Electronic health records are already subject to federal standards of privacy. The 1996 Health Insurance Portability and Accountability Act (HIPAA) created rules for who may access health records and set criminal penalties for privacy breaches. HIPAA also included a ruling that patients must be notified whenever there has been an improper breach of a medical record. The new electronic medical records will be subject to these HIPAA guidelines, and some guidelines have already been strengthened and clarified under the new legislation.
Under the shadow of HIPAA, however, the Privacy Rights Clearinghouse reports that 5 million people were subject to breaches of their medical records in a period of 18 months [source: Pear]. Laptops stolen from medical offices, paper records that weren't disposed properly and overly curious (and sometimes malicious) employees were just some of the causes. While many people immediately think of the dangers of hackers when they contemplate a world of electronic medical records, it's important to consider that paper records aren't that safe from nosy workers or people with an ax to grind. One instance of a privacy breach in 2003 involved a medical transcriptionist holding medical information hostage until she was paid for her work [source: Wagner].
It may be impossible to promise complete security of any medical record -- paper or digital -- but digital records do have a few more safeguards in place. For example, hospitals and medical offices will most likely authorize the people who can see each person's chart. They will have a password to sign into the chart, which will allow the electronic system to monitor every single access point. And under HIPAA, a patient could request the audit trail and see a list of all of the people who have left a digital fingerprint on the chart. If someone accesses a record improperly, he or she is subject to termination, criminal charges and fines.
Under discussion is how forthcoming doctors will have to be with that audit trail. By law, a patient can request it at any time, and a patient must also be informed when there's been a malicious breach -- if, for example, your billing information may have ended up in the wrong hands. But there is some gray area. If your doctor can tell that an intern accessed a record that he shouldn't have, should the patient be notified? Or will the doctor be allowed to determine that the intern meant no harm? If the patient has extremely sensitive health information, he or she may have a different definition of harm than the doctor.
Speaking of sensitive health information, another guideline under discussion would allow patients to keep certain parts of their medical record separate. However, doctors are hoping that patients will be forthcoming so they can receive the best care possible.
Stay tuned for more on privacy of our digitized health data. If you'd like to learn more about the conversion to electronic medical records in the United States, there's plenty of information below.
- Angst, Corey M. and Ritu Agarwal. "Adoption of Electronic Health Records in the Presence of Privacy Concerns: The Elaboration Likelihood Model and Individual Persuasion." MIS Quarterly. June 2009.
- Brody, Jane E. "Medical Paper Trail Takes Electronic Turn." New York Times. Feb. 23, 2010. (Aug. 23, 2010)http://www.nytimes.com/2010/02/23/health/23brod.html
- Conger, Cristen. "Are Electronic Medical Records Safe?" Discovery News. May 26, 2010. (Aug. 23, 2010)http://news.discovery.com/tech/are-electronic-medical-records-safe.html
- Freudenheim, Milt. "And You Thought a Prescription Was Private." New York Times. Aug. 9, 2009. (Aug. 23, 2010)http://www.nytimes.com/2009/08/09/business/09privacy.html
- Fried, Ina. "Dragging Health Records into the Digital Age." CNET. May 18, 2009. (Aug. 23, 2010)http://news.cnet.com/Dragging-health-records-into-the-Digital-Age/2009-11393_3-6249641.html?tag=txt;mncol
- "HIPAA Basics: Medical Privacy in the Electronic Age." Privacy Rights Clearinghouse. July 2010. (Aug. 23, 2010)http://www.privacyrights.org/fs/fs8a-hipaa.htm
- Hoffmann, Leah. "Implementing Electronic Medical Records." Communications of the ACM. November 2009.
- Knitz, Mark A. "HIPAA Compliance and Electronic Medical Records: Are Both Possible?" Bowie State University. April 2005. (Aug. 23, 2010)http://faculty.ed.umuc.edu/~meinkej/inss690/knitz.pdf
- Konrad, Walecia. "Medical Problems Could Include Identity Theft." New York Times. June 13, 2009. (Aug. 23, 2010)http://www.nytimes.com/2009/06/13/health/13patient.html
- Mann, Denise. "Technology Plays Key Role in Health Care Reform." WebMD. (Aug. 9, 2010)http://www.webmd.com/healthy-aging/features/technology-plays-key-role-in-health-care-reform
- McCullagh, Declan. "What You Need to Know About E-Health Records." CNET. May 19, 2009. (Aug. 23, 2010)http://news.cnet.com/2009-11393_3-6249507.html?tag=txt;mncol
- O'Connor, Steve and Dan Trevino. "HIPAA, Electronic Medical Records, and You." BMC Industry Insights. 2010. (Aug. 23, 2010)http://documents.bmc.com/products/documents/33/73/133373/133373.pdf
- Pear, Robert. "Privacy Issue Complicates Push to Link Medical Data." New York Times. Jan. 18, 2009. (Aug. 9, 2010)http://www.nytimes.com/2009/01/18/us/politics/18health.html
- Pear, Robert. "Standards Issued for Electronic Health Records." New York Times. July 13, 2010. (Aug. 9, 2010)http://www.nytimes.com/2010/07/14/health/policy/14health.html
- Pear, Robert. "Tighter Medical Privacy Rules Sought." New York Times. Aug. 22, 2010. (Aug. 23, 2010)http://www.nytimes.com/2010/08/23/health/policy/23privacy.html
- Peel, Deborah C. "Your Medical Records Aren't Secure." New York Times. March 23, 2010. (Aug. 23, 2010)http://online.wsj.com/article/SB10001424052748703580904575132111888664060.html
- Singer, Natasha. "When 2 + 2 Equals a Privacy Question." New York Times. Oct. 18, 2009. (Aug. 23, 2010)http://www.nytimes.com/2009/10/18/business/18stream.html
- Thede, Linda. "Electronic Health Records: A Boon or Privacy Nightmare?" Online Journal of Nursing. 2010.
- Timmer, John. "State privacy laws may undercut electronic medical records." Ars Technica. April 14, 2009. (Aug. 23, 2010)http://arstechnica.com/tech-policy/news/2009/04/state-privacy-laws-may-undercut-electronic-medical-records.ars
- Wagner, Mitch. "Government Grapples with EMR Security, Privacy." Information Week. Dec. 17, 2009. (Aug. 23, 2010)http://www.informationweek.com/story/showArticle.jhtml?articleID=222002134