Privacy and the Proposed National Electronic Medical Record. In an effort to decrease the rapidly expanding healthcare costs in the United States, the



Similar documents
White Paper #6. Privacy and Security

Sarasota Personal Medicine 1250 S. Tamiami Trail, Suite 202 Sarasota, FL Phone Fax

HEALTH INFORMATION TECHNOLOGY AND HIPAA: CAN WE SATISFY SECURITY AND PRIVACY STANDARDS IN THE DIGITAL AGE? 2007 Robert Malone I.

Networked Personal Health Records

ELECTRONIC HEALTH RECORDS. Nonfederal Efforts to Help Achieve Health Information Interoperability

1. Contact Information. 2. System Information

BEFORE THE BREACH: Why Penetration Testing is Critical to Healthcare IT Security

Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research

(2) The neurological surgeon shall not participate in any activity, which is not in the best interest of the patient.

Privacy and Health Information Technology

Introduction to HIPAA Privacy

Medicare Fraud, Waste, and Abuse Training for Healthcare Professionals

Healthcare Utilizing Trusted Identity Credentials

Blue Shield Mental Health Service Administrator (MHSA) Quality Improvement Program

GAO ELECTRONIC PERSONAL HEALTH INFORMATION EXCHANGE. Health Care Entities Reported Disclosure Practices and Effects on Quality of Care

Journal of Business & Economics Research July 2008 Volume 6, Number 7

RSA SECURE WEB ACCESS FOR HEALTHCARE ENVIRONMENTS

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

HIGHMARK BLUE CROSS BLUE SHIELD DELAWARE NOTICE OF PRIVACY PRACTICES PART I NOTICE OF PRIVACY PRACTICES (HIPAA)

Miami University: Human Subjects Research General Research Application Guidance

HIPAA Notice of Privacy Practices

Strategies for Electronic Exchange of Substance Abuse Treatment Records

NOTICE OF PRIVACY PRACTICES FOR OUR PATIENTS POTOMAC PHYSICIAN ASSOCIATES, P.C.

Human Subjects Research (HSR) Series

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

Research Involving Human Biological Materials: Ethical Issues and Policy Guidance Executive Summary

ETHICAL CONSIDERATIONS IN INTEGRATING PERSONAL HEALTH RECORDS INTO CLINICAL PRACTICE

HIPAA, Licensed Health Care Providers and The Ohio State Dental Board (Board)

Securing the Healthcare Enterprise for Compliance with Cloud-based Identity Management

IF YOU HAVE ANY QUESTIONS ABOUT THIS NOTICE OR IF YOU NEED MORE INFORMATION, PLEASE CONTACT OUR PRIVACY OFFICER:

CYBERCRIME AND THE HEALTHCARE INDUSTRY

Strategies for Electronic Exchange of Mental Health Records

Who Should Know This Policy 2 Definitions 2 Contacts 3 Procedures 3 Forms 5 Related Documents 5 Revision History 5 FAQs 5

September 12, Dear Dr. Corrigan:

HIPAA 203: Security. An Introduction to the Draft HIPAA Security Regulations

NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA)

PHI- Protected Health Information

Floyd Healthcare Management, Inc. Notice of Privacy Practices

How To Improve Health Information Technology

NEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16

Chapter 1: Information Security Fundamentals. Security+ Guide to Network Security Fundamentals Second Edition

Jeff M. Bauman, Psy.D. P.A. and Associates FLORIDA-HIPAA PRIVACY NOTICE FORM

If you are under 18 years of age, your parents or guardian must sign for you and handle your privacy rights for you.

March 7, Occupational Safety and Health Administration. OSHA Docket Office. Docket No. OSHA ; RIN 1218-AC49. U.S. Department of Labor

By Natalia Wilson, MD, MPH

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer

Implementing Patient Access to Electronic Health Records Under HIPAA: Lessons Learned

Electronic Medical Records

Mona Osman MD, MPH, MBA

Getting Hip to the HIPAA and HITECH Act Compliance

How To Fix An Electronic Medical Record

Protecting Patient Privacy It s Everyone s Responsibility

Notice of Privacy Practices

Privacy 101 Awareness and Best Practices

Public Attitudes Toward Privacy in HIPAA and HIT Programs

THE 2009 HEALTH INFORMATION TECHNOLOGY FOR ECONOMIC AND CLINICAL HEALTH ACT

NOTICE OF PRIVACY PRACTICES ILLINOIS EYE CENTER

HIPAA FOR THE DENTAL PRACTICE

Clarity Solutions and PSO Advisory Services Tailored to Support Nursing Professionalism, Quality Improvement and a Just Culture

Socialized medicine + centralized database = distributed risk By Tamara Wilhite

DEPARTMENTAL POLICY. Northwestern Memorial Hospital

GONZABA MEDICAL GROUP PATIENT REGISTRATION FORM

To: From: Date: Subject: Proposed Rule on Meaningful Use Requirements Stage 2 Measures, Payment Penalties, Hardship Exceptions and Appeals

Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide

Auditing Security: Lessons Learned From Healthcare Security Breaches

COLORADO MEDICAL BOARD RULES AND REGULATIONS REGARDING THE PHYSICIAN S ROLE IN PRESCRIPTIVE AUTHORITY FOR ADVANCED PRACTICE NURSES

MEDICAL OFFICE COMPLIANCE TOOLKIT. The Complete Medical Practice Compliance Resource HIPAA HITECH OSHA CLIA

Health Care Compliance Association

NOTICE OF PRIVACY PRACTICES

Health Information Technology: A Key Component of Health Reform

PCPCC National Briefing/Webinar

HIPAA Overview. Darren Skyles, Partner McGinnis Lochridge. Darren S. Skyles

APRIL 2015 SECTION I - 1. Section I: Introduction and Overview

File-Sharing in the Legal Industry Survey uncovers disconnect between security fears and the everyday practices that can leave firms open to breaches

DETAILED NOTICE OF PRIVACY AND SECURITY PRACTICES OF THE Trustees of the Stevens Institute of Technology Health & Welfare Plan

Guide to Taking Control of Your Healthcare

RE: Comments on Discussion Draft Ensuring Interoperability of Qualified Electronic Health Records.

Proofpoint HIPAA Breach Report:

Stewardship of the Code of Medical Ethics

The Changing Landscape

This procedure is associated with BCIT policy 6700, Freedom of Information and Protection of Privacy.

HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT OF 1996 HIPAA

Health Care Reform Challenge: Creating a High Performance Healthcare System. Tom Simmer, MD Chief Medical Officer, BCBSM February 6, 2013

NORTH CAROLINA DEPARTMENT OF PUBLIC INSTRUCTION. Division of Data, Research and Federal Policy July 29, 2013

SafetyFirst Alert. Errors in Transcribing and Administering Medications

Integrity We are above reproach in everything we do.

MERCY HEALTH MEDICAL TRANSPORTATION SERVICES PRIVACY NOTICE Revised Notice Effective Date: September 23, 2013

RowanSOM STUDENT CODE OF CONDUCT

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

File-Sharing in the Legal Industry Survey uncovers disconnect between security fears and the everyday practices that can leave firms open to breaches

Updated as of 05/15/13-1 -

Chapter III Health Care Service Use and Health Insurance

plantemoran.com What School Personnel Administrators Need to know

AMERICAN INDIAN HEALTH & SERVICES JOB DESCRIPTION. Health Information Technician

Accountable Care Organization. Medicare Shared Savings Program. Compliance Plan

7 Advantages of HIPAA Compliant Texting Apps

NOTICE OF PRIVACY PRACTICES

Executive Memorandum No. 27

Transcription:

Dawson 1 Pledged Kellen Dawson Dr. DeRouen Transfer Seminar 21 April 2011 Privacy and the Proposed National Electronic Medical Record In an effort to decrease the rapidly expanding healthcare costs in the United States, the federal government has been searching for innovative methods of cost savings. One such way is the implementation of an electronic medical record encompassing the medical records of all Americans. Accordingly, with the passage of the Patient Protection and Affordable Care Act in 2010, there is major emphasis on the development of a national online electronic medical record. Concerns about electronic medical records have widened with the idea of having a national electronic medical record database because it poses substantial privacy and security concerns. Analysis of the pertinent literature shows the increased risk of privacy breaches associated with such a large, national database as compared to smaller databases localized at the healthcare provider level. One of the main tenets of The Patient Protection and Affordable Care Act is the implementation of an electronic medical record for all Americans. The economic stimulus package passed in 2010 includes billions of dollars for electronic medical records. In essence, the federal government has instituted financial inducements and incentives for healthcare providers to aid them in their implementation of electronic medical records. In the early stages, individual electronic medical record systems with common language and interconnectivity will be acceptable. However, in the future, the government envisions a national electronic medical record database aptly named the National Health Information Network. This system would contain one centralized data bank, or several large depositories all linked together, containing all

Dawson 2 medical records of all citizens in our country. Additionally, private companies have begun offering electronic depositories such as MyChart, where subscribers can place their medical data files. Alternatively, patients can have their medical providers place such information into the MyChart system with accessibility available to the patients themselves (Kornblum). From the patient s perspective, the advantages of electronic medical records are manifold. With all their medical information available in an electronic format with its associated education materials, patients should be better informed about their own health. Patients could provide pertinent data to healthcare providers that would update, amend, and clarify their medical history. Emergency room personnel could have instant access to the records of incoming patients. Additionally, when children reach adulthood, they would not have to rely on the memory of aging parents in respect to medical information such as childhood immunizations, childhood illnesses, and previous surgeries. Such information would be readily available in their personalized electronic medical record. Theoretically, the implementation of electronic medical records would lead to significant cost savings. Results of medical tests would be available to all healthcare providers seeing an individual patient. Tests would not have to be repeated when a patient is referred from a primary care physician to a specialist. Coordination of care between hospitals and other providers would improve and create cost reductions. The efficacy versus cost data of pharmaceuticals would be more quickly available than it is today, leading to lower drug costs. The United States government sees the implementation of a national electronic medical records database as a major way to control spiraling healthcare costs. The annual national costs of medical errors are significant. According to Kenneth Rhea, medical director for the Louisiana Medical Mutual Insurance Company, a physician-led mutual insurance company, it is estimated that medical errors occur in 24% of all outpatient visits

Dawson 3 (Rhea). While some errors are through medical neglect and carelessness, many are due to transcribing errors because the records are in handwritten form. Such errors include incorrect doses of medications due to inability to read the prescription or orders written by the physician, missed doses of medications or unwanted repeated doses of medications due to carelessness on the part of healthcare providers, poor communication between healthcare providers and patients, medications given to the wrong patient, and even wrong side surgeries due to lack of communication between operating room personnel and surgeons. While the incidence of adverse events will never be zero, the implementation of electronic medical records could significantly decrease the occurrence from the frightening 24% mentioned in the data above. The potential for medical research using large databases is important. As explained by Sharyl Nass and her fellow researchers of the Institute of Medicine of the National Academies, today a significant portion of health research is information based. It is common for researchers to analyze data and samples obtained in previous research projects. In the field of epidemiology, the use of existing data is common practice. Researchers can study patterns of disease occurrence, drug safety surveillance, the results of healthcare interventions, and many other parameters of public health. Such studies provide much value to society with minimal additional costs, since the data is readily available from previous studies. However, the researchers do not have to ask permission from patients in order to use their medical data such as test results or even preserved blood and tissue samples as long as informed consent was undertaken for the initial study. This causes serious privacy concerns among patients, even though their personalizing demographic data has been removed. A national electronic medical record system would be fertile ground for medical researchers, but the privacy concerns are real, especially with one federal database with millions of users (Nass).

Dawson 4 With progress comes risk, and the risk of loss of privacy with electronic medical records is very significant. Furthermore, such risk would rise exponentially with the implementation of one national database. Multiple portals of data entry into such a large system would equate to multiple portals of data exit. A system that would allow any emergency room to view the medical chart on any potential patient would not be secure, especially in regards to privacy. Any healthcare provider with access to the system could download seemingly protected data and use it in devious ways. Any data stripped of personal identifiers such as name and social security number would be useless in emergency situations. In order for a national database to work effectively, personal identifying data must be present, and therefore, such a system would be accessible to a multitude of people, not just a few who could lay their hands on a paper chart, as Dr. Bernadine Healy, former head of the National Institutes of Health, points out (Healy). This idea of an electronic medical record really began with the passage of the Health Insurance Portability and Accountability Act Privacy Rule in 1996, also referred to as HIPAA. This HIPAA Privacy Rule protects the privacy of individually identifiable information held by entities covered by the statute. It regulates the types of uses and disclosures of protected health information that is held or transmitted by health plans, healthcare clearing houses, and healthcare providers who transmit such information in an electronic format (HIPAA Privacy Rule). Protected health information is defined as any information, whether oral or recorded in any form or medium (HIPAA). However, the privacy rules of HIPAA are not adequate to address the privacy concerns of a national electronic medical record. In a report entitled Beyond the HIPAA Privacy Rule, the Institute of Medicine of the National Academies, a nongovernmental organization that provides national, un-biased, evidence-based advice on issues relating to medicine and health, concluded that the HIPAA Privacy Rule does not protect privacy as well as it should, and, in fact, impedes important health research. The committee determined

Dawson 5 that the Privacy Rule is not uniformly applicable to all health research, that informed consent is often lacking, and that different institutions interpret the rule differently. In their report, the Institute of Medicine made clear distinctions between privacy and security. The authors defined privacy as the collection, storage, and use of personal information and who has access to personal information and under what conditions (Nass 16-17). Security was described as procedures and technical measures used to prevent the access and dissemination of electronic data by unauthorized persons, first coined by computer scientists Turn and Ware in their revolutionary 1976 article Privacy and Security Issues in Information Systems (Nass 18). As the Institute of Medicine s committee on health research and the privacy of health information explained, privacy is content specific and depends on the individuals involved. What is considered private to one individual may not be by another. Security, on the other hand, should be uniform across groups and should be adequate for all types of data storage. The Institute of Medicine did emphasize the need for standards to protect individual privacy, while at the same time facilitating information flow among authorized parties. Why is privacy so important? It is important because it promotes the fundamental values of personal autonomy and self-respect. As discussed by Adam Moore, professor of philosophy at the University of Washington and distinguished scholar on the issue of privacy, in Privacy: Its Meaning and Value, while privacy is culturally dependent with different norms being found in different societies, privacy, in general, promotes the ideals of personhood. Moore writes the ability to regulate access to our bodies, capacities, and powers and to sensitive personal information is an essential part of human flourishing or well-being (Moore 223). Respect for the privacy of other individuals is an essential element for the culture in which we live. While the loss of privacy and potential for identity theft is certainly possible with paper medical charts and individual electronic medical record systems, such risks would rise to

Dawson 6 intolerable levels with the proposed national electronic medical record system. Writer and editor Henry Henderson, in Privacy in the Information Age explains the existence of a single central database would put all a person s privacy eggs in a single potentially vulnerable basket (Henderson 28). Interestingly, this same idea was proposed by the Clinton Administration but withdrawn due to privacy concerns. With technological advances since Clinton s presidency, privacy concerns have only heightened, making Obama s proposal even more worrisome. While HIPAA requires minimal privacy and security for access and disclosure of protected health information, it only applies to the covered entities which are defined as healthcare providers, private insurers, billing services, and healthcare clearinghouses. A glaring weakness in this law is the fact that the actual medical record and the companies that provide electronic medical records, including private database companies such as MyChart, are not considered to be covered entities. Theoretically, if implemented, the entire National Health Information Network would not be considered a covered entity, and, therefore, exempt from HIPAA regulations. If identity theft included not only a person s demographic data such as name, address, social security number, and the like, but also included their electronic medical record, the results could be disastrous. As stated by Byron Hollis, managing director of the Blue Cross and Blue Shield Association National Anti-Fraud Department, in Identity Theft Handbook, The danger and impact of ID theft, especially medical ID theft, is not generally understood, can be devastating to an individual, and is a drain on our financial and healthcare systems (Biegelman 106). One of the chief dangers of medical identity theft is the situation where a victim s medical history is intertwined with that of the identity thief. Any new information entered into the system that was given by the identify thief while using the original patient s data would be incorrect. A person could find herself labeled with diseases she does not suffer from, medication

Dawson 7 allergies she doesn t have, and potentially, a list of medications that she does not take. To make matters worse, existing HIPAA regulations make it much more difficult to remove false information from medical records (Biegelman). Thus, the existing rules that protect our privacy inhibit correction of misinformation should it occur. The public s perception of the federal government s ability to protect the privacy of its citizens and the security of its records is not favorable and for good reason. The Institute of Medicine reveals instances where federal computers containing the personal data of many private citizens have been stolen, boxes of documents containing personal information have been left in garbage dumpsters, and federal researchers have posted online the personal information of many members of our armed services without their permission. The resulting negative public perceptions are evident in many polls concerning the federal government and privacy and security issues. A 2007 poll performed for the Institute of Medicine by Alan Westin, professor of public law at Columbia University showed that fifty-eight percent of all polled feel that the privacy of medical records and health information is not protected well enough today by federal and state laws and organizational practices (Westin). Forty-two percent of those polled felt that the privacy risks outweigh potential electronic health record benefits (Westin). The public s lack of confidence concerning privacy issues involving their medical data has the potential to erode the confidentiality of the physician-patient relationship. When patients are concerned that confidential information could be unsafe, they become less likely to speak frankly to their healthcare provider concerning confidential matters. Patients under such circumstances could withhold important information from their physicians, and this could potentially be catastrophic. Westin s data concerning medical research and electronic medical records is even more alarming. When asked if health researchers can generally be trusted to protect the privacy and

Dawson 8 confidentiality of their records obtained about research subjects, thirty-one percent responded negatively. Thirty-eight percent of those polled would require their written consent before any of their medical or health information could be used. Finally, thirteen percent of those polled stated that they would refuse to allow researchers to use their data under all circumstances. Clearly, the practice of using healthcare data without permission, which is commonly done today, is contrary to the wishes of the populace. The disadvantages of the proposed National Health Information Network clearly outweigh the advantages. A centralized electronic network containing all the medical files of all Americans with the potential to distribute this information to millions of people seems to be too risky for the benefits that could be gained. Too many people, many with less than honorable intent, would have access to the data. Certainly, firewalls, passwords, audit trails that list all who opened a record, and other security measures could be instituted, but the risks of massive breaches of security with the accompanying lack of privacy would still be considerable. A better system would be to institute electronic medical records in all healthcare facilities, but keep the information at the local level. For this to be successful, there would need to be a uniform code of computer language with its resulting interconnectivity between two systems. If two systems could transfer data to each other, such as between a physician s office and a hospital, the costs savings would be the same as one could obtain using a national database. After all, healthcare is local and the resulting costs and potential savings are also local. The potential for research would be less, since there would not be a large database from which to draw data, but Americans seem to resent the existing lack of privacy that exists in research today. The proposed National Health Information Network with its centralized database is too risky to be implemented in America. The potential for lack of privacy and outright identity theft, including medical identity theft, is too great. Americans value their privacy and are not willing to

Dawson 9 entrust such privileges to the federal government. Many of the benefits espoused by proponents of the federalized system could be obtained by having local versions of electronic medical record. Patient privacy is paramount and should not be ignored.

Dawson 10 Works Cited Biegelman, Martin T. Identity Theft Handbook: Detection, Prevention, and Security. Hoboken: John Wiley & Sons, 2009. Print. Healy, M.D., Bernadine. "Electronic Medical Records: Will Your Privacy Be Safe." US News and World Report. 17 Feb. 2009. Web. 30 Mar. 2011. <http://health.usnews.com/healthnews/blogs/heart-to-heart/2009/02/17/electronic-medical-records-will-your-privacy-besafe>. Henderson, Harry. Privacy in the Information Age. New York: Facts On File, 2006. Print. Kornblum, Janet. "Online Medical Records Offer Convenience, May Limit Privacy." USA Today. 12 June 2008. Web. 01 Apr. 2011. <http://www.usatoday.com/news/health/2008-06-11-online-medical-records_n.htm>. Moore, Adam D. "Privacy: Its Meaning and Value." American Philosophical Quarterly 40.3 (2003): 215-27. Academic Search Premier. Web. 28 Feb. 2011. Nass, Sharyl J., Laura A. Levit, and Lawrence O. Gostin, eds. Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research. Institute of Medicine of the National Academies. The National Academies Press. Web. 27 Mar. 2011. <http://www.nap.edu/catalog/12458.html>. "The Privacy Rule." HHS.gov: Improving the Health, Safety, and Well-Being of America. United States Department of Health and Human Services. Web. 01 Apr. 2011. <http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/index.html>. Rhea, Kenneth E. Patient Safety and Claims. Metairie: The Louisiana Medical Mutual Insurance Company, 2011. Print.

Dawson 11 Westin, Alan F. "How The Public Sees Health Research and Privacy Issues." Lecture. IOM Workshop. Washington, DC. 28 Feb. 2008. Web. 31 Mar. 2011. <http://patientprivacyrights.org/media-center/polls/>.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information