The New York Civil Liberties Union has released a report (NYCLU pdf; archive pdf) concerning patient privacy and electronic health records (also known as health IT programs) in New York state. From the introduction:
Electronic health information technology is transforming the health care system as we know it. Like many aspects of our lives, the medical office is going online. Doctors, health systems, insurers, care coordination systems, regulators, governments and patients themselves are demanding electronic access to health records. Near instantaneous sharing of information between and among health care providers promises significant benefits to both doctors and patients, including greater coordination and efficiency in service delivery, reductions in medical errors and misdiagnoses, and convenience. These benefits are also likely to improve the efficiency and effectiveness of the health care system more broadly.
However, this step forward poses significant risks. Easily shareable electronic records threaten patient privacy, and can lead to security breaches, misuse of information, and most importantly, loss of patient control over confidential and sensitive health information. This threatens the confidential communication between doctors and patients that has been a bedrock principle of modern medicine. Confidentiality ensures that patients seek out care, and that they are open and honest with their providers. Fully informed by the totality of a patient’s circumstances, providers can render the best care possible. Patients who fear a loss of control over their private medical infor- mation may lose faith in their doctor—and in the health care system. They may fail to share critical information with their treating providers or they may avoid treatment altogether. […]
A growing information-sharing network, guided by the New York eHealth Collaborative, a public-private partnership funded by the New York State De- partment of Health, has invested more than $840 million towards developing health information exchanges, or HIEs. A dozen existing HIE networks will eventually permit providers and payers to gain access to a patient’s aggregated medical records in New York State and, ultimately, connect New York’s HIEs with a national network.
The state has endorsed a set of privacy and security policies and procedures for the implementation
of health information exchange. But these policies have significant flaws that pose challenges to the integrity of electronic record-sharing in New York State. Most significantly, these policies do not allow for patient control over the inclusion of their health information in the network. In addition, the technological infrastructure used by the state’s HIEs represents an all-or-nothing approach: Once a patient consents to allowing a provider to gain access to his or her medical records, the provider sees everything that was ever entered into the network about that patient, regardless of whether the information is relevant to current treatment.
he New York Civil Liberties Union supports electronic sharing of medical records, but takes the position that patients must be able to control who has access to their medical information. Patients must also be assured that those who do have access receive only information that is relevant to their treatment. Otherwise, those in need of medical care may be reluctant to seek it or to give providers consent to review their medical records. Patients will have confidence in the state’s approach to electronic health information exchange where vigorous informed consent requirements and specific limitations on information-sharing protect sensitive information and ensure individual control of personal medical records.
Read the full report for the NYCLU’s recommendations on how to protect patient privacy with electronic medical records.