Can Privacy, Electronic Medical Records Coexist?
Keeping individual health information private is good thing, but so is aggregating that data to improve care in general. Can those competing good ideas find a happy medium?
The stimulus bill passed in 2009 set aside $27 billion to encourage doctors to migrate their illegible handwriting and paper charts into the electronic medical records that policymakers and politicians have for years been saying could revolutionize medical care (and the amount of money it costs us). That windfall, now fueling a booming health IT industry, was intended to address another goal outlined in the stimulus bill: Every American should have an electronic health record by 2014.
The promise is enormous. Patients could take control of copies of their own personal health histories. Referring doctors could easily communicate with one another about a patient's treatment. Diagnoses could benefit from historical information about every ailment you've had since you were a kid.
"Few fields could benefit more from computer use than this field," said Carl Gunter, who directs the Center for Health Information Privacy and Security at the University of Illinois. "You could ask, 'What patients are similar to this? What was their treatment? What was the outcome of their treatment?' and have a computerized system tell you that rather than relying on your personal connections or memories of patients or the research literature, which might be limited."
All of that promise, though, is right now constrained by one hitch Gunter was discussing this week in Washington at the annual Computers, Freedom and Privacy conference.
"It would be a terrible, terrible pity if we can't move ahead with some of these things that could improve care and reduce costs because we can't cope with these privacy and security concerns," he told a lecture hall of technologists at Georgetown University's law school.
In other words, researchers have to figure out how to digitize some of your most sensitive personal information to make it easily accessible to you and your doctors without compromising your privacy before the many other parties who might also like to peek at this data.
Researchers lament that it's currently impossible to track all of the places your digital medical information travels once you leave the doctor's office. Certainly, pieces of it are shared with your doctor's office, your doctor's hospital, your insurance company, your pharmacist and the pharmaceutical company that makes your medicine. Your personal information may also be anonymized and aggregated with other patients to produce data sets used by researchers or traded on the commercial market.
The associated dangers aren't just about privacy on principle. An insurance company that learns of a particular illness might decline to cover you. An employer who realizes that your costly medical condition is weighing down the group health plan might find other cause to fire you.
In this way, health information is arguably more sensitive than any other personal data floating around about you — from financial to academic to criminal records.
"What stands out like a sore thumb to me about health data," said Dave deBronkart, a cancer patient and co-chair of the Society for Participatory Medicine, "is that it's the only data I've encountered, with the possibility of airline data, where good data, well managed, can save lives — or cost lives if it's not there. That kind of changes everything."
The vast majority of Americans don't currently have electronic health records, let alone comprehensive digital histories of their entire medical lives. But even pieces of that complete picture could prove sensitive.
"The fragments can tell you a lot about the whole," Gunter explained after the panel debate. "A single drug prescription can tell someone that you're HIV-positive."
Researchers and industry innovators gunning for that 2014 deadline have to figure out how to set all of this information free — when it comes to maximizing the benefit to you as a patient — while, on the other hand, keeping it under some kind of control. And it's not entirely clear how that architecture might look. (Existing health IT software also has an entirely unrelated major problem: Most of it is designed to facilitate insurance claims, not patient care.)
"My big fear is that if we don't build these systems right, people won't see doctors," said Deborah Peel, the executive director of Patient Privacy Rights and the moderator of the conference discussion.
This part is important, though — increasing public discussion of the fact that health IT's enormous potential comes with a complication that must be addressed on the front end.
"That's the biggest problem, this thing," Gunter said. "We don't have a problem with bandwidth. We don't have a problem with storage. We don't have a problem with computational capability. All those things are easy, actually. It's the privacy [issues] that are the problem."