Will Americans Lose Their Privacy
with Electronic Medical Records?
June 14, 2004
The prospect of strangers accessing other people's medical records online is a
serious concern to many citizens. In fact when polled, some 40 percent of
Americans say they won't give doctors online access to their medical records
because of privacy concerns. Perhaps this response is based on cases in which
hackers were able to penetrate computer databases and obtain personal health
information. For example, a hacker was able to access the records of more
than 5,000 patients who had been treated at the University of Washington
Does President Bush's New Mandate Give HHS Authority to Link
Everyone's Medical Records to a National Computerized System?
It is estimated that currently only 10 to 20 percent of physicians use
electronic medical records (EMRs). But this will soon change.
President Bush recently announced plans for all Americans to have electronic
medical records within the next ten years. On April 27, President Bush signed
Executive Order 13335, titled "Incentives for the Use of Health Information
Technology and Establishing the Position of the National Health Information
Technology Coordinator." The new coordinator, who will be at the U.S.
Department of Health and Human Services (HHS), is required to facilitate the
development of a nationwide "interoperable" (exchangeable) health-data
system that will allow the sharing of patients' personal health information
electronically. This mandate appears to give HHS authority to link everyone's
medical records to a national computerized system.
It's not clear whether citizens will be able to exercise control over the flow
of their personal health information that will become part of the forthcoming
national health-data system.
Does "Secure and Protected" Necessarily Mean Private?
The presidential mandate also notes that the coordinator is responsible for
ensuring that "patients' individually identifiable health information is secure
and protected." But the order neglects to ensure that patients' medical records
will remain private, since it does not require patients' consent before their
medical records can be shared with many others. Thus, "secure and
protected" does not necessarily mean confidential. Rather, the forthcoming
nationally linked computerized system will make it much easier for more than
600,000 health-care entities (data processing companies, insurers, doctors,
hospitals, etc.)who are legally authorized under the Federal Medical
Privacy Ruleto share personal health information without individuals'
That is because the order directs the coordinator to facilitate the development
of national standards for sharing patients' health information. The mandate
states that the new plan shall "Not assume or rely upon additional Federal
resources or spending to accomplish adoption of interoperable health
This appears to be a way to bypass the requirement for congressional approval
for funding unique health identifiers (which HHS currently lacks) to tag and
track personally identifiable health information. For example, instead of
relying on federal funding to create unique health identifiers for all citizens,
the coordinator could instead facilitate nationwide use of the "Master Patient
Index" (MPI) or another tool to link medical records across the country and
make them readily accessible to many persons. The MPI is a software tool
used to massively distribute patient medical records "across a U.S. national
backbone," according to the Commerce Department's National Institute of
Standards and Technology, the federal agency that granted $2.26 million to a
software company to develop the tool.
There's no doubt that EMRs will make it much easier for doctors and others to
access patients' medical records with just a click of a mouse. But this same
efficiency clearly increases the risk of medical privacy invasions.
Individuals, not the federal government, should be the ones to balance the
benefits of EMRs versus the risk of breaches of confidentiality.
This article was originally published in the May/June 2004 issue
of Health Freedom
Watch, the bimonthly watchdog report published by the
Institute for Health Freedom.