While EMRs promise massive opportunities for patient health benefits and reductions in administrative costs, the privacy and security risks are daunting.
While electronic medical records promise massive opportunities for patient health benefits and reductions in administrative costs, the privacy and security risks are equally huge.
The Obama administration has set an ambitious goal--to get electronic
medical records on file for every American by 2014. The administration
is offering powerful incentives: $20 billion in stimulus funds as per the
American Recovery and Reinvestment Act (ARRA) of 2009, and stiff
Medicare penalties for healthcare providers that fail to implement
EMRs after 2014.
EMRs offer tantalizing benefits: Improved efficiency via the elimination of tons of
paper files in doctors' offices, and better medical care through the use of
the same kinds of database and data mining technologies that are now
routine in other industries. One example: EMR systems can flag symptoms and
potentially harmful drug interactions that busy doctors might
But the accompanying privacy and security threats are significant. When
completed, the nation's EMR infrastructure will be a massive store of
every American's most personal, private information, and a potential
target of abuse by marketers, identity thieves, and unscrupulous employers and
Regulators are attempting to craft rules that would unlock the
benefits of EMRs while protecting Americans from the security risks.
Healthcare IT pros will be required to implement systems and business
processes that conform to these regulations, or face lost funding,
institutional fines -- and, in some cases, personal criminal
The new regulations come as the healthcare industry faces big privacy
problems, going back years. In 2003, a medical transcriptionist in
Pakistan threatened to post patient records from the University of
California San Francisco's Medical Center on the Internet unless she
was paid for her work for a transcription service company hired by the
The dispute was resolved, but in the meantime, patients had no
idea their records were being sent overseas. In another breach, two
computers that held the confidential records of
close to 200,000 patients of a medical group in San Jose, California,
were posted for sale on Craigslist.org. The FBI recovered the
information and the medical group informed current and former patients
of the theft, according to a
2006 report in the HIPAA Bulletin.