Deborah Peel, M.D.: "You can't have privacy if you don't have
Photo courtesy of Deborah Peel, MD and Patient Privacy Rights
If Deborah Peel, M.D., has her way, there will be no national
electronic health and medical record system without a guarantee of patient
privacy and confidentiality (see Physicians Cite Multiple Roadblocks Hindering
"I would argue that the only way we will ever have a trusted health
IT [information technology] system is if people absolutely know that their
records will not be used without their consent, or stolen or mined," she
told Psychiatric News.
And so in a political environment in which many were inclined to think that
privacy had vanished into cyberspace, Peel and the organization she helped
create, Patient Privacy Rights, have for the past three years been convincing
legislators that privacy and confidentiality make up the foundation of a truly
effective electronic medical record (EMR) system.
"Our organization put this subject on the agenda," she said."
When we came to Washington in the fall of 2005, people told us we were
crazy, that privacy was over. It was too late; it was done with.
"A lot of Washington politicians don't have any real understanding of
the impact [of breaches of confidentiality] on real, live patients,"
Peel said. "But I'm a clinician with 30 years in private practice, and
it is not acceptable for people's private records to be distributed widely
throughout cyberspace. Once they are out there, you can never make them
But Peel insists that she is no Luddite determined to hang on to a
paper-based system of record keeping. "We are totally pro-health
IT," she said. "What we are for is smart technology, meaning
technology that provides all of the great benefits of an electronic medical
record but that guarantees patients control over their health
So what does "smart technology" mean?
Peel says there are two essential components for a smart EMR system. The
first is security.
"Security means encryption, firewalls, and all the protocols for who
can have access to records," Peel noted. "Security is the stuff
that prevents unwanted people from getting into electronic records. You can't
have privacy if you don't have security."
The second component of a secure system consists of strategies that keep
the control of records in the hands of patients. These include independent
consent management and a system of health-record trusts.
"Independent consent management is an electronic strategy that allows
you, whenever you are sending your records, to block out certain pieces of
information that you don't want to share," Peel explained. "A
really good consent management tool allows the patient to do what he or she
has always been able to do before EMRs, which is to slice and dice who knew
what about your medical record."
A health-record trust would operate like a bank: much as an individual
chooses a bank in which to deposit assets, a patient would choose a health
trust to store his or her EMR. The concept of a health-record trust has been
embodied in the Independent Health Record Trust Act (HR 2991) sponsored by
Rep. Dennis Moore (D-Kan.; see Privacy Must Take Precedence).
For Peel, the privacy movement is an effort to return control of the health
care system to the only two parties who are the real stakeholders: physicians
"The reason the health care system exists is because two
people—the doctor and the patient—get together in a room to treat
Information about Patient Privacy Rights is posted at<www.patientprivacyrights.org>.▪