This guest blog post comes from Dr. Suzanne Barber, Director of the Center for Identity at The University of Texas at Austin.
When you’re sitting in the waiting room at the doctor’s office, you often have a lot of worries—your diagnosis, the long wait, or simply trying to avoid catching a cold from the patient next to you. One concern that doesn’t often cross our minds is whether or not a thief is sitting in another doctor’s office halfway around the world, pretending to be you.
By 2015, as part of the Affordable Care Act, most medical providers will need to meet implementation requirements for electronic medical records. This means that most doctors’ offices and hospital systems will need to give up their old paper charts for electronic charts. Known as electronic health records (EHR) or electronic medical records (EMR), they include not only the digitized records themselves, but also the methods used to exchange information and patient data between different providers, labs, hospitals and pharmacies
While the possibilities are great for increased coordination and accountability within the healthcare field, the move to EMR does leave sensitive medical information at a higher risk for identity theft and data breaches. This could mean more criminals using your health insurance for themselves or worse, using sensitive health information about you to inflict other types of damage. As consumers and patients, we need to keep a few basic questions in mind as the healthcare industry undergoes this change.
The first question we should ask is “What information is being collected about me?” While many of us blindly fill out forms—at the doctor’s office or the PTA sign up table—information about us is actually quite valuable. We have the right to ask questions about why or who will use that information, particularly when it is about sensitive topics like our health. Public health officials, researchers and insurance companies all have an interest in gaining new insights into health trends and effective treatments. But information that we choose to share in a doctor’s office should directly benefit us as patients. It’s okay to ask whether a question or a blank in a form is needed to provide you with better care or whether it is only helping an insurance company determine their costs and reimbursements. The decision of how much to share is always ultimately the patient’s to make.
As health information moves from paper to digital storage, it can be more easily hacked. As patients, we should understand where our information is stored and where it is sent. The burden of data storage for EMR is on medical practitioners, many of which are small business owners. Are they prepared? Do they have the infrastructure, security measures and properly trained staff to manage the data? We can—and should—hold them accountable for how well they protect our EMR. Our medical providers must protect our information as well as our health.
Finally, as patients and consumers of healthcare in the United States, we should determine whether the system we have is the one that serves us best. Currently, patients have little or no control over their own health records. Charts, data, test results, prescription requests, immunizations and confidential doctors’ notes live in myriad places—online and offline, in our own country and in data centers beyond our borders. Is there a future where patients themselves could store and secure their own data? That day may not be far off, as consumers grow increasingly frustrated with security lapses and data breaches. According to the U.S. Department of Health and Human Services, in just the past two years, more than 8 million people have been affected by the breach of unsecured health information.
As we as a society begin to better understand the value associated with our personal information, consumers may begin to demand more transparency about how their sensitive information is managed and secured. When this information is some of our most basic health data, patients may make buying decisions based on how their personal information is protected. Whether it is the insurance company, hospital, pharmacy or doctor’s office, as records go digital and record sharing happens at the click of a button, patients have more to consider than just the care they receive.