Imagine receiving a letter in your mailbox asking you to participate in a study for cancer research, and that your doctor didn’t mention anything about cancer during your last physical. This is what happened to 400 women in Maryland. According to the Baltimore Sun, ‘A state contractor tampered with Maryland’s cancer registry, a database used by researchers to track the disease’s impact, counting hundreds of patients as having cancer when they did not, according to a legislative audit released yesterday. The company, Macro International Inc., found in an internal investigation that data were deliberately altered between August 2004 and December of that year. The company fired the employee responsible for the cancer registry. State officials said that Macro employees apparently overreported the incidence of cancer to ensure that the database met standards set by a national certification association, which closely monitors registries to ensure that states have a complete count of cases.’ These letters were sent in 2005, and they’re just addressing it now.
If this can happen with a cancer registry’s database, imagine what could happen with someone’s personal health records. The argument for computerized records is simple. It will eliminate many errors that occur with paperwork, and will help emergency workers to assist a patient if the patient is unable to communicate. While this seems like a great idea in general, the issues of privacy, confidentiality, and abuses of the system lie in the back of many people’s minds. And for good reasons.
It’s not only our health records that are vulnerable. The WSJ Health Blog reports ‘In yet another example of the health industry mishandling private patient records, Blue Cross and Blue Shield of Georgia sent some 202,000 explanation of benefits letters to the wrong addresses last week, the Atlanta Journal-Constitution reports. The letters, which were mistakenly directed to the addresses of other policyholders, included names and insurance identification numbers of patients as well as the names of the doctors and other medical providers they were using.[..] A small proportion of the letters also had Social Security numbers, a spokeswoman for the company told the paper. Vulnerability to identity theft is one concern. But EOB letters are especially sensitive from a privacy standpoint because they contain some treatment information. And this is one of a steady stream of mistakes by the health-care industry when it comes to protecting electronic data. Blue Cross and Blue Shield of Georgia told the AJC that a computer system change was to blame, and it’s taken steps to avoid the problem in the future.’
I foresee many ‘computer system changes’ in the future. Is this what we have to look forward to? The steps they’re taking to ‘avoid the problem in the future’ currently may be completely different whatever steps are needed in the future. Will everyone be up to speed?
According to USA Today advocates for electronic prescribing ‘say it will have many benefits including decreasing medical errors, which harm least 1.5 million people every year, according to the Institute of Medicine. Doctors’ scrawl will be replaced with typed information, and potentially dangerous interactions with patients’ existing medications will be flagged.’ Yet privacy advocates are worried. ‘Transforming prescriptions from scrawl into a standardized electronic format can make them even easier for pharmacies to sell and trade, violating patient privacy, says Tim Sparapani, senior legislative counsel for the American Civil Liberties Union. ‘Any time you put something in a digital format and standardize it, it becomes much more profitable and easy to move those records.” The WSJ Health Blog also quotes the Coalition for Patient Privacy which said ‘While e-prescribing is attractive to many, Americans do not want their private prescription information data mined and used without their permission. Many Americans would be quite alarmed to discover their employer and others know they take an anti-anxiety medication or that they are being treated for an STD.’
I’m all for simplifying the paperwork process involved in healthcare. But I, like many others, am also worried about personal information being altered or available to those I don’t want accessing it. Will there be enough people enforcing our HIPAA rights? Will there be enough people to oversee these systems, to address immediate problems and to correct any glitches? Or will this be a windfall for Big Pharma and those who work in the field of law?
(Resources: Baltimore Sun-‘Md Cancer Statistics Altered’, WSJ Health Blog- ‘Insurer Sends Patient Info To The Wrong People’ and ‘Privacy Advocates Sound Alarm about Electronic Prescribing’, USA Today- ‘Writing is on The Wall for Doctors’ E-prescriptions’, Journal of Medical Internet Research-‘The Emergence of National Health Record Architectures in the United States and Australia: Models, Costs, and Questions’, and National Academy Press-” For the Record: Protecting Electronic Health Information” )
(See also: The Black Hole in The Cost of Healthcare: Big Pharma and Transparency)
August 4, 2008 at 2:59 pm
It’s a mistake to think of the healthcare industry as monolithic, at least in this respect. While the same standards apply across the board (HIPAA and CFR 21 Part 11), there is no uniformity of application. Where your records are going is problematic, but the fact that most institutions CAN’T share your records electronically is just as bad or even part of the first problem. Lack of an overall system makes it both difficult to share records and difficult to control where they go. That ONE guy was able to do this in the cancer registry shows how screwed up it all is — with better connectivity, this couldn’t have happened because the records wouldn’t have matched up with other databases. It’s a hard problem though — how do you protect the records while getting them to the people (like your doctors) who really need them. If anyone wants to discuss this further, get in touch. …and, yes, I work in the industry, though my niche is…um…only mildly evil.