On the blog — March 18, 2009

The state of electronic medical record privacy

Posted by Jamie Court

A newspaper reporter just called to ask about the state of privacy under electronic medical records, which will now be spreading thanks to $20 billion in the federal economic stimulus plan.  Electronic medical records can help avoid medical mistakes, like those suffered by Dennis Quaid's newborn twins, but the privacy protections under the stimulus bill need to improve.

Here's a run down from our health policy director Jerry Flanagan and the World Privacy Forum's Pam Dixon on the protections and loopholes for electronic medical records in the stimulus bill.

1. The "prohibition" on the sale of medical records is weak, full of loopholes, and applies only to HIPPA covered entities or their "business associates" (think: doctors and anaethesiologists).  DOES NOT apply to Google and Microsoft.  Major exceptions to prohibition of sale if sale is for "research" purposes.

2. The breach provisions requiring companies to notify patients when electronic medical records are breached does apply to Google and MS.  However, there are "safe harbor" provisions that let companies off the hook from the notification requirement if the breach occurred in "good faith."  Bringing Google and MS into the breach requirement (as a "vendor" of electronic medical records) was a last minute change, and something Google and MS will try to eviscerate in the technical clean-up bill.

3. Audit trail only gives patients information of when there information was "disclosed" but not how it was "used."  What this means is that when you go to the hospital for a surgery, the hospital will have tell you when they disclosed the information to a "business associate" but not how the hospital used the information.  As a result, the patient will not know which hospital personnel looked at the information or for what purposes -- i.e. you won't know if a nurse reviewed your file to look up drug allergies or whether the hospital's fundraising office reviewed the record for the purpose of requesting a donation.  Also, the hospital will only tell a patient which "business associates" (again, think specialists and non-contract doctors) the information was disclosed to, but not who those business associates disclosed the information to or how they used the information.  Patient will have to go to each business associate to get disclosure information -- could be hundreds of business associates for each hospital stay.

Rate This Article:

Comments:

Post A Comment

You are not logged in, please do so at the top of the page.

Recent Posts in Protecting Patients:

Will 'progressives' let middle class burn to prove their point?

August 30, 2010 | Posted by Jamie Court

When Anthem Blue Cross announced its controversial premium increases in California recently, the insurer claimed, "a carrier must be able to receive actuarially sound rates." So it is remarkable that "progressive" San Francisco State Senator Mark Leno, a single payer health care advocate, recently introduced eleventh hour legislation codifying Anthem Blue Cross's "actuarially sound" defense of premium increases in law.

Read More »

New rates at Blue Cross are a meager victory

August 25, 2010 | Posted by Judy Dugan

At the shoe store, 40% off qualifies as at least pretty good. So why does regulators' approval of new, lower rates by Blue Cross of California not feel like victory? There are lots of reasons, but first is that the revised Blue Cross rate hikes are still in double digits, averaging 14% and as high as 20%, while average wages are still falling. And Blue Cross could announce another rate hike whenever it pleases, just as many insurers continue to do.

Read More »

Health reform regulation scorecard: The big stuff is headed to court

August 19, 2010 | Posted by Judy Dugan

Wouldn't it be great if we could all deduct our federal income and investment taxes from next year's income? And if we could also deduct that stress-reducing trip to a spa in Bora Bora? And if the government would just take our word for it? Fantasy for us, but the health insurance industry think that's what federal health reform ought to allow, on a corporate scale.

Read More »

Seattle Story: Pretty good ending

August 17, 2010 | Posted by Judy Dugan

The worst definitely didn't happen in Seattle. The National Association of Insurance Commissioners deferred the worst insurance industry demands for weakening the implementation of health care reform. For a body so closely linked to...

Read More »

Obama's victory lap in rush hour gridlocks LA to raise $1 million for Congress

August 17, 2010 | Posted by Jamie Court

It took my wife an hour and half to make the two mile commute home Monday, after the secret service closed some of LA's busiest streets at rush hour to shuttle the president from his Beverly Hills hotel to a fundraiser for Congress...

Read More »

View All Next »

Forward This Page To A Friend

CA Hospitals Risk Collapse In Earthquake