Your e-health future

What might be the downsides of the electronic medical records ushered in by the stimulus package?
There are four big ones: cost, complexity, privacy, and security. A few years ago, after spending $34 million on a computerized system, the prestigious Cedars-Sinai Medical Center ditched it after three months. It proved to be slow, unwieldy, and complicated, requiring some technicians to spend 30 minutes checking boxes about a patient's condition rather than three minutes scribbling notes.

Privacy and security are what worry Twila Brase, a former nurse and current president of the Citizens' Council on Health Care in St. Paul, Minn., a state think tank that focuses on genetic privacy and medical-record privacy rights.

"They're creating a national template or national standard that everyone has to follow," she said. "The idea is for it to be interoperable. That means it's available and accessible and linkable and searchable, and all of those things. So everyone has, as the bill says, one medical record...We're going to lose the frank conversations that a patient really needs to have with his doctor and a doctor needs to have with his patient."

Other groups, including Consumer Watchdog and the World Privacy Forum, have raised similar concerns.

What, exactly, does the stimulus package say?
The legislation (PDF, on page 244) envisions the "utilization of an electronic health record for each person in the United States by 2014." Selecting official standards will be left to the Department of Health and Human Services, and many details are still unclear.

The databases will, "at a minimum," include information on every American's race and ethnicity. They will be used for "biosurveillance and public health," and "medical and clinical research," both of which raise privacy questions. They will become part of a "nationwide system for the electronic use and exchange of health information."

To accelerate this transition, the federal government will use its vast purchasing power--think Medicare and Medicaid--to compel adoption of e-records that meet government "standards and implementation specifications."

There are two pro-privacy components. The first says electronic-record holders "shall have a right to obtain" a copy of their data in an electronic format. The second includes a notification requirement in the case of a data breach, if the information is not encrypted, though, according to the definitions used, no notification is necessary, if the unintentional disclosure was made "in good faith."

How will the stimulus package encourage physicians and hospitals to adopt electronic medical records?
Through using the threat of smaller (or the promise of larger) Medicare and Medicaid reimbursements. Physicians who are "meaningful users" of a government-certified e-record database get bonus payments, as long as the database meets still-to-be-determined regulations about information exchanges.

Physicians who don't participate in such a data-exchanging system, on the other hand, will see their Medicare and Medicaid reimbursements begin to decline by a few percentage points in 2015. The U.S. Department of Health and Human Services is required to improve the adoption of e-records "over time by requiring more stringent measures of meaningful use."

Will Americans be able to opt out?
Although a single paragraph promises that data sharing will "be voluntary," critics argue that there's no unambiguous way to opt out.

That's what worries Sue Blevins, a former nurse and head of the Institute for Health Freedom, a nonprofit, nonpartisan group founded in 1996 that advocates for free-market principles in health care. "The stimulus package calls for the government to plan for everyone to use an electronic health record," she said. "My concern is, it doesn't say whether the electronic health record will be voluntary or mandatory."

"You need to make sure that if you don't want to use an e-health care record, you don't have to," Blevins said. "You need to have consent in there. If you think about it, with old paper records, when you had to give consent, do you know hard it would be to share those? Now data can be shared with the click of a mouse."

How secure will the data be?
We've recently seen some high-profile electronic intrusions, including a report saying a hacker broke into Virginia's "Prescription Monitoring Program," deleted records on 8 million patients, and demanded a $10 million ransom. Another report says overseas hackers gained access to the confidential medical information of students at the University of California at Berkeley, including 97,000 Social Security numbers, by electronically bypassing security mechanisms used by the campus health center.

The best answer might be that no data stored on a computer connected to the Internet can be completely safe. Rather, it makes sense to talk about multiple layers of defenses, solid audit logs, and making individual decisions about weighing the risk of placing the data online against the rewards it may provide.

Doesn't the Health Insurance Portability and Accountability Act (HIPAA) protect my privacy? Only to some extent, and the Bush administration rewrote and reinterpreted some of the HIPAA regulations. A 2006 article in The Washington Post noted that the administration had received 19,420 complaints about wrongful disclosure but imposed only one fine.

An article in a journal published by The Hastings Center, a nonpartisan bioethics group, says, "When sharing health information during health care operations, HIPAA could permit an insurer to give data to a bank it owns, which might then deny someone a loan on the basis of those data...While some laws protect against the disclosure of special kinds of information, such as HIV status, the lack of a HIPAA audit trail on routine disclosures means that HIPAA tends to undercut these restrictions."

Will the stimulus funds be sufficient to convince health care providers to switch to electronic health records?
That remains unclear. A consultancy in Washington, D.C., called Avalere Health estimates that a solo or small-group physician practice will spend an estimated $124,000 from 2011 to 2015 to adopt electronic medical records but will receive only $44,000 from the federal government toward doing so. That means that the out-of-pocket cost would still be $80,000.

Even after reductions in Medicare and Medicaid penalties kick in, starting in 2015 for doctors who aren't using electronic records, Avalere estimates that the reductions in reimbursements would amount to no more than $5,100 a year, or less than the cost of the switch. And because plenty of physicians already don't accept Medicare, the incentives may be weaker than federal officials would prefer. Economics, not privacy concerns, might prove to be the greatest hurdle for backers of electronic medical records to overcome.