President Barack Obama has repeatedly advocated electronic health records (EHRs) as a means for reforming healthcare. Indeed, the economic stimulus package passed earlier this year includes upwards of $20 billion to create EHRs for all Americans, a process the President expects to see started in the upcoming months.
For many years, the healthcare-technology industry has promoted EHRs to be the most promising mean for reforming healthcare. The industry is keenly aware of the obstacles to achieving the president's EHR goal, most notable of which is the debate over whether or not the information contained in EHRs is optimally private and secure. This issue has already gained the attention of the national media.
In February, CNN demonstrated how easy it is for someone to obtain private medical information online using just an individual's Social Security number and date of birth. The analysis was accurate, but also unfairly portrayed the circumstances. CNN only briefly mentioned the fact that President Obama plans to appoint a chief privacy officer and to implement unprecedented privacy controls that aim to safeguard EHR data. Moreover, the report barely touched upon the fact that creating a simple password can extensively protect one's private health information. Instead the report highlighted the more sensational angle, which suggested that electronic health information is safe.
It is essential that Americans are aware of all the facts in the EHR privacy debate. First, it is an unfortunate truth that certain individuals will try to illegally obtain and misuse private health information. But that doesn't mean EHRs should be dismissed altogether. We simply need to carefully and proactively incorporate the highest security measures into the planning process, which the president has done. To borrow an analogy from a colleague: We don't stop building roads because some people drive drunk. We punish the offenders and continue building roads because of the tremendous benefit they bring to the rest of our law-abiding society. We must take a similar approach with health-information privacy: determine what constitutes information misuses, criminalize them, and then enforce the laws. There is too much at stake for the healthcare system -- and the nation's economy -- to allow exaggerated and misperceived weaknesses in EHR security to thwart progress.
We must also ask what's more dangerous to our society: the possibility of information being misused, or the damage of not using the information at all? Should the privacy risks of a very few people outweigh safer, more efficient, more affordable, and potentially life-saving healthcare policies for the majority? In truth, only celebrities and other high-profile individuals stand to be harmed by an unlikely EHR privacy breach. The same threat doesn't necessarily apply to the average person. If someone were to steal the average person's private health information, there isn't much that can be done with that information other than, perhaps, to cause personal embarrassment.
Suppose someone is rushed into an emergency room while traveling, far from his normal healthcare facility and provider. The treating physician is forced to base critical treatment decisions on immediate observations and whatever background information he can obtain from the possibly unresponsive patient. An EHR could readily provide a more complete health history, potential drug interactions, previous tests and results, possible allergic reactions, etc. Without this information the doctor must take measures he thinks are right instead of those he knows are right. Who wants to learn that a family member's life could have been spared if the treating physician had only known about a preexisting condition or drug allergy?
This argument isn't meant to minimize the importance of ensuring vault-like security around personal health information. Privacy is a top priority for any plan to implement EHRs. President Obama's strategy does just that and we may even see stronger controls than expected. No EHR is going to come with guaranteed safety, but the level of risk is lower than that associated with online retail and banking transactions. The public needs to understand that while many criminal enterprises thrive on stealing personal identities and financial information, none benefit from stealing personal health data. It is up to the healthcare-technology industry and the media to make the facts clear and readily available so that Americans can form educated opinions.
About the Author
David St. Clair (firstname.lastname@example.org) founded MEDecision in 1988 and has served as the founder and chief executive officer. From 1985 to 1988, he served as the vice president of GMIS, which was subsequently acquired by McKesson Corporation. From 1981 until 1985, St. Clair served as a principal for Hay Associates in its strategic management group. He received a B.A.S. in mechanical engineering from the University of Pennsylvania and an M.B.A. from Harvard University.
[Editors' Note: The original headline on this Viewpoint may have given an inaccurate indication of the author's perspective. That headline was the selection of the editors, who regret any confusion this may have caused.]
Please note that the Viewpoints listed in CRM magazine and appearing on destinationCRM.com represent the perspective of the authors, and not necessarily those of the magazine or its editors. You may leave a public comment regarding this article by clicking on "Comments" at the top.
To contact the editors, please email editor@destinationCRM.com.
To subscribe to CRM magazine, please visit http://www.destinationCRM.com/subscribe/.
If you would like to submit a Viewpoint for consideration on a topic related to customer relationship management, please email viewpoints@destinationCRM.com.
For the rest of the September 2009 issue of CRM magazine please click here.