10 min read

A Prescription For Privacy

The Palo Alto Medical Foundation is providing patients with secure online access to their medical records
Doctors frequently say that patients must take more responsibility for their health care. A San Francisco Bay area medical group is making that easier for its patients by electronically storing medical records and making them available via the Internet--all while keeping the records secure and maintaining patient privacy.

The Palo Alto Medical Foundation, a primary-care and multispecialty medical practice of about 400 doctors, has implemented an electronic medical record system to store patient records. The system gives physicians easier access to patient records and improves communication among doctors, nurses, and staff. "When we looked at the information that physicians had available to them, we found that 81% of the time physicians didn't have all the information they needed to make decisions regarding a patient," says Dr. Paul Tang, chief medical information officer at the practice.

The medical group is already taking the first steps toward its next goal: allowing patients to view their personal medical records via the Internet. Some patients already use the Web to do everything from recording address changes to consulting with their physicians online. The electronic medical record relies on a range of secure ID, encryption, and Secure Sockets Layer technologies to give doctors, practice personnel, and patients access to the records while keeping intruders out.

The practice is nearly two years into a project to electronically store all patient records using software from Epic Systems Corp. About 30 doctors, most of them in the Los Altos and Redwood Shores, Calif., offices, have been virtually paperless for a year. Another 180 physicians will be trained on the system by year's end; 200 doctors in its Camino Division (part of a recent acquisition) will join the system in a couple of years.

The underlying Epic Systems technology also provides messaging for doctors, medical assistants, and nurses, and is used for managing prescriptions and billing. The software runs on a Unix-based computer system at the Sacramento, Calif., headquarters of the $3.5 billion Sutter Health network, which is associated with the Palo Alto Medical Foundation. Physicians and other personnel access the system through PCs and a client-server network. When working remotely, they access the system via the Internet.

Placing medical data online raises questions about privacy. Tang is quick to emphasize that PAMFOnline is different from other commercial health sites such as WebMD and Those sites serve as personal health diaries where people enter their own medical information, such as diagnoses from their doctors and medications they're taking, and the information can be used or sold however the site owners choose.

PAMFOnline pulls its information from the physician-maintained electronic medical record. "Unlike an unaffiliated health site, this is communication with your own physician," Tang says. What's more, commercial health sites don't have to adhere to the federal medical privacy regulations of the Health Insurance Portability and Accountability Act, which governs medical doctors, health plans and organizations, and their records, Tang says. The act specifies requirements for storing patient information before, during, and after electronic transmission, as well as providing detailed guidelines for everything from access control to disaster-recovery plans.

Online MedicineThe health-care company also uses security tools to safeguard medical records from unauthorized access. Within Palo Alto Medical Foundation facilities, physicians access the electronic medical record system from desktop PCs using an identification name and password. To provide doctors with access from outside via the Internet, the practice uses Secure ID technology from RSA Security Inc. Doctors use a smart card with an embedded chip and an LED display that provides an authorization number they use in conjunction with their personal ID number to gain access.

Doctors, nurses, and medical technicians who enter notes and read test results as well as clerical staff have access to the electronic records. Users are assigned different levels of access based on their need to know. Clerks who need to access records for billing purposes, for example, aren't allowed to see much of the information and can't order prescription drugs. Altogether, the system has 120 levels of access to the data. All activity is logged, creating an audit trail that can be traced in the event of misuse. The practice won't sell patient information to a third party, such as a pharmaceutical company.

Security is a prominent concern on the patient side. Patients access electronic medical records via the Internet, but only after signing an informed-consent agreement promising to keep their passwords secret. Then they receive a 25-character authorization code to access the PAMFOnline Web site. Once on the site, they create a private user ID and password.

The Palo Alto Medical Foundation has discovered the system has several advantages. The primary one is that doctors can access patient records from anywhere they have Internet access. "Making records available anywhere, anytime for patient-related decisions--that just wasn't possible in the paper world," Tang says. A satellite office may be a more convenient place for a patient to visit, but that's not an option if the patient's records are in the central office, he says.

The electronic medical record also makes it easier to avoid mistakes, such as patients getting the wrong drugs because the pharmacist was unable to read a doctor's handwriting, Tang says. Prescription refill orders are faxed automatically from the electronic medical record to the pharmacy. Software automatically alerts doctors if a prescription conflicts with a patient's condition or other drugs they're taking.

The electronic medical record system also has built-in decision-support tools that let doctors quickly search patient records--a marked improvement over flipping through reams of paper records to find a specific reference. Doctors can rely on the system to search all patient records, such as when they need to identify all users of a drug that's been removed from the market to prescribe a replacement.

Dr. Paul Tang

PAMFOnline gives doctors better access to patients' medical records, says Tang.

The electronic medical record system also performs automatic queries. It can check whether a newly prescribed medication might conflict with drugs a patient is already taking or might trigger an allergic reaction based on the patient's medical record. The system also has the potential to assist doctors conducting medical research, such as determining whether a drug undergoing clinical trials is effective. But Tang says such uses are still in the future.

The practice also expects some financial savings. It could eliminate up to $3 million a year in fees for having physicians' dictated notes and patient progress reports transcribed into paper documents. Doctors will enter records directly into the electronic medical record through PCs within examination rooms. While it might consume a bit more of the doctors' time, Tang says, the upside for them is that the records are available immediately; under the old system, it could take a week or longer to have records transcribed.

The health-care group is still rolling out the electronic medical record to its physicians, but about 200 patients are already participating in a beta program. Using a Web site, patients can see lab-test results, request prescription refills (authorization is faxed to the pharmacy), schedule appointments, and perform tasks such as changing addresses. In the future, patients who use home-testing equipment for chronic conditions such as diabetes can download test results to the electronic medical record for their doctors to review. Many chores, such as making appointments and renewing prescriptions, can be done via E-mail instead of waiting to speak with a nurse or a receptionist.

Patients can also ask questions about medical bills and seek medical advice, possibly eliminating the need for expensive, time-consuming office visits. At the practice, patients' medical queries will go to an "advice nurse" who can either answer the question or forward it to a physician or specialist. Tang isn't sure just how many patient queries can be handled in this way, but he says the number could be significant.

By having access to their own medical records, patients can gain a better understanding of their own health and medical care. They can track their children's immunization schedules or look up when they last had a checkup or particular test. "That's very progressive," says Matt Duncan, a Gartner research director who heads the firm's health-care industry research and advisory services. "Very few health-care organizations have used the Internet more than as a marketing tool." This fall, the practice will invite an additional 5,000 patients to participate in the program. The medical organization has some 400,000 patients who schedule about 1.2 million appointments annually.

The medical group is working through the question of what to charge patients and their health insurers for these services. Patients won't be charged for routine use of the Web site, such as scheduling appointments or renewing prescriptions, since both patients and the medical group benefit from the efficiencies, Tang says.

Less clear is whether the Palo Alto Medical Foundation will charge patients for "clinical communications," such as when they have a relatively simple medical question or are concerned about a reaction to a medication. Those communications, after all, might negate the need for expensive visits or phone calls with doctors. But the practice expects to charge for more substantive online doctor-patient interactions that are essentially the electronic equivalent of a visit to the doctor. It's starting to discuss such billing questions with health insurers.

The medical group also has had to consider when patients should be given quick access to their records and when they should hear from their doctor first, such as when test results provide bad news or require a doctor's explanation. Lab-test results are sent to a patient's physician for review, and the information is made available to patients online only when the doctor approves. If the results of a test are problematic, the doctor will call. If the results require a doctor's interpretation, it will be appended to the online information.

For now, physicians outside of the practice can't access patient records--something that would be valuable if a patient were in an auto accident and taken to an unaffiliated hospital. The patient, assuming he's conscious, could provide an outside doctor with access to the records.

Tang estimates that only about 5% to 10% of all medical groups nationwide have implemented electronic record systems or provide patients with access to medical records. Partners HealthCare System Inc. in Boston gives patients a portal they can use to refill prescriptions and ask doctors clinical questions. CareGroup Healthcare System in Boston recently installed a $2 million electronic drug-ordering system, using software from InterSystems Corp., to help prevent errors. The technology lets doctors cross-check drug orders for hazardous drug interactions and patient allergies.

Such practices are treading new ground in health care, and they'll likely face questions about how to provide access to medical records while simultaneously ensuring privacy. But increased use of leading-edge privacy and security technology, along with widespread adoption of the Health Insurance Portability and Accountability Act regulations, says Gartner's Duncan, "will build consumer confidence in trusting the Internet as a vehicle for communicating with their doctor and other health-care professionals."