Health information and medical records reveal some of the most intimate aspects of an individual’s life. In addition to diagnostic and testing information, the medical record includes the details of a person’s family history, genetic testing, history of diseases and treatments, history of drug use, sexual orientation and practices, and testing for sexually transmitted diseases. Subjective remarks about a patient’s demeanor, character, and mental state are sometimes a part of the record.
The medical record is also the primary source for much of the health care information sought by parties outside the direct health care delivery relationship. These data are important because health care information can influence decisions about an individual’s access to credit, admission to educational institutions, and his or her ability to secure employment and obtain insurance. Inaccuracies in the information, or its improper disclosure, can deny an individual access to these basic necessities of life, and can threaten an individual’s personal and financial well- being.
A major concern is adequate confidentiality of the individual records being managed electronically. According to the LA Times, roughly 150 people (from doctors and nurses to technicians and billing clerks) have access to at least part of a patient’s records during a hospitalization, and 600,000 payers, providers and other entities that handle providers’ billing data have some access. Multiple access points over an open network like the Internet increases possible patient data interception. In the United States, this class of information is referred to as Protected Health Information (PHI) and its management is addressed under the Health Insurance Portability and Accountability Act (HIPAA) as well as many local laws. The organizations and individuals charged with the management of this information are required to ensure adequate protection is provided and that access to the information is only by authorized parties. The growth of EHR (electronic health records), creates new issues, since electronic data may be physically much more difficult to secure, as lapses in data security are increasingly being reported. Information security practices have been established for computer networks, but technologies like wireless computer networks offer new challenges as well.
A related concern is the potential privacy risk posed by interoperability. One of the most vocal critics of EMRs (electronic medical records), New York University Professor Jacob M. Appel, has claimed that the number of people who will need to have access to such a truly interoperable national system, which he estimates to be 12 million, will inevitable lead to breaches of privacy on a massive scale. Appel has written that while “hospitals keep careful tabs on who accesses the charts of VIP patients,” they are powerless to act against “a meddlesome pharmacist in Alaska” who “looks up the urine toxicology on his daughter’s fiance in Florida, to check if the fellow has a cocaine habit.”