I exchange thoughts with healthcare IT people on a daily basis over at Twitter. So many of them seem perplexed at why we patients look at putting our medical records on the internet with trepidation.
Then along comes this video from Elizabeth Cohen at CNN. In a matter of minutes, she was able to pull up one of her CNN colleague’s medical records, his kids’ records… She could see which doctors they’ve visited, what took place during those meetings…
HIPAA is supposed to protect us from others getting our medical records right?
We don’t want potential employers finding out we have to take meds to control blood pressure or cholesterol every day — it’s not their business!
And consider this scenario: you have no health insurance, or maybe you’ve just been laid off and you’ve lost your insurance. Now you need new insurance. Well guess what? Insurers are looking behind the scenes to find reasons to turn you down. Regardless of how easy it is for others to get your medical records, the Medical Information Bureau makes it easy for insurers anyway.
Here’s my opinion on this issue: I absolutely believe our health records need to be online, both to improve our health and to save money. Both are reason enough to do make medical records accessible digitally.
I do NOT believe patients should be putting their own health information online through Google or Microsoft Health Vault or any of the free applications out there, and I very much object to those large organizations (like the Mayo Clinic) which are getting in bed with these two privacy-sucking behemoths. Those “free” applications are not free. I’ve written about that extensively in the past.
Now the government is looking at ways to move all our records online, and they are ready to throw $20 billion into the project. I support that — with this caveat: part of that money must make sure that our records can’t get into the wrong hands — including Elizabeth Cohen’s (Elizabeth, you know I love ya!) — because while Elizabeth is only showing us the potentials, not everyone has our best interests or good motives for doing so.
By the way, Elizabeth takes time in the video to tell us how to protect our records. Take a look. It will serve you well.
Wait! You say. Isn’t that what our new Obama-led government wants us to do? Electronic Medical Records are good for our health! They are good for our economy! They are good for our country!
Not so fast!
First — the distinction between those EHRs, electronic medical records that are kept by practitioners — doctors, hospitals, nursing homes. They use proprietary programs that may allow access to patients, but are not set up for patients to add their own information. These are the kinds of records being promoted by our new government, and I say — go for it. Great idea. They will save lives and grief.
But there is another kind of record known as a PHR, personal health record. There are a dozen ways to keep records, including on your own home computer or on a thumb drive, or even in a shoebox. And, they can be kept online for those who are willing to fill out tons of forms and scan and upload some of their information. Some programs exist that charge a monthly or annual fee. Not expensive, but enough that you can at least trust your information with them (as well as it can be trusted anywhere — another conversation for another day.)
But some of those big online health groups like Google, Microsoft, Revolution Health and others want YOU to put your OWN information online. and — lucky you! They’ll give you the space online for free!
You know there’s no such thing as a free lunch. And there’s no such thing as free space online for your health information. And while I’ve said that for years, and while many have dissed me for doing so — the proof is now published.
The problem is that these companies want to sell your information to the highest bidder. Maybe they can sell it to a pharmaceutical company or a drug store chain. Maybe they’ll sell it to the Medical Information Bureau that will tell its member-insurers what your medical problems are (so they can decide not to insure you.) Or maybe your employer wants to know whether to keep you on staff, or even hire you to begin with?
Believe me, despite what they claim they “want” to do for those unsuspecting people who put their health information online — their real goal — the goal they MUST have (by law because they are beholden to investors) — is to make money. They are not offering you that space out of the goodness of their hearts.
I’ve said it before. I’ll say it again. If you want your health and medical information to stay private, then STAY AWAY FROM THE FREE PERSONAL HEALTH RECORD applications. It can’t be any plainer than that.
I’ve written many times before about electronic medical records, personal health records and privacy. They can’t effectively be used in the same sentence unless you bring up oil and water, too. They just don’t mix.
An incident right here in my office spawned this post. Twice in the past week, a stranger’s medical records have arrived through my fax machine! They come from an orthopedic practice, are several pages long, and regard a police officer who had back surgery and is not working, collecting worker’s comp. They are very personal, detailed….
And I should NOT have copies! The fact that they were sent to the wrong fax number — twice — is a huge HIPAA violation. Yet, I guarantee you, this happens every day.
Why do I raise this point to you? Because concerns over privacy and medical records are huge. But that’s not new ! In fact, when it comes to medical records, regardless of HIPAA laws or anyone’s policies to the contrary, if someone wants your medical records, they can get them.
Here are some additional examples of privacy violations to give you a sense of what I mean:
Further, there are many people who can access our records whether we want them to or not. They include any payers who will pay on our behalf, such as health insurers or Medicare. Law enforcement personnel can access our records, too, if they believe they need them to prove a case.
What’s the bottom line here? If you want your records to be private, then it is up to YOU to make sure they stay as private as possible. Especially now that our new president is planning to throw money into the electronic medical records pot.
Our records are going to end up online. And I believe they should. It’s efficient, and I believe there are enough ways they can contribute positively to both our health, and our health system, that it’s a smart move.
But that doesn’t mean we patients have to make stupid choices about putting them online ourselves. There are a handful of PHR programs out there like Microsoft’s health vault and google’s health program, plus others that aren’t beholden to the HIPAA privacy laws. And, very frighteningly, large health organizations are working with these companies to put your records online. The Cleveland Clinic is working with Microsoft, as is the Mayo Clinic.
So when it comes to making smart choices, begin by making smart decisions about how your records will go online. Do NOT choose one of the free PHR (personal health records) applications that keep your records online, that does not fall under the auspices of HIPAA. There are plenty of good PHR storage apps online that charge you a fee, that may be more secure.
You may also want to ask about your doctor’s use of electronic medical records, and how they are being implemented. Specifically you want to know if the storage mechanism your doctor uses falls under HIPAA’s regulations. And if they tell you your records are being managed by one of these big conglomerates that are (so called) free? Personally — I would find another doctor to work with.
Your records will never be completely protected from someone who might want them. But there’s a difference between letting the medical records cat out the door, and leaving the door open.
Ted Eytan, MD, a patient empowerment advocate and a fellow Tweeple provided a heads up about a clip from 30 Rock which all us non-medical professionals can relate to. It’s brought to us by Hulu:
Have you had this experience? Is negative a positive? Or is positive a negative?
Isn’t this just a great example of the disconnect between the way the professionals talk and the way we patients understand? or misunderstand?
Have you ever thought test results were OK only to find out they weren’t? Or vice versa?
I’ve written many times before about electronic medical records, personal health records and privacy. They can’t effectively be used in the same sentence unless you bring up oil and water, too. They just don’t mix.
