Unhappy Trails to You
Having the ability to monitor activity in a patient's health record is becoming commonplace in hospitals these days. Audit trails provide protection not only for the patients, but also for the hospital and the doctors. But Deborah Peel, founder of the Patients Privacy Rights Foundation, says without full patient control over their records, the technology is a half-measure, or worse.
Dear Government Health IT:
Your article on the workings of electronic audit trails for health records
(“EHRs: On the Trail of Trust,†Government Health IT, July) shows that, once again, solutions for ensuring personal privacy in electronic health records are being ignored and overlooked by the government health IT community.
Many of those interviewed for the story seem to have conflicts of interest because they do not want consumers to have a right to health privacy. Others don’t seem to know about the newest privacy-enhancing technologies such as personal heath records with multiple layers of encryption, health record trusts, and independent consent management tools that can deliver privacy and the benefits if HIT without facilitating data mining.
Bottom line: EHRs will never be trusted unless all access to them is controlled by patients. We are the only people who are really interested enough to decide who should see and use our sensitive personal health information. And we have the right to our data—even Newt Gingrich says people own their health data.
This is essentially how things work with paper records: nothing is copied or disclosed without first obtaining patient consent. Yes, it is possible to carry paper records offsite and people not directly involved in someone’s care could possibly gain access to a patient’s hospital chart, BUT paper records are kept in offices or nurses stations where someone not caring for that patient would have a hard time sneaking a look at the chart. Charts are then locked in file cabinets or medical records rooms after patients leave the office or are discharged from the hospital. Paper charts have to be removed from file cabinets in small offices or checked out of the medical records rooms in hospitals for any uses.
So paper records today are actually far more private and secure than electronic health information which can easily end up on a 1,000 computers in Pakistan, in the hands of employers, sold by data miners, or posted on websites. The healthcare industry has the WORST track record of any sector of the economy for data protection and security. Data is rarely encrypted at rest and two passwords are considered safe!