Give Me (Secure) Electronic Health Records, Or Give Me Death
Posted by Peerapong Tantamjarik
In a recent poll conducted for the Markle Foundation, an information technology policy organization, over 70% of Americans favored the use of electronic health records that can be accessed over the internet. The poll results have made national news. President George Bush has called for nationwide paperless health records by 2014, and the survey reports that four in five Americans (80%) believe that if physicians kept electronic medical records on their patients, health care quality would improve and medical errors would be reduced, because authorized doctors would be able to retrieve a patient's medical history in a matter of seconds. An equal number (81%) believe that the ability of researchers to review millions of records anonymously to determine best treatment practices would help all doctors improve the quality of medical care.
Yet despite the high levels of support for electronic health records, privacy and security safeguards appears critical to ultimate acceptance. More than three out of four Americans (79%) say making sure their records could be shared only after they provide permission is a priority. And there is no lack of public debate by privacy advocacy groups on the need to ensure privacy of electronic health records. The question then becomes, Are we ready to adopt electronic health records and all of their perceived benefits even if there is not total confidence in privacy and security? More to the point, do we actually achieve higher levels of privacy and security by moving to an electronic record?
A recent speech given by Dr. David Brailer in April 2005 at the Commonwealth Club of California (audio transcript available here) makes an important point that electronic records may actually be more secure than the old fashioned paper records. As Dr. Brailer stated, "If your information was not secure on paper, how would you know?" The point he makes is that if somebody accessed your paper records, it's possible that there would be no record. Electronic records, on the other hand, leave a digital trail of who has accessed the record. Not only that, but the authentication required to see electronic health records would allow patients (and investigators to a breach) to know who was peeping. Also, paper records have the potential to be lost and mishandled through human error, almost an inevitability, and if lost, cannot be tracked. It's not as controllable as an electronic system. This is not to say that the electronic health record system would be hacker-proof, but given that we conduct other highly confidential activities over the internet (banking, pay bills, e-mail loved ones), how much privacy and security must we insist on before adoption of electronic health records becomes expected? As Dr. Brailer noted, "There are challenges, but we have a much better bet today with electronic information being protected, and it will get better and better."