Saturday, February 7, 2009

Will electronic medical records threaten my privacy? No, but…

I’ve been thinking a lot about privacy lately. For example, among the ways President Obama has indicated his commitment to a 21st century health care system, is “by computerizing medical records … saving countless lives and billions of dollars.”

His proposal is already underway in many communities around the country, including Indianapolis, whose Regenstrief Institute is a nationally recognized leader in the development and diffusion of electronic medical records [EMRs]. The conversion of millions of paper records to electronic records, and the organization of hospitals and physician groups to agree on how best to access and share these records, presents a number of logistical and technical challenges. None of these are insurmountable. Moreover, given sufficient resources and political will, it is likely that the President’s vision can be translated into reality sooner rather than later – so long as we can figure out how to handle the elephant in the room (and no, this is not the Republican caucus). The elephant is privacy – the idea that access to personal health information is something that we as individuals should be able to completely control, and that access by others (especially unauthorized third parties) constitutes a serious breach of personal space, let alone any negative repercussions from malicious use. But does the move to EMRs require a dramatic change in the ethics of privacy? Should people be more worried once their records are accessible to more health providers? How can they be sure that errors will be quickly corrected?

I thought I had completely settled views on these questions: namely that the risks from privacy invasion are potentially serious and people are entitled to be frightened. In the case of my personal health information, I have confidence that those experts working on the architecture for the system – the checks and balances, the encryption techniques, gateways, passwords, algorithms and who knows what else – will construct it with exactly those worries in mind. Interestingly, I’m more upset right now that in the past few days someone with plenty of time on their hands has figured out a way to upload a picture of me from the internet and create a brand new Facebook page using my name. This is creepy and it’s wrong. Should I be more worried about a breach in my electronic medical record that accidentally discloses to the world that Eric Meslin suffers from migraines (true by the way), or the Facebook hacker who convinces unsuspecting people to become “friends of Eric Meslin” in order to expose them to “wall-to-wall” postings that attribute opinions about privacy to me which aren’t my own?

--Eric M. Meslin


Anonymous said...

Currency is stored as electronic records, too, yet while a fraudster certainly could publish a database called "My USD$," on the web and try to process commercial transactions against it, that's rarely as effective as the fraudster may hope.

The physical representation of a record is largely an irrelevant constant in an equation dependent on the system of trust, checks, and balances to ensure that records of things actually describe reality.

Unknown said...

It's a well written article.The idea behind electronic health records is to have a computer-based history of a patient's clinical and administrative details. This will include every document made by each doctor that was ever involved with the patient's medical history.