Continuing from where I left off 3 weeks ago, EMR – The Word on Street – Part 1, most patients tend to have very unique perspectives about the EMR technology. Still not accustomed to the change like most physicians, patients are more intrigued and fascinated by the drift towards automated healthcare. While I have not had the chance to reconnect with the group, I had not quite finished the account of our detailed discussion on health IT and the wondrous world of electronic medical records.
I was able to establish that the patients in the group did not have any inhibitions towards the electronic medical records technology. Even when invoking the subject of privacy and health information exchange, most of the group members felt secure, citing that they ‘trusted their doctors’. Despite being an ‘awww’ moment, I was surprised at this response. One member quoted, “If my doctor is using an EMR, I expect he has gone through all the hurdles to make sure that my information is safe and secure. They are professionals and they know how to do their job.” That statement summaries what most patient feel about health IT adoption, instead of being personally concerned about the security of their health data, patients expect physicians to play that role for them, as professionals.
While providers plan for such risks and unauthorized disclosures, electronic medical records change the job description significantly. Digitized data is more susceptible to theft. Not only is data exposed in its physical environment but also vulnerable to cyber theft. However, the problem is that most providers tend to rely on basic firewalls and commercial encryption software available at economical rates, while others simply leave the security up to their hosting parties and EMR vendor. Given the amount of recent breaches, such methods are no longer acceptable. Ensuring patient safety and maintaining confidentiality should be one of the top priorities for physicians. With health information exchange (HIE) in sight, physicians should look to train their staff to work within such an environment whilst planning for contingencies.
However, despite their trust in provider professionalism, the group did not take lightly to the possibility of physicians selling their patient’s personal health information to disease control bodies, etc. even when de-identified. I had to assure one of the group members that it would be a HIPAA violation and against the ‘rules’ to sell patient information without prior consent. One patient joked about reading the fine print of every medical document from henceforth.