Skip to: Content
Skip to: Site Navigation
Skip to: Search


In digitizing healthcare, a battle over patient privacy

US lawmakers argue over how to balance the benefits of electronic medical records with privacy needs.

By Staff writer of The Christian Science Monitor / February 11, 2009



New York

The economic stimulus bill before Congress is certain to include billions of dollars to bring electronic record keeping to the healthcare industry, moving patients' records and doctors' prescriptions out of the era of carbon-paper triplicates and undecipherable handwriting.

Skip to next paragraph

It's an efficiency that's expected to bring down healthcare costs and add jobs. But it's also a way for researchers and others working to improve overall healthcare outcomes to gain access to millions of patients' medical records – and therein lies the rub.

Lawmakers in the House and Senate are currently waging a battle over how to ensure that a patient's very private medical history is protected, even as they allot the money for an information technology (IT) system that makes widespread sharing of that history easier.

"The two overarching goals … are to improve the privacy and security of health information, and at the same time, improve research using such information," says Bernard Lo, professor of medical ethics at the University of California at San Francisco at a press conference last week on the current medical privacy law.

Going electronic

For President Obama, the need to spend at least $20 billion over two years for an IT upgrade at clinics and hospitals is clear.

"We're still using paper. We're still filing things in triplicate. Nurses can't read prescriptions that doctors have written out," he said Tuesday during a prime-time televised press conference. "Why wouldn't we want to put that on an electronic medical record that will reduce error rates, reduce our long-term costs of healthcare, and create jobs right now?"

Few in the healthcare industry would defend the status quo. In 2001, the Institutes of Medicine called for all healthcare records to be electronic by 2010. Today, only 14 percent of medical practices use electronic health records.

The reasons are many: ranging from the high cost of computerizing thousands of offices to the need for staff training to the lack of standards that allow a computer in one office to talk to main frames in another.

"Health IT is an important enabler to having a better health care system, but in and of itself it will do very little," says Gail Wilensky, a senior fellow at Project Hope, an international health education foundation. "We also have to be ready to take on some of the very difficult issues with regard to standards, terminology, and ... inter-operability."

The battle in Congress is over what kind of rules should guide that change – especially over ensuring privacy while striving for efficiency.

Privacy vs. efficiency

A patient's medical history is vital to a healthcare provider's ability to provide high quality, efficient care. But privacy advocates contend that individuals should be able to control who can see their medical record and when.

There is concern the information could be used by insurance companies or employers to discriminate, or that companies would mine the medical data for profit.

The need for patient confidentiality could conflict with the effort to improve overall outcomes. To understand which medical interventions work best, researchers need access to large databases that include the outcomes of particular treatments for various diagnoses.

"The key depends in the long run on who owns and controls the patient record," says Marc Roberts, a professor of political economy and health policy at Harvard's School of Public Health. "Many healthcare systems are now intentionally building medical record systems that are nonstandardized and noncompatible so they can own and control the data."

That might be good for a chain of for-profit hospitals, but it doesn't help the overall healthcare system. That's why ensuring that all healthcare providers have systems that can share information is vital, says Prof. Roberts.

There's already a law on the books designed to prevent unnecessary disclosure while allowing the use of nonidentifiable patient information for research. But a study released last week by the Institute of Medicine found that the Health Insurance Portability and Accountability Act isn't doing a good job of either protecting patient privacy or encouraging vital research.

Researchers are hoping Congress can remedy that.

The House version of the stimulus bill currently has stronger privacy provisions than the Senate version. It requires medical and insurance professionals to alert consumers of any unauthorized disclosure of their medical information.

That could cost billions of dollars, say many in the medical industry. By contrast, the Senate bill would leave disclosure to the discretion of the Secretary of Health and Human Services, who could take such costs into account when determining how to deal with security breaches.

The House bill also has stronger provisions to prevent healthcare institutions from selling information to third parties.

Some researchers worry that could also make it more difficult for them to access information.

Permissions