Moral Oneupmanship

It is refreshing to see bipartisan support for something in these rancorous times in Washington. One such issue is health information technology, subject of ten pieces of proposed legislation in 2005. In our enthusiasm over this technology, however, we need to be sure that patients' control over their health information is an integral part of reform.

One of the most prominent proposals is the Health Technology to Enhance Quality bill (S.1262), introduced in June by senators Bill Frist and Hillary Clinton. The bill aims "to reduce healthcare costs, improve efficiency, and improve healthcare quality through the development of a nation-wide interoperable health information technology system." The key concept here is "interoperability," defined in 2005 by the Health Information and Management Systems Society as "the ability of health information systems to work together within and across organizational boundaries in order to advance the effective delivery of healthcare for individuals and communities." One of the main goals is an infrastructure that permits the electronic exchange of health information. In essence, the bill aims to make it as easy and secure to transmit health information electronically as it is to execute ATM transactions.

Electronic records have many virtues. In the wake of Hurricane Katrina, the Veterans Health Administration (where I work) was able to back up all electronic records for 50,000 patients from the flooded New Orleans VA Medical Center and nearby veterans' outpatient clinics and re-enter them into a computer in Houston within four days of the storm. Also following the hurricane, the federal Office of the National Coordinator for Health Information Technology was able to work with pharmacies to organize a centralized database so that prescription drug records for 800,000 people affected by the storm would be available to health care providers. On a day-to-day basis, electronic records allow caregivers to make a patient's complete medical history instantly available to other health care providers, to highlight information that might get buried in a paper chart, and to more easily identify and prevent adverse drug interactions by cross-tracking a patient's prescriptions.

Without sufficient attention to security and privacy, however, the virtues quickly become vices. Unprotected electronic records can be hacked by identity thieves or stolen in bulk. In July of this year, in fact, 57,000 patient records on back-up tapes were stolen from a Phoenix-based managed care company. Also, third parties can mine electronic records for data to market health products or screen out people as insurance or employment risks. Even with the protections of the Health Insurance Portability and Accountability Act and the Privacy Act, a centralized database could increase the chances that health information would be misused. In addition, as patient records become the product of many users, any one provider's or institution's obligations to protect confidentiality could be eroded. And as privacy advocates have argued, if patients are not confident about confidentiality, they will withhold information from their physicians, jeopardizing their care.

If interoperability is to succeed, it's not just information systems that need to work together, but also government officials and citizens. With that sort of interoperability, we can have electronic health records and still preserve confidentiality and patient control of private information. A good step in that direction would be the appointment of recognized privacy advocates on the Department of Health and Human Services's newly established American Health Information Community, a commission to provide recommendations to HHS on how to convert to electronic health records. Such advocates can help keep privacy rights such as notification, opt-in/ opt-out, confidentiality, and personal access in the foreground. Together, we must make sure that concerns about privacy and security are an integral part of any proposed reforms, not just a concession.