The Economist has posed this statement concerning medical privacy and electronic health records: “This house believes that any loss of privacy from digitising health care will be more than compensated for by the welfare gains from increased efficiency.” The moderator says: “Britain’s health system is undergoing a painful and costly process of digitisation. Thanks to some $30 billion of federal subsidy from the Obama administration to come over the next five years, so too will America’s. Many other countries are watching. Consumer advocates worry that if the move is rushed, patient privacy will suffer. […] Supporters argue that health information technologies have advanced to the point that such concerns are vastly overblown.”
The magazine has asked for public opinions at its site, and it published two opposing viewpoints from experts. On one side is Peter Neupert, corporate vice-president at Microsoft Health Solutions Group; on the other is Deborah C Peel, founder of Patient Privacy Rights and leader of the Coalition for Patient Privacy.
But first let’s acknowledge that the status quo is not really an option. The health economy must move into the digital age, not to drive increased efficiency per se but to improve value. The Institute of Medicine (IOM) Roundtable on Value and Science-driven Healthcare defines value as a function of quality (improved outcomes/life years) compared with costs over time, whereas efficiency is often focused on achieving more volume with the same or fewer resources. […]
To date, what we have essentially done is digitise our existing systems—that is, take what we did on paper and make it electronic. As a result, our current system has been built primarily around providers, insurers, the government and employers—not around consumers. So the data related to my hospital visit is owned by the hospital, and the medical information my primary care physician (PCP) has collected about me stays with that organisation, even if I move to another PCP or another city. But if we want effective electronic health records, the information needs to move with the patient and not stay locked in separate institutional silos that make it hard to get a comprehensive, longitudinal view. While many in the industry understand this and are moving in this direction, the pace remains very slow.
We need to give patients control over their own copy of their health data. Consumers must trust that the organisations they are engaged with are accountable and will respect—and protect—the privacy of their data. Trust requires transparency, control and security. Transparency helps people understand how their data is used. Control helps people manage their data effectively. Security can give people the confidence to adopt health IT innovation. For trust to exist, patients must have access to their records and the ability to decide who can see, use and share their information and to end a sharing arrangement when they choose.
Control also means allowing consumers to opt into or out of the world of digital health care. People have different levels of tolerance for risk, and their circumstances mean they will get different levels of benefit from sharing their health data with stakeholders across the system. Similar to online banking, where industry watchers estimate that approximately 59% of American adults do some banking online, this is not a one-size-fits-all approach. Many of us cannot imagine living without the convenience of conducting financial transactions online, but others have decided that the value does not exceed the risks and challenges they perceive.
I reject the false dichotomy between protecting patient privacy and obtaining public health benefits. We can protect the basic right to personal privacy for patients and simultaneously reap the incredible benefits of electronic health records (EHRs) for enhancing efficient delivery of medical services, improving quality of care, accelerating research and enabling rapid public health response to epidemics. […]
There is clear evidence from the Veterans Administration and Kaiser Permanente that EHR systems can achieve tremendous cost-savings and improve quality of care. But there is also clear evidence that solutions like electronic consent systems for mental health and substance abuse treatment can empower patients to selectively share data for specific purposes and prevent secondary uses of data without new consents; and electronic consent systems like Private Access can enable researchers to access data with consent, helping them quickly find appropriate subjects for clinical trials. Rather than creating barriers to data flow, electronic consent tools solve the problem of how to enable data exchange and promote research by facilitating legal data sharing and ethical research.
There are strong indications that the social benefits of EHR systems will be blunted unless comprehensive and meaningful privacy protections are built in upfront. Survey after survey indicates that Americans care deeply about health privacy. More significantly, Americans make decisions that put their health at risk to keep information private. […]
We need to reframe the debate and focus on the state of health technology and privacy, then debate about solutions that protect privacy while reaping the benefits of technology. Some parts of the solution are easy: we need to build secure and trusted electronic systems that use innovative privacy-enhancing technologies to put patients in control of sensitive health data. Then we can selectively share information with those we trust for treatment and research, while preventing records from being sold or used to discriminate against us and our families in jobs, credit and life’s opportunities.