e-Ethics MARCH 2003
"But You're Not in the Computer!"
|
We can't treat you . . . you're
not in the computer!" Words like
these point to an emerging issue
that is fraught with ethical considerations.
Patient records should be
accessible in a well-maintained,
durable paper file system or in a
well-administered, up-to-date electronic
data management system that
also provides confidentiality and
security. When there is a failure of
access—when the patient is not "in
the computer"—the result can be
substantial frustration. As more
health providers move from paper
files to the electronic medical record
(EMR), issues of confidentiality
become more complex, in part
because access by appropriate parties
is so obviously essential.
The growing insistence that
dependable patient records, stored
in remote databases, will be readily
accessible through sophisticated
network software poses ethical challenges
for doctors, nurses, provider
organizations, insurance companies,
government agencies, information
technologists, and patients themselves.
As more patient records
become "electronic," mistakes can
occur at many points in the entry of
patient data and its secure transfer
to appropriate health professionals
when treatment is required. Recent
news stories portray the alarming
inaccuracy of information in credit
bureau databases. Add the rapid
rise in identity theft by computer
hackers who gain illegal access to
financial or medical records that
were allegedly secure, and it is no
wonder that patients worry about
the quality and security of information
about them.
In reality, electronic health
records are normally secure and
accurate, but occasionally the people
handling those records make
errors. In addition, those responsible
for patient information may not
share the patient's perspective on
the importance of confidentiality and
privacy, and disturbing breaches of
confidentiality can result. As with
credit information, many opportunities
exist for highly sensitive electronic
patient records to be compromised.
The aggressiveness of
potential employers, lenders, and
insurers in accessing private records
to profile credit use, life style, and
health risks increases the need for
laws and institutional protocols that
protect the public from unscrupulous
use of individual health
records.
1
The public's concerns about
information technology often reflect
personal experiences with electronic
data management systems—and
with the personnel who interpret the
technology and its fruits to the public.
Attempts to resolve computer-billing
errors or understand medical
reports sometimes reach a communication
dead end, with responses
such as "Well, that's what the computer
says!"—as if the information
system were infallible and therefore
incapable of reporting incorrect
information, regardless of human
errors in programming, entering
data, or specifying the content of
requested reports.
In the ever-evolving information
age, we need continually to assess
developing health information systems
and related health policy
against such key values as security,
privacy, accessibility, and accuracy.
Will full implementation of the privacy
provisions of the Health
Insurance Portability and
Accountability Act (HIPAA) adequately
safeguard a patient's EMR? Will
information technologies used by
physicians, nurses, hospitals, and
emergency personnel provide sufficient
access to a patient's medical
record when treatment is urgently
needed?
2
Will the use of electronic
patient records, coded in the lingua
franca of physicians, nurses, and
pharmacists, result in fewer medical
errors?
3
Will the expense of developing,
implementing, and maintaining
technologies to store, retrieve,
and protect patient records drive up
health care costs (or will it, perhaps,
put patients at risk if their providers
cannot afford the rising costs of the
technology)? And who else might
want or need access to a patient's
medical record—the insurer, physical
therapist, hospital technician,
social worker, current or potential
employer, government agency, or
lawyer? HIPAA regulations help to
clarify who has a legal right to an
individual's confidential medical
record. But even when such access
is legitimate, will those providing or
accessing the record observe the
proper protocols?
What approach to health information
technologies might strike a
balance between our concerns about
accuracy and access and our desire
for confidentiality and security?
Healthcare stakeholders—individuals
and institutions—must agree on and
adhere to shared ethical values, policies,
and protocols that can both shape and
implement emerging EMR standards.
Inevitably, this approach must blend the
old and the new: electronic patient
records will call for new protocols, but
the "old" rules for managing paper
patient records will still apply.
To achieve the desired results,
patients, health providers, and the general
public will first need to recognize
that healthcare information systems are
not socially, politically, or ethically neutral.
They were developed by human
beings for social institutions (hospitals
and other healthcare entities) to
improve health care. The multiple needs
and interests of societal players in
health care—congregations and their
representatives, governments at all levels,
regulators and accrediting agencies,
insurers, vendors, and the many healthcare
disciplines—inform EMR development,
operations, and functionality.
EMR systems must be flexible enough
to respond to new and evolving policies,
laws, and medical procedures.
Undoubtedly it will be necessary to
design additional EMR standards, especially
to ensure the security and confidentiality
of patient record content and
govern third-party use.
Second, patients—who should be the
primary beneficiaries of these new technologies—
must become active partners
in managing their healthcare information.
To create such a partnership,
providers will need to enlist patients'
help. Reminding patients of their right to
expect that medical records will be confidentially
and securely maintained is one
step in this direction. Inviting patients to
notify providers when they encounter a
breach of trust or a mistake in the record
is another. Only if patients recognize
their responsibility to initiate—even insist
on—needed corrective action can a gen-uine
partnership in information management
be forged. Providers, in turn,
should display genuine openness to
patients' inquiries and to their suggested
corrections of the medical record (which
HIPAA regulations require providers to
consider). A patient's request to meet
with "someone in charge" to remedy a
perceived problem should be not only
accommodated but welcomed. When
patients are active partners in establishing
and maintaining the medical records
that concern them, it is more likely that
shared values about confidentiality, security,
accuracy, and appropriate use will
be consistently honored.
1. See: Doupnik, AM (2002). "An overview of
electronic document management system product
offerings." Topics in Health Information
Management. 23(1): 62-73. Rindfleisch, TC
(1997). "Privacy, information technology, and
health care." Communications of the ACM.
40(8): 92-100. Laing, K (2002). "The benefits and
challenges of the computerized electronic medical
record." Gastroenterology Nursing. 25(2): 41-45.
2. Melton, LJ (2000). "Medical privacy." Issues in
Science and Technology. 17(1): 12-13.
3. Lee, T (1999). "Too much privacy is a health
hazard." Newsweek. 134(7): 71.
|
|
|
|
|
|
|
To view other Publications, click
here.
|
|
|
To view other issues of e-Ethics, click
here.
|
|
|
|
