Skip to content Skip to navigation

Welcome to the EMR Privacy Debate, President Obama!

January 24, 2009
by Reece Hirsch
| Reprints

In a recent speech on his economic recovery plan, President Obama said, "We will make the immediate investments necessary to ensure that within five years all of America's medical records are computerized."Â It appears that the upcoming economic stimulus bill will allocate $20 million out of $825 million to accomplishing that objective in some fashion.

There seems to be some consensus that the widespread of adoption of electronic medical records would be beneficial for the health care delivery system, preventing medical errors and enhancing the quality of care. The catch, as is so often the case, is the issue of privacy.

Lawmakers such as Rep. Edward Markey (D-Mass.), Rep. Pete Stark (D-Cal.), Sen. Patrick Leahy (D-Vt.) and Sen. Olympia Snow (R-Maine) have all urged that any EMR stimulus measure include heightened privacy protections. Their concern is that the proliferation of EMRs will lead to ever-larger databases of medical information, thus increasing the risk of security breaches and misuse for commercial purposes.

Privacy is a popular issue with voters, and some lawmakers seem to be of the view that measures that give the individual more control over the use of their medical information are always a good thing. Â I don't believe that is necessarily true.

For example, one proposal that might find its way into the stimulus bill would require health care providers to obtain the consent of the patient before disclosing personal health information for treatment, payment or health care operations. These categories of disclosures are currently permitted under the HIPAA Privacy Rule without patient authorization. If this provision is included in the final bill, it could potentially require a physician to obtain the patient's consent before engaging in a host of common uses of medical information, from providing information to a billing company to sharing medical records with a consulting physician. In practice, this sort of provision could severely complicate the everyday work of healthcare providers and add administrative costs that would dwarf the efficiencies to be achieved by EMRs.

Finding a balanced approach to EMR privacy and security is just one more intractable problem that President Obama has taken up in the first days of his administration. I hope that the President can lead health care industry groups and privacy advocates to find the middle ground on this important issue.

Topics

Reece Hirsch

Partner, Morgan, Lewis & Bockius LLP

Reece Hirsch's Health Care Privacy Law Blog offers a lively commentary on a wide range of...