A federal panel selected to make recommendations to the government about how best to convert paper medical records to electronic format is being criticized for having no privacy advocates as commissioners.
Instead, the critics say, the 16-member panel is comprised strictly of industry representatives and government officials – a sign, they believe indicates a potentially harmful inattention to patient privacy.
The panel, formally known as the American Health Information Community, was appointed by Health and Human Services Secretary Mike Leavitt earlier this week and is “charged with advising the secretary on how to make health information digital and interoperable.”
The panel’s formation is part of President Bush’s push to digitize patient health care records over the next decade, so that “patients, doctors, hospitals and insurance companies will have access to vital and confidentiality-protected medical information immediately and efficiently, helping to reduce medical errors, improve quality, lower costs and eliminate paperwork hassle,” the department said.
“The president has set a national goal to move health care from the paper age to the information age, and the American Health Information Community will help guide this transformation,” says Leavitt. “My aspiration is for the Community to provide stakeholders with a meaningful voice in a federal process that will ultimately shape health care for generations.”
But privacy advocates say digitizing medical records actually will hinder patient confidentiality rather that enhance it, despite the government’s claim to the contrary. To support their argument, they point to several incidents such as the profound privacy violations of Choicepoint, Bank of America, Visa and others over the past few years where computer hackers have gained unauthorized access to scores of databases containing the personal, financial and business-related information of hundreds of thousands of Americans. In some cases, that stolen information later was sold to third parties.
President Bush, however, in his 2004 State of the Union address, called on doctors and hospitals to digitize medical records within 10 years, dumping long-used paper files in an effort to save billions in health care costs – which, he said, are rising exponentially and burdening American consumers and companies that provide health insurance to employees.
In a speech at the Cleveland Clinic in Cleveland, Ohio, in January, Bush cited government research that said converting to electronic records could reduce costs by much as 20 percent.
Electronic records can “help change medicine and save money and save lives,” he said.
But critics dispute those points. And they note paper records offer much better privacy than databases that can be hacked and mined for sensitive information.
Marc Rotenberg, president of the Electronic Privacy Information Center, or EPIC, says it’s unclear whether the federal government has made improvements in securing its own databases. But he adds there is definitely a real danger of information theft.
“Certainly, we’ve become enormously dependent on electronic networks to disseminate a whole range of information, and we’ve also learned in the past year . . . that a lot of the financial networks, in particular, are not secure,” he told WorldNetDaily. “So I think there is the very real concern that if criminals and hackers have access to medical record databases as they seem to have obtained access to financial record databases, there is a very serious privacy risk.”
Jane Orient, M.D., executive director of the American Association of Physicians and Surgeons, said digitizing medical records in the private sector wasn’t necessarily a problem, but having a “standardized” system managed by Uncle Sam would be disastrous.
“If they try to impose a national standard, it’s going to lead to chaos,” she said in an interview, “and it’s probably going to make medical records even more unintelligible than they already are, and much less accurate.”
In what could be a precursor to the administration’s plan to digitize all medical records, the federal government has made the records of Hurricane Katrina victims available online to doctors, the Washington Post reported this week.
It’s the first time pharmacy and physician health records have been placed into “centralized databases,” the paper said. Beginning last Tuesday, doctors were able to use the Internet to obtain information on some 800,000 storm evacuees.
“We think this could help save some lives,” Dr. David J. Brailer, coordinator of health information technology for the Department of Health and Human Services, told the paper.
Currently there are no federal regulations requiring a patient to give consent before their medical records can be shared for medical purposes.
The so-called HIPAA medical “privacy” rule removed patient consent for access to medical records for most purposes and substituted “notice” instead, in which the government and health care providers tell, rather than ask, patients who will have access to their private records.
And though some states have strict rules regarding the swapping of medical information, the paper said those states waived their rules for Katrina evacuees.
Orient of Tucson, Ariz., disagreed on the potential lifesaving aspects of the plan.
“Maybe it would be nice to have their old medical record, but what’s in their record has nothing to do with what happened to them five minutes ago, which could make everything [in the record] irrelevant,” she said.
She added that while having some information, such as knowledge of any medicinal allergies, would be helpful, doctors would still have to treat acute conditions the same way, whether they had a medical record in front of them or not.
Still, Brailer said privacy was a top concern, stressing only hospitals and medical personnel actually treating evacuees and victims would have access to their records.
Rotenberg noted it’s vital any medical records databases be adequately protected against theft.
“That might include, for example, ensuring encryption when data is transmitted; audit trails to ensure only that only the appropriate people have access to the information; a heightened transparency for the data subject, so that he or she can see the information that’s being kept,” he said.
It was unclear what sort of electronic protections were being taken by the government to ensure storm victims’ records were secure.
Orient said government-run systems usually are inefficient and more expensive than those in the private sector and that federal officials often adopt “a one-size-fits-nobody” approach.
“This idea that, if we just had electronic medical records it would solve all our problems, is just so bizarre and so ridiculous and so completely unsupported by evidence, that it just astounds me … ,” she said.
Adoption foregone conclusion?
Robin Kaigh, a New York lawyer who has tracked medical privacy issues for years, says despite efforts of privacy advocates, such experts and specialists are conspicuously absent from the government’s newly created commission, even though government officials routinely voice concern about the security of government-housed databases.
“That has been the case time and again in relation to HHS’ committees and subcommittees,” she told WND. “Time and again I have raised that issue at HHS meetings and nothing has been done about it.”
That there are no privacy advocates on the commission doesn’t surprise Orient.
“That should make people very worried,” she said. “You can do two things – you can either have things interoperable or you can have them private. You really can’t do both at the same time.”
Despite objections, the adoption of some sort of electronic records database may be a foregone conclusion. That’s because the government’s share of America’s total annual health care costs is so great. According to the National Coalition on Health Care, health costs reached $1.7 trillion in 2003 – 15.3 percent of gross domestic product.
More than one third of those costs are paid by the government, says HHS.
Here are the members of the newly formed federal commission:
- Scott P. Serota, president and CEO, Blue Cross Blue Shield Association
- Douglas E. Henley, M.D., executive vice president, American Academy of Family Physicians
- Lillee Smith Gelinas, R.N., chief nursing officer, VHA Inc.
- Charles N. Kahn III, president, Federation of American Hospitals
- Nancy Davenport-Ennis, CEO, National Patient Advocate Foundation
- Steven S Reinemund, CEO and chairman, PepsiCo
- Kevin D. Hutchinson, CEO, SureScripts
- Craig R. Barrett, chairman, Intel Corporation
- E. Mitchell Roob, secretary, Indiana Family and Social Services Administration
- Mark B. McClellan, M.D., administrator, Centers for Medicare & Medicaid Services
- Julie Louise Gerberding, M.D., director, Centers for Disease Control and Prevention
- Jonathan B. Perlin, M.D., under secretary for health, Department of Veterans Affairs
- William Winkenwerder Jr., M.D., assistant secretary of defense, Department of Defense
- Mark J. Warshawsky, assistant secretary for economic policy, Department of Treasury
- Linda M. Springer, director, Office of Personnel Management
- Michelle O’Neill, acting under secretary for technology, Department of Commerce