Sunday, April 02, 2006
Guest Columnist—I really don't want them to know about my hemorrhoids
By Spyros Andreopoulos
Despite a strong push by the Bush administration for the majority of Americans to have computerized medical records within 10 years, I am not sure I want the attending privacy risks.
I don't believe the hype dished out by our government that the odds of my survival after a heart attack would improve because the emergency-room computer would let the doctor connect to the Internet, type in a password, and within a few clicks, view my medical history and begin treatment. Those who write this fiction have never seen a real emergency room in operation.
I cannot deny the positive benefits for public health in having medical records computerized. They make it easier to track diseases and side-effects of prescribed medications. They can prevent redundant invasive procedures, X-rays, MRI and CT scans and blood tests. Universities, where most clinical trials of new drugs take place, have access to data for research. Billing is more efficient, and bad claims are caught more quickly. If an individual is insured or gets sick in another part of the country, that person's medical history is readily available to another doctor or hospital.
But I am wary at the thought of my medical history floating in cyberspace because we have no system to guarantee protection from hackers, insurers and drug-company marketeers.
I am also concerned because this new development is going ahead without adequate public participation. According to a 2006 survey by Health Industry Insights, a market-research firm, most respondents (70 percent) are unaware of the federal government's initiative to make electronic medical records available.
Another concern is cost. One estimate places it at $250 billion, to be offset by economic benefits of an estimated $700 billion that critics consider over-inflated. But these savings, spread over a decade, would go to the insurance industry, while the actual costs of implementing the system will accrue to doctors and hospitals. The new computerized system at Lucile Packard Children's Hospital in Palo Alto, for example, soon to go online, will cost $150 million.
The deployment of the new technology is also expected to create havoc among physicians with small practices who do not have the know-how, the management staff or capacity to re-engineer their practices according to the wishes of government bureaucrats in the same way as large group practices.
Experts doubt the government will succeed without committing tens of billions of dollars. There is no real sign the Bush administration will provide anything even remotely close to that sum. In Britain, the government's adoption of a similar goal is succeeding because it is driven by a single-payer system funded with an extra $10 billion in government contracts and enforced by mandated computerized standards applying to all hospitals and doctors. Approximately 95 percent of the doctors in the United Kingdom now use computers in their practice, as do most doctors in Sweden and European Union nations compared to a measly 20 percent in the United States.
There was a time when medical records were kept on paper in file cabinets of hospitals and doctors' offices. As electronic records gain ground, insurance companies and HMOs require detailed accounts of patient treatments and expenses to stem health costs. Previously, they asked only for basic information on diagnoses.
The chances for misuse are also greater. Employers could use the information to exclude applicants for employment due to medical history, and insurers to refuse insurance to those who are sick or have genetic predisposition to illness. The pharmaceutical industry is organizing conferences to explore how to "mine" information from electronic records for secondary purposes, including selling services and drugs to patients.
Let's not forget hackers and pranksters. Six years ago, a hacker downloaded thousands of confidential files from the University of Washington in Seattle containing patients' names, health conditions and Social Security numbers.
Polls suggest that 70 percent of Americans fear that there could be more sharing of patients' medical information without their knowledge; computerization could increase rather than decrease medical errors; some people would be reluctant to disclose information to doctors because of worries that it will go into their records, and existing federal protection rules will, in time, be relaxed in the name of efficiency.
Such fears are not without foundation. Last December's issue of Pediatrics reported, for example, that mortality rates for pediatric patients at Children's Hospital of Pittsburgh increased to 6.5 percent after the implementation of a computerized physician order-entry system, intended to prevent medication and patient management errors. While this finding does not mean causality and may have an explanation, it has stirred debate publicly and in cyberspace.
In the mid-1990s, Congress passed the Health Insurance Portability and Accountability Act (HIPPA) to protect patients from privacy violations. The regulations are full of loopholes and Congress may need to tighten the law's provisions. Under HIPPA, health-care providers have the right to process your insurance claims, discuss your case and send data about you to other specialists, respond to requests from public-health authorities, law-enforcement agencies, and your employer if you are injured at work, and send you fundraising materials. While these provisions may appear reasonable, HIPPA also allows health providers to share information with health-care business associates for the purpose of training their personnel. HIPPA gives patients the right to restrict uses of their medical information. Providers or health plans, however, are not obligated to agree to the restrictions if they state so in their privacy notices that patients sign when admitted for treatment. This is why patients must read the fine print carefully before signing.
Dr. David Brailer, appointed by President Bush to coordinate the move to electronic medical records, is a former software company CEO. In his public statements, he acknowledges the mind-boggling complexity of information systems, but with refinements and proper security systems, he believes electronic records can be made to work and be more secure than paper records.
If patient information moves successfully from paper to the computer, as its champions hope, the door to privacy abuses will swing wide open. One suggested solution is to give patients the right to work with the doctors to decide what is included in his or her record. A small step to be sure, but if the law and doctors were to give patients this amount of empowerment and autonomy, the doctor-patient relationship will have come a long way.
Spyros Andreopoulos is director emeritus of the Office of Communication and Public Affairs at Stanford University School of Medicine. Used with permission
And thank you, Spyros.
From: Technology and Privacy / Keeping snoops out of our health files