The feds and your medical data

President Bush has called for most Americans to have electronic health records within the next 10 years. He would mandate standards designed to secure electronic health information, provide $100 million to fund “demonstration projects” on health information technology, and use the Medicare and the VA health systems to pressure private health care providers to use electronic records.

The president makes grand promises for electronic medical records (EMRs). But while such technologies do show promise, government mandates are unlikely to lead to a happy ending. It appears that the administration has not spent much time considering the possible drawbacks of EMRs or how best to overcome them. Indeed, the description of the proposed pilot programs as “demonstration projects” implies that they will be used to validate preconceived ideas, rather than as experiments to determine best practices. The drive for EMRs will likely continue regardless of the outcome of those trials. That would be a mistake. Instead, the Bush administration should trust in the expertise of the private sector to develop networked systems and the judgment of consumers and health care providers to decide when to use them, while government focuses on protecting patients’ rights.

EMRs do indeed have potential. Not only could doctors get information quickly, even when patients are far from home, but they could record observations more quickly than on paper, analyze progress with graphs or charts, and easily collaborate with colleagues. Checkup reminders, referral letters, and school athletic forms could all be automated. Easily-legible printouts (or electronic transmissions to pharmacies) replace hastily scribbled prescriptions, and patients could easily access their own records. A national system might even mine for data about disease outbreaks, permitting public health officials to address a possible epidemic before it spreads.

That all sounds wonderful, but before rushing to put it into practice, we need to consider the downsides. A significant number of health care providers have already moved to EMR systems. Those early adopters have learned that technological solutions are no panacea. Migration of records from paper to electronic takes time, as does training staff to use the new system. Computer systems are vulnerable to viruses and power outages. Typing errors replace errors caused by poor handwriting — and are much harder to catch.

We should not be rushing to implement an ill-considered national system without considerable thought and planning. In fact, there may be no need for a government-mandated system at all.

The President seems to think that it will be impossible to create a network of EMR systems without government intervention. This is certainly a large challenge: literally hundreds of different EMR systems exist, and getting them all to work together is not easy, especially since larger, more heterogenous networks are harder to secure.

The task is daunting, but this is not the first time such a project has been tackled: the Internet itself is a collection of many separate information systems. Although the U.S. government played a major role in its initiation, independent agencies took a leading role in developing standards, which were then adopted voluntarily by interested organizations.

Indeed, technology already exists to solve many potential issues: we can control access with passwords or biometrics, provide automatic error-checking, and encrypt data. Private companies are constantly working to come up with new solutions; after all, private companies don’t want to violate privacy regulations or harm patients.

However, there are questions about privacy and patient rights that need to be addressed: if a centralized data repository is created, will consumers trust that their information is available to them yet safe from thieves, marketers, insurers, or prospective employers? Alternatively, some proposals call for patients to literally control their own medical information, in the form of an electronic keychain. What if it is lost or stolen? Medical information is the property of the patient, and the government should create standards that reflect and enforce that fact. President Bush’s public/private coalitions should work to ensure that patients know what is being done with their information and that it cannot be shared with those not directly involved in their health care — whether that be employers, prospective insurers, or the government itself.

Rather than insinuating itself into the development of a health information network, the government ought to concentrate on protecting the privacy rights of its citizens. The private sector has plenty of expertise in computer systems, and is far more capable of developing a reliable, secure, and useful EMR system than President Bush and Washington bureaucrats.

Amanda Rohn is a writer in Falls Church, VA. She holds a degree in computer engineering and will attend medical school this fall.