Privacy Is Under Siege at Work, at Home, and Online
Digital doctoring poses risks to patient records
Tom Butler was surprised to see a snazzy PC in the examination room during his recent appointment at Baylor Family Medicine. The computer systems analyst was equally impressed with how fast the physician electronically called up his drug dosage history and tied it to his current symptoms. "The doctor instantly came up to speed on my treatment," says Butler.
Like other online innovations, the Houston hospital's new digital record system offers its patients greater convenience. They can schedule appointments, get drug refills, peruse their health data, and E-mail their doctor. Medscape, the leader in this fledgling industry, has amassed 13.4 million digital patient records. With a password, patients and doctors can call up the information from anywhere. Hospital administrators say the system improves efficiency and helps doctors avoid tragic errors.
Yet in the race to put medical records on easily accessible networks--including the Internet--patient consent and privacy aren't necessarily a top concern. Baylor, for instance, doesn't get explicit permission before transferring its patients' data to the system, nor does it expressly inform them of the privacy and security risks of online health records. Yet the benefits outweigh the hazards, says John Bentivoglio, former chief privacy officer at the Department of Justice and now an attorney in Washington, D.C. "Privacy can't be considered in a vacuum," he says. "You can cut 100,000 medical errors and save lives by sharing data. That's huge."
Lawmakers typically are advocates of digitizing patient records, but they also want them to remain confidential. The White House is set to release rules that would, for the first time, require doctors, hospitals, pharmacists, and insurance companies to limit disclosure of health data and give patients the right to access their records. The regulations, however, contain a big loophole: They allow sharing of data without consent for what's vaguely labeled "disease management." Privacy consultant Robert Gellman interprets this to mean: "So if you're taking AZT, they could give your information to a marketer, your employer--any group that might want to remind you to take your pills."
Another oft-cited concern is security. While staffers routinely use passwords to gain access to the system, one doctor at Baylor recently remained logged on all morning to a laptop in a public area. E-mail messages from his patients regularly popped up on the screen: "refill vicodin," "blood in stool 5 days." At one point, the area was left unattended for 15 minutes. "Theoretically, you could've dropped in a Trojan horse that would've given you control over their system," says Internet security consultant James Settle. Mark Leavitt, Medscape's chairman, downplays the security risk. "Yes, if you had physical access to a computer--that could happen. But you also could pick up a paper record and walk out," he says.