|
Written by Larry Sobal, CEO, Appleton Cardiology Associates
For two decades people have proclaimed the transformation from paper-based health records to an electronic record as a BIG DEAL for healthcare. Going back to 1994, President Clinton announced that all doctors would use computerized records within 10 years. In his 2004, President Bush called for universal use of digital health records by 2010.
Both lauded what seemed obvious – that electronic health records are a way to simultaneously improve care and reduce waste in a system clogged with manila folders and disconnected servers where providers only have access to fragmented bits of important information. Automating health data claims to reduce medical errors, save lives and perhaps save billions of dollars in an industry that is being harshly criticized for its need to demonstrate all three.
The reality is that despite all the proclaimed benefits, 90 percent of U.S. doctors and more than two-thirds of U.S. hospitals still rely fully or partially on good ol’ paper medical records.
The reasons for the slow movement to digital are many and complicated. For the sake of simplicity, let’s just categorize them into four areas. First, healthcare is a colossal slow changing system. Second, the ROI is not clear to those who have to pay for it. Third, there is a lack of functional software.
The final reason, and the focus of this column, is a growing concern about how to manage and protect the security and privacy of digital records containing the most intimate of personal details.
Security breaches are an alarming trend and have occurred at the National Institutes of Health, Wellpoint insurance, Johns Hopkins Hospital, and many other prominent sites. Recently, 68 individuals at U.C.L.A. were implicated for inappropriately accessing personal information (i.e. Britney Spears health data). It makes me wonder how secure the data is for non-celebs like me?
The fact is it may not be. According to a patient security study undertaken by Kroll’s Fraud Solutions, between 2006 and 2007 hospital security breaches exposed more than 1.5 million names attached to personal health information.
Why do people want access to this information? It’s simple. The ability to obtain name, social security number, and date of birth (included in virtually all health records), is a potential gold mine for those with ill intent. The fact that there is often patient health and billing information included makes this data very vulnerable to fraud and abuse.
Yes , there are stringent laws against this. The Health Insurance Portability and Accountability Act (HIPAA), signed into law in 1996, addressed the maintenance of security and privacy of electronic (and paper) health data. This was a good start. And yet, in 2002 an amendment in the law allowed the medical and insurance industries to “use and disclose health information for treatment, payment and healthcare operations” – all without the person’s consent. Therefore, it legalized the necessary exchange of health information between organizations. No doubt this is necessary to transact health care business but it also greatly increases the risk of unlawful access.
What can be frustrating is while HIPAA allows extensive electronic transfer of data between organizations it does not allow access to individual health information to some individuals who sometimes may need it the most – namely family members or other physicians. Specific patient consent is needed to share that information. Go figure.
I think we can all agree that security and privacy are a major concern that needs to be addressed. And, in case you are wondering, Appleton Cardiology is still using a paper medical record. But don’t confuse my concern over privacy as opposition to automation. It is not a viable option for us to remain paper-based forever, or for others to go back to traditional records. This won’t solve the problem since there are still many security issues associated with paper. However, until better systems for security emerge (among other things), the movement to digital will proceed slowly.
|
