Reproduction permitted for personal use only. For reprints and reprint permission, contact

Privacy, trust still the biggest barriers to electronic record sharing

Madison, Wis. - Is America rushing into the adoption of electronic medical records and patient data exchange without enough concern for data security?

The question has been raised on many fronts, including the Congress, where some bills seek to provide incentives to encourage the adoption of interactive personal health records, and others that raise privacy concerns are construed as a barrier to the adoption of EMRs.

Moreover, headline-grabbing data breaches in both the public and private sector are still fresh in the public's mind.

As healthcare institutions in both Madison and metropolitan Milwaukee try to develop a framework for patient data exchange, we put the "rushing into" question to attorneys who practice in the healthcare sphere.

Attorney David Hanson, a partner in Michael Best & Friedrich and chairman of its healthcare practice group, noted there are people in the health field who think the industry already is spending too much time and money on patient data security - thanks to regulations like the Health Insurance Portability and Accountability Act.
In addition to HIPAA, most states, including Wisconsin, already have patient confidentiality regulations in place.

“That backdrop doesn't change with the advent of shared medical records,” Hanson stated.

Carrie Killoran, a partner in Michael Best's healthcare practice group, where one of her areas of emphasis is patient confidentiality, said healthcare providers are mindful of security concerns and regulations. The issue boils down to the context in which they are willing to share patient data, and which data sets should be shared.

Rather than a rush to adoption, Killoran said privacy concerns have delayed the implementation of EMRs. “They aren't rolling them out as fast as clinicians would like,” she said.

Before any additional laws and regulations are adopted, she said health providers would like to see the HIPAA framework fully implemented and get a sense of how it's working.

For the record

The risk (and benefit) of electronic medical records is in the ease of data transmission and the ease of access to records, Killoran said. With paper records, it may be easier to notice the inappropriate use by healthcare employees, but with the audit trails that are built into electronic medical records, no eyewitnesses will be necessary. She views audit trails as another layer of protection that ensures proper record handling because employees in the health industry have been terminated for improper access and use.

The most likely breach, she said, would not come from a hacker or another type of cyber criminal, but an employee who uses a record in an inappropriate way, or one who gets careless and misplaces or has stolen a laptop or handheld device.

Michael Best has had clients that fired employees for record-handling infractions, and obedience to medical record protocols are written into employee job descriptions and is part of the individual performance evaluation.

Sometimes, there isn't enough trust between healthcare institutions.

“What healthcare clients are concerned about is making the records accessible to another entity at which they have no direct control, and whose processes and record-keeping may not be as good as theirs,” Hanson said. “That's why you need to have at least minimal standards for all.”

Hanson said Wisconsin has a different healthcare market in some respects. It has large health systems and large clinics that allow the group to establish a model for smaller hospital or medical groups with which they interact. The structure lends itself to synergy between smaller and larger practices, and Killoran said the expense of implementing EMRs might be the incentive independent physicians need to join larger health systems.

“The need to have an EMR and the capital investment required may cause smaller physician providers to affiliate with a large health system,” she said. “It might reduce the number of independent practices.”

Related stories

Visions: Wade offers straight talk on e-medical records

Wisconsin firms pledge to support healthcare IT standards

Yasnoff: Wisconsin should invest in health record bank

Doyle seeks $30M for e-medical record adoption

Lt. Governor Barbara Lawton: Impact of e-medical records will be felt at home


Deborah C Peel MD responded 8 years ago: #1

We no longer have the right to keep our medical or prescription records private.

The problem is that HIPAA was gutted in 2002 to allow the entire nation's electronic health records to be accessed and used by over 600,000 health-related businesses and government agencies---without our consent, without notice, and without any recourse.

The Hippocratic Oath no longer applies---data thieves, aggregators and sellers act as if stronger state laws and medical ethics that forbid disclosing medical records without consent do not apply to them.

The big threat to medical privacy is not hackers or people who work in hospitals or doctors' offices stealing our identities and records for fraud. The real danger to our privacy results from the massive corporate theft and sale of our sensitive health data to employers and insurers, who then use the information to discriminate against every American. These are the innocuously named 'secondary uses' of data that public does not yet know about.

For example--every prescription in the US has been data mined daily for over a decade and sold to insurers and drug companies. Did you give consent for that? Even if you pay privately for your prescriptions, they will still be data mined and sold.

IMS Health's entire business is selling identifiable prescriptions. They reported revenues of $1.75 billion dollars in 2005. Not bad for stealing data.

Meanwhile there are 45 million people in the US who cannot afford healthcare, yet these private corporations can make billions in profit from selling our medical records.

Tell Congress to give you back the right to control who can see and use your medical records. Tell Congress to build ironclad privacy protections into the electronic health system up front.

If not, we will have a superhighway system for data mining, instead of a health system that protects our most sensitve personal records. Sign our e-petition saying "I want my medical privacy!" at

If private corporations and the government know the most sensitive information about us on earth, will we be living in a surveillance state or a Democracy?

Deborah C Peel, MD
Founder and Chair, Patient Privacy Rights

-Add Your Comment


Comment Policy: WTN News accepts comments that are on-topic and do not contain advertisements, profanity or personal attacks. Comments represent the views of the individuals who post them and do not necessarily represent the views of WTN Media or our partners, advertisers, or sources. Comments are moderated and are not immediately posted. Your email address will not be posted.

WTN Media cannot accept liability for the content of comments posted here or verify their accuracy. If you believe this comment section is being abused, contact

WTN Media Presents