Electronic health records raise privacy concerns
B.C. is now less than a year away from implementing electronic medical records (EMRs) in thousands of doctors’ offices across the province. Some say the move will ensure better care, while others caution that the protection of patients’ privacy will become more difficult.
That 2012 target is a shared aim of the B.C. Medical Association and the Ministry of Health Services. According to the BCMA, EMRs will enable doctors to order diagnostic tests, receive test results, prescribe medicines, and send and receive referrals, all electronically.
“In my mind, this represents the future,” says Alan Brookstone, a Vancouver family doctor and founder of CanadianEMR, a website that provides resources for physicians wanting to make the switch from a paper-based system to an electronic one. “Things work so much more efficiently. When you look at any other industry—like banking or travel—you could never imagine doing any of that in paper form anymore.”
Here’s an example the BCMA uses to illustrate the potential benefits of EMRs: someone is rushed to hospital because he’s unconscious, but he doesn’t have anyone accompanying him to tell doctors he’s diabetic. One look at his electronic file could be life-saving.
EMRs are the first step toward the development of electronic health records (EHRs). Those EHRs, which will ultimately become part of a fully integrated nationwide system, consist of information culled from various points of patient contact, such as public-health units, primary-care offices, hospitals, community health centres, long-term-care facilities, labs, pharmacies, and diagnostic-imaging clinics.
And once EHRs are established, that’s when people need to worry, according to Vancouver lawyer Micheal Vonn. The B.C. Civil Liberties Association policy director says that what’s being overlooked in the promotion of digitization of the health system is the threat to confidentiality.
“The problem is the massive centralization of electronic health information,” she says on the line from her office. “It takes that health information out of the hands of the patient and the practitioner and puts it into the control of government. That’s exactly what the Canada Health Infoway is doing.”
Vonn is referring to the Government of Canada–funded corporation whose mandate is to aid in and promote the adoption of EHRs.
Vonn emphasizes that the BCCLA has no problem with EMRs, which are merely patients’ paper charts in electronic form and are accessed only by people in a single office or organization. For proof of the trouble with EHRs, however, look no further than the recently released Canadian Medical Association policy called “Principles for the Protection of Patients’ Personal Health Information”.
“Patients should be informed that the treating physician cannot control access and guarantee confidentiality for an electronic health record (EHR) system,” the policy states.
So although privacy, confidentiality, and trust are cornerstones of the patient-doctor relationship, and despite the fact that patients have the right of reasonable access to any personal health information in their medical records, EHRs pose a risk to those principles, Vonn says.
“It’s a privacy nightmare,” she says. “There’s no justification for it.”
As an example of what can happen when government has access to medical records, Vonn points to the case of Sean Bruyea. The Canadian Gulf War veteran spoke out against a new Veterans Charter at a 2005 Senate hearing. Then federal Veterans Affairs department bureaucrats dug into his personal medical files and widely shared intimate details of his mental-health issues, information that showed up in government officials’ briefing notes.
Bruyea discovered 14,000 pages of documents about himself as part of a Privacy Act request he launched. He learned his file had been accessed by hundreds of federal bureaucrats, including policymakers.
There are other instances. In 2007, hackers in Newfoundland accessed medical information, including results of tests for HIV and hepatitis, on a desktop computer that was taken home by a health-care consultant.
EHRs could have another negative impact, Vonn notes: some studies have shown that people are less likely to access care, particularly sexual-health services, when their information is automatically distributed within a centralized database.
Furthermore, Vonn argues, in countries where EHRs have already been tried, they’ve been slammed by health-industry analysts.
“Everyone who’s supposedly ”˜ahead’ of us has turned and gone the other way,” she says. “The security system that’s said to protect us is not a privacy-protection system but an audit system”¦.This is the same kind of system that led to WikiLeaks.”
A recent Canadian Medical Association news bulletin reported that the highly centralized EHR model that Infoway has adopted was largely discredited and discarded in the United Kingdom.
“They [critics] suggest Infoway has forged a ”˜Soviet-type’ over-centralized approach,” the February bulletin says. “Infoway’s strategy has delivered few, independently-verified benefits to patients or health care providers, and may not even be achievable as designed, the analysts say.”
Brookstone says that if doctors don’t divulge who has access to medical records, patients should ask the question themselves.
“If a doctor cannot safely control access and guarantee confidentiality of information in an electronic health-record system used to deliver daily care, to quote a phrase, ”˜something just ain’t right,’ ” Brookstone writes on his blog.
He adds that patients should have access to an audit “trail” to safeguard against unauthorized access. Other options for protecting personal health information, according to the CMA policy, include opt-out and disclosure directives.
EMRs, meanwhile, benefit patients by reducing adverse events and unnecessary duplication of tests, Brookstone maintains.
“The key is good-quality care,” he says. “As a patient, you want the system to work for you.”