eHealth confidential

Can health information exchange systems keep snoops out of patients' online records?
by | September 2007

From the president to governors to local health officials, everyone touts the electronic exchange of health records as a boon to the health care system. By making vital health information about a patient available to key providers where and when they need it, an online health information exchange could save money and vastly improve the quality and efficiency of health care.

There are technical and fiscal hurdles to jump to get a health information exchange up and running--everyone has been talking about those since the idea of an electronic health record first surfaced-- but there is another major hitch that doesn't get nearly as much attention, even though it could totally derail the effort to build a national health exchange. It's the question of privacy: creating a system that guarantees patients that their employers or others can't tap into their medical records and learn about, say, a mental health problem, an abortion or an incidence of a venereal disease.

Medical information has long been available in paper files stored in physicians' offices. Despite all the protections supposedly offered by the Health Insurance Portability and Accountability Act (HIPAA), paper records aren't all that safe from prying eyes. "A lot of people are allowed to see your data," says Jody Pettit, health information technology coordinator in the Office for Oregon Health Policy and Research. "It's unnerving for me, and I'm part of the medical establishment."

Electronic files raise the ante. Although it's possible that paper medical charts could make their way into the wrong hands, electronic records "can easily end up on a thousand computers in Pakistan, in the hands of employers, sold by data miners or posted on Web sites," says Dr. Deborah Peel, founder of the Patient Privacy Rights Foundation.

That is exactly the concern picked up in a survey this past November by the Markle Foundation, a nonprofit group that focuses on technology policy and promotes electronic health records. While a majority of people surveyed expressed interest in having online access to their own personal health records, an even greater majority were worried that the information would be used for other purposes. Their interest in electronic health records, the survey reported, "is contingent on the extent to which the government and others establish sufficient privacy and confidentiality protections."


The federal government has not done much about the privacy issue. Although President George W. Bush has commented on the urgency for developing an electronic health records system and even set 2014 as a target for all Americans to have e-health records, his administration has not come up with a comprehensive privacy approach. According to a report issued in August by the U.S. Government Accountability Office, the administration had taken only rudimentary steps to safeguard sensitive personal data that would be exchanged over the network.

The U.S. Health and Human Services Department, the GAO found, is in the early stages of its efforts and hasn't defined a strategy for tackling major privacy principles or combining various privacy-related initiatives. Some of the key challenges outlined in the report are the need to resolve variations in states' privacy laws, to limit what information is disclosed to whom, to ensure that individuals can change their own health information, and to implement the security needed to protect the information.

Then there's HIPAA. It doesn't do much to protect the privacy of paper records, let alone electronic versions. "It's totally useless," Peel says, noting that some 4 million "covered entities" are authorized to access, use and disclose health records without consumer consent or notice.

The federal flubs on the privacy issue are a concern to policy makers who want to see an electronic system take shape. They worry that if privacy protections are not built into the system from the beginning, people won't trust it and will refuse to participate in it.

The privacy issue has already been targeted as one of the causes of the failure of a regional attempt in California--the Santa Barbara County Care Data Exchange--to build an electronic health exchange network. It was one of the most ambitious, well-funded health information exchange efforts in the country, one that many in the field were watching as a model. In reporting on why the eight-year project failed--it disbanded late last year--David Brailer, the former national health IT coordinator who also helped guide the Santa Barbara effort, points to "a lack of clarity about privacy rules."


States can, of course, pass laws to protect health records. At this point, existing privacy laws vary among states. In addition, information on sexually transmitted diseases and mental health may fall under different privacy statutes than other health records, even within one state. At the very least, those laws would have to be harmonized to support a national health information exchange.

Even so, such laws wouldn't necessarily provide all the safeguards an electronic exchange demands. It is, rather, at the development level that immediate solutions are taking shape.

Massachusetts, for instance, has a Health Data Consortium, a membership organization of providers, hospitals, insurance companies, Medicaid officials and government regulators. The Consortium is trying to build a local exchange, and one of its concerns is to make sure patients can exercise some power over their records. One solution it is looking at is a "consent wizard" that would allow patients to choose which doctors could see what information. Patients could decide whether they want their health data to be easily available or tightly restricted or, for example, available only if they wind up in an emergency room.

Although the wizard is still far from being ready for implementation, the idea is that patients could choose specific providers and circumstances under which they would give permission for the personal data to be shared. "It would give patients control," says Ray Campbell, the consortium's executive director. When a physician, hospital or other provider put in a query for information on a patient, the system would check to see if the data can be released to that person or office.

The beauty of the electronic protocol is the ability to communicate quickly. "It's not a matter of a phone call," Campbell says. "That grinds everything to a halt." Moreover, the audit trail can be checked to see which providers do the best job on security and privacy.

While some programs are looking at opt-out approaches--the patients are included unless they say they don't want to participate--Rhode Island may test an opt-in approach. The state, which just signed a contract to develop a statewide health information exchange, would not automatically put all patients into the system but would let each person decide whether or not to enroll. No information would be entered into the exchange without the patient actively taking that step. The state also is considering a second level of consent that would ask patients to authorize who can see that information once it's in the network.

In Indiana, 40 percent of the state's population is already involved in a health information exchange of some kind--usually lab reports and radiology results. Even so, the exchange is active and processing a lot of less-sensitive data from emergency rooms and other providers, according to Roland Gamache, director of Indiana's health data center.

The state already has seen important benefits from the electronic exchange. In his 15 years of working in health care in the state, Gamache says he was never able to identify an outbreak of a disease or public health problem until a clinician called to tell him about it. That changed with electronic reporting. Gamache says he was able to identify two separate public health situations from emergency room data that was entered into the system: an outbreak of gastrointestinal disease, and carbon monoxide poisoning in a multi-unit building. "The ability to detect those outbreaks and respond to things a lot faster is important to us," he says.

To deal with the privacy issue of individual health records, Indiana went the opt-out route. Patients are given the opportunity to just say no to having their records included in a network--otherwise they are in the system. Less than one-tenth of 1 percent opted out. "Most people feel it's good to participate," Gamache says.


Rather than deal with all the nuances of networking personal health data, New Jersey and New York City put together a cross-border project that deals with only the most basic health data: immunization records. Such records are a good place to start trying out electronic records, says William O'Byrne, who is the coordinator for health information technology in New Jersey's Department of Banking and Insurance. That's because they're not as deeply personal as records on AIDS or HIV, or drug or alcohol abuse.

Making immunization records available through a network exchange was also a tremendous convenience for New Jersey residents. Some 47,000 of them were immunized in New York City because they went to school there, but New Jersey has no record of those shots. Forcing people to track down their records or redo their shots is a "consummate waste of time," O'Byrne says. He hopes that other states will join in the exchange to reduce the burden on their residents. In addition, providing that kind of helpful service gives people an idea of how useful--and non-threatening--electronic health records can be.

It's possible that certain information will never be part of an electronic health record or that some people's records will be incomplete. There might even be a patient bill of rights allowing people to remove sensitive data. A patient could excise information about a mental health breakdown or an alcohol problem. It's possible that electronic records will contain only information about prescriptions, diagnostic tests, blood tests, EKGs and imaging tests. "Those are the things you'd want in there if you were rushed into a hospital," O'Byrne says. "That's not a bad thing."

Ellen Perlman
Ellen Perlman | Former columnist |