- Electronic records could help track effectiveness of treatments and evaluate the health of patient populations
- There is some concern that insurance payors could improperly access digitized records to monitor medical treatment or deny coverage
- Upcoming changes to federal health care policy could require data-sharing rules to be updated
Digital medical records offer many new possibilities for improving health care, including streamlined monitoring of patient progress and hospital efficiency. But digitization also has its risks — primarily with respect to privacy and access to insurance companies. As the adoption of electronic records systems becomes increasingly widespread, it is becoming apparent that adjustments will need to be made on all sides of the medical community, with the support of doctors, hospitals, insurers, and even the legislators who shape health care policy. Upcoming changes to federal healthcare policy, including the creation of health insurance exchanges and other measures that will increase sharing of patient information, are also likely to create a need for improved data security.
Risks of Digitized Data
Patients are already vigilant about safeguarding sensitive medical information, especially that which relates to serious conditions such as cancer, mental illness, HIV, or other sensitive data that could affect their reputation or harm them professionally. Anecdotal evidence validates concerns about personal information becoming available to third parties. Medical websites have recently come under fire for collecting visitors’ health information and using it to target them for prescription drug marketing. There have also been reports of funeral homes contacting family members of recently deceased patients to advertise their services.
When electronic records began to replace paper charts in the 1990s, the fear of ambulance-chasing became widespread. Digitization made it easier for healthcare providers to keep track of patient data, but the perceived vulnerabilities gave this method of data storage a negative public image, says McCombs School of Business Senior Lecturer Kristie Loescher, who specializes in the health care industry. “There are good reasons for gathering the information electronically and for storing it electronically, but the fear is that people could hack in, get it, and use it against you,” she says.
In response, Congress passed the Health Insurance Portability and Accountability Act of 1996 as well as a related set of privacy standards that took effect in 2002, putting in place strict controls on how patient information can be shared and how it can be used in the digital age.
“Health care has been fairly slow to digitize,” Loescher says. “It’s been way behind other industries. But since HIPAA, there have been great strides in having more efficient information-gathering and helping people feel that it’s safe.”
When paper charts were the norm, strict rules governed how they could be transported. Doctors were not allowed to take patient charts home or leave them in the car, and in the rare cases when they were transported outside the hospital, records were often stored in secure metal boxes so they couldn’t spill out in the event of an accident, Loescher says.
Paper charts are not as common these days, but healthcare providers are taking new types of precautions. Patient data is stored on encrypted computers that can only be used in private areas. Emergency room bulletin boards can no longer be posted in public view. Physicians are also required to provide patients with privacy notices, improving accountability.
Another concern about electronic records involves the level of access given to insurance providers. Reuben McDaniel, the Charles and Elizabeth Prothro Regents Chair in Health Care Management at McCombs, says that if this data were made available to insurers, it could be used as a basis for denying claims or disputing treatment plans.
“The electronic medical record gives payors the opportunity to scan or monitor what physicians are doing, or, for that matter, change it,” McDaniel says. “Some people believe, and I’m one of them, that some of the biggest potential misuses [of electronic records] are by payors who do not necessarily have the best interests of the patient or the physician at the forefront of their minds.”
McDaniel says these concerns, while valid, should not necessarily overshadow the possible benefits of digitizing patient records, particularly the ability to track how individual patients are responding to treatment and to evaluate the health of the overall patient population.
“We are interested in doctors being able to appropriately share information about patients, with the patient’s permission,” McDaniel says. “Depending on where you stand, you might say that a patient’s data should never be used without the patient knowing that it is being used and for what purposes. Other people are saying, ‘I’m trying to improve the performance of my hospital; I’m not trying to monitor your health care, but I need your data to aggregate with all the rest so I know how the population is doing.’”
The data could also be used to help hospitals operate more efficiently. For example, it could identify whether patients are staying in the center too long or not long enough, or whether the center is admitting more patients than it should.
Impact of Health Care Reform
Upcoming changes to federal healthcare policy could require data-sharing rules to be updated, Loescher says. One significant change is the creation of health insurance exchanges, which will allow customers to select coverage personalized to their own health needs. In order to do this, patient information must be centralized and accessible to care providers and insurers — which some believe could result in privacy breaches, Loescher says. Another component of the 2010 legislation, integrated delivery systems, would allow doctors’ offices and hospitals to receive a single payment to care for a patient. These changes will be implemented starting in 2013.
“There have been some data security issues raised by the elements in the reform act,” Loescher says. “As you create insurance exchanges, you create more people who have this information that have to keep it secure. As you create the integrated delivery systems, you create more sharing that could cause potential for leaks. So there’s certainly a high awareness of the issue.”
A new law that takes effect in October 2012 will require health plans to adopt rules for the secure exchange of electronic health information. Loescher predicts that Congress could also make adjustments to HIPAA regulations to reduce the likelihood of data abuse and address other logistical concerns.
“I would imagine that, in order for health care reform to go forward, there will need to be some amendments to HIPAA,” she says. “And if they don’t amend the law, they’ll probably have to make some new rules.”
In the end, McDaniel says, it is difficult to find the correct balance and weigh the privacy concerns against the likely benefits of electronic data. The issue is still very much under review.
“The new health reform legislation is going to involve increased data sharing and emphasis on development of more sophisticated health information technology,” McDaniel says. “There is a belief, and I share that belief, that health information technology can do a lot to help us improve care as well as manage costs. But both of those things require the sharing of data, and if I share your data, you get nervous — and rightfully so. I think you ought to get nervous.”