What Are the Disadvantages of Electronic Medical Records?
By Robert Mullins
Financial institutions and many other businesses have successfully transitioned from paper-based files to electronic ones, but the health care industry is another matter. While high technology is used to diagnose and treat many illnesses, the back office still runs on paper. A push is on to transition to electronic medical records, but security and privacy worries remain a concern.
The Push for EMRs
The stimulus bill signed by President Obama in February 2009 included $19 billion to help the health care industry change over to electronic medical records (EMRs), while $50 billion more is proposed over the next 10 years. But there are many reasons to be cautious about such an effort. Hospitals, clinics and doctors have been decidedly behind the times as their offices remain stuffed with manila folders full of paper records and charts. The Obama administration has been advocating electronic medical records on the grounds that they can help improve the efficiency of health care delivery by sharing information of a patient's history, treatment and outcomes. But among the risks associated with switching to EMRs are doubts about their accuracy, the risk of records being hacked and unauthorized access to records by insurers, employers or others who could use that information against patients by denying them insurance or jobs.
The HIPAA Factor
One of the reasons medical records haven't gone digital as they have in financial services or other fields is HIPAA. The federal Health Insurance Portability and Accountability Act, enacted in 1996, requires hospitals, clinics and others in health care to guard the privacy of medical records. HIPAA includes penalties of up to $250,000 in fines and 10 years in prison for violations. Given the harsh penalties and the number of breaches of electronic records, many in the health care industry consider it easier to secure paper records.
Medical Record Errors
The story of "e-Patient Dave" is a cautionary tale about what can go wrong with EMRs. According to a story in the Boston Globe, e-Patient Dave, whose real name is Dave deBronkart, asked to have his medical records transferred from the hospital where he received care to Google Health, a free service that lets patients maintain control over their medical records. Dave discovered several inaccuracies in his medical history because much of the information about his medical record was taken from billing records, which, for instance, only listed what test was run, not the outcome. As the Globe reported, "some doctors fear that inaccurate information from billing data could lead to improper treatment." In another case documented in Consumer Reports, a woman was denied insurance because of an error in medical procedure coding, which stated she had chronic obstructive pulmonary disease. She did not have COPD.
Although information security technology is available to block unauthorized access to medical records, security breaches happen all the time. The Privacy Rights Clearinghouse has kept track of every reported data breach in the U.S. since 2005 and in several cases the data compromised were medical records. In one instance, desktop computers were stolen from a medical clinic in San Jose, Calif. In another, 2,800 patient medical records were exposed online at Ohio State University Medical Center. In another Ohio case, 60,000 records were exposed. Records can be effectively secured, but because the market for digitizing medical records is nascent, a lot of new companies may jump into the market with varying standards, approaches and reliability. "There are going to be a lot of fly-by-night companies. There has to be real vigilance to make sure people are actually getting what they are paying for," said John Halamka, chair of the U.S. Healthcare Information Technology Standards Panel, as quoted in an article on Cnet.com.
Spying on Patient Records
Some breaches can merely be mischievous, such as hospital employees peeking at medical records of celebrities such as Farrah Fawcett and Britney Spears in California. But other breaches can be more serious. Privacy advocates warn that unauthorized access could lead to patient discrimination. An insurance company could deny coverage to someone based on what it finds in the person's medical records or an employer could decline to hire someone because of her health history.
Robert Mullins has been a technology reporter in Silicon Valley for nine years. He wrote for the Milwaukee Business Journal in the 1990s before transferring to a San Jose sister paper. He began his career as a newscaster for NPR stations in Wisconsin. He lives in the San Francisco area.