Can I Say No to an Electronic Health Record?

For years, I've been writing about health IT and how its advocates believe it could lead to cheaper and better health care for citizens. Now, I'm writing as one of those citizens.

When my health insurer changed in September, I had to sign up on the new provider's Web site. A question in the form stopped me cold: Was I willing to "store lab and claim data" in my electronic health record?

I freaked out. What if my employer could tap into this information? Or the government? Or strangers? The server my records are stored on could be hacked. Mind you, I'm someone who regularly types her credit card number into the computer and does her banking online. Still, I was uneasy.

And I'm not alone. According to a report from the Agency for Healthcare Research and Quality, most people say they want to "own" their health data and decide what goes into it. They also believe that their medical information should not be given to anyone without their permission. "Patients should be able to consent to each request to share their data," says Deborah Peel, who chairs an advocacy group called Patient Privacy Rights.

In some instances, patients don't even know their information is being shared. For example, if consumers turn over prescription drug records when applying for life insurance, the insurer will sometimes hand off the information to business partners who then hand it off to data miners. To keep a tighter grip on privacy, Deven McGraw, director of health privacy at the Center for Democracy and Technology, would like a set of rules that all organizations in the health IT world would have to follow.

While David Blumenthal, the Obama administration's health data coordinator, recognizes how important it is "to get this issue as right as humanly possible," a major part of that responsibility has fallen to governors' staffs and state chief information officers. They are the ones in charge of planning and implementing health information exchanges and applying for and managing stimulus money. More than $500 million will be available for them to help develop ways to share medical records within a nationwide electronic health IT network. It's not enough money to complete the task but it's enough of an infusion of cash over the next two years for states to get going.

As for me, I read pages and pages of my insurance company's privacy policy. I saw that my electronic health record is subject to the same privacy safeguards as the paper records in my doctor's office. At the same time as I'm balking at the implications of having my records available with a couple of clicks, I'm envious of people who can make appointments with their doctors on a Web site, see their lab results online and e-mail their doctors with questions about their flu symptoms. Maybe in time, the benefits of doctors having my records at their fingertips will salve my wariness about the electronic exchange of my personal medical information.