College of Law > Academics > Centers, Institutes & Initiatives > Mary and Michael Jaharis Health Law Institute > e-Pulse Blog > risks-obamacare-incentive-program-electronic-records

Risks Associated with Obamacare’s Incentive Program: Electronic Medical Records

The Patient Protection and Affordable Care Act (PPACA) or “Obamacare” was signed into law on March 23, 2010. [1] PPACA provides new patient protections in dealing with insurance companies and mandates that everyone who can afford health insurance obtain it by 2014 or pay a fee. [2] Obamacare derives from efforts in 1989, when the politically conservative Heritage Foundation proposed health care reform as an alternative to single-payer health care. [3]

Among Obamacare’s many provisions and stated health benefits, PPACA actually reaffirms and emphasizes a mandate in the Health Insurance Portability and Accountability Act (HIPAA). [4] HIPAA was enacted in 1996, and among other things, it was intended to detect and eliminate insurance fraud that was occurring in the electronic records systems. [5] PPACA created the Physician Quality Reporting Initiative (PQRI), under which physicians are encouraged to make greater use of electronic medical records technology. [6] To encourage medical professionals to implement this technology, PPACA created an incentive program. [7] Medical providers who meet PPACA’s specific requirements for Electronic Medical Records (EMR) are eligible to receive up to $44,000 through the Medicare Electronic Health Records Incentive Program. [8] This program is intended to encourage providers to switch from paper health records to electronic health records; ideally, reducing costs and improving the overall care provided to patients. [9]

One major area where problems may arise is that of medical identity theft. An identity theft crisis has developed in recent years, as computers have become more common. This is problematic since medical identity theft is a serious threat that has the potential to undermine the widespread adoption of EMRs. [10] Cyber-security experts argue that placing large amounts of personal patient information draws in thieves who have the capacity to use personal information for fraud or identity theft. [11]

Another potential issue is the misuse of electronic medical records. Recently, a related event occurred when an MNsure employee accidently emailed an insurance broker’s office the social security numbers and other sensitive information of over 2,400 insurance agents. [12] Although this was MNsure’s first security breach, the incident demonstrates how easily individual electronic information may be mishandled and the potential for human error in handling sensitive information. [13]

In response to these potential issues, Republican Senators requested a one-year extension to allow health-care providers to fully upgrade their technology systems and ensure maximum security of patients' electronic medical information. [14] Due to the rise of medical identity theft, proper security of such information is necessary to ensure patient confidentiality. [15]


[1] Obamacare Facts Dispelling the Myths,  (Oct. 2013).

[2] Id.

[3] Id.

[4] Electronic Medical Records Mandate, iSAlus,

[5] Id.

[6] Id.

[7] Id.

[8] Id.

[9] Jonathan Serrie, Obamacare Regulations on Digital Patient Records Raises Security concerns, Fox News (Oct. 2, 2013),

[10] David Goldman, Obama’s Big Idea: Digital Health Records, CNN (Jan. 12, 2009),

[11] Serrie, supra.

[12] Jackie Crosby, Star Tribune: Errant E-mail Creates Security Breach at MnSure, Start Tribune (Sept. 13, 2013),

[13] Goldman, supra.

[14] Obamacare Facts Dispelling the Myths, supra.

[15] Financing the Pulp to Digital Phenomenon, 7 J. Health & Biomed. L. 325 (2011).