Jamie Court, president of Consumer Watchdog, has pushed the patients’ rights movement in the United States for more than a decade by sponsoring successful laws in California. As part of his work for the California-based nonprofit, Court is closely watching Google’s and Microsoft’s entry into the electronic medical records field. He spoke with The Plain Dealer about patient privacy and his concerns in the digital age:
How private are electronic medical records, especially those provided by companies like Google and Microsoft?
If they are at your doctor’s office or a hospital, these are all systems that are pretty protected. There’s always the risk of theft, but that’s a remote risk. But what worries us is if you put your medical records on a Google server and you agree to share it with the wrong person, like the wrong vendor, then you’re in trouble. Most people probably don’t realize it’s dangerous. You just don’t want medical information floating out there on a cloud.
Are there uniform standards or minimum standards for electronic medical records?
There are some protections in the Health Insurance Portability and Accountability Act of 1996, or HIPPA, and there are some in the new stimulus bill.
But several key protections are still missing:
The prohibition on the sale of medical records is weak and full of loopholes. It also doesn’t apply to vendors, such as Microsoft or Google. Both companies have agreed to contracts that say they won’t release your information, but there is no law mandating that they don’t sell the information.
The breach provisions requiring companies to notify patients when electronic medical records are accessed does apply to Google and Microsoft. However, there are safe-harbor provisions that let companies off the hook from the notification requirement if the breach occurred in "good faith."
The federal law on the books only requires that patients are notified when their information was disclosed in the course of treatment but not how it was used. As a result, the patient will not know which hospital personnel looked at the information or for what purpose — so you won’t know if a nurse reviewed your file to look up drug allergies or whether the hospital’s fund-raising office reviewed the record for the purpose of requesting a donation.
Will a patient have control over his or her own electronic medical record?
You don’t have control over your medical records to the extent that you can change them or strike damaging information. But you should be able to get copies of them. You have about as much control over an electronic medical record as a paper record. But remember, it’s easier for an electronic record to fall into the wrong hands.
Do the benefits of electronic medical records outweigh the risks?
There are big benefits, like if you’re in an emergency room on vacation it would be nice to have someone be able to pull up your records and know that you are allergic to penicillin.
Electronic medical records can also help with integration of care and avoidance of medical mistakes.
It will also save a lot of money by preventing errors and it will help make medical billing more efficient.
To reach this Plain Dealer reporter: [email protected] or 216-999-4255.
Tue, Mar 31, 2009 at 9:48 am