Link Medical Data." New York Times. Jan. 18, 2009. (Aug. 9, 2010)http://www.nytimes.com/2009/01/18/us/politics/18health.html
  • Pear, Robert. "Standards Issued for Electronic Health Records." New York Times. July 13, 2010. (Aug. 9, 2010)http://www.nytimes.com/2010/07/14/health/policy/14health.html
  • Pear, Robert. "Tighter Medical Privacy Rules Sought." New York Times. Aug. 22, 2010. (Aug. 23, 2010)http://www.nytimes.com/2010/08/23/health/policy/23privacy.html
  • Peel, Deborah C. "Your Medical Records Aren't Secure." New York Times. March 23, 2010. (Aug. 23, 2010)http://online.wsj.com/article/SB10001424052748703580904575132111888664060.html
  • Singer, Natasha. "When 2 + 2 Equals a Privacy Question." New York Times. Oct. 18, 2009. (Aug. 23, 2010)http://www.nytimes.com/2009/10/18/business/18stream.html
  • Thede, Linda. "Electronic Health Records: A Boon or Privacy Nightmare?" Online Journal of Nursing. 2010.
  • Timmer, John. "State privacy laws may undercut electronic medical records." Ars Technica. April 14, 2009. (Aug. 23, 2010)http://arstechnica.com/tech-policy/news/2009/04/state-privacy-laws-may-undercut-electronic-medical-records.ars
  • Wagner, Mitch. "Government Grapples with EMR Security, Privacy." Information Week. Dec. 17, 2009. (Aug. 23, 2010)http://www.informationweek.com/story/showArticle.jhtml?articleID=222002134