When Patients Interact with EHRs: Problems of Privacy and Confidentiality
Leslie P. Francis
University of Utah - S.J. Quinney College of Law
September 26, 2012
Houston Journal of Health Law and Policy, Forthcoming
Increasing individuals’ understanding and participation in their health care is good for their health and for the health care system. So goes the argument for encouraging and enhancing technologies that allow interaction between patients and their providers, including patients’ access to their health records. With electronic health records (EHRs) and panoplies of remote communication technologies, patient access can be direct, in real-time, and interactive. These technologies include portals for patients to access their providers’ EHRs and communicate electronically with their providers, remote sensing devices for patient data to be entered directly into EHRs, and EHR capabilities that allow patients to download electronic copies of information in their EHRs.
But patient interaction with their EHRs also presents privacy and confidentiality risks. From the perspective of privacy, patients may be unaware of the extent to which information may be gleaned from them and then be available to others, including their health care providers. From a confidentiality perspective, inadequate identity proofing or authentication procedures may allow unauthorized individuals to access records. Moreover, rules governing records access by authorized personal representatives may reveal more than patients would expect or want. Use by patients of capabilities to download their records may open these records to confidentiality and security protections that are far less stringent than the protections afforded these same records in the possession of health care providers. The article concludes with suggestions for protections that can enable patients to enjoy the great advantages of participative technologies with assurance that privacy and confidentiality are respected.
Number of Pages in PDF File: 20
Keywords: privacy, confidentiality, electronic health records, patient portals, personal representative, health record, blue button
Date posted: September 27, 2012