Healthcare // Electronic Health Records
Commentary
7/28/2014
09:06 AM
Mansur Hasib
Mansur Hasib
Commentary
Connect Directly
Twitter
RSS
E-Mail
100%
0%

When Patients Fear EHR

When patients believe paper medical records are safer and more private than electronic ones, their health can suffer.

Many members of the public mistakenly believe electronic health records (EHRs) are less secure than paper files. Magnified by misinformation and political distortion of facts, an unnecessary fear has taken root in the minds of many consumers -- often with serious consequences.

While states were rolling out their health insurance exchanges last year, a key service provided by the federal hub Healthcare.gov was automatic verification of the application data an applicant entered. Applicants could choose automated or manual verification of their data. The public was unclear about the consequences of their decisions.

[Doctors are warming up to cloud services. Now what? Read Healthcare IT Cloud Safety: 5 Basics.]

If applicants chose automated verification, their applications could be approved within seconds without needing any documentation. If they chose manual verification, their applications would get stuck in a case worker's queue. Workers would then contact the applicant, and require the applicant to bring various documentation to verify date of birth, citizenship, legal status, income, information regarding their family members, and various other things. Their health insurance application approval would be delayed by weeks or months.

Old-fashioned paper medical documents feel safer to some patients than electronic records. (Source: Wikipedia)
Old-fashioned paper medical documents feel safer to some patients than electronic records.
(Source: Wikipedia)

While working at several health fairs throughout the state of Maryland last year, I had the opportunity to talk to people about this issue. Here's what I found out:

  • Consumers thought that by choosing manual verification they would avoid having their information in electronic format.
  • People did not realize the choice would cause a delay in the approval of their application.
  • People had a general fear of computers and electronic information.

I explained to them that their information eventually would be in electronic format, even if they used a paper application form. If they chose automated electronic verification, the system would query the appropriate systems as well as the federal hub, verify the information entered, and provide a decision on the application within seconds. On the other hand, if they chose manual verification, they would need to bring in various documents that would have to be copied, scanned, and retained. It could take them a long time to gather all the necessary documentation; meanwhile, they would continue to be uninsured.

I then explained that paper records are far less secure than electronic records because of the following:

  • When someone views a paper record, no one knows who saw it, for how long they saw it, or when they saw it; we do not even know if they were authorized to view the record.
  • We cannot scramble or encrypt the data.
  • We are unable to retain backup copies in multiple locations to ensure protection in cases of fire or water damage.
  • Multiple physicians or other providers cannot easily see their complete medical records in order to make a life-saving decision for them.
  • Information is often hard to decipher because of variations in handwriting.
  • With electronic records, people have the power to determine how their information can be used and shared. They have the right and ability to view their information as well as correct any inaccuracies in their records. Custodians of their information are obligated by law to adequately protect their information or face severe fines and penalties.

I shared anecdotes of how patients' lives were saved because complete and accurate information was electronically available simultaneously to multiple specialists residing in various states, so they could agree on the least risky and most appropriate medication. This enabled the right decision to be made the first time. A wrong decision would have resulted in the death of the patient.

I then explained that electronic medical records are more secure than paper because:

  • We know exactly who sees their information, when they see it, for how long they saw it, and if they were authorized to see it.
  • Even in cases where an unauthorized access has been made, we have a better chance of catching the perpetrator.
  • We can scramble the information through encryption; we can also obfuscate the information and store it in a shredded file format instead of a complete file format.
  • We can keep the information in various geographically dispersed locations, ensuring availability even in case of disaster.

People felt empowered with the knowledge. It was truly heart-warming for me to watch as smiles spread across people's faces once they recognized the power, the promise, and the higher level of safety of electronic medical records. Once their insurance applications were approved within seconds, many complete strangers got up, shook our hands, and gave us their warmest hugs.

In its ninth year, Interop New York (Sept. 29 to Oct. 3) is the premier event for the Northeast IT market. Strongly represented vertical industries include financial services, government, and education. Join more than 5,000 attendees to learn about IT leadership, cloud, collaboration, infrastructure, mobility, risk management and security, and SDN, as well as explore 125 exhibitors' offerings. Register with Discount Code MPIWK to save $200 off Total Access & Conference Passes.

Dr. Mansur Hasib is the only cybersecurity professional in the world with 12 years' experience as CIO; a Doctor of Science (DSc) in Cybersecurity; CISSP (cybersecurity); PMP (project management), and CPHIMS (healthcare) certifications, who has written two books on the ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 4 / 8   >   >>
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
7/29/2014 | 4:48:39 PM
Re: Defending the value of EHR versus paper
If you think about storage alone, and the cost of renting warehouse space for all the paper documents associated with serving thousands and thousands of patients each year, you can start seeing how savings will begin to add up! Those papers should (but aren't always) be protected by guards and wire and alarms, etc., too, so they need securing too.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
7/29/2014 | 4:46:42 PM
Re: Defending the value of EHR versus paper & REgulatory Concerns
I just wrote a blog, spurred by this conversation, which should appear soon on InformationWeek about that topic. In one study, slightly more than half the healthcare organizations surveyed had someone on staff dedicated to heading security... that's not a big enough percentage, IMHO. Look forward to learning what you find out, @Jeff!
Hospice_Houngbo
100%
0%
Hospice_Houngbo,
User Rank: Strategist
7/29/2014 | 4:43:07 PM
Re: Defending the value of EHR versus paper
@Alison_Diana

You raised some legitimate concerns, but we can we say the same thing about our banking information? People haven't given up online banking despite the threat that cybercriminals might steal access codes for personal bank accounts, credit card and other types of payment card numbers.
Hospice_Houngbo
50%
50%
Hospice_Houngbo,
User Rank: Strategist
7/29/2014 | 4:31:21 PM
Re: Defending the value of EHR versus paper
@DarrellP725

"Paper records cannot be hacked from the other side of the world."

But this doesn't mean that electronic records are more "risky" than paper records.

"The HIPAA Security Rule is intended to protect Electronic Protected Health Information (EPHI) from unauthorized or accidental theft, loss, destruction or access, from individuals either inside or outside the practice." ....

"if electronic records are properly secured, they would be encrypted such that even if someone were to breach a medical practice's network and get to the data, they would not be able to actually decode the data without the encryption key."

- See more at: ttp://www.physicianspractice.com/blog/are-electronic-health-records-%E2%80%98safer%E2%80%99-paper-records#sthash.FaeXodI5.dpuf
Jeff Jerome
50%
50%
Jeff Jerome,
User Rank: Ninja
7/29/2014 | 11:59:13 AM
Re: Defending the value of EHR versus paper & REgulatory Concerns
Alison - That is a great point about most health care providers not having a CSIO.  I will reach out to a couple of health care clients and see what their take on that is and follow up with another post.
mhasib
50%
50%
mhasib,
User Rank: Author
7/29/2014 | 11:08:38 AM
Re: Defending the value of EHR versus paper
This is an important point. While researching for stories for my articles and books, I spoke to executives in the well functioning health information exchange in Delaware. I learned that the cost of a typical transaction was brought down from $1.25 to $0.25 by the exchange. So hospitals, labs and other providers have opted to use and pay the exchange for these transactions resulting in long-term financial sustainability for the exchange. Statewide adoption of EHR and electronic transactions is well in the high 90% range.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
7/29/2014 | 9:58:55 AM
Re: Defending the value of EHR versus paper
EHR advocates argue one reason the software has been less effective is because of interoperability. Since Hospital A cannot necessarily communicate with Dr. X, Lab Y, or Hospital C, savings are nonexistent. As Mansur said in his article, HIXs were supposed to eliminate those problems. 
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
7/29/2014 | 9:56:36 AM
Re: Defending the value of EHR versus paper & REgulatory Concerns
As one high-level security consultant told me, many healthcare organizations don't have a chief security officer (or CISO) to oversee security so the whole area of security is managed incorrectly. Then there's the battle for security professionals, in high demand across all industries. You then have the battle between healthcare pros -- where seconds can count -- and security pros -- who want multiple precautionary layers. And so it goes.
DarrellP725
50%
50%
DarrellP725,
User Rank: Moderator
7/29/2014 | 9:45:25 AM
Re: Defending the value of EHR versus paper
In March, David Blumenthal M.D., the former National Coordinator for Health Information Technology, said this about EHRs: "... from the provider's perspective, there are substantial costs in setting up and using the [EHR] systems. Until now, providers haven't recovered those costs, either in payment or in increased satisfaction, or in any other way." (See: "Why Doctors Still Use Pen and Paper -The healthcare reformer David Blumenthal explains why the medical system can't move into the digital age," by James Fallows, for The Atlantic, March 19, 2014).

http://www.theatlantic.com/magazine/archive/2014/04/the-paper-cure/358639/
Jeff Jerome
50%
50%
Jeff Jerome,
User Rank: Ninja
7/29/2014 | 9:38:20 AM
Re: Defending the value of EHR versus paper & REgulatory Concerns

Alison - Your comment; "But I don't believe healthcare organizations are doing enough to promote security. They must do more. Sadly, I don't think that will happen until there's a huge Target-like breach. Then heads will roll and, "suddenly," resources for more healthcare security will become available at more organizations".  This I believe is very true.  And I would add that the folks who are doing EHR initiatives, security initiatives and other initiatives related to healthcare face many challenges.  Some of those challenges are simply resources in the form of people and money.  In addition they have another obstacle which is that they are highly regulated.  Those are some substantial challenges that they have to address day to day which is no easy feat.

<<   <   Page 4 / 8   >   >>
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.