by Ross White
As I discussed in my first post, electronic health records hold great promise to improve the efficiency and quality of healthcare, but also raise a number of important questions about how best to ensure the preservation of patient privacy. Some of these concerns came to fruition at a recent annual appointment with my asthma and allergy specialist, a physician I’ve known since before I can even remember. His practice, which includes three other physicians, adopted electronic medical records about four months ago. Luckily I didn’t have any significant changes in my health, so I was able to slip in several questions about his general impressions and uses of the new electronic medical record system.
Before seeing the physician, I was asked several questions by the nurse about my basic medical history, current medications, and other relevant health and personal data for input into my newly minted electronic health record. Much of this health data will presumably not need to be entered at subsequent visits, but it added at least an additional five minutes of nurse work. Once I finally saw my physician, he seemed less than enthusiastic about the practice’s decision to adopt electronic health records. He expressed the commonly cited critique that they seem to slow down clinical practice and reduce the amount of face-to-face interaction with patients, at least initially. Some of these issues will likely subside as technology progresses and physicians are more easily able to attain “meaningful use,” but they remain a practical concern at this time.
What struck me most about my visit was my physician’s inability or unwillingness to clearly communicate to me the reasons for adopting an EHR system. When I asked whether he, or other patients, have privacy concerns, he offered a very pessimistic outlook—like any other data that is shared electronically, it is susceptible to hacking. I wasn’t sure how to respond to this comment, so I said nothing. My concerns were not assuaged. Although the EHR system at my physician’s office is not yet linked to other provider systems, such a move appears imminent. When first checking in for the appointment I was given a form to authorize the creation of a personal “eEHX Summary,” which could can be shared with other doctors, nurses, and health professionals. This eEHX summary includes vital medical information, such as medications, allergies, recent diagnoses, and surgeries, but not “detailed confidential notes from [an] office visit.” This information may include “sensitive” information such as mental health, substance abuse, sexually transmitted disease, and sexual abuse information may be included in the summary.
The form promises that all information will be encrypted; only authorized professionals who agree to privacy and security policies will be able to access it; and technology will allow for tracking of who and when the summary is accessed. While patients are able to request a list of who has accessed the electronic record, sharing of that information is not the default. While these practices are commendable, perhaps, as suggested in my previous post, patients should be automatically notified every time the health record is accessed.
My physician’s practice clearly is making an effort to educate its patients about how electronic health records will be used and shared in the future, but I fear that few patients will take the time to read or contemplate the long-term consequences of the eEHX Summary. The authorization form was included in a stack of at least 5 pages, including a HIPAA form, which many patients simply sign and date without reading. I would have been otherwise oblivious about the new EHR system—neither the nurse nor physician provided information, or gave me an opportunity to ask questions, about the new technology.
I consider myself a rather educated health consumer and patient, but many others lack the health literacy—or are too apathetic—to ask necessary questions about how their health data is being used and exactly what they are consenting to. I’m also not entirely certain that I would have asked as many questions as I did if I were seeing a new physician with whom I do not already have an extensive patient-physician relationship. While patients have a certain level of personal responsibility for their own health, when it comes to the deployment of new technology, the onus should fall on the clinician to ensure patients understand the reasons for clinical practice changes.
No doubt electronic records will make it easier for my physician to track vital health data—such as spirometer readings—for asthmatics such as myself, but I worry that the patient information and sharing infrastructure is not yet prepared for a system-wide transition. As physicians across the country continue to struggle with the costs, efficiency, and practice habit consequences of electronic health records, they should at the same time pay more attention to informing patients about these changes. The benefits of electronic health records will be lost if patients grow to resent the technology and lose trust in the very clinicians who are supposed to help them.
photo credit: Trend Micro
Ross is Public Policy Associate at The Hastings Center and a graduate student in philosophy and social policy at George Washington University. Follow him on Twitter @rossswhite.