Sunday, March 13, 2011

Healthcare Privacy - Why are patients afraid

There have been a few articles lately that point out that surveys of patients indicates that patients are worried about the privacy of their data as doctors start to use EHR technology more often.

What Type of Impact Do U.S. Adults Believe EHRs Will Have on the Privacy of Health Data?

Forty percent of surveyed U.S. adults think that electronic health records will have a "somewhat negative" effect on the privacy of personal information and health data, while 20% believe EHRs will have a "somewhat positive" impact on the privacy of personal data, according to a new survey from CDW Healthcare.
My view is that the reason why they get this answer is because of the way they ask the question, but more specifically because everyone fears the unknown. There is very little evidence that the move to EHR will result in more privacy violations. YES, there is some evidence, and when it happens it is usually large amounts of patients that have been violated or very specific high value patients. But these kinds of things happen, and is it really made worse by EHR or even HIE? I think it is, but don't think that is the problem.

Here is a good skeptic post on HISTalk
From Tobias: “Re: privacy and security. Local and state legislatures are afraid of HIEs and other electronic data because they perceive that because data is electronic, it will be easier to hack. I’m curious if you have any data or can use your network to find any that speaks to this.”

There is good reason for patients to worry. With financial breaches, the bank is compelled to limit the damages. This is offset by the banks through technology that makes revocation of credentials fast and effective, but also through managing the likelihood of the risk through the use of insurance. These same factors simply are useless in the case of health data. First, there is not equivalent regulations on those that do the breaching to make the breached individual whole; yes there is some weak regulations and I am happy that HHS is posting the big offenders.  Second, there is no way to revoke the health information. Health information is facts (or observations) made about the patient. These facts can't be revoked. So, there is not really any way to fix the problem after the fact.

There are actually some really important Privacy factors that only can happen with EHR use. This is the Privacy factors of Access to their health data and the factors of providing their preferences. These could be done in the paper world, but they are so expensive there that I will assert that these will only happen as we move to an EHR.

There is also simply too much FUD (Fear Uncertainty and Doubt). Much of this FUD is based on true and realistic concerns. I am just worried that we are being overly concerned, without a track record of true harm. I am not saying that we should let things happen so that we can observe privacy violations in the wild. I am simply saying that naturally those patients participate with EHR, PHR, and HIE; that can see a benefit that THEY see is more helpful than the RISK. Those that are not convinced should be allowed to not participate, or be flagged as being very concerned.

For example Army Mental Health Providers Not Entering Data Into EHR System


  1. Situations like the NHS practices ( can encourage the FUD.

  2. The HISTalk statement is tautological and therefore meaningless. Of course EHR's are easier to hack than paper records. I think that the distinction that is fumbling towards recognition is the difference between the locally controlled medical record and some form of inter-operable health record. The former (EMR) can be controlled by the physician or clinic, and standard security controls can be applied to ensure patient/doctor control of the record. The later (EHR) puts data into the wild and out of the control of the local relationship. Since it is the local relationship in which trust is vested, at least some reasonable portion of the expressed fear is related to loss of control over the flow of personal health information. This is, I would argue, a loss of patient autonomy and therefore an ethical as well as a technical challenge. With patient data being a rich field for research and commercial exploitation, there will be continuing friction until both the technical and ethical challenge of patient control over their own information is met.

  3. When properly educated on the risks and benefits of HIE, 95% of patients opt-in to participate (reference: Massachusetts eHealth Collaborative's experience in North Adams). So what that means is that 5% of patients get their peace of mind knowing that they have absolute control over who sees what of their PHI, while 95% of patients get their peace of mind knowing that when they show up in an ER or a specialist's office, their treating physicians will have all of the information they need to provide optimal care. We need HIEs (e.g. federated architectures) that seamlessly accomodate the 95%, and overlayed alternative mechanisms (like Direct) that accomodate the remaining 5%.

    Larry Garber, MD
    Vice-Chair MAeHC
    Medical Director for Informatics
    Fallon Clinic/SAFEHealth

  4. John, I am not sure that an EHR is any easier than a Physical Medical Records department for a malicious motivated and funded individual.

    I also disagree that an EHR - by definition - takes control away from the local doctor/patient relationship. This is a choice that is made, not something that is a given.

    And my point was that I think the controls COULD be put in place, and that those willing to take the risk should be allowed to take the risk. We can not block progress waiting for perfection.

    We should carve out the special cases and allow them to NOT share; while enabling those that WANT to share and WANT to allow their data to be used for research.

  5. Larry, great point. I also noted this very positive experience back in December 2009 about Rochester RHIO in New York

    Informing the public with facts and clear options.

  6. John;

    I agree that both a local EMR and a local Records Management department can be compromised. Only the former can be 'hacked'. It's a grammer thing.

    On the EHR, I agree that it is theoretically possible for the patient to have positive control and the possibility of full reporting on who has accessed their PHI, and in what context, in a properly designed and implemented EHR. So I agree that an interoperable EHR system does not, by definition, increase privacy risk. In fact, I applaud the efforts in the standards community to embed privacy wherever possible. The Standards Council of Canada has representation to the ISO - which is working on some of these very issues. That being said, I don't believe that it is a realistic expectation for any actual instantiation of a large scale EHR system to be as privacy protective as the individual systems in supplants/overlays/enhances. First is the cost. Second is the cultural resistance to relinquishing control in many of the participating communities. Finally is that there are overriding authorities that may make technical decisions moot. I refer you to this case from Europe on the question of consent and local committments being overridden: I'd love to be proven wrong, but I suspect I won't be.

    There are also other issues around healthcare funding and relationships to improved health outcomes, but those are less IT related, and should be discussed when/if we next meet. Such a discussion will have to involve beverages.