Electronic Health Records has been a hot topic ever since Obama's inauguration and the inclusion of $20b for EHR in the proposed stimulus bill. However, the patient privacy is issue is far from settled as yet and for the EHR to gain widespread adoption and result in the kind of healthcare cost savings that are being promised, it is imperative that the privacy issue is addressed at the earliest. I think the three key determinants here are:
1. A government willing to regulate and effectively enforce privacy laws
2. Heavy deterrent action against a few major privacy offenders
3. Putting in technology to address privacy
EHR does promise to be the largest IT initiative on the horizon and like many in the IT industry, I am rooting for it. But it's not only for selfish business reasons. As a healthcare consumer, I see the ridiculousness of the current system - doctors requesting other doctors for patient's records over the phone, records being sent out by fax (not the best way of ensuring privacy), no way of making sure you have the most recent records. We've lost a decade on this issue - EHR would have been big in the early part of this decade had it not been for the diversions that most of us regret now.
Your E-Health Records
The idea is sound, but it also raises important questions about how to ensure the privacy of patients. Fortunately, the legislation would impose sensible privacy protections despite attempts by business lobbyists to weaken the safeguards.
With paper records the opportunities for breaches are limited to over-the-shoulder glimpses or the occasional lost or stolen files. But when records are kept and transferred electronically, the potential for abuse can become as vast as the Internet.
Electronic health records that can be linked to individual patients are already protected by laws that apply primarily to hospitals, doctors, nursing homes, pharmacists, laboratories and insurance plans. The stimulus bill that has passed in the House, and a similar bill awaiting approval in the Senate, would strengthen the privacy requirements and apply them more directly to “business associates” of the providers, like billing and collection services or pharmacy benefit managers, that have access to sensitive data but are not readily held accountable for any misuse.
The potential for harm was spelled out by the American Civil Liberties Union in a recent letter to Congress. Employers who obtain medical records inappropriately might reject a job candidate who looks expensive to insure. Drug companies with access to pharmaceutical records might try to pressure patients to switch to their products. Data brokers might buy medical and pharmaceutical records and sell them to marketers. Unscrupulous employees with access to electronic records might snoop on the health of their colleagues or neighbors.
The bills pending in Congress would go a long way toward preventing such abuses. They would outlaw the sale of any personal health information without the patient’s permission, mandate audit trails to help detect inappropriate access, and require that patients be notified whenever their records are lost or used for an unauthorized purpose. They would also beef up the penalties for noncompliance and allow state attorneys general to help enforce the rules — a useful backup in case the federal government falls down on the job. The House version would also encourage the use of protective technologies, like encryption, to protect personal medical information that will be transmitted.
Health insurance plans and some disease management groups are complaining that the new requirements would impose administrative burdens that could actually impede the use of electronic records and interfere with coordination of care. They want to ease the marketing restrictions, notify patients only if security breaches are harmful, and keep the attorneys general out of the enforcement role.
It should be possible through implementing regulations to fine-tune the privacy requirements so that they do not disrupt patient care. Congress must make every effort to ensure that patients’ privacy is protected.
0 comments:
Post a Comment