Electronic Health Records and Respect for Patient Privacy: A Prescription for Compatibility

Electronic Health Records and Respect for Patient Privacy: A Prescription for Compatibility

Jeremy B. Francis · 13 Vand. J. Ent. & Tech. 441

Abstract

Thousands of years ago in ancient Greece, Hippocrates, the “father of Western Medicine,” created the first health record. Although the medical field advanced remarkably from Hippocrates’ time to the mid-twentieth century, medical records still shared at least two common features: They were written by the hand of a physician and kept in a tangible medium. The early 1960s witnessed the advent of a new kind of health record–the electronic health record (EHR)–a longitudinal, electronic record of a patient’s entire health history. Since the latter half of the twentieth century, scientists, computer technicians, universities, healthcare providers, and the government have been working toward the digitization of health records. Finally in 2009, Barack Obama pledged that by 2014, all American health records would exist in an electronic format. As part of this undertaking, the federal government has earmarked $19.2 billion in incentives for medical institutions to invest in EHRs via the American Reinvestment and Recovery Act (ARRA).

At first blush, given our increasing dependence on and affinity for electronics, it may seem that EHRs are a great advancement for the medical field. However, there may be an Achilles heel of EHRs: patient privacy. Opponents of EHRs argue that by making health records completely digital, we are entrusting our most private and potentially compromising information to “black boxes” and opening ourselves up to privacy breaches. Out of this grave concern comes the most pertinent question in the debate over digitalization: Are EHRs and patient privacy mutually exclusive?

This Note argues that despite the concerns of EHR critics, patient privacy and a digital record system may peacefully coexist. To ensure that privacy is maintained, physicians, information technology specialists, hospital personnel, the federal government, and patients must work together to implement the necessary safeguards for a successful and secure EHR system. While it may never be possible to ensure the absolute security of all health information stored in cyberspace, this Note will argue that a collaborative effort can at least guarantee that personal health information is protected long beyond 2014.