Do electronic health records leave patients at risk?
If you’ve seen a doctor recently, you might have noticed something different. Thanks to recent changes in federal law, chances are good your health care provider has switched over to electronic health records (EHRs) instead of old-school paper charts. The Affordable Care Act of 2010 mandated that all U.S. health care providers convert to electronic patient records by 2014 or face stiff financial penalties, while the American Recovery and Reinvestment Act of 2009 included strong financial incentives for providers to adopt EHRs early.
While the national switch to electronic health records will likely lead to fewer medical errors and lower health care costs in the long run, it also creates a host of dilemmas, according to Alex Kadrie, PhD, MHA, CMPE, lead faculty and mentor in the Health Administration program at the University of Phoenix Houston Campus. Kadrie also has more than 25 years' experience in executive-level health care administration at academic health care institutions.
“The EHR movement has existed for 10 to 15 years now, but we’re only now seeing the implications of widespread adoption,” says Kadrie. “And there are still a lot of unknowns. The biggest concerns I hear from health care administrators I consult with these days are regarding ethical implications of electronic health records.”
“EHRs are great in that they give patients instant, portable access to their medical records — they can even download test results to their smartphone,” Kadrie explains, adding that the pitfalls include increased opportunities for hacking and system breakdowns. “If there are no backup records when the system is down, that will impede patients’ access to their own records,” he says. “And some patients may not want their EHRs to be shared, not even among physicians who are treating them.”
Health care providers have been scrambling to ramp up the technology side of EHRs, but are ill-prepared for some of the more sinister consequences of this technology, according to Kadrie.
“We really have not done a good job of planning for how people can misuse EHRs,” he explains, expressing concerns that internal staff could access them improperly. “Not all privacy breaches are due to hackers. We have seen cases where outside entities have approached hospital staff and paid them to access and release confidential patient information improperly, whether it’s employers snooping on their employees’ medical conditions, or tabloid newspapers wanting information on celebrities. We have to create effective safeguards within the system to protect against this.”
Facing the high upfront costs of implementing EHR systems, some health care organizations are looking for ways to monetize patient record data, which leads to a host of ethical dilemmas, according to Kadrie. “Some organizations are selling data mined from their patient records, which creates serious ethical concerns even if they’ve removed all identifying information from those records,” he explains.
“Some states have gone so far as to ban this practice, but there is no national standard. I think the next step for policymakers should be to adopt one national standard regarding patient data privacy.”