Joe Conn of Modern Healthcare Magazine interviewed “Julie” who spoke at the 2nd International Summit on the Future of Health Privacy on June 6th, 2012 in Washington, D.C. Her story is an example of health privacy gone wrong (Click here to read her story).

Dr. Deborah Peel, CEO and Founder of Patient Privacy Rights points out why Julie's story matters.

“These stories matter for many reasons, not the least of which is that Partners is switching to Epic EHRs and Epic's CEO has openly opposed data segmentation for years. She claims it's impossible, too expensive, can't be done, etc. Partners is about to spend hundreds of millions of dollars on a failed electronic health records system.

The claim that data segmentation cannot be done is incorrect. One example is the open source consent technologies used for over 12 years by many state mental health departments to exchange sensitive mental health and substance abuse data on over 4 million people in over 8 states (the states belong to the NDIIC). Further, the state of MA has very strong laws that require consent for the disclosure of mental health information (actually all 50 states do too).

Why would Partners choose a product that fails to protect patient privacy in a such a major way? This will prevent trust in doctors, hospitals, and worst—-in ALL electronic systems. Millions of patients/year refuse to seek treatment when they know they cannot control where their data flows. Any HIE or EHR that cannot selectively share data with the patient's meaningful consent, withhold data without consent, AND withhold erroneous data is a failed system or technology. The refusal of certain health IT companies to build technologies that comply with the law and what patients expect shows very poor judgment”.

What is important to note is EHR systems can provide many benefits. However, stakeholders in the healthcare ecosystem need to recognize the risks to patient privacy and make the appropriate investments in privacy and security controls to protect PHI. This is the major premise of the recent white paper “The Financial Impact of Breached Protected Health Information – A Business Case for Enhanced PHI Security” which is available at the ANSI website.

Another growing aspect of protecting your health records is mobilizing patients to get more involved with their health care, which could help them improve their quality of care and be in more control. One key aspect of this is being able to see your own records. The director of the Office for Civil Rights, Leon Rodriquez recently issued a memo that patients can take to their provider to help them get a copy of their health records and make corrections if they find inaccuracies. An important benefit of patient engagement is the ability to reduce health care fraud and medical identity theft.

The answer to the question, “Does Migrating to EHR Reduce Patient Privacy?” is: it doesn't have to.