Privacy Must Take Precedence

If Deborah Peel, M.D., has her way, there will be no national electronic health and medical record system without a guarantee of patient privacy and confidentiality (see Original article: Physicians Cite Multiple Roadblocks Hindering EMR Adoption).

“I would argue that the only way we will ever have a trusted health IT [information technology] system is if people absolutely know that their records will not be used without their consent, or stolen or mined,” she told Psychiatric News.

And so in a political environment in which many were inclined to think that privacy had vanished into cyberspace, Peel and the organization she helped create, Patient Privacy Rights, have for the past three years been convincing legislators that privacy and confidentiality make up the foundation of a truly effective electronic medical record (EMR) system.

“Our organization put this subject on the agenda,” she said.“ When we came to Washington in the fall of 2005, people told us we were crazy, that privacy was over. It was too late; it was done with.

“A lot of Washington politicians don't have any real understanding of the impact [of breaches of confidentiality] on real, live patients,” Peel said. “But I'm a clinician with 30 years in private practice, and it is not acceptable for people's private records to be distributed widely throughout cyberspace. Once they are out there, you can never make them private again.”

But Peel insists that she is no Luddite determined to hang on to a paper-based system of record keeping. “We are totally pro-health IT,” she said. “What we are for is smart technology, meaning technology that provides all of the great benefits of an electronic medical record but that guarantees patients control over their health information.”

So what does “smart technology” mean?

Peel says there are two essential components for a smart EMR system. The first is security.

“Security means encryption, firewalls, and all the protocols for who can have access to records,” Peel noted. “Security is the stuff that prevents unwanted people from getting into electronic records. You can't have privacy if you don't have security.”

The second component of a secure system consists of strategies that keep the control of records in the hands of patients. These include independent consent management and a system of health-record trusts.

“Independent consent management is an electronic strategy that allows you, whenever you are sending your records, to block out certain pieces of information that you don't want to share,” Peel explained. “A really good consent management tool allows the patient to do what he or she has always been able to do before EMRs, which is to slice and dice who knew what about your medical record.”

A health-record trust would operate like a bank: much as an individual chooses a bank in which to deposit assets, a patient would choose a health trust to store his or her EMR. The concept of a health-record trust has been embodied in the Independent Health Record Trust Act (HR 2991) sponsored by Rep. Dennis Moore (D-Kan.; see Privacy Must Take Precedence).

For Peel, the privacy movement is an effort to return control of the health care system to the only two parties who are the real stakeholders: physicians and patients.

“The reason the health care system exists is because two people—the doctor and the patient—get together in a room to treat illness.”

Information about Patient Privacy Rights is posted at<www.patientprivacyrights.org>.▪