In a March 23 opinion piece in the Wall Street Journal, Deborah Peel, MD, founder of the Patient Privacy Rights and leader of the bipartisan Coalition for Patient Privacy, argues that unless we put patients in control of their electronic healthcare records and put safeguards in place to make that data secure and private, the push to have a nationwide EHR system will fail. Peel is absolutely correct.
But it will take more than implementing privacy and security technological safeguards in the EHR systems. It will take more than giving patients control over who sees what information in their electronic records. Peel wrote of people not trusting the privacy of their paper-based health records 35 years ago. Herein lies the problem.
Peel writes: "When patients realize they can't control who sees their electronic health records, they will be far less likely to tell their doctors about drinking problems, feelings of depression, sexual problems, or exposure to sexually transmitted diseases. In 2005, a California Healthcare Foundation poll found that one in eight Americans avoided seeing a regular doctor, asked a doctor to alter a diagnosis, paid privately for a test, or avoided tests altogether due to privacy concerns."
Will it matter to the one in eight if their records are paper-based or electronic? The seven out of eight may turn to avoidance behavior, but if we implement those privacy and security technologies and give patients control they may feel comfortable enough to conduct business as usual.
It's unclear if the one in eight will change behavior at all. One in eight is a significant ratio. So how do we reach those people and convince them not only to trust their EHRs but give up avoidance behavior? And what of the patients who have control of their EHR and withhold such issues as drinking problems or feelings of depression? What happens when they are in a medical emergency and the treating physician makes a clinical decision that may put them at risk because of withheld information? And what good is withheld information in a medical situation?
If we as a society are to address these issues, ahead of the EHR requirements for privacy and security and patient control, we have to ensure that healthcare organizations large and small have updated, airtight security processes and procedures in place (who on staff gets to see what information when, what the consequences are, etc.). Sounds common sense, but recent privacy breaches (unauthorized workers seeing patient records comes to mind) have highlighted how healthcare organizations need to review and train their staff, for one. It's not just a technological breakdown that results in privacy breaches.
We as a society also have to address the issues that prevent patients from revealing problems such as alcohol abuse and depression - stigmatization. This is a larger public awareness campaign and national dialogue that cuts across cultures and generations and requires building on openness, caring and trust. No easy task, but it's something that even we as citizens can do in a smaller, local environment.
The bottom line is that in one sense regardless of the movement from paper-based record system to EHRs, at the core we have to deal with the larger issue of stigmatization of illnesses. And that's a societal task. If we wish for a high percentage of buy-in for EHRs, that task needs to be owned.
