Spread of electronic medical records raises privacy concerns

Computerized files are seen as a way to improve care and save tens of billions of dollars in health costs, but doctors and advocacy groups have raised concerns about the risks of exposing detailed personal health information. In particular, doctors worry that insurance and drug companies could manipulate the records to affect decisions on patient treatment.

MedChi, which represents more than 22,000 Maryland physicians, recently announced that it was the first medical society in the nation to pass a resolution calling for state-level legislation to ensure that doctors retain responsibility for treatment decisions and that medical records are made available on a neutral platform that does not advance any commercial interests.

"As we implement the system, we want to make sure the data remains the patient's data and is private," said Gene Ransom, MedChi's chief executive officer.

The establishment of electronic medical records is a major part of national health care reform. The Obama administration set aside nearly $19 billion in stimulus money to establish electronic records for all Americans by 2014. The records would include a patient's history as well as guidelines and the latest medical research and treatments for diseases.

Health officials acknowledge that privacy issues will arise with digitized records.

"In the electronic arena, there is a need for more oversight and constraint," said Rex Cowdry, executive director of the Maryland Health Care Commission.

Maryland passed legislation last year to encourage doctors to adopt electronic medical records. The legislation called for the creation of a state exchange that would link all of the state's doctors, hospitals and medical labs. That exchange, which Cowdry's panel is implementing, started on a limited scale this month.

The state agency is hammering out policies to protect patient privacy. In addition, the organization tasked with running the state exchange, the Chesapeake Regional Information System for Our Patients, has guidelines that anyone who uses the exchange must follow. For example, a doctor could access the records of a patient he is treating but could not spy on his ex-wife's health history.

"We treat privacy as imperative to success," said Scott Afzal, program director of the regional information system, a nonprofit collaboration among Erickson Retirement Communities, Johns Hopkins Medicine, MedStar Health and the University of Maryland Medical System. "If we lose the general patient and consumer's trust, this won't be successful."

Privacy of patient medical records has long been a concern of the health industry and government. The federal Health Insurance Portability and Accountability Act sets guidelines on what information can be shared.

There are risks even with paper recordkeeping. But electronic records shared among many medical institutions heighten that risk because the data becomes more widely available, and computer systems could be hacked.

"Their private records could end up in the hands of someone they don't want to see it," said Melissa Goemann, legislative director of the Maryland chapter of the American Civil Liberties Union. "People could steal records and try to get Social Security numbers. There are all kinds of invasion-of-privacy issues."

Some of the policies the state is considering would enable patients to limit which doctors see their electronic medical records or to opt out of the system altogether.

"A person could call up and say, 'I don't want any of my information queried, even if I am in the emergency room,' " said Cowdry of the Maryland Health Care Commission.

The commission's policy group is also looking at ways to ensure the identity of those authorized to use the system. It would likely require more than a user name and password to sign into the system.

But concerns persist.

MedChi is worried about electronic systems owned by insurance and drug companies that would feed into the state exchange. The medical society wants to prevent insurance companies from using the records to bolster arguments for denying treatment because of costs. MedChi wants state legislation aimed at preventing drug and insurance companies from influencing medical care.

For instance, an electronic system owned by a drug company might recommend its drugs for treatment of certain ailments, the doctors' group contends. It recommends that clinical information available to the exchange be provided by a third party or academic institution.

The group also wants immediate responses from insurance companies on prior-authorization requests to prescribe certain medications or perform procedures - a process that now can take days but that could be accelerated with electronic medical records.

"We need to make sure we protect the privacy of the patients and that the recommendations the doctors are getting are represented in an unbiased fashion," said David Hexter, an emergency physician at a Baltimore community hospital and president of MedChi.

Michael Sullivan, a spokesman for CareFirst BlueCross BlueShield, the Baltimore area's largest insurer, declined to comment on MedChi's resolution. He also agreed that electronic records would promote better care.

The insurer has supported electronic record initiatives, including contributing $1.5 million two years ago to develop digitized records systems for LifeBridge Health and several clinics throughout Maryland.

"CareFirst firmly believes that health information technology will play a key role in improving the quality and efficiency of care in the years to come," Sullivan said. "We recognize that technology can be used to streamline the many interactions between insurers and physicians, and we are working to do just that."

P-B Health Home Care Agency in Baltimore has used a handheld electronic medical system for several years. Nurses and other staff can enter patient information during a visit and then automatically download it to the system. The agency doesn't currently plan to join the state exchange but might do so in the future.

Matthew H. Bailey, chief financial officer for the company, said that like paper records, it's impossible to make electronic records 100 percent secure and pointed out that security problems also exist with paper records if they aren't destroyed properly or kept out of public view.

"If you want to prevent having these problems, electronic records is the way to go," Bailey said. "The cost is higher, but the cost of not doing it is so much higher than that."

There are safeguards in place with P-B's system. Information can't be e-mailed through the system, only downloaded. The information is encrypted when it is downloaded. And physicians can access data only on their patients.

Maryland's exchange also has incorporated some protections. It is on a decentralized computer system so that all information is not stored in one place. Electronic systems track each instance that someone looks at a medical record. For now, the exchange is limited to lab, radiology and other test results until policies are adopted on privacy safeguards.

But as the system becomes more widely used, even those who worry about privacy implications say digitized records could lead to huge strides in medical care and efficiency.

"If you show up in an emergency room, you are better off if your data is available," Cowdry said. "It's a balancing of the interests that is crucial."

(c) 2010, The Baltimore Sun.
Distributed by McClatchy-Tribune Information Services.