DREXEL UNIVERSITY
Electronic Health Records and Patient Privacy An Annotated Bibliography
Marybeth Moretti 6/9/2010 INFO522: Information Access & Resources Marybeth Moretti 2 INFO522
Introduction and Scope
Many people are quite used to visiting their physician, relaying the ailments prompting the visit, and having the physician write copious notes throughout the appointment to capture all that is being said by the patient, concluding with the physician’s diagnosis and treatment options. The patient may walk away with an appointment to a specialist and one or more prescriptions to take to the local pharmacy. The patient may visit the specialist, relaying the ailments prompting the visit as was done with the original doctor, while the specialist is writing copious notes to capture all that is being said. The patient might then walk away with additional prescriptions to take to the local pharmacy to fill and other treatment options to consider. The visits to the various physicians may not be different in the near future, however, the method by which the copious notes are captured and relayed from one physician to another, as well the handling of prescriptions, are changing.
The electronic health record (EHR), also known as an electronic medical record (EMR), has received much more notoriety lately due to President Obama’s push to digitize health care. The American Recovery and Reinvestment Act of 1999 will infuse about $20 billion into modernizing healthcare technology systems, including systems to handle the digitization of electronic health records (Hall, 2010, p. 2). In doing so, President Obama’s overall objective is to reduce medical errors, and at the same time, reduce health care costs, in part by reducing duplicative testing. Electronic health records are one of the methods by which the medical community can reduce errors and costs, and where other numerous benefits exist, however, EHRs also come with some risks, which will be discussed in more detail below.
The electronic health records also create a daunting challenge to the medical community because of privacy issues. The Health Insurance Portability and Accountability Act of 1996, otherwise known as HIPAA, defines the guidelines by which the medical community must abide in order to keep patient records private and confidential, for example, by protecting patient names, photographs, diagnosis or any other means of identification. These guidelines must be able to translate into an electronic environment. Marybeth Moretti 3 INFO522
This paper will discuss the EHR in more detail, and specifically how it relates to patient privacy, and implications within the medical community.
Description
Many people have heard the term “Hippocratic Oath” as it relates to the medical community. “The Oath of Hippocrates established the principles of privacy and confidentiality as fundamental aspects of medical care” (Rothstein, 2010, p. 8). Carried forward, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 defined the guidelines that physicians, and the medical community, must comply with when dealing with the patient’s confidential medical information. HIPAA helps to assure the patient that the private information being relayed to the physician will be kept confidential, allowing the patient to be truthful and comprehensive in order to obtain the most informed diagnosis. Without this assurance, the patient may not be as forthright with the physician and therefore jeopardize treatment and care.
The people today who may require access to a patient’s medical records are plentiful, including, but not limited to, physicians with various specialties, dentists, social workers, optometrists, psychologists, physical therapists, respiratory therapists, physician assistants and nurses, pharmacists, lab technicians. Then there are the students in teaching hospitals, insurance providers, and medical researchers, and the list continues. There is also a great deal of financial infrastructure surrounding medical care today. In essence, the patient does not personally know, or have personally chosen for that matter, most of the individuals involved in their medical treatment although so many are in contact with the patient’s medical records. “Dr. Mark Siegler, in a much-discussed article in 1982, calculated that the health records of a typical patient at his teaching hospital were viewed by at least 75 health professionals and hospital personnel during an in-patient stay” (Rothstein, 2010, p. 9). Yes, the quote was from 1982, almost 30 years ago. Just imagine the amount of individuals reviewing a medical record today, particularly with all the medical technological advances made within the past 30 years. Marybeth Moretti 4 INFO522
Dr. Siegler’s study actually makes a great case for the electronic health record today. With so many in the medical community potentially involved with each patient, the benefits of having one comprehensive medical record enumerated by multiple physicians, technologists, and others involved in the medical care, would be invaluable. It is not necessarily in the patient’s best interest to continuously put the onus on the patient to relay the same ailment from one physician to the next without having some of the data translated by a physician into a more insightful medical record. When an individual goes from a primary doctor to a specialist, the patient is relaying the same information to both physicians without the benefit of the first doctor’s input, for example. A better solution for the patient and the subsequent specialist(s) would be for the first physician to record the patient’s symptoms into an EHR including the preliminary diagnosis or treatment. The patient could still relay the symptoms to the specialist, but the benefit of having input from the first physician would be significant.
Fortunately, even if the same or more medical professionals must review an electronic medical record today, there is an audit trail and certain accesses are password-based. There have been numerous stories in the press where the medical history of a famous individual has been discussed by non-authorized medical personnel with the Press. The key is to ensure that certain people are provided only the medical information that they really need to know, instead of having access to the patient’s entire record. For another example, a dentist does not necessary need to have a patient’s optometry information, but would benefit from knowing the individual’s prescriptions and any chronic ailments, particularly if any type of invasive dental procedure was to be performed.
As mentioned previously, Health Insurance Portability and Accountability Act (HIPAA) provides a legal framework from which the medical community must abide to ensure that patient records, in any form, are kept confidential in accordance with each patient’s wishes. Properly translating this framework into an electronic medium is challenging. A patient’s paper consent is easily obtained, and made known, prior to providing care, however, an electronic consent “may be determined by automatic processes without the explicit involvement of the parties normally associated with that decision” (Coiera, 2004, p. 130). There needs to be a Marybeth Moretti 5 INFO522 decision structure that takes into account those physicians who need to be involved in care but may not have been involved in the consent decision. It is here where implied consent would need to take effect so that appropriate care is not interrupted.
A study performed in Willison’s “Consent for use of personal information for health research” article (2009) wondered if those medical conditions with a stigma attached, such as HIV, chronic depression, alcoholism and lung cancer, would have more stringent privacy concerns and needs than those with less stigmatizing conditions, such as breast cancer, hypertension or diabetes. Simply put, the study found that “individual attitudes – and disclosure concern in particular – were more predictive of consent choice than was one’s health condition. This suggests that privacy attitudes may be formulated relatively early on and may be robust to one’s health condition, which may develop later in life” (Willison, 2009, p. 9). This is certainly an interesting article from the standpoint that there are diseases that have a greater stigma in society than others and the assumption would be that patients would show more concern for privacy and confidentiality.
In many cases, providing adequate notice to patients of a substantial change in policy, such as the implementation of electronic health records, together with the ability to easily accept or opt-out of participation, can help a community embrace the new technology. (Adams, 2004) Allowing people to make an informed decision can really mean the difference of acceptance.
The privacy issue may be of primary concern to those utilizing online resources such as Google Health or Microsoft HealthVault, otherwise known as “personally-controlled medical records” (Steinbrook, 2008, p. 1653). These services allow the patient to access, change, or delete their medical account, which means that the patient has control. However, as indicated in the Steinbrook article entitled, “Personally controlled online health data – The next big thing in health care?” (Apr 2008), “unfortunately, promises about data privacy and security may lack legal force.” In addition, “the data they store may not be as private as consumers assume, and a person’s ‘control’ could turn out to be limited” (Apr 2008). The user should make every effort to review the privacy policy prior to signing up. In addition, personally-controlled records Marybeth Moretti 6 INFO522 would have to be incorporated into a medical facilities EHR framework so the patient would be able to access and change their own records. This article also referenced a 2007 survey where 91% of the respondents felt that they should have access to their own electronic medical record. Surprisingly, from this same survey, 60% thought that the benefits of an EMR outweighed the privacy risks (Steinbrook, 2008, p. 1654). I thought the 60% was a surprisingly high number considering the potential implications for medical identity theft. Although it has been three (3) years since this survey, I wonder if the results would be slightly lower today. Even though I have never been a victim of any form of identity theft, the ramifications of having medical information stolen and used could certainly result in the most extreme form, death from incorrect care. I would have to believe that many people have the belief that “it won’t happen to me” and most of the time, these people would be correct.
Two of the major challenges facing the medical community regarding EHRs are 1) the technological challenge of having many systems that can interact properly and 2) the cost of implementation and wondering who is responsible to foot the bill. Privacy has begun to increase as an additional concern. As the first two challenges are being resolved, the privacy issue must be quelled in order to be accepted by patients. If the patient is too concerned about the confidentiality of their medical data, the system will not survive because the patient will not consent to sharing their medical information. However, a study conducted by Simon et al. (2009) actually showed that the privacy issue was not a major concern to the respondents and the benefits of EHR were recognized. In one case, a young woman conveyed the added benefit of EHR after learning that her father’s extensive paper files were recently lost by his physician. In the end, the respondents in Simon’s study (2009) wanted the ability to determine who would get their consent and wanted the ability to ask questions beyond the informational material received. Study results appear to be showing that the privacy concerns are less of an issue, while the tremendous benefits of an electronic health record and surrounding system are plentiful and concurred by the public. Marybeth Moretti 7 INFO522
Summary of Findings
There are numerous advantages to using electronic health records for the patient and medical community, but there are also a number of risks. President Obama is pushing this forward through the infusion of ARRA funds. The concept of having consolidated electronic records available to all medical personnel applicable is a great one, however, implementation is not so easy. “Existing medical record systems rarely interconnect, and the economic stimulus act contains no legal requirement that funded systems actually interconnect to form a consolidated medical record for each patient – it requires only that interconnection be possible” according to Hall’s article (2010), “Property, privacy, and the pursuit of interconnected medical records.” An interconnected and secure infrastructure is absolutely critical to the success and future of electronic health records.
The benefits of EHRs are plentiful. An EHR would be able to immediately recognize a potential drug-drug interaction prior to prescribing medication. Another benefit is allowing various physicians access to patient records from the physician’s point of view in addition to the patient’s, in addition to seeing substantial cost savings since the system can identify unnecessary procedures potential prescribed for the patient. Other benefits directly affect the bottom line, such as added revenue from more efficient billing and the reduction in transcription costs. Other very important benefit of sharing medical information through EHRs comes in the form of public health benefits, such as the ability to track diseases geographically or for other patterns.
However, EHRs aren’t without their disadvantages. Not every aspect of a paper record can easily translate electronically, including HIPAA objectives. The cost of implementing an EHR system to the medical facility may seem insurmountable, although there are some monetary incentives being provided by some medical facilities for physicians to connect. The EHR elicits a different type of communication between patient and physician that now includes a computer and may not be as comfortable for either party. In addition, EHR implementation could potentially slow the physicians down so productivity suffers for some time while transitioning to a new system. Also included as disadvantages is a potential for overdependence on Marybeth Moretti 8 INFO522 technology, potential transition difficulties, a new set of errors, and workflow changes (Handel, 2010). “Digital information is susceptible to compromise from a wider set of infiltrators, it is relatively easy and inexpensive to undertake inappropriate activities with digital information, and there are no geographical barriers” (Angst, 2009, p. 348).
In addition, the electronic health record must technically be made secure for the patient to retain the trust that the medical records remain confidential electronically, but there are numerous aspects to consider. An analogy often used is the comparison of the electronic health record with an individual’s financial record. Most of an individual’s financial records today can be accessed through the computer, typically through the financial institution’s Web site. However, there have been cases of identity theft from hackers gaining illegal access too many people’s records and in essence, stealing their identity. The same might potentially occur within the medical community and a person’s medical record can be “stolen” if security is not maintained. The consequences of medical identity theft could be dire.
Regardless of the risks mentioned above, I believe that electronic health records are in all of our futures, although the extent to which all records are digital may not be seen in all of our lifetimes. There are numerous solutions to combat any privacy concerns which I anticipate will be resolved when EHRs become commonplace. In fact, the Department of Defense (DOD) and the Department of Veterans Affairs (VA) have been working on the interoperability of electronic medical records since around 2008, so their success will be a great measure of things to come.
Bibliography
Entry 1:
Adams, T., Budden, M., Hoare, C., and Sanderson, H. (Apr 2004). Lessons from the central Hampshire electronic health record pilot project: issues of data protection and consent. BMJ, 328, 871-874.
Abstract: Abstract was not available.
Annotation: This particular article is important because it provides lessons learned from one medical group, particularly the North and Mid-Hampshire Health Authority (United Kingdom), Marybeth Moretti 9 INFO522 who utilized electronic health records. The article explained how the individual patient record was matched with the patent’s master record, and explained generally how and who extracted the records. Even though this study was done in another country, lessons can certainly still be learned. The medical facility left pamphlets out and available for patients to read and understand, and to take action if necessary, like ask that their medical information be excluded. Out of 82 patients who contacted the facility with questions, six patients asked for their records to be excluded, but many were positive about the technology. Patient privacy was maintained through numerous encryption technologies. Not only does this help maintain the patient’s trust but also helps to ensure the physician doesn’t break that trust by not maintaining confidentiality. This study referenced other studies which suggested that people were generally positive about electronic health records although some restrictions in who should view the records was expressed.
Search Strategy: I thought the original article was interested enough to review the footnotes to locate other interesting articles. I check the source, to ensure it was refereed, via Ulrich’s International Periodical Database.
Database: Web of Science
Method of Searching:Footnote chasing
Search String: Referenced in:
Simon, S.R., Evans, J.S., Benjamin, A., Delano, D., and Bates, D.W. (2009). Patients’ attitudes toward electronic health information exchange: Qualitative study. J Med Internet Res 2009, 11(3):e30.
Entry 2:
Angst, C.M. and Agarwal, R. (Jun 2009). Adoption of electronic health records In the presence of privacy concerns: The elaboration likelihood model and individual persuasion. MIS Quarterly, 33(2), 399-370.
Abstract: “Within the emerging context of the digitization of health care, electronic health records (EHRs) constitute a significant technological advance in the way medical information is stored, communicated, and processed by the multiple parties involved in health care delivery. However, in spite of the anticipated value potential of this technology, there is widespread concern that consumer privacy issues may impede its diffusion. In this study, we pose the question: Can individuals be persuaded to change their attitudes and opt-in behavioral intentions toward EHRs, and allow their medical information to be digitized even in the presence of significant privacy concerns? To investigate this question, we integrate an individual’s concern for information privacy (CFIP) with the elaboration likelihood model (ELM) to examine attitude change and likelihood of opting-in to an EHR system. We theorize that issue involvement and argument framing interact to influence attitude change, and that concern for information privacy further moderates the effects of these variables. We also propose that likelihood of adoption is driven by concern for information privacy and attitude. Marybeth Moretti 10 INFO522
We test our predictions using an experiment with 366 subjects where we manipulate the framing of the arguments supporting EHRs. We find that an individual’s CFIP interacts with argument framing and issue involvement to affect attitudes toward the use of EHRs. In addition, results suggest that attitude toward EHR use and CFIP directly influence opt-in behavioral intentions. An important finding for both theory and practice is that even when people have high concerns for privacy, their attitudes can be positively altered with appropriate message framing. These results as well as other theoretical and practical implications are discussed.”
Annotation: Electronic health records (EHRs), and their corresponding systems, are in the forefront of President Obama’s initiatives to reduce health care costs through efficiencies and error reduction. However, that doesn’t necessarily mean that people are accepting of the technology and believe that their personal information will not be compromised. This article presents the results of a study to determine whether a patient’s attitude can be influenced or persuaded to accept EHRs knowing that privacy is a significant issue regarding its acceptance. This is particularly important because a patient needs to be as forthcoming with their health information as possible in order to obtain the best and most appropriate care. Since this is almost an inevitable future state, the study is important in reminding us that people can be influenced when they are properly educated.
Search Strategy: I began my Dialog search in files 7, 438, and 2 because a prior search yielded a large number of hits for electronic medical/health records within these particular files. I printed the full text of this particular article within the Web of Science (WoS) database. I checked the source, to ensure it was refereed, via Ulrich’s International Periodical Database.
Database: Social SciSearch, Library Literature and Information Science, and Inspec (Dialog)
Method of Searching:Keyword searching
Search String: B 7,438,2 s electronic()medical()record? or emr s electronic()health()record? or EHR s s1 or s2 s privacy or patient(n)priv? set detail on s (s3 or s4) and s5 sort s6/all/py rd display set Marybeth Moretti 11 INFO522
Entry 3:
Coiera, E. and Clarke, R.. (Mar/Apr 2004). E-Consent: The design and implementation of Consumer Consent Mechanisms in an Electronic Environment, Journal of the American Medical Informatics Association, 11(2), 129-140.
Abstract: “The effective coordination of health care relies on communication of confidential information about consumers between different health and community care services. However, consumers must be able to give or withhold “e-Consent” to those who wish to access their electronic health information. There are several possible forms for e-Consent. In the general consent, model, a patient provides blanket consent for access to his or her information by an organization for all future information requests. Conversely, general denial explicitly denies consent for information to be used in future circumstances, and in each new episode of care, a new consent would be needed to obtain information, In the general consent with specific denial model, a patient attaches specific exclusion conditions to his or her general approval to future accesses. In contrast, in the general denial with explicit consent model, a patient issues a blanket block on all future accesses but allows the inclusion of future use under specified conditions. There also are several alternative functions for an e-Consent system. Consent could be captured as a matter of legal record. E-Consent system could be more active by prompting clinicians to indicate that they have noted consent conditions before they access a record. Finally, the record of patient consent could be fully active and used as a gatekeeper in a distributed information environment. There probably will need to be some form of data object that is associated with patient information. This e-Consent object (or -Co) will contain the specific conditions under which the data to which it is attached can be retrieved. Given the complexity of clinical work and the substantial variation we can expect in an individual’s desire to make his or her personal medical details available, it is unlikely a “one size fits all” approach to e-consent will work. Consequently, with a well-chosen consent design, it should be possible to balance the specific need for privacy of some of the population against the desire by others to err on the side of clinical safety, and clinicians desire to minimize the burden that an electronic consent mechanism would improve.”
Annotation: The importance of this article is that it reviews some ways in which security of electronic health records can help ease the patient’s sense of trust while online by providing adequate safeguards. Health Insurance Portability and Accountability Act (HIPAA) is the legal framework from which the physician and medical community abide in order for patient privacy to be maintained. However, this framework does not easily translate onto an online environment. This article presents some interesting dilemmas potentially encountered by moving from paper records to electronic ones and how privacy is affected. The authors present a number of design principles that would need to be followed to ensure privacy is maintained the way the patient would expect while ensuring the physician care is not impeded in any way. Also any new system cannot create an administrative nightmare for the medical community or it will not be embraced. Several models are presented while taking the design principles into account. Marybeth Moretti 12 INFO522
Search Strategy: The source document reference this article within the footnotes, both of which were very interesting. I pursued a number of articles within the source document. Full text was obtained through Web of Science. The source was checked as a refereed article within Ulrich’s International Periodical Database.
Database: N/A
Method of Searching:Footnote chasing
Search String: Referenced in:
Simon, S.R., Evans, J.S., Benjamin, A., Delano, D., and Bates, D.W. (2009). Patients’ attitudes toward electronic health information exchange: Qualitative study. J Med Internet Res 2009, 11(3):e30.
Entry 4:
Hall, M.A. (Feb 2010). Property, privacy, and the pursuit of interconnected electronic medical records. Iowa Law Review, 631.
(Referenced #1 on blog, http://dragons-den-mfm64.blogspot.com/)
Abstract: “Who owns a patient’s medical information? The patient, the provider, or the insurer? All of the above? None of the above? In the emerging era of electronic medical records, no legal question is more critical,, more contested, or more poorly understood. Ownership was never much in doubt in an age of paper-based records, but now that information can be easily digitized and freed from any particular storage medium, confusion reigns. How this issue is resolved can determine how or whether massive anticipated developments in electronic health records will take shape. The respective property rights of patients, providers, and insurers will strongly influence, if not determine, what form of electronic health-record interchange will predominate. And, whether rights to access and use medical information can be commercialized may determine whether effective, comprehensive medical information networks can emerge at all, absent an overt government mandate. This Article analyzes property rights in medical information from the perspective of network economics. It proposed that patients be allowed to monetize their access and control rights by assigning them to a trusted and regulated intermediary who may then place those rights I a stream of commerce that determines their value and best use. The funds generated can then be distributed both to patients and providers to encourage their creation and use of interconnected electronic records.”
Annotation: This article discusses the patient's rights when it comes to their electronic medical information. "The constipation of information automation in health care has frustrated the best intentions and brightest minds for years, if not decades." (Hall, 2010) Part of the "constipation" has to do with the fact that the Obama incentive does not mean that the Marybeth Moretti 13 INFO522 healthcare medical systems are interconnected. The article interestingly brings up the issue of ownership and control of the medical records. The importance of this article is the legal focus.
Search Strategy: Searched in Dialog File 7, Social SciSearch for refereed articles so it would not be necessary to double-check the article status through Ulrich’s International Periodical Database. Once the article was identified, I printed the full-text from Web of Science via Lexis-Nexis Academic.
Database: Social SciSearch (Dialog)
Method of Searching:Keyword searching
Search String: b 7 s electronic()health()record? or ehr s electronic()medical()record? or emr s priv? or patient()priv? display set
Entry 5:
Handel, D. A and Hackman, J.L. (2008). Implementing Electronic Health Records in the Emergency Department. The Journal of Emergency Medicine, 38(2), 257-263.
Abstract: “Background: The increasing presence of electronic health records (EHRs) in health care presents interesting and unique challenges in the Emergency Department (ED) setting. Unfortunately, scant literature exists addressing the implementation of EHRs in this setting. Objectives: The authors, both involved in the implementation of such systems at their respective institutions, review the challenges and benefits that exist with such implementation, and the steps that EDs can take to facilitate this process. Discussion: Unlike ambulatory and inpatient settings, where patient volume can be adjusted to help with this transition, EDs are unable to alter their volume and must maximize their efficiency during this process. Conclusions: Understanding and anticipating the EHR’s impact on workflow is critical to successful implementation.”
Annotation: This article presents the potential trials and tribulations of electronic health records, and privacy challenges, from the viewpoint of the Emergency Department (ED). In a way, this is a more focused look at the potential privacy issue since, when most people enter an ED, their personal physician is not available. Therefore, implied consent to provide care – and thus review medical records – takes hold so that patient care is not interrupted. The article discusses benefits and risks of implementing an EHR system, as well as the costs associated with the set-up of an EHR system. This article also recognizes the impact of the employee workflow and the possible implications of inefficiencies created as an immediate result.
Search Strategy: I originally searched Dialog File 7, using keyword searching for electronic health/medical records and privacy and found an article that I wanted to review. I then went to Web of Science to retrieve the full text and, in Marybeth Moretti 14 INFO522
that search, found the article referenced below. I noticed that the source document below was cited many times so I clicked on number of “Times Cited” and found this article about the ER, which I believed to be more appropriate for this paper. I checked the source as refereed in Ulrich’s Periodical International Database.
Database: Web of Science
Method of Searching:Citation searching
Search String: Referenced in:
Jha, A.K., Doolan, D., Grandt, D., Scott, T., and Bates, D. W. (2008). The use of health information technology in seven nations. International Journal of Medical informatics, 77, 848-854.
Entry 6:
Humphreys, B.L. (2000). Electronic health record meets digital library: A new environment for achieving an old goal. J Am Med Inform Assoc., 7:444-452.
(Referenced #3 on blog, http://dragons-den-mfm64.blogspot.com/)
Abstract: “Linking the electronic health record to the digital library is a Web-era reformulation of the long-standing informatics goal of seamless integration of automated clinical data and relevant knowledge-based information to support informed decisions. The spread of the Internet, the development of the World Wide Web, and converging format standards for electronic health data and digital publications make effective linking increasingly feasible. Some existing systems link electronic health data and knowledge-based information in limited settings or limited ways. Yet many challenging informatics research problems remain to be solved before flexible and seamless linking becomes a reality and before systems become capable of delivery the specific piece of information needed at the time and place a decision must be made. Connecting the electronic health record to the digital library also requires positive resolution of important policy issues, including health data privacy, government encouragement of high-speed communications, electronic intellectual property rights, and standards for health data and for digital libraries. Both the research problems and the policy issues should be important priorities for the field of medical informatics.”
Annotation: This article is important in that it attempts to define the electronic health record and the digital library and merge the two. The electronic health record help the individual to take more control over their own healthcare while allowing the healthcare community to use the many formats for individual or population use, where public health is monitored. So this record can provide data in two very important ways, while preserving individual patient privacy. The digital library "focuses on information accessible via the Internet" (Humphreys, 2000), whether it is also in print or converted to digital format. It is the technology that links Marybeth Moretti 15 INFO522 the individuals and healthcare systems together. The challenge is merging these systems within HIPAA compliance.
Search Strategy: I wanted to try my luck with Dialog File 7, Social SciSearch, where all the articles are refereed. Once I found this article, I went to Web of Science via Drexel's Hagerty library and retrieved the full-text article. I still checked the source as refereed in Ulrich’s Periodical International Database.
Database: Social SciSearch (Dialog)
Method of Searching:Keyword searching
Search String: b 7 s electronic()health()record? or ehr s privacy or patient()priv? s s1 and s2 rd display set
Entry 7:
Li, J. and Shaw, M.J. (Jul-Sep 2008). Electronic medical records, HIPAA, and patient privacy. International Journal of Information Security and Privacy,2.3, 45(10).
(Referenced #2 on blog, http://dragons-den-mfm64.blogspot.com/)
Abstract: “The continued growth of healthcare information systems (HCIS) promised to improve quality of care, lower costs, and streamline the entire healthcare system. But the resulting dependence on electronic medical records (EMRs) has also kindled patient concern about who has access to sensitive medical records. Healthcare organizations are obliged to protect patient records under HIPAA. The purpose of this study is to develop a formal privacy policy to protect the privacy and security of EMRs. This article describes the impact of EMRs and HIPAA on patient privacy in healthcare. It proposed access control and audit log policies to safeguard patient privacy. To illustrate the best practices in the healthcare industry, this article presents the case of the University of Texas M.D. Anderson Cancer Center. The case demonstrates that it is critical for a healthcare organization to have a privacy policy.”
Annotation: There are numerous benefits, to the patient and the healthcare organization, in using electronic medical records or healthcare information systems (HCIS), such as reduced errors in care and prescriptions, reduced costs, and better healthcare. However, the privacy of medical records is in question and could greatly inhibit the use of HCIS. This article points out the importance of having a privacy policy in compliance with Health Insurance Portability and Accountability Act (HIPAA) of 1996 to help ensure patient privacy. Nothing less than a formal policy, including audit logs and controlled access, can potentially result in breaches of patient privacy. This article provides important background information about HIPAA. It also explains Marybeth Moretti 16 INFO522 the typical individuals who had access to patient paper records and how quickly a breach can occur and the devastating results. However, with authentication rules and audit logs, breaches can be minimized and those who do breach can be tracked. The use of electronic medical records will continue to grow and these increased controls are important to the acceptance by the public to ensure strict privacy will be maintained.
Search Strategy: I searched Dialog OneSearch (HEALTH) using the usual keywords, electronic health/medical record and privacy, including patient privacy. Once I focused on this particular article, I checked the source, to ensure it was refereed, via Ulrich’s International Periodical Database.
Database: OneSearch: HEALTH; TGG Health&Wellness DB(SM) (Dialog)
Method of Searching:Keyword searching
Search String: B HEALTH s electronic()medical()record? or emr s privacy or patient()priv? s s2 and s3 display set
Entry 8:
Rothstein, M.A. (Spring 2010). The Hippocratic bargain and health information technology. Journal of Law, Medicine & Ethics, 7-13.
Abstract: No abstract provided.
Annotation: The article begins with a short history lesson about the Oath of Hippocrates, dating back to the fourth century, B.C.E. Most people are familiar with the Hippocratic Oath that doctors take which outlines the fundamental principles of keeping a patient’s medical and social history private and confidential. I didn’t realize that this Oath also extends beyond the patient’s death. Without this Oath, many patients would never provide their physician with their most embarrassing ailments, some of which may have been contracted through illegal behavior, therefore possibly impeding proper care. But, today, medical care has come a long way from one physician who always treated the same patient, regardless of the ailment. There are many medical specialties and other types of functions that deal with the patient and therefore need access to medical history. However, it goes far beyond the physician or physicians that a patient will come into contact with, and this article displays many of the other types of people involved in a patient’s medical record. It’s staggering….and disconcerting.
Search Strategy: I began my search in File 7 within Dialog and found an article entitled “Ensuring the privacy and confidentiality of electronic health records.” My next step was to go into Web of Science in order to locate the full- text article. When I searched for the aforementioned article, I actually located this on with “privacy”, “confidentiality” and “electronic health Marybeth Moretti 17 INFO522
record” the Topic section. I actually retrieved the full-text article within Lexis Nexis Academic. I checked the source as refereed in Ulrich’s Periodical International Database.
Database: Social SciSearch (Dialog)
Method of Searching:Keyword searching and browsing
Search String: b7 s electronic()health()record? or ehr s electronic()medical()record? or emr s s1 or s2 s priv? or patient()priv? s s3 and s4 display set; electronic health record (Topic) privacy (Topic) confidentiality (Topic)
Entry 9:
Simon, S.R., Evans, J.S., Benjamin, A., Delano, D., and Bates, D.W. (2009). Patients’ attitudes toward electronic health information exchange: Qualitative study. J Med Internet Res 2009, 11(3): 330
Abstract: “Background: In many countries, there has been substantial progress in establishing the electronic transmission of patients’ health information between health care providers, but little is known about how best to engage patients in the process. Objective: We explore patients’ views about sharing of electronic health information and their preferences for learning about and participating in this process. Methods: Patients in one Massachusetts community in the northeastern United States were recruited to participate in focus-group discussions. Prior to discussion, participants completed a written questionnaire that captured their reactions to draft educational materials and a consent form. The discussion moderator and two physicians analyzed the moderator’s detailed notes from each session and participants’ written comments, using an immersion-crystallization approach. Results: Three dominant themes emerged: (1) concerns about privacy and security, (2) the potential benefit to a person’s health, and 93) the desire for more information about the consent process. On the pre-discussion questionnaire, 55 out of 62 participants (88%) indicated that they would provide consent for their information to be shared electronically among their health care providers, given the materials they had reviewed. Conclusion: Patients are enthusiastic about electronic health information exchange, recognizing its capacity to improve the quality and safety of health care; however, they are also concerned about its potential to result in breached privacy and misuse of health data. As the exchange of electronic health information becomes more widespread, policy makers will need to ensure that patients have access to concise Marybeth Moretti 18 INFO522 educational material and opportunities to engage in conversations about the risks and benefits of participation.”
Annotation: This article discusses the best methods for getting patients engaged in sharing electronic health records (EHRs) with physicians, so this takes a slightly different turn than most of the other articles, except Entry 1. It was surprising to read that America lags behind so many other developed countries when it comes to EHR adoption. We can expect the American Recovery Reinvestment Act (ARRA) of 2009 to change much of that with a $19 billion infusion, in part, to create the EHR infrastructure. This study revealed expressions of concern with privacy of EHR but nothing overly sensitive. Most individuals recognized many of the EHR benefits and, when the patient was provided information material with the ability to ask questions, the patient was more receptive to accepting and using the technology. Another important aspect recognized by the participants was the ability to deny consent. In other words, they did not want automatic implied consent but wanted to be able to make the choice to provide consent to view medical records.
Search Strategy: I was so impressed by learning Web of Science that I immediately searched this new resource. I check the source, to ensure it was refereed, via Ulrich’s International Periodical Database.
Database: Web of Science
Method of Searching:Keyword searching
Search String: Electronic health records and privacy within Topic
Entry 10:
Stewart, R.F., Kroth, P.J., Schuyler, M., and Bailey, R. (2010). Do electronic health records affect the patient-psychiatrist relationship? A before & after study of psychiatric outpatients. BMC Psychiatry, 10:3.
(Referenced #4 on blog, http://dragons-den-mfm64.blogspot.com/)
Abstract: “Background: A growing body of literature shows that patients accept the use of computers in clinical care. Nonetheless, studies have shown that computers unequivocally change both verbal and non-verbal communication style and increase patients’ concerns about the privacy of their records. We found no studies which evaluated the use of Electronic Health Records (EHRs) specifically on psychiatric patient satisfaction, nor any that took place exclusively in a psychiatric treatment setting. Due to the special reliance on communication for psychiatric diagnosis and evaluation, and the emphasis on confidentiality of psychiatric records, the results of previous studies may not apply equally to psychiatric patients. Method: We examined the association between EHR use and changes to the patient-psychiatrist relationship. A patient satisfaction survey was administered to psychiatric patient volunteers prior to and following implementation of an EHR. All subjects were adult outpatients with chronic mental illness. Results: Survey responses were grouped into categories of “Overall,” Marybeth Moretti 19 INFO522
“Technical,” “Interpersonal,” “Communication & Education,,” “Time,” “Confidentiality,” “Anxiety,” and “Computer Use.” Multiple, unpaired, two-tailed t-tests comparing pre- and post- implementation groups showed no significant differences (at the 0.05 level) to any questionnaire category for all subjects combined or when subjects were stratified by primary diagnosis category. Conclusions: While many barriers to the adoption of electronic health records do exist, concerns about disruption to the patient-psychiatrist relationship need not be a prominent focus. Attention to communication style, interpersonal manner, and computer proficiency may help maintain the quality of the patient-psychiatrist relationship following EHR implementation.”
Annotation: Doctors are being incentivized by the American Recovery and Reinvestment Act of 2009 to use electronic health records (EHR) by 2014. But there are still many issues with implementation with EHRs. Some studies have shown that some patients are relatively unaffected by the use of a computer by their physician, while other will change their verbal and non-verbal communications due to potential privacy issues. This was a real-life study attempting to measure how the use of electronic health records changed the psychiatric/patient relationship, if at all. And this study seemed especially important due to the extreme sensitivity of the relationship between a psychiatrist with the patient.
Search Strategy: I had done some fact-finding on the generally search string of electronic medical/health records and found the three Dialog files below being fairly diverse but having a large number of articles containing this search term. Once I located this file, I retrieved the full-text article via Drexel's Web of Science. The publication was checked within Ulrich’s International Periodical Database.
Database: Social SciSearch, Library Literature and Information Science, and Inspec (Dialog)
Method of Searching:Keyword searching
Search String: b 7,438,2 s electronic()medical()record?, s emr s s1 or s2 s electronic()health()record? or ehr s privacy s s3 and s4 and s5 ds set detail on sort s6/all/py rd display set Marybeth Moretti 20 INFO522
Entry 11:
Steinbrook, R. (Apr 17, 2008). Personally controlled online health data – The next big thing in medical care? The New England Journal of Medicine, 358(16), 1653.
Abstract: “In theory, personally controlled online health data could help to improve health, doctor-patient communications, and the coordination and quality of care and to avert medical errors – and thereby reduce the cost of care – though of course this all remains to be seen. The users who may benefit the most may be patients with complicated chronic conditions and those with episodic needs for extensive care or treatment. Personally controlled electronic health data may also raise new problems. Because online data repositories such as Dossia, Google Health, and Microsoft HealthVault and some of their business partners are not covered entities, the data they store may not be as private as consumers assume, and a person’s “control” could turn out to be limited.”
Annotation: Most physicians today still use paper medical records; however, there are some that are moving toward some type of electronic record, whether it is solely to prescribe medications electronically or to keep track of a patient’s progress. There are numerous online medical repositories popping up, such as Dossia, Google Health or Microsoft HealthVault, which allows the patient to input into the record and have control over the record. This article delves into some of these newer online repositories and discusses their impact to the patient and physician.
Search Strategy: I searched Google Scholar, as referenced in the Week 9 lecture. Since this is a medical topic, it is slightly easier to check the resources to be certain they are refereed. As with most of my resources, I double- checked the publication in Ulrich’s International Periodical Database.
Database: Google Scholar
Method of Searching:Keyword searching
Search String: Electronic health records and patient privacy narrowed from 2008 through 2010.
Entry 12:
Willison, D.J., Steeves, V., Charles, C., Schwartz, L., Ranford, J., Agarwal, G., Cheng, J., and Thabane, L. (Jul 24, 2009). Consent for use of personal information for health research: Do people with potentially stigmatizing health conditions and the general public differ in their opinions? BMC Medical Ethics, 10:10, 1-12.
Abstract: “Background: Stigma refers to a distinguishing personal trait that is perceived as or actually is physically, socially, or psychologically disadvantageous. Little is known about the opinion of those who have more or less stigmatizing health conditions regarding the need for consent for use of their personal information for health research. Methods: We surveyed the Marybeth Moretti 21 INFO522 opinions of people 18 years and older with seven health conditions. Participants were drawn from: physicians’ offices and clinics in southern Ontario, and from a cross-Canada marketing panel of individuals with the target health conditions. For each of five research scenarios presented, respondents chose one of five consent choices: (1) no need for me to know; (2) notice with opt-out; (3) broad opt-in; (4) project-specific permission; and (5) this information should not be used. Consent choices were regressed onto: demographics; health condition; and attitude measures of privacy, disclosure concern, and the benefits of health research. We conducted focus groups to discuss possible reasons for observed consent choices. Results: We observed substantial variation in the control that people wish to have over use of their personal information for research. However, consent choice profiles were similar across health conditions, possibly due to sampling bias. Research involving profit or requiring linkage of health information with income, education, or occupation were associated with more restrictive consent choices. People were more willing to link their health information with biological samples than with information about their income, occupation, or education. Conclusions: The heterogeneity in consent choices suggests individuals should be offered some choice in use of their information for different types of health research, even if limited to selectively opting-out. Some of the implementation challenges could be designed into the interoperable electronic health record. However, many questions remain, including how best to capture the opinions of those who are more privacy sensitive.”
Annotation: Individuals who have perceived stigmatizing medical conditions will be more concerned about privacy leaks than those people whose medical conditions are not considered shameful. An appropriate example is someone with HIV/AIDS, particularly due to the social implications of others knowing of this diagnosis. This is an important study because not every medical condition is the same for every person, and, even when the diagnosis is labeled the same, the surrounding medical and non-medical conditions experienced by the individuals will be different. The seven medical conditions used in the survey were: Hypertension, diabetes, chronic depression, alcoholism, HIV, breast cancer and lung cancer. Interestingly, the results expected were not the ones achieved. Simply put, “…individual attitudes – and disclosure concern in particular – were more predictive of consent choice than was one’s health condition” according to the study. (Willison, 2009, p. 9)
Search Strategy: I began my search in Dialog File 7, Social SciSearch, after learning that all the articles retrieved here are refereed. However, I still checked all articles using Ulrich’s Periodical International Database. I retrieved the full text article from Web of Science.
Database: Social SciSearch (Dialog)
Method of Searching:Keyword searching
Search String: b7 s electronic()health()record? or ehr s electronic()medical()record? or emr s s1 or s2 Marybeth Moretti 22 INFO522
s privacy s s3 and s4 display set
Entry 13:
Win, K.T., Susilo, W., and Mu, Y. (2006). Personal Health Record Systems and Their Security Protection. Journal of Medical Systems, 30:309-315.
Abstract: “The objective of this study is to analyze the security protection of personal health record systems. To achieve this we have investigated different personal health record systems, their security functions, and security issues. We have noted that current security mechanisms are not adequate and we have proposed some security mechanisms to tackle these problems.”
Annotation: This article presents a description of the various types of personal health record (PHR) systems available, such as smart cards, health kiosks, an institutional system or a web- based system. Also discussed in the article are various ways in which PHRs, in general, can be compromised and ways in which the records can be made more secure, based on how the records are accessed. The conclusion of the paper states that, although there are still gaps in security, the security challenges are being met.
Search Strategy: I searched WorldCat after learning about it, narrowing my search specifically to ECO and Medline because of the nature of my topic. I checked all articles retrieved via Ulrich’s Periodical International Database and obtained the full-text article from SFX.
Database: WorldCat: ECO and Medline
Method of Searching:Keyword searching
Search String: Narrowed to ECO and Medline database Specified years=2005 to 2010 Privacy (keyword) and electronic medical record (keywords)
Conclusion and Personal Statement
Let me first note that I am a huge fan of technology and use it whenever I can, mainly for the efficiencies, in both my personal and professional life. However, for some time, I have vacillated in my acceptance of electronic health records due to the privacy issue. Electronic health records do have some challenges to overcome with regard to acceptability by patients and physicians, although the concerns are waning due to security advances being made. People need to be assured that their medical records will always be kept private, while the right people within the medical community are always able to view the records in order to prescribe Marybeth Moretti 23 INFO522 the best overall medical treatment possible. The cost of loosening security and privacy standards could potentially equate to the death of the patient, in the most extreme cases.
The issues will be resolved, more than likely with some controversies along the way, because electronic medical records are here to stay. Some people have been reluctant to accept electronic financial records and utilize Bill Pay online, while others have embraced it with ease and efficiency. It too hasn’t been without its struggles. There have been notorious instances where financial data has been breached through technological means, such as hacking, as well as intentional and unintentional employee breaches. The same types of breaches could happen with electronic medical records but will the “good” outweigh the “bad”? Regardless, people have embraced the technology within the financial community knowing the potential risks. Will it be enough with regard to medical electronic records as well? President Obama is making sure that it will.
I have always vacillated about accepting EMRs due to the potential security issues experienced by the more mature financial electronic records, but understand the tremendous benefit of EHRs. Although I have yet to experience any type of identity theft, and in light of a few financial breaches by my financial institutions, I have not stopped banking and shopping online. Since I understand the importance of maintaining current and accurate medical records, for years I have maintained a very crude, and generally unsecure, type of EMR for myself in order to ensure that my primary doctor is aware of all of my total medical history. I am less reluctant to place this information online where others may be able to access it. Reading these articles, though, has provided me with more informed insight into the benefits of having up-to-date and accurate electronic medical records available to all who would prescribe treatment for me.
I know that future medical records will eventually be available only in an electronic format and I am ready to embrace the technology, hoping for better quality care at reduced costs, in a very secure environment.