Can digital health protect your privacy?

As hospitals begin to more widely adopt electronic health records, it will take more than technology to secure your privacy.

EMAIL  |   PRINT  |   SHARE  |   RSS
google my aol my msn my yahoo! netvibes
Paste this link into your favorite RSS desktop reader
See all RSS FEEDS (close)
By David Goldman, staff writer

Electronic health records: 3 stories
Three health care providers' stories about how switching to digital health records reveal similar reasons but different paths for implementation.
When do you think the economy will improve?
  • In the next few months
  • In six months to a year
  • In a year or more
  • It's already on the mend

NEW YORK ( -- Digitizing health records. A good idea say most experts, but it will take a feat of policy, technology and education to ensure your records don't get into the wrong hands.

It all starts with one basic question: Who actually owns your health records?

"Right now, hospitals assume the liability, but the model has to shift to one where the patient controls the data and whether it is put online," said Dr. David Brailer, chairman of Health Evolution Partners and former health tech czar under President Bush. "The people who hold your data control your data."

Controlling the dissemination of patient data is becoming more of a hot-button issue as the push to go digital heats up. The Obama administration is spending $20 billion on incentives to hospitals and physician offices to ensure that a national digital health network is formed by 2014.

What are your rights? The current health information privacy laws were enacted in 1996 and appear outdated when it comes to Obama's digital plan. The Health Insurance Portability and Accountability Act (HIPAA) gives you the right to find out how your information may be used, and the ability to obtain a copy of your records and request corrections.

But patients don't own their records, so they don't have a say in how they are actually used or who sees them.

"HIPAA is yesterday's solution, as it was set up to protect privacy in a paper world, not for one that's electronic and streaming," said Brailer. "And HIPAA delegates policy to states, making it nightmarish for different people to come together. It's a big regulatory gap."

He suggested Congress pass an updated bill that gives patients the ability to opt in to allow information sharing. Similar to when Web sites ask whether or not you would like your contact information shared, patients would have to click a box to give doctors permission to disseminate their information.

An opt-in system's benefits extend beyond just privacy -- it could give patients more freedom to switch doctors, Brailer argued. A patient who is treated by Dr. X and wants to be treated by Dr. Y could simply give permission to share his or her information with Dr. Y, rather than requesting that Dr. X fax the files over.

"Portability and privacy are two sides of the same coin," said Brailer. "We want to make patient shopping easy, rather than the weeks-long riggamarol to get a doctor to see your records."

Securing your records. In the absence of new privacy laws, the burden lies with secure networks and solid physician training on the technology, say experts.

But that may be a tall least in the near-term.

"Today, information gets converted from paper to digital and back to paper," said Sean Hogan, vice president of IBM's healthcare delivery systems. "It's incredibly convoluted and information is very exposed due to a lack of good processes."

IBM (IBM, Fortune 500) offers IT, hardware and maintenance services for about a dozen hospital networks that use electronic health records.

Hogan said many hospitals have different logins and passwords for each terminal. And rather than memorizing each login, many nursing stations and doctors offices have Post-its on the computer monitors with the username and password -- not exactly air-tight security.

IBM and other vendors are combating that lax security by creating unique logins for each user rather than for each terminal. It's a two-fold fix, said Hogan. First, it hopefully eliminates the Post-its and second, it restricts patients' records from being viewed by hospital personnel that don't have proper clearance to view that data.

In one more security measure, IBM trains doctors and other hospital personnel in how to properly use the technology to avoid slip-ups, said Hogan.

Still, no matter how secure the network is and how well-trained the hospitals' staff are, there is no fool-proof system.

Hogan said technology can be designed to anticipate and counter ways the "bad guys" will attempt to gain access to records. But government policy and hospital structure need to help support that technology.

"When we go in a direction that is more fine and robust in terms of policy and process, we can develop the technology that addresses the exposures," he said. To top of page

They're hiring!These Fortune 100 employers have at least 350 openings each. What are they looking for in a new hire? More
If the Fortune 500 were a country...It would be the world's second-biggest economy. See how big companies' sales stack up against GDP over the past decade. More
Sponsored By:
More Galleries
10 of the most luxurious airline amenity kits When it comes to in-flight pampering, the amenity kits offered by these 10 airlines are the ultimate in luxury More
7 startups that want to improve your mental health From a text therapy platform to apps that push you reminders to breathe, these self-care startups offer help on a daily basis or in times of need. More
5 radical technologies that will change how you get to work From Uber's flying cars to the Hyperloop, these are some of the neatest transportation concepts in the works today. More
Worry about the hackers you don't know 
Crime syndicates and government organizations pose a much greater cyber threat than renegade hacker groups like Anonymous. Play
GE CEO: Bringing jobs back to the U.S. 
Jeff Immelt says the U.S. is a cost competitive market for advanced manufacturing and that GE is bringing jobs back from Mexico. Play
Hamster wheel and wedgie-powered transit 
Red Bull Creation challenges hackers and engineers to invent new modes of transportation. Play

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer. Morningstar: © 2018 Morningstar, Inc. All Rights Reserved. Factset: FactSet Research Systems Inc. 2018. All rights reserved. Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor's Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2018 and/or its affiliates.