Privacy verses Health

Would you die for freedom?  How about privacy; the opportunity to keep personal secrets?  What if you had a dangerous medical condition, and in order to live you would have to share your health history with 15 doctors?  50 nurses?  100 hospital administrators?  500 health insurance salesmen?  1000 total strangers?  Is there a point that just to be private, you would rather die?

In essence, this was the debate in which I participated this week.  The Wall Street Journal’s Melinda Beck graciously hosted this discussion, on a videoconference Spreecast.  Dr. Deborah Peel, founder of the Patient Privacy Rights Foundation (PPRF), Dr. Mary Jane Minkin, a gynecologist in New Haven, CT and I discussed this critical question; In the era of expanding Electronic Medical Records (EMR) are we losing too much privacy? Do our records threaten to explode across the Internet and out of our control?

Dr’s Minkin and Peel are extremely worried about the lack of privacy which they believe is inherent in electronic records.  Dr Minkin was so concerned that she dropped out of the Yale Medical Group, and all insurance carriers, and now sees patients only on a cash basis in her private boutique practice. She presented examples of how, because of computerized records, personal sexual histories were seen by doctors beyond the patient’s control, resulting in embarrassment and, Dr. Minkin felt, poor care.  She believes that we should not be using EMRs at all, relying instead on paper records that can be faxed to specific other doctors only at time of need.

Dr. Peel is the Director of PPRF, which advocates for tight controls on the sharing of electronic medical data.  She believes that doctors who are not involved in the case, insurance companies, employers and even the government, are interested in reading our individual records and must be stopped.  Dr. Peel compared this intrusion into personal privacy, liberty and choice to the Tuskegee Experiments or the Nazi’s, and she believes that patients are going to rebel and the use of computerized records may vanish.

As readers know, I believe Electronic Medical Records are vital to the future of medical care.  Not only are they efficient, safe, indestructible, inexpensive ways to store data, they have incredible potential to heal.  With proper controls, EMRs can be accessed from anywhere, by multiple caregivers at the same time.   Quality measures can be built into these programs, so that the wrong drugs cannot be ordered, vital changes not missed, important questions always asked and critical test results never lost.

The potential is nearly infinite.  As these records systems expand, every frightened, sick, confused patient will not have to remember and recite the complex details of their entire health history, every time they meet a new caregiver.  If a physician, lab, pharmacy, physical therapist or nursing home makes a change in treatment, every other caregiver for that patient can observe, preventing duplication and error by allowing global coordination of care.  Finally, and perhaps most exciting, by combining electronic records with state of the art medical science and research databases, computer systems will be able to assist each doctor, anywhere at anytime, to give the most up-to-date therapy.

Several examples may help show the reality and the potential.  Today, most records are in paper charts and cannot be accessed accept by the one person holding them, who leaves no trace of having ever seen that record verses an EMR which leaves an electronic trail of every person who reads it.  Most doctors do not routinely send out reports to every doctor the patient has seen about each new event that happens.

Steve walked into my office two months ago with a massively swollen face, especially around his right eye.  It was engorged with blood, his eyeball bright red and massive bruise expanding to the jaw.  It turns out that Steve had minor surgery on his eyelid a couple days before.  Why do I, an oncologist and hematologist, see Steve?  Because, he is on blood thinners … something Steve did not think was important enough to tell the ophthalmologist, before the doctor cut into his face.

At 2:00am, just as the rescue squad wheeled David into the emergency room, he stopped breathing.  As they had no medical history, rib-cracking CPR was started, a tube was placed into his throat, IV in his neck and two 300-joule countershocks were administered.  David survived the ER and made it to the ICU.  This was not something for which he was appreciative as David was dying of lung cancer and had clear instructions in his chart, locked in his doctor’s office, that he be allowed to die.

On the other hand, Ed was admitted to our hospital not long ago, with multisystem failure.  He had an irregular heart beat with falling blood pressure and dizziness, new onset diabetes, shortness of breath, drops in blood counts, rapid weight loss from nausea and apparent liver failure.   There was no evidence of infection, cancer, primary heart disease and he denied taking any new medication in years.  However, the computer records showed that eight months earlier a change in insurance had resulted in a change in the brand of Ed’s cholesterol medication and thus how fast he absorbed the drug.  Ed had niacin poisoning.

Angie felt fine when she came to our office for the fourth round of therapy. When the pharmacy technician accessed the computerized chemotherapy storage cabinet, the sentinel program noted that the patient’s weight had changed and that the previously ordered dose was incorrect.  The tech sent a real-time email to the oncologist for modification.  However, simultaneously, as the treating nurse began the therapy sequence for the day, by opening the patients EMR file, an alert across her screen warned that the patient had sudden liver malfunction, discovered in labs drawn a couple hours before.  An online review of a recent CT scan did not provide an answer.  The chemotherapy was canceled, a digital order for an ultrasound sent to radiology and a next day appointment with the physician scheduled.

While I appreciate the concern about personal privacy, the gains from high quality electronic medical records are vital and, without a doubt, EMRs are here to stay.   Turning back from computerized medicine is as likely, practical or beneficial as everyone cutting up their credit cards, walking around with rolls of cash and banks returning to hand written ledger books.  There is incredible power, potential and quality in electronic based records.

However, it is vital, as we pursue this technology, that we guarantee each person has control over his or her records.  Patients must be able to determine who can and cannot see their E-Chart, whether it is other doctors, pharmacies, insurance companies or hospitals. They must decide which parts of the records are shared, as well as when and why.  In much the same way we share our bank accounts, deciding who can withdraw funds (i.e. automatically paying your mortgage each month) or who can deposit dollars (i.e. electronic payroll deposits), as well as who can read your bank statement (or not), records must be under the tight control of patients.

It seems to me that the gains from EMRs far outweigh the privacy risks.  None-the-less, as Dr. Peel said, in order to build a system, which patients can trust, we must honor each patient’s goals and privacy.  Only if we respect each individual’s rights, can we expect our patients and their families to respect us and the tools we use.


  • Liz
    1) Another plus with a flip side minus - when a patient can see their own records they can correct mistakes - although once a mistake is in there it would appear awfully hard to get it out since you can't delete records only add to them - I am having that problem with 3 mistakes (said I have had certain medical problems in my history when I have not - and that will also affect research, not just my medical care, since one of them is pretty significant and I am in their tumor registry) at MD Anderson Cancer center… Something needs to be done about that. There needs to be ways to take things out and have them vanish (of course then you have a down side of that. With everyone having access people could "vanish" problems out of their medical history and related linked systems in order to get disability insurance - which I can no longer get, or better rates for health insurance…) 2) Related to this is identify theft for the purpose of using someone's health insurance - a growing crime; one that is growing faster than identify theft for other reasons. Linked, online medical records increases the problems for the person whose identity was stolen, then you have false medical records in there… when anyone, basically, in the medical or related professions can access information it is going to be really tough to make sure that 100% of those people are honest. Heck a computer left on and logged into could be accessed by the janitor. Heck I, as the patient, was put in a room where someone had not yet logged out and their access had not yet timed out due to lack of use. Heck the human factor can screw up anything LOL (or LOL not depending on how much of a headache this can cause). There is more that can b screwed up when everything is in one giant database. 3) Hackers - if they can get our credit card information from those databases and into the pentagon, both relatively secure environments, it is going to be a piece of cake in a decentralized, every office has one and they are all linked, environment. Since so many places insist on asking for our social security number for "identification purposes" - even when our insurance doesn't use it… (And by the way we are not required to give it however some places refuse to treat you if you do not), identify theft is going to be a growing problem. I understand why they want it because theoretically two people could have the same name and same birthdate - the odds are low but it is possible - however the solution is not our social security number. The solution could be a universal medical record number, unique to us, across all medical practices ( I don't even want to think about the nightmare the implementation of that would cause in terms of the logistics for everyone involved. 4) And of course our laws have not yet caught up with the issues surrounding the ethical use of what can be collected, accessed and/or used…(of course that is a problem in general - laws governing the use of something generally lag, sometimes substantially, the "innovation", "practice"…). Given the dysfunctional state of the government, issues involved where even non-politicians don't agree, I am not sure we can even pass good laws to govern this - even before you add in some of the inane compromises that get added to bills to get enough people to vote yes. Compromise isn't necessarily a good thing when it comes to certain issues. As you said there are pros, cons, unresolved issues, and not complete agreement amongst all the stakeholders about what constitutes the greater good.
    • Liz
      And another point with #1 - stuff could be vanished out with malpractice suits… I get why you can't delete anything, only correct it… but like anything else then this can create other problems.
  • If EMRs really worked the way you describe, I would be in favor of them. But the one I was sentenced to work with last year was the opposite. The computer may be all-powerful, but the programmers clearly don't get it.
    • Liz
      LOL There probably is a huge variation in how the mandate to have everything electronic is implemented. I know the NIH cancer center I go to has doctor notes, blood work, test results available by clicking on the date (so still not searchable, you have to still look at everything to find what you need), but heaven help you if some things need to be found quickly and easily. It is even worse if you brought relevant medical records to them. It is all scanned in and you get to go fishing through unorganized electronic "paper". Frankly (and this is backed up by research) it is faster to flip though real paper. The other question I have is when they have the inevitable software and hardware upgrades at what point will things be obsolete? I can not open any of my older microsoft word documents without opening them in an earlier saved version of the program first, then save that, then reopen in the newest version. An I can not open at all some stuff not in word. I have to save them as pdf files to port them over. How the heck will organizations manage this problem? Stuff then might as well be in cold storage off site. It is extremely expensive to upgrade as well which is why many organizations do not do that. Where I worked it was 2011 (yes 2011) before they ditched a program that had the black background, green type and you also had to type in commands to do anything. Why? Because they had to first upgrade all the computers. Then they could buy the new program and they had to figure out how to port over a huge number of records they needed to keep and access (so pay to do that). It was a hugely expensive, bug filled process where it took months for all the problems to be fixed, get access to stuff needed… I can't even begin to imagine what would happen if medical records were caught in that kind of purgatory.
  • IBS
    I believe that each patient should check off the doctors they feel pertinent. A DNR should be given at the doctor's office to make sure there are no mistakes; a horrible mistake. As far as stealing someone's records for insurance, no one would want mine. Also, it gives out age, the right to pass with dignity, as lived. Eventually they will get it right. They need to hire a computer expert and make sure they talk to the patient to make sure everything is correct. The faster the information comes over the internet, the better care is to the patient. Can you imagine if someone steals a form that states the patient has BC. The first thing the hospital would do is have an x ray done.....No BC. It wouldn't be an easy task to pull off. I hope everyone has a lovely Thanksgiving~~Sending Blessings
    • Liz
      IBS - the reality is that both identity theft and insurance theft (charging their medical care to your insurance) is happening via theft of information via medical records. And in plenty of cases no one would know you had cancer or anything else unless you told them because right now even with electronic records, stuff is not linked and plenty of it is buried in scanned stuff, not searchable stuff… it is actually easier to steal someone's identity via medical records than via many other ways.
  • IBS
    Liz, I'm on Medicare and another back up insurance. On Oct 3, I slipped on a rug in my bathroom and fell into a chrome shower bar. OMG! I couldn't sit or lay down, I was in pain coughing. An ambulance came and asked to see my DNR. I showed them and the nurse said that she checked already to someone else. (I gather it was the electronic records> I was in such pain, I would have gladly passed that night. The first time I was able to sleep was Oct 29th. They gave me 13 pain pills. They didn't work and then they told me I must wait 5 days for a refill. This is crazy! I then had to take excedrin, and I think some dog pain pills. This was not right. I'm a palliative cancer patient. Luckily the office ordered me some meds. Liz...I was crying! I'm always afraid to be put in the hospital. I think they should take all those 12 and 15 year old hackers and they could put a system in. They would be helping people and getting paid. I do believe all children should get free care. Oh, I would have someone stand behind those hackers LOL
    • IBS
      Would I die to keep personal secrets? Dr. S, are you asking me about suicide? That wouldn't be a secret. Living with severe pain is not a life.
  • IBS
    I used to do accounts receivables, worked as an artist and an assistant to a VP for the East Coast. I was used to writing things down. In 1994, I started a loose leaf book with all blood work, bone scans, Rhematologist, Onc. etc. When I had to get an second opinion, I showed up with my loose book. I even added my resume too. The MD threw it across the room and told me to get out! LOL I said, "No!" Then he called security....I laughed again. He then calmed down. Then he asked me about my resume...I told him I am not a number. I am a patient that needs your advice. This is whom I am. Now I always tease him, "Don't you wish everyone carried a loose leaf?" LOL As far as keeping a secret of a disease that can hurt others... Yes, I would. Sorry I didn't answer in an appropriate manner. I had to read your paper three times. Sorry...TMI
  • IBS
    My mind is sleeping because I still don't think people may not know what I'm saying.. If someone had a desease that can hurt me or others, I would definitely tell the doctors! Why would I hurt other people and children. I never would.
  • D Someya Reed
    This scenario assumes so much such as: - All internal and external entities involved are on compatible software/hardware/communications systems - All systems are available 100% of the time (up-time as well as communication) with built-in redundancies, backups and (seamless) switch-overs to concurrent backup systems so the “live” system can be taken down for maintenance - All staff are equally trained, honest and ethical - All staff are communicating in real time - All updates to the system would be instantaneously available to all staff involved or someone would be monitoring the systems for crucial updates and immediately communicating those to responsible staff (think of what happens if two staff attempt to enter conflicting information at the same time…one must be posted a millisecond, or less, before the other…two users cannot update the same record at the same time, that used to take down entire systems…and what if staff chooses the first post and it was wrong?) - Nothing could be added incorrectly or for the wrong patient (ever) - Nothing could be programmed incorrectly (ever) - Internal and external security would be infallible Technologically, we are nowhere near this or the scenario you mention in: “Not only are they efficient, safe, indestructible, inexpensive ways to store data, they have incredible potential to heal. With proper controls, EMRs can be accessed from anywhere, by multiple caregivers at the same time. Quality measures can be built into these programs, so that the wrong drugs cannot be ordered, vital changes not missed, important questions always asked and critical test results never lost.” Really? Unfortunately, this sounds like what the “software marketing guy” will tell you while silently whispering that it “could” be done but will cost billions upon billions of $ and take years to implement, if ever. It is most often true that marketing will tell you anything you want to hear. Electronic records are not always efficient; they are certainly capable of being destroyed. Controls alone will not give staff concurrent access to records. Compatible physical and virtual equipment is going to be involved. The dynamic (ever-changing) database needed to carry all drug interactions then overlaid to the actual cases of millions of people is immense in scope. All systems and hardware are intrinsically “stupid.” Programmers and those who use the programs are the only intelligence behind computers. Computers only do as they’re told. They just happen to do it very fast if programmed correctly. EMR’s and systems do not have the power to heal. Healing is only within the realm of people using systems and data as tools. Perhaps you’ve heard of the medical system that recommended surgery when fed the information for a bicycle? And I’ve not even mentioned power failure, catastrophic drive failure, etc. As to your question (paraphrased), would you be willing to die for medical privacy? I think when people know the innumerable ways that lack of privacy could make their lives a living nightmare, they might be willing to take a chance. Not every scenario is life or death but there will be no picking and choosing of which medical records may be released, shared, etc. It is an all or nothing proposition. Keep in mind that once privacy is taken away you can NEVER get it back. Once privacy is removed, laws seem to have a way of being changed or enacted to give those (most often) with a financial interest access to those formerly private records.
    • Liz
      These are some of my fears too. I have several mistakes in my electronic medical records that I have spent three years trying to fix and they still are not fixed. One of them is significant. A new doctor on a consult that saw me earlier this month just repeated that particular mistake along with adding a significant new one in the newest notes uploaded. Sigh. My niece now works where I get out of town cancer care and if she realized that is where I get my cancer care, could if she wished, read my records. As I have not shared everything with my family that is not something I would appreciate it. A neighbor, unbeknownst to me until after the fact, was the surgical nurse assistant with a cancer surgery I had locally. Had I known I would have specifically requested someone else. Makes me very uncomfortable because I do not like her, she has been vicious to my kid and other kids in the neighborhood, throws her dog poop in my front yard, something that starting after I confronted her after she was threatening to have her dog rip apart the kids who were playing in my yard and the ball went over the bushes separating our two front yards into hers. Further she is nosy and has access to all my medical records. The trouble is that there is an upside to having records more accessible. At the retirement center where my mother lives they are all required to have a copy of their medical history and important medical records scanned onto a flash drive that they are required to hang from the fridge on a permanent hook that is on all fridges. They center will scan for the residents if they can't do it themselves. That at least means that relevant records will be accessible to medical professionals if something bad happens in the apartment but it also presumes the medical facility allows flash drives to be inserted into their computers (not all do). Lots of issues (ethical, legal and practical) and not enough good solutions.
      • IBS
        Liz, as far as the poop goes, and if she did read your report, I feel she may have some empathy and change how she talks with you. If someone threatened one of my dogs, I would immediately call animal control in my town. Perhaps her dog doesn't like strangers, so instead of stating that, she tries to scare everyone from going near her property. 1. Usually dog poop will deter other dogs from going under a fence. 2. Dog poop makes english ivy grow. I have always saved older dogs , abused or dogs that come back to shelters. I also have two fences in my backyard. I know a lot about canines. My last beautiful canine passed in July. I feel all patients, if not allergic, should have an animal. They only want love. What could be so bad that one wouldn't want a doctor to see your charts? Everytime you go to an MD, ask for copies of the blood work, etc. This way, you'll always be up-to-date.
  • Privacy in the exam room and during tests, employees who are discreet rather than immature and controlling and not having a doctor who is friends with a local or family sharing info would be nice too! No cameras unless absolutely necessary and may they be used discreetly. The CMA talking and giving info..Z????

Leave a Reply