Don’t let privacy fears slow EHR adoption

by on

Eric Demers of MedecisionWhenever the subject of healthcare privacy catches the national spotlight, you can bet that it will soon be followed by a debate about whether or not it’s safe for people to actively participate in their own healthcare through the use of EHRs, clinical summaries and health information exchanges.

While there have been security breaches in the past, it’s very important that Americans have all of the facts. There are unfortunately people in the world who are going to try to illegally obtain and misuse private health information, and I agree that we need to be vigilant and proactive in incorporating and reinforcing the highest security measures. I believe Office for Civil Rights Director Georgina Verdugo’s new plan can make a difference if she and her department follow through with enforcement.

We shouldn’t allow overreactions to misperceived weaknesses in EHR security to thwart progress. It’s too important for the healthcare system and, ultimately, the American economy. It becomes a matter of what’s more dangerous: the potential misuse of information or simply not using information at all? Is the privacy of an overwhelming minority of people more important than safer, more efficient, more affordable and potentially life-saving healthcare for the overwhelming majority?

Frankly, only the highest profile members of society (celebrities, athletes, etc.) stand to actually be negatively impacted by an unlikely EHR privacy breach. With that in mind, the question of whether we value the privacy of information more than its potential to help us lead healthier lives takes on a much more compelling perspective.

Without question, we must make ensuring privacy a top priority in any plans to implement EHRs. I’m confident that we as an industry can do so and, in fact, I think the OCR’s stronger controls are on the right track.

Ultimately, no EHR is going to come with guaranteed safety, but I would argue that the risk level is the same or less than that associated with online retail and banking transactions. The public needs to understand this. It is up to those of us in the industry to ensure that the facts are clear and readily available. Hopefully, the media will choose to report all—not some—of them so that Americans can form opinions based on complete information.

This post was submitted by Eric Demers.

VN:F [1.9.7_1111]
Rating: 0.0/10 (0 votes cast)

This post was submitted by Eric Demers.

VN:F [1.9.7_1111]
Rating: +2 (from 2 votes)

{ 3 comments… read them below or add one }

Steve Gantz September 21, 2010 at 7:03 pm

I would agree that, when available security mechanisms are actually implemented and configured correctly, the risk of loss of confidentiality or integrity for electronic health record data is commensurate with online retail or banking. But if a consumer’s data is stolen in those domains, there is typically very little loss incurred (with the obvious exception of cases where the stolen data enables identity theft), because laws and business practices in e-commerce and banking mean that the businesses shoulder all the financial burden, so the customer is rarely if ever hurt out of pocket. This is not the case for health data, or more importantly perhaps it is not perceived to be the case, as people seem to take think the loss or theft of their medical record data is much more dire than losing some personal financial information. Also, the personal data associated with retail and banking transactions is not nearly as sensitive (to most people) as their health data is – it’s trivially easy to change an account number, get a new credit card, or restore stolen funds. What this may mean is that EHR vendors and health care users of health IT may need to convince people that health data privacy and security protections are more robust or provide better protection than controls in situations with which they are already familiar.


Anne Zieger September 21, 2010 at 8:31 pm

Steve, thanks for your comments. What it comes down to, for me at least, is that EMR vendors should devote at least part of their budget to direct-to-consumer marketing which emphasizes EMR safety, data privacy and security. In other words, I think EMR vendors should take a page from the pharmas.

For what it’s worth, I vaguely remember GE’s Centricity brand doing some DTC advertising, but otherwise such outreach is notably absent. Has anyone else seen EMR vendors reach out to the public?


Health Advisory October 28, 2010 at 8:49 pm

my God, i thought you were going to chip in with some decisive insight at the end there, not leave it with ‘we leave it to you to decide’.


Leave a Comment

Previous post:

Next post: