American laws and procedures are not effective at protecting patient privacy, according to experts. Janine Hiller, professor of business law in the Pamplin College of Business at Virginia Tech, was the lead author of “Privacy and Security in the Implementation of Health Information Technology: U.S. and EU Compared,” published in the winter 2011 issue of the Journal of Science & Technology Law.
There are compelling reasons to adopt electronic health records (EHRs). Both costs and medical mistakes can be reduced, but only if their use is nearly universal. The RAND Corporation studied the value of EHRs in 2005. According to RAND, if 90 percent of hospitals and doctors used EHRs, “the health care system could save almost $77 billion a year from efficiency gains, a result consistent with other studies,” wrote Hiller.
EHRs could also save costs by reducing defensive medicine, in which doctors order unnecessary tests or procedures to protect themselves from accusations of neglect, according to the report.
Both the Bush and Obama administrations have encouraged and promoted EHRs because they can save money and reduce medical mistakes. President George W. Bush called for medical records to become fully electronic by 2014. Under President Barack Obama, the change from paper records may happen even sooner, according to the study.
Hiller and her partners found that patient privacy is much better protected in Europe. Patients there have better legal and cybersecurity protection. In the United States, medical privacy is “a hodgepodge of constitutional, statutory, and regulatory law at the federal and state levels,” according to a press release from Hiller and her coauthors. She stated that Americans “have no real control over the collection of sensitive medical information if they want to be treated.”
European patients are able to encapsulate particularly sensitive medical information, and an individual has far greater access to and control over his records in Europe than in America.
“EU countries have adopted electronic health records and systems, or EHRs, and legally protected privacy at the same time.” Janine Hiller, Professor of Business Law in the Pamplin College of Business at Virginia Tech
Europe historically has a stronger emphasis on privacy because of declarations created after World War II, when “The 1950 Council of Europe Convention identified individual privacy as a fundamental value,” wrote Hiller. Data-gathering on individuals is strictly limited and must only be used for the purpose for which it was first collected.
“EU countries have adopted electronic health records and systems, or EHRs, and legally protected privacy at the same time,” Hiller said in a press release.
Privacy and security must be central to any discussion of EHRs, according to Hiller. Misuse of records and medical identity theft can lead to fraud, extortion, financial losses, discrimination, and to poor medical care.
“Regardless of the reason, legal or technical, the result is that the good aspects of EHRs can be undermined by the bad consequences of poor privacy practices and the ugly effects of inadequate security,” wrote Hiller.Hiller’s coauthors were Matthew McMullen of Martinelli and McMullen Professional Services, Wade Chumney of Georgia Tech, and David Baumer of North Carolina State University.