Electronic health records (“EHRs”) are becoming increasingly popular among both hospitals and physicians.[1] While basic patient information has always been electronically available, starting in 2009, complete patient information began to be stored electronically.[2] By June of 2014, most hospitals and almost half of doctors had made the switch to EHRs and some are even digitizing old records.[3] The trend may be due, in large part, to the inventive payments found in the Patient Protection and Affordable Care Act (“PPACA”).[4] According to HealthIT.gov, over 54 percent of Medicare- and Medicaid-eligible professionals had registered for incentive programs.[5]
There are a number of benefits for EHRs; including, but not limited to, improving quality and convenience of patient care, increasing patient participation, improving the diagnostic accuracy and health outcomes, improving care coordination, and increasing practice efficiencies and cost savings.[6] Some electronic record systems are even setting up “patient portals,” allowing patients to better communicate electronically with their physicians.[7]
Beyond improving patient care, EHRs help healthcare providers avoid penalties put in place by PPACA.[8] EHRs can help healthcare providers improve efficiency, while bringing down overhead costs.[9] While initial costs may be high, this can be offset by the organizational outcomes.[10]
EHRs, however, are not without risks. Many insurance companies will not reimburse providers for electronic communication, forcing physicians to communicate face-to-face or via phone.[11] Sharing information can also be limited by EHR system developers.[12] Many systems are not able to communicate with one another, an intentional design by companies looking to increase their market share.[13]
The largest risks, however, are those concerning privacy. The Federal Bureau of Investigations (“FBI”) recently reported that a number of hacker groups have turned their attention to patient health information.[14] The FBI values partial EHRs at $50 per patient.[15] By comparison, credit card and social security information is valued at $1 per individual.[16] Due to the high value of black market EHRs, patient health information is vulnerable to significant risks.[17]
Some recent cases highlight these privacy risks. In July 2014, Community Health Systems announced that information from 4.5 million patients had been stolen.[18] Chinese hackers stole social security numbers and patient addresses from the past five years.[19] In May of 2012, Howard University Hospital suffered two separate privacy violations.[20] In the first violation, 34,000 patients had information compromised by a contractor who downloaded the information to a laptop that was then stolen.[21] A few weeks later, a medical technician used her access to steal and sell patient information.[22] Not to mention the 80,000 patient EHRs that were stolen from the Department of Health’s servers by eastern Europeans hackers.[23] Finally, a company that handles insurance for the military, TRICARE, had backup computer tapes stolen.[24] This resulted in the loss of 5 million patient EHRs.[25]
In 2013, 24,800 Americans had their patient information exposed per day.[26] In 2014, over 6 million Americans have had their information compromised as of August of this year.[27] Is is clear that the exponential rise in illegal EHR exposure poses a significant challenge to the delivery of care in the electronic age.
Vaughn Bentley is pursuing his law degree and health law certificate at DePaul University College of Law in Chicago. Vaughn completed his undergraduate degree at the State University of New York, College at Oswego in psychology. He is an active member of the Health Law Institute and has a passion for healthcare law. He would like to focus on transactional healthcare law after graduating in May 2016.
[1] Eric Whitney, EHRs: How Vulnerable to Theft?, MedPage Today, (August 21, 2014) http://www.medpagetoday.com/PracticeManagement/InformationTechnology/47320.
[5] Benefits of Electronic Health Records (EHRs), HealthIT.gov, http://www.healthit.gov/providers-professionals/benefits-electronic-health-records-ehrs (Last updated August 29, 2014).
[9] What are the advantages of electronic health records?, HealthIT.gov, http://www.healthit.gov/providers-professionals/faqs/what-are-advantages-electronic-health-records (Last updated September 4, 2014).
[10] Nir Menachemi & Taleah H Collum, Benefits and drawbacks of electronic health record systems, 2011:4 Risk Management and Healthcare Policy 47 (2011).
[14] Thomas M. Larned, FBI warns hackers are increasing efforts to acquire protected healthcare information, The Chicago Bar Association Lexology, (August 27, 2014) http://www.lexology.com/library/detail.aspx?g=732d4638-bce3-470d-868a-825ce8c289d1&utm_source=Lexology+Daily+Newsfeed&utm_medium=HTML+email+-+Body+-+Federal+section&utm_campaign=Chicago+Bar+Association+subscriber+daily+feed&utm_content=Lexology+Daily+Newsfeed+2014-08-29&utm_term=.
[18] Nicole Perlroth, Hack of Community Health Systems Affects 4.5 Million Patients, The New York Times, (August 18, 2014 3:39 PM) http://bits.blogs.nytimes.com/2014/08/18/hack-of-community-health-systems-affects-4-5-million-patients/?_php=true&_type=blogs&partner=rss&emc=rss&module=Search&mabReward=relbias%3Ar&_r=0.
[20] David Schultz, A Patients’ Records Go Digital, Theft and Hacking Problems Grow, Kaiser Health News, (June 3, 2012) http://www.kaiserhealthnews.org/Stories/2012/June/04/electronic-health-records-theft-hacking.aspx.