Can digital health protect your privacy?

As hospitals begin to more widely adopt electronic health records, it will take more than technology to secure your privacy.

EMAIL  |   PRINT  |   SHARE  |   RSS
 
google my aol my msn my yahoo! netvibes
Paste this link into your favorite RSS desktop reader
See all CNNMoney.com RSS FEEDS (close)
By David Goldman, CNNMoney.com staff writer

Electronic health records: 3 stories
Three health care providers' stories about how switching to digital health records reveal similar reasons but different paths for implementation.
When do you think the economy will improve?
  • In the next few months
  • In six months to a year
  • In a year or more
  • It's already on the mend

NEW YORK (CNNMoney.com) -- Digitizing health records. A good idea say most experts, but it will take a feat of policy, technology and education to ensure your records don't get into the wrong hands.

It all starts with one basic question: Who actually owns your health records?

"Right now, hospitals assume the liability, but the model has to shift to one where the patient controls the data and whether it is put online," said Dr. David Brailer, chairman of Health Evolution Partners and former health tech czar under President Bush. "The people who hold your data control your data."

Controlling the dissemination of patient data is becoming more of a hot-button issue as the push to go digital heats up. The Obama administration is spending $20 billion on incentives to hospitals and physician offices to ensure that a national digital health network is formed by 2014.

What are your rights? The current health information privacy laws were enacted in 1996 and appear outdated when it comes to Obama's digital plan. The Health Insurance Portability and Accountability Act (HIPAA) gives you the right to find out how your information may be used, and the ability to obtain a copy of your records and request corrections.

But patients don't own their records, so they don't have a say in how they are actually used or who sees them.

"HIPAA is yesterday's solution, as it was set up to protect privacy in a paper world, not for one that's electronic and streaming," said Brailer. "And HIPAA delegates policy to states, making it nightmarish for different people to come together. It's a big regulatory gap."

He suggested Congress pass an updated bill that gives patients the ability to opt in to allow information sharing. Similar to when Web sites ask whether or not you would like your contact information shared, patients would have to click a box to give doctors permission to disseminate their information.

An opt-in system's benefits extend beyond just privacy -- it could give patients more freedom to switch doctors, Brailer argued. A patient who is treated by Dr. X and wants to be treated by Dr. Y could simply give permission to share his or her information with Dr. Y, rather than requesting that Dr. X fax the files over.

"Portability and privacy are two sides of the same coin," said Brailer. "We want to make patient shopping easy, rather than the weeks-long riggamarol to get a doctor to see your records."

Securing your records. In the absence of new privacy laws, the burden lies with secure networks and solid physician training on the technology, say experts.

But that may be a tall order...at least in the near-term.

"Today, information gets converted from paper to digital and back to paper," said Sean Hogan, vice president of IBM's healthcare delivery systems. "It's incredibly convoluted and information is very exposed due to a lack of good processes."

IBM (IBM, Fortune 500) offers IT, hardware and maintenance services for about a dozen hospital networks that use electronic health records.

Hogan said many hospitals have different logins and passwords for each terminal. And rather than memorizing each login, many nursing stations and doctors offices have Post-its on the computer monitors with the username and password -- not exactly air-tight security.

IBM and other vendors are combating that lax security by creating unique logins for each user rather than for each terminal. It's a two-fold fix, said Hogan. First, it hopefully eliminates the Post-its and second, it restricts patients' records from being viewed by hospital personnel that don't have proper clearance to view that data.

In one more security measure, IBM trains doctors and other hospital personnel in how to properly use the technology to avoid slip-ups, said Hogan.

Still, no matter how secure the network is and how well-trained the hospitals' staff are, there is no fool-proof system.

Hogan said technology can be designed to anticipate and counter ways the "bad guys" will attempt to gain access to records. But government policy and hospital structure need to help support that technology.

"When we go in a direction that is more fine and robust in terms of policy and process, we can develop the technology that addresses the exposures," he said. To top of page

Features
They're hiring!These Fortune 100 employers have at least 350 openings each. What are they looking for in a new hire? More
If the Fortune 500 were a country...It would be the world's second-biggest economy. See how big companies' sales stack up against GDP over the past decade. More
Sponsored By:
More Galleries
The 13 most WTF gadgets From the weird to the gross, these 13 gadgets will make you wonder why they even exist. More
Best-loved cars in America These cars and trucks topped J.D. Power's APEAL survey, which measures how much owners like their new vehicles. More
America's most powerful cars A new 'horsepower war' has erupted among U.S. automakers and these are the most potent weapons in their arsenals. More
Worry about the hackers you don't know 
Crime syndicates and government organizations pose a much greater cyber threat than renegade hacker groups like Anonymous. Play
GE CEO: Bringing jobs back to the U.S. 
Jeff Immelt says the U.S. is a cost competitive market for advanced manufacturing and that GE is bringing jobs back from Mexico. Play
Hamster wheel and wedgie-powered transit 
Red Bull Creation challenges hackers and engineers to invent new modes of transportation. Play

Market indexes are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer Morningstar: © 2014 Morningstar, Inc. All Rights Reserved. Disclaimer The Dow Jones IndexesSM are proprietary to and distributed by Dow Jones & Company, Inc. and have been licensed for use. All content of the Dow Jones IndexesSM © 2014 is proprietary to Dow Jones & Company, Inc. Chicago Mercantile Association. The market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. FactSet Research Systems Inc. 2014. All rights reserved. Most stock quote data provided by BATS.