EHR and the Issue of Privacy

Stanley Feld M.D.,FACP,MACE

After the last post I received the following comment.

“But here’s the problem. How can you keep government agencies, malpractice lawyers, and so on from accessing an EHR? They can subpoena written records or EHR’s, but the ability of sophisticated computer users to hack into an EHR system is what gives a lot of us ordinary folks the willies.”

This is a comment that always comes up. I believe the software companies with electronic medical records can answer the question better than I can. I have asked the question of security to many software companies who create EHRs and EMRs. Their answer has always seemed satisfactory to me.

Other industries seem satisfied with the security they have. The banking industry is elated with the savings and efficiency of online banking. I should think security in banking is as much of a privacy concern of people as medical records. Paper records all over the place in laboratories, physicians’ offices and hospitals never seemed very secure to me. One of my son’s (Brad Feld) portfolio companies “Still Secure” has created a software package that creates a fence around the computer server which makes the server is totally invisible to incoming and outgoing data. The thirty four year old CEO of Still Secure, Rajat Bhargava, is one of the brightest people I have ever met.

I spoke about the EHR cueing the Primary Care Physician to evidence based medicine tests, procedures and treatments. It is practically impossible to remember all the screening procedures that need to be done while treat care of an illness that brought the patient into the office. If done automatically, this would increase the quality of medicine practiced.

The malpractice attorneys’ opportunities would disappear if the governments, both state and federal, had the courage to pass realistic malpractice reform. Unfortunately the reform is occurring too slowly and sometimes incorrectly. The practice of defensive medicine has wastefully increased the cost of medical care.

If a patient has not seen a physician in a year, then visits with a common cold, there might be several screening tests due for the patient. If the patients chart is thick, it might be difficult to find the PSA (Prostatic Specific Antigen), rectal for blood, or chest x-ray in the paper chart as there is pressure to see the next patient. In an electronic chart all of this data can be presented at point of service to the physician. The physician can then recommend the evidence based screening test to the patient. There is simply too much information to keep in one’s head. The patients can decide, with the doctors help,which screening test they want done.

If the patient went to several physicians and had a Personal Health Record, the doctor would know instantly if the patient had the test at another physician’s office. The test and treatment could be available to the present examining physician. Having this information available could serve to discover disease early, avoid costly complications and save lives.

Physicians are always checking the literature to see the latest treatments, complications or drug interactions. Most physicians have computers in their office. In recent years rather than going to their textbooks which are outdated as soon as they are published they go to Pub Med, various journals or organized medicine sites to get the latest information. To get the latest information on a drug they do not turn pages in the PDR anymore. They go to the online PDR or pharmaceutical web site. Internet access in a typical practice day can be invaluable.

In an Ideal EHR all of this information would be at the physician’s fingertips at the point of service. The physician would have to learn to use the computer as a physician extender. He must learn to treat the patient and not the computer. He must remember that a positive patient physician relationship has great therapeutic value. Personal contact and communication is vital to the therapeutic effect. My good friend, Dr. Richard Reece, a noted healthcare policy expert pointed out graphically this potential hazard in his excellent and funny blog post The Chart Before The Horse.

I believe with the ideal EHR both the patient’s and physician’s privacy can be protected. Actually, there should be a reward. The companies manufacturing the EHR should be able to provide the data to prove the increase in quality care automatically. I spoke about eliminating the barriers to improving medical care. The EHR can provide information to both the physician and the patient to increase the quality of care patients receive. Instruction to the patient can be printed in detail or sent to the patient online to their PHR.

There should be nothing about this transaction that gives patients the “willies”. It can only improve the delivery of care.