How EHRs will affect privacy

I just read CDW's "Elevated Heart Rates: EHR and IT Security Report" (PDF - giving personal information may be required). It looks like lots of people are concerned about the privacy implications of electronic health records. Here's how CDW's survey found that people thought that EHRs would affect the privacy of personal information and  health data:

Significantly negative: 9 percent

Somewhat negative: 40 percent

No effect: 24 percent

Somwhat positive: 20 percent

Significantly positive: 7 percent

So 49 percent, or almost half, think that the use of EHRs will have a negative effect on their privacy.

The other 51 percent are wrong.

We really don't quite know how to protect sensitive information in a cost-effective way yet, and this applies to EHRs as well as it does to other types of sensitive information.

National governments do a reasonable (but not perfect) job of protecting classified information, but they way that they do it is very expensive and doesn't work well when you're actually worried about things like costs and people being able to do their jobs efficiently.

Or you could just encrypt your sensitive information, but using that approach relies on having strong key management to support the use of encryption, and how to do interoperable key management securely and in a cost-effective way is still an unsolved problem. (This is why a big fraction of Voltage's R&D focuses on key management and lots of our products are really designed to make key management easier – we want to be the first to solve this problem.)

But in the absence of a good way to protect EHRs, we're definitely going to see them compromised. That's whey I get worried every time I hear people in Congress talking about EHRs as a good way to reduce the cost of health care in the US. They might actually allow some cost savings, but it would almost certainly also allow the disclosure of sensitive information on an enormous scale. So because the technology to adequately protect EHRs really isn't there yet, it probably isn't time to move to them yet. Let's work out how to address the privacy concerns first.

  • EMR

    An electronic medical record is not just a typed record of the patient encounter, but an extremely useful decision support tool. The data can be entered into the EMR via any of the two general mechanisms: direct entry by the physician using point and click templates or transcription of dictated notes.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *