If we are looking for a major hurdle to a unified Electronic Health Record we need look no further than our healthy “concern” about the privacy of our personal health information. The paper chart, with its meandering trail from hospital department to department and open access to anyone with the nerve to sneak a peek, was rarely the genesis of national headlines or concerns. The incidents of “invasion” were no doubt numerous, but the nature of the paper chart makes any actual quantitative analysis impossible. When there was a “leak” of information the offending culprit was impossible to track.
Conceptually, the nature of the EMR/EHR provides skeptics and conspiracy theorists fodder for rants about patient privacy. The EHR lives in “cyber-space,” which to most Americans is an arena where spammers and hackers have the upper hand over the cyber-cops. Organizations and legislative bodies that dismiss such concern as “paranoia” do so at their own peril.
The Electronic Health Information and Privacy Survey, sponsored by Canada Health Infoway, the Office of the Privacy Commissioner of Canada, and Health Canada, was based on interviews with approximately 2,500 Canadians last summer. The poll results concluded that almost two-thirds of Canadians believe there are few types of personal information more important for privacy laws to protect than personal health information, and that almost nine in 10 Canadians support the development of EHRs. Eighty-four per cent of respondents would like to be able to access their own medical records online, while 77 per cent would like audit trails that document access to their health information. In terms of accountability, 74 per cent of respondents want strong penalties for unauthorized access to their personal health information, with 70 per cent saying they want to be informed and would like procedures in place to respond to such breaches. In 2005 a similar study by the California Healthcare Foundation revealed similar trends.
Recent headlines in the United States detailed the unauthorized access of the medical records of George Clooney during the film star’s stay at the PalisadesMedicalCenter in New Jersey. Advocates of the EMR use this episode to point out that today’s technology is working. Prior to the advent of electronic medical records no one would ever be able to know for sure who took a peek at a patient’s paper records. In this case, all unauthorized access was documented by security and more than two dozen PalisadesMedicalCenter employees were suspended.
Compromised celebrity privacy is not just an American headline. The New Zealand Herald reported that the Auckland District Health Board fired one employee and disciplined 20 others for examining the private medical records of celebrities. Health board officials refused to identify the celebrities whose medical records were compromised, or how often the records had been examined.
What are consumers to think? If we can not maintain the privacy of VIPs how will we keep all of their records free from malevolent eyes? Maintaining the security of the EHR is a technical necessity, but convincing the consumer that their health information is safe and secure may be the real challenge.