Imagine being on vacation in London. You fall ill. You’re rushed to the hospital. While you’re waiting to be treated, you’re presented with a tablet PC on which is an electronic release form, which you sign. With that, the hospital in London can contact your primary care physician in the United States and gain access to your medical history. No filling out a long questionnaire or answering a seemingly endless litany of questions from a nurse or physician’s assistant. Your entire medical history arrives in only a few minutes, and the London hospital has all the information it needs to ensure you receive proper care. Sound like dream? Maybe not.
Despite the many benefits of sharing electronic health records (EHR), there is some cause for concern, too. Before rushing to throw everyone’s personal health records into the cloud, advocates should consider the security risks involved. The concern for sharing people’s medical information should be equal to, if not greater than, the concern for sharing company data online.
Doctors sharing records with other doctors in their networks or health care systems is a good first step. For example, doctors within the University of Pittsburgh Medical Center (UPMC) health care system have access to a database in which their patients’ medical records are stored. So, a patient’s primary care physician can see, in a matter of minutes, what his cardiologist had to say about what the patient can and cannot do to improve his health. What happens when a doctor needs to share the patient’s medical information with a doctor who is out-of-network?
According to the National Coordinator for Health Information Technology Farzad Mostashari, doctors will engage in this type of exchange, too, but adoption will be slow. No one will deny that sharing health records electronically is far safer than entrusting paper records to a courier service or FedEx or even the patient herself. But we must remember that hackers are always on the lookout for ways to access unsuspecting individuals’ personal information. So, it stands to reason that doctors might hesitate to share their patients’ EHRs with those who are unfamiliar to them. At least when sharing EHRs with other physicians in the same health care system, they have some idea about the security of the network the records are traveling through. Unfamiliar doctors use unfamiliar networks with unfamiliar security standards.
So, if doctors do share their patients’ health information with out-of-network physicians, those physicians will be personal friends or well-known colleagues. It’s still too early for most doctors to feel comfortable sharing such sensitive information with complete strangers, even if those strangers are other doctors.
Advances in health care IT are inevitable. And the in-house sharing of electronic health records benefits patients as much as it does their physicians. But when it comes to sharing patients’ electronic health records, doctors are wise to tread carefully. No one wants to find himself facing a lawsuit because he incautiously shared a patient’s records with someone who had an insecure network.