Washington Times Examines Medical Record Privacy Issues
Recent news about University of California-Los Angeles Medical Center employees who improperly accessed medical files of high-profile and celebrity patients "brings up the question of who is able to look at health records and what they can do with that information," the Washington Times reports. According to the Times, "Part of the problem is in the move to electronic records" because while the "systems simplify and streamline record keeping," security standards have not been fully established.
Privacy consultant Robert Gellman said, "There is a lot of promise about medicine going to electronic records. Those who are promoting it talk about its appeal to consumers. But the principal beneficiaries are the health care organization, research facilities and insurance companies." Electronic health records contain a wide variety of personal health information, from blood pressure readings to history of risky health behaviors. According to the Times, "Once the information is in the hands of those large companies, its final destination is limitless" because "institutions such as law enforcement, life insurance companies and researchers are not covered under the federal government's Health Insurance Portability and Accountability Act."
Pam Dixon, executive director of the World Privacy Forum, said, "The privacy policy is your protection," adding, "But that is one flimsy piece of protection." Dixon said, "Doctors have access to the information. They need that access. However, more can be done to limit who sees what files." Gellman said, "Saying that medical records are private is really cheap rhetoric," adding, "The truth is that they are widely circulated among institutions because that is the kind of system we have."
According to Geoff Brown, senior vice president and chief information officer for Inova Health Systems, most large health care facilities have established several types of security features to ensure the privacy of patient information. For example, Brown said that at Inova, a security code is sent to a device that records the identity of the person who is accessing the patient data and also secures the password being used. Data that are transmitted to external sources are encrypted, and the records of high-profile patients are given a special designation, Brown added (Goldberg Goff, Washington Times, 4/8).
