EMRs, the Cost of Healthcare, and Patient Privacy

Will greater use of EMRs and other health IT solutions force patients and providers to choose between convenience and privacy?

Two recent personal experiences have highlighted for me the laser-like focus on the cost of health care by the business community. First, we are financially penalized by my spouse’s employer if we choose not to fill out a health questionnaire, and we’ll be financially penalized in the next three years even if we do, unless we show measurable improvement in areas in which we are considered “at risk.” Second, we are getting form letters blessed by the employer regarding hospital visits and certain tests asking for additional information about procedures in an effort to uncover costs that can be recouped from a third party via lawsuit.

As more of these business practices become mainstream, patients are coming to understand that HIPAA privacy protection only goes so far.

I’m not terribly shocked that an employer would financially penalize employees who are not actively engaged in improving their health in areas in which that’s possible. I do have to admit that I’m a bit shocked that insurance companies appear to be disclosing information that can be investigated for potential legal action… woe to the person (or that person’s insurance company) if I had undergone an MRI as a result of a car accident that wasn’t recorded as my fault.

Do I trust my personal physician with my medical information? I did before my health insurance was provided by a conglomerate that employs its own medical staff. Now… not so much. Additionally, although it’s convenient for the doctor to type in a prescription or a referral that gets electronically communicated to a pharmacy or another doctor in an instant, I realize that it’s this very convenience that can make my privacy go from a hypothetical 100% to zero at the touch of an “enter” key.

I’m not alone in this concern. In a Computerworld article reporting on a recent study regarding public trust, physicians themselves were rated as trustworthy, but approximately half of the respondents felt that the transition to EMRs would have a negative effect on privacy.

Is this a realistic fear? From a security standpoint, absolutely. Private practices don’t have their own IT staff, and it’s reasonable to expect that a breach could occur. One has only to Google “hospital data breach” to understand that it regularly occurs for hospitals -- and a myriad of other organizations -- that do have their own IT staff.

However, another question remains: will EMRs and the cost of health care lead us into a new discussion regarding patient rights to privacy? And with the implementation of EMRs and the rising cost of health care, how much privacy is going to be deemed practical or even possible?