It’s good to see that our new President is eager to fund the installation of an ambitious electronic medical records system that links doctors and hospitals with patient records, according to The New York Times. But as a number of legislators and consumers advocates quoted in this article warn, the problem of protecting the privacy of these records is not one to be taken lightly. I agree.
When I was a medical reporter for The Boston Globe, someone sent me the medical records of a Kennedy who had recently been hospitalized for drug addiction (no it wasn’t Ted or Caroline). The records of this patient, who was at the time an elected official, had been sent by accident to a health-care professional who passed them along to me as an example of how porous the system of medical records security was. I convinced my editors that we should not disclose this person’s identity or his addiction and there the matter rested.
However, if such sensitive medical information is posted online, one can only imagine the heightened potential for abuse. Anyone who has ever had their credit card number and/or identity stolen knows that information stored online remains far from secure. As fast as IT specialists come up with ways to secure online information, through encryption, passwords, what have you, intrepid hackers (often backed up organized crime syndicates) figure out ways around the security. Anyone who doesn’t think this will happen with electronic medical records is fooling themselves.
Sensitive medical information — about public and private figures — will be stolen not only by crackers bent in selling them to interested parties, but will be available for viewing (and potential theft) by all the people within the health-care system who are currently allowed under law to see those records, including claims clerks, hospital personnel, researchers, pharmacies and law enforcement personnel.
A few years ago, a low-level employee at a LA hospital who had access to Farah Fawcett’s medical records leaked information about her cancer recurrence to a gossip rag before the actress had had a chance to inform her family. That was bad and the employee was rightfully fired. But think about how many more prying eyes will have access to celebrity medical records when Obama’s ambitious medical records project gets off the ground.
This is why stringent privacy safeguards must be put in place to protect electronic medical records. Not only should it be a major felony to sell any personal health information without the patient’s consent but patients should be apprised of any disclosures of their electronic data for unauthorized purposes. Patients should also be able to demand that sensitive information, about treatment for drug addiction and psychological ailments, abortions and HIV tests, for example, be segregated from the rest of their medical records. And as Robert Pear in the Times article notes, patients — or state officials acting on their behalf — should be able to recover damages from any entity that improperly uses or discloses personal health information.
Finally, such privacy safeguards should be made into law by Congress, not left up to the federal Health and Human Services department, where regulations are often watered down as a result of aggressive lobbying by insurance companies and other interested parties. It’s the least we should do to protect our right to privacy.