When Patients Fear EHR

When patients believe paper medical records are safer and more private than electronic ones, their health can suffer.

Mansur Hasib, Cybersecurity Professional, Author, and Speaker

July 28, 2014

4 Min Read
Old-fashioned paper medical documents feel safer to some patients than electronic records. <br />(Source: Wikipedia)

Many members of the public mistakenly believe electronic health records (EHRs) are less secure than paper files. Magnified by misinformation and political distortion of facts, an unnecessary fear has taken root in the minds of many consumers -- often with serious consequences.

While states were rolling out their health insurance exchanges last year, a key service provided by the federal hub Healthcare.gov was automatic verification of the application data an applicant entered. Applicants could choose automated or manual verification of their data. The public was unclear about the consequences of their decisions.

[Doctors are warming up to cloud services. Now what? Read Healthcare IT Cloud Safety: 5 Basics.]

If applicants chose automated verification, their applications could be approved within seconds without needing any documentation. If they chose manual verification, their applications would get stuck in a case worker's queue. Workers would then contact the applicant, and require the applicant to bring various documentation to verify date of birth, citizenship, legal status, income, information regarding their family members, and various other things. Their health insurance application approval would be delayed by weeks or months.

While working at several health fairs throughout the state of Maryland last year, I had the opportunity to talk to people about this issue. Here's what I found out:

  • Consumers thought that by choosing manual verification they would avoid having their information in electronic format.

  • People did not realize the choice would cause a delay in the approval of their application.

  • People had a general fear of computers and electronic information.

I explained to them that their information eventually would be in electronic format, even if they used a paper application form. If they chose automated electronic verification, the system would query the appropriate systems as well as the federal hub, verify the information entered, and provide a decision on the application within seconds. On the other hand, if they chose manual verification, they would need to bring in various documents that would have to be copied, scanned, and retained. It could take them a long time to gather all the necessary documentation; meanwhile, they would continue to be uninsured.

I then explained that paper records are far less secure than electronic records because of the following:

  • When someone views a paper record, no one knows who saw it, for how long they saw it, or when they saw it; we do not even know if they were authorized to view the record.

  • We cannot scramble or encrypt the data.

  • We are unable to retain backup copies in multiple locations to ensure protection in cases of fire or water damage.

  • Multiple physicians or other providers cannot easily see their complete medical records in order to make a life-saving decision for them.

  • Information is often hard to decipher because of variations in handwriting.

  • With electronic records, people have the power to determine how their information can be used and shared. They have the right and ability to view their information as well as correct any inaccuracies in their records. Custodians of their information are obligated by law to adequately protect their information or face severe fines and penalties.

I shared anecdotes of how patients' lives were saved because complete and accurate information was electronically available simultaneously to multiple specialists residing in various states, so they could agree on the least risky and most appropriate medication. This enabled the right decision to be made the first time. A wrong decision would have resulted in the death of the patient.

I then explained that electronic medical records are more secure than paper because:

  • We know exactly who sees their information, when they see it, for how long they saw it, and if they were authorized to see it.

  • Even in cases where an unauthorized access has been made, we have a better chance of catching the perpetrator.

  • We can scramble the information through encryption; we can also obfuscate the information and store it in a shredded file format instead of a complete file format.

  • We can keep the information in various geographically dispersed locations, ensuring availability even in case of disaster.

People felt empowered with the knowledge. It was truly heart-warming for me to watch as smiles spread across people's faces once they recognized the power, the promise, and the higher level of safety of electronic medical records. Once their insurance applications were approved within seconds, many complete strangers got up, shook our hands, and gave us their warmest hugs.

In its ninth year, Interop New York (Sept. 29 to Oct. 3) is the premier event for the Northeast IT market. Strongly represented vertical industries include financial services, government, and education. Join more than 5,000 attendees to learn about IT leadership, cloud, collaboration, infrastructure, mobility, risk management and security, and SDN, as well as explore 125 exhibitors' offerings. Register with Discount Code MPIWK to save $200 off Total Access & Conference Passes.

About the Author(s)

Mansur Hasib

Cybersecurity Professional, Author, and Speaker

Dr. Mansur Hasib is the only cybersecurity professional in the world with 12 years' experience as CIO; a Doctor of Science (DSc) in Cybersecurity; CISSP (cybersecurity); PMP (project management), and CPHIMS (healthcare) certifications, who has written two books on the subjects of cybersecurity and healthcare security and privacy. A global thought leader, Dr. Hasib has led technology and cybersecurity strategy for almost 30 years in healthcare, education, biotechnology, and energy. He is a frequent speaker at local, national, and international conferences in healthcare information technology, and cybersecurity and privacy. For his doctoral dissertation in 2013, Dr. Hasib conducted a national study in US healthcare and examined the relationship between cybersecurity culture and cybersecurity compliance and published the results in a book, Impact of Security Culture on Security Compliance in Healthcare in the United States of America. This work was cited in the references for ISC2's new healthcare security and privacy certification. In March 2014, Dr. Hasib published Cybersecurity Leadership: Powering the Modern Organization . In this work he shared his cybersecurity leadership model and life-long learning, drawing many examples from his practical experiences, research, and observations. His leadership model is applicable in any organization. Follow him on Twitter at @mhasib.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights