To serve and protect? Electronic health records pose challenges for privacy, autonomy and person-centered medicine

This paper highlights potential challenges to privacy posed by electronic health records and proposes to increase patient involvement in maintaining the privacy of their data. Electronic health records are heavily promoted in the United States, rendering sensitive health information accessible and potentially jeopardizing patient privacy. Yet certain HIPAA regulations are consistently violated, suggesting that the Federal Government is unable to fully enforce privacy standards. On the other hand, proportionately there are few civilian complaints to the U.S. Department of Health and Human Services (HHS), implying that patients are unaware of privacy breaches, the means to report them, or both. Without permitting patient control over information, the proposed privacy system assumes that leakages will occur and offers to notify patients of breaches after the fact. This deprives patients of the right to defend their intimate details, which are more available to caretakers, employers, and insurers than ever. Our proposed solution is to render usage of patient information transparent by default, so that patients can monitor and control who is privy to what input. This will enhance patient empowerment, feeding into improved governmental control over health data.

[1]  J. Mezzich,et al.  Advancing the global communication of scholarship and research for personalized healthcare: The International Journal of Person Centered Medicine , 2011 .

[2]  Gail-Joon Ahn,et al.  Patient-centric authorization framework for electronic healthcare services , 2011, Comput. Secur..

[3]  D. Blumenthal,et al.  The "meaningful use" regulation for electronic health records. , 2010, The New England journal of medicine.

[4]  Stephan D. Fihn,et al.  Strategies from a Nationwide Health Information Technology Implementation: The VA CART STORY , 2010, Journal of General Internal Medicine.

[5]  Chunhua Weng,et al.  Case Report: Electronic Screening Improves Efficiency in Clinical Trial Recruitment , 2009, J. Am. Medical Informatics Assoc..

[6]  Yongmin Kim,et al.  Challenges to Using an Electronic Personal Health Record by a Low-Income Elderly Population , 2009, Journal of medical Internet research.

[7]  Adam Wright,et al.  Ability to Generate Patient Registries Among Practices With and Without Electronic Health Records , 2009, Journal of medical Internet research.

[8]  Lisa M. Lee,et al.  Ethical collection, storage, and use of public health data: a proposal for a national privacy protection. , 2009, JAMA.

[9]  Tom Delbanco,et al.  Insights for Internists: “I Want the Computer to Know Who I Am” , 2009, Journal of General Internal Medicine.

[10]  K. Schulman,et al.  Ownership of medical information. , 2009, JAMA.

[11]  C. Redhead The Health Information Technology for Economic and Clinical Health (HITECH) Act , 2009 .

[12]  K. Pfeiffer,et al.  Future Development of Medical Informatics from the Viewpoint of Health Telematics , 2009, Methods of Information in Medicine.

[13]  G. Eysenbach,et al.  Patient Accessible Electronic Health Records: Exploring Recommendations for Successful Implementation Strategies , 2008, Journal of medical Internet research.

[14]  R. Steinbrook Personally controlled online health data--the next big thing in medical care? , 2008, The New England journal of medicine.

[15]  Isaac S Kohane,et al.  Tectonic shifts in the health information economy. , 2008, The New England journal of medicine.

[16]  S. Alpert,et al.  Shared expectations for protection of identifiable health care information , 2001, Journal of General Internal Medicine.

[17]  Healthcare Applications and HIPAA , 2007 .

[18]  Mark A Rothstein,et al.  Compelled disclosure of health information: protecting against the greatest potential threat to privacy. , 2006, JAMA.

[19]  G. Tomlinson,et al.  Custodianship of genetic information: clinical challenges and professional responsibility. , 2005, Journal of clinical oncology : official journal of the American Society of Clinical Oncology.

[20]  N. Terry,et al.  The Emergence of National Electronic Health Record Architectures in the United States and Australia: Models, Costs, and Questions , 2005, Journal of medical Internet research.

[21]  S. Becker THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT , 2004 .

[22]  R. Califf,et al.  Health Insurance Portability and Accountability Act (HIPAA): must there be a trade-off between privacy and quality of health care, or can we advance both? , 2003, Circulation.

[23]  Jennifer Guthrie Time is running out--the burdens and challenges of HIPAA compliance: a look at preemption analysis, the "minimum necessary" standard, and the notice of privacy practices. , 2003, Annals of health law.

[24]  Winfried E. Kühnhauser A Paradigm for User-Defined Security Policies , 1995, SRDS.

[25]  C. E. Mabeck Confidentiality in general practice. , 1985, Family practice.

[26]  D. Kenny,et al.  Confidentiality: the confusion continues , 1982, Journal of medical ethics.

[27]  R. W. Baldwin Confidentiality Between Physician and Patient , 1962 .