This website provides readers an historical perspective on the evolution of various healthcare laws and regulations affecting healthcare freedom and privacy.
For updated information about healthcare freedom and privacy issues, visit Citizens' Council for Health Freedom's website
Browse by Topic

Will Americans Lose Their Privacy with Electronic Medical Records?

June 14, 2004

The prospect of strangers accessing other people's medical records online is a serious concern to many citizens. In fact when polled, some 40 percent of Americans say they won't give doctors online access to their medical records because of privacy concerns. Perhaps this response is based on cases in which hackers were able to penetrate computer databases and obtain personal health information. For example, a hacker was able to access the records of more than 5,000 patients who had been treated at the University of Washington Medical Center.

Does President Bush's New Mandate Give HHS Authority to Link Everyone's Medical Records to a National Computerized System?

It is estimated that currently only 10 to 20 percent of physicians use electronic medical records (EMRs). But this will soon change.

President Bush recently announced plans for all Americans to have electronic medical records within the next ten years. On April 27, President Bush signed Executive Order 13335, titled "Incentives for the Use of Health Information Technology and Establishing the Position of the National Health Information Technology Coordinator." The new coordinator, who will be at the U.S. Department of Health and Human Services (HHS), is required to facilitate the development of a nationwide "interoperable" (exchangeable) health-data system that will allow the sharing of patients' personal health information electronically. This mandate appears to give HHS authority to link everyone's medical records to a national computerized system.

It's not clear whether citizens will be able to exercise control over the flow of their personal health information that will become part of the forthcoming national health-data system.

Does "Secure and Protected" Necessarily Mean Private?

The presidential mandate also notes that the coordinator is responsible for ensuring that "patients' individually identifiable health information is secure and protected." But the order neglects to ensure that patients' medical records will remain private, since it does not require patients' consent before their medical records can be shared with many others. Thus, "secure and protected" does not necessarily mean confidential. Rather, the forthcoming nationally linked computerized system will make it much easier for more than 600,000 health-care entities (data processing companies, insurers, doctors, hospitals, etc.)—who are legally authorized under the Federal Medical Privacy Rule—to share personal health information without individuals' consent.

That is because the order directs the coordinator to facilitate the development of national standards for sharing patients' health information. The mandate states that the new plan shall "Not assume or rely upon additional Federal resources or spending to accomplish adoption of interoperable health information technology...."

This appears to be a way to bypass the requirement for congressional approval for funding unique health identifiers (which HHS currently lacks) to tag and track personally identifiable health information. For example, instead of relying on federal funding to create unique health identifiers for all citizens, the coordinator could instead facilitate nationwide use of the "Master Patient Index" (MPI) or another tool to link medical records across the country and make them readily accessible to many persons. The MPI is a software tool used to massively distribute patient medical records "across a U.S. national backbone," according to the Commerce Department's National Institute of Standards and Technology, the federal agency that granted $2.26 million to a software company to develop the tool.

There's no doubt that EMRs will make it much easier for doctors and others to access patients' medical records with just a click of a mouse. But this same efficiency clearly increases the risk of medical privacy invasions. Individuals, not the federal government, should be the ones to balance the benefits of EMRs versus the risk of breaches of confidentiality.

This article was originally published in the May/June 2004 issue of Health Freedom Watch.