[Med-privacy] NYT editorial

[peter marshall]

The New York Times

February 1, 2009
Editorial
Your E-Health Records

As part of the stimulus package, $20 billion will be pumped into the=20
health care system to accelerate the use of electronic health records.=20=

The goal is both to improve the quality and lower the costs of care by=20=

replacing cumbersome paper records with electronic records that can be=20=

easily stored and swiftly transmitted.

The idea is sound, but it also raises important questions about how to=20=

ensure the privacy of patients. Fortunately, the legislation would=20
impose sensible privacy protections despite attempts by business=20
lobbyists to weaken the safeguards.

With paper records the opportunities for breaches are limited to=20
over-the-shoulder glimpses or the occasional lost or stolen files. But=20=

when records are kept and transferred electronically, the potential for=20=

abuse can become as vast as the Internet.

Electronic health records that can be linked to individual patients are=20=

already protected by laws that apply primarily to hospitals, doctors,=20
nursing homes, pharmacists, laboratories and insurance plans. The=20
stimulus bill that has passed in the House, and a similar bill awaiting=20=

approval in the Senate, would strengthen the privacy requirements and=20
apply them more directly to =93business associates=94 of the providers,=20=

like billing and collection services or pharmacy benefit managers, that=20=

have access to sensitive data but are not readily held accountable for=20=

any misuse.

The potential for harm was spelled out by the American Civil Liberties=20=

Union in a recent letter to Congress. Employers who obtain medical=20
records inappropriately might reject a job candidate who looks=20
expensive to insure. Drug companies with access to pharmaceutical=20
records might try to pressure patients to switch to their products.=20
Data brokers might buy medical and pharmaceutical records and sell them=20=

to marketers. Unscrupulous employees with access to electronic records=20=

might snoop on the health of their colleagues or neighbors.

The bills pending in Congress would go a long way toward preventing=20
such abuses. They would outlaw the sale of any personal health=20
information without the patient=92s permission, mandate audit trails to=20=

help detect inappropriate access, and require that patients be notified=20=

whenever their records are lost or used for an unauthorized purpose.=20
They would also beef up the penalties for noncompliance and allow state=20=

attorneys general to help enforce the rules =97 a useful backup in case=20=

the federal government falls down on the job. The House version would=20
also encourage the use of protective technologies, like encryption, to=20=

protect personal medical information that will be transmitted.

Health insurance plans and some disease management groups are=20
complaining that the new requirements would impose administrative=20
burdens that could actually impede the use of electronic records and=20
interfere with coordination of care. They want to ease the marketing=20
restrictions, notify patients only if security breaches are harmful,=20
and keep the attorneys general out of the enforcement role.

It should be possible through implementing regulations to fine-tune the=20=

privacy requirements so that they do not disrupt patient care. Congress=20=

must make every effort to ensure that patients=92 privacy is protected.


Copyright 2009 The New York Times Company