by Vadim Shteyler
The growing accessibility of Electronic Health Records (EHRs) across hospitals and practitioners raises new concerns about patient privacy. Before EHRs, patients had control over how much information they shared with each healthcare provider. Receiving patient information from other practitioners has required a signed consent form specifying the information patients are comfortable sharing (e.g., radiological studies, mental health history, sexual history, etc.). And hospitalists have been expected to request the minimal necessary information to provide good care. With growing networks and increasing compatibility across EHRs, more providers now have access to information without the patients’ express permission or even awareness.
Recent works published in the Journal of General Internal Medicine reported the results of a study that designed and recorded patient and provider experiences with a patient-controlled EHR (in which patients chose which providers could access which data in their medical records). A preliminary survey showed that, before the study, only 10 percent of patients had access to their medical records. Half of surveyed patients did not know what information their EHR contained. However, all patients wanted access to their EHRs. Meanwhile, another study reported that only one-third of physicians thought patients should have EHR access.
Beyond wanting access to the data in their EHRs, patients also wanted granular control over who else has access to specific information within their EHR. About 93 percent thought it was acceptable to limit EHR access. And 94 percent thought it was good to control who sees specific electronic health information. The study also showed that a significant fraction of patients studied, 43 percent, chose to limit at least one provider’s access to their EHR (usually limiting access to personal information). About one-third of those patients blocked all healthcare staff from seeing personal information. About one-quarter only blocked doctors and nurses from accessing personal information. And about five percent blocked all healthcare staff from accessing all EHR data.
The study indicated that providers’ views on the issue are controversial. While 54 percent of providers thought patients should have control over EHR access, 71 percent simultaneously believed that quality of care would suffer. Further, 58 percent believed EHR restrictions would harm the patient-provider relationship. Though about half of providers felt comfortable with EHR restrictions, one-quarter strongly felt otherwise.
This tension between patient preferences for more EHR control and doctors’ concerns about having incomplete information raises the question of whether patients should be able to control providers’ access. Proponents of incorporating and respecting restrictions argue that privacy is a patient right—that ignoring their wishes for what providers perceive to be improved outcomes would be paternalistic. Instead of digging up information in EHRs, proponents recommend focusing on improving communication skills and creating a safer environment. As long as patients understand that incomplete information may impact the outcomes of their care, patients should have full access to whatever their doctors know.
Opponents argue that certain providers, such as primary care and emergency physicians, should always have access to all of the information available so they can feel that they can provide the best care. Some believe that, without an understanding of the interrelatedness of social and biological diseases, patients may not know exactly how much withholding certain pieces of information could impact their care. From a medicolegal perspective, opponents fear that if doctors would be held liable, they would always choose the emergency option to bypass patient restrictions, and if they would not be held liable, patient care would suffer.
This study was conducted on a relatively small sample, in one healthcare system, and on a population skewed towards lower SES. Nevertheless, the results still raise some issues. Granted, a fraction of the patients restricting access to all sensitive or all medical information may have just done so out of ease of pressing one button rather than sifting through all of the EHR data. But the sizable fraction of patients choosing to restrict provider access may be symptomatic of incomplete trust that their information will only be used for the benefit of their care or that they will not be stigmatized for certain conditions. Consistent with this concern, 58 percent of patients thought their medical information had not been sufficiently protected by state or federal law. It also raises concerns that patients may not be completely aware of the uses of EHR information. For instance, patients may not have known that blocking all EHR access may prevent nurses in hospitals from seeing and filling physicians’ prescriptions. Though more data is needed to describing why patients chose the restrictions they did, this study spotlights a power, information, and communication gap in the clinic that needs further attention.
As both a health care professional and patient, Whats true, from personal experience as both a health care professional and patient, is that Health records are being “weaponized “ for many reasons, especially by providers and institutions trying to cover up iatrogenic injuries, malpractice, incompetence, as well as by those in power who force providers to limit workups in order to save money. Now that cancer, et al, has become an expensive “chronic disease” it’s not uncommon to find many patients who have had symptoms or complaints of pain ignored so that imaging and testing required for early detection and treatment is delayed until the patient is terminal and diseases so far advanced that life saving treatment is no longer possible. Medicine has become about money and both well intenioned providers and patients are now controlled by “big brother’s “ oversight, controlling what care is provided while prohibiting access by patients and their advocates to the truth. No one but the accountants win when hospitalized patients are ridiculously restricted to beds to reduce the hospitals liability from falls, paying no attention to other repercussions such as blood clots, muscle weakness and other deconditioning that may lead to expensive and extended home recoveries and falls then simply happening on another’s watch. No longer are incident reports required but rather discouraged that would impact a physicians or institutions outcomes. Reporting of the impact of adverse reactions and outcomes not only affects the providers, but also medical equipment manufacturers, drug companies, nursing, and all those involved in their education and monitoring. The only way to accurately track morbidity and mortality is through patient records and if they have no oversight, then our criminal element is not only protected but free to easily decide who lives and who dies. The worst case scenarios is when patients are given adverse diagnosis’s to deter others from wanting to care for them This is frequently done simply by adding a psychiatric diagnosis. NO evidence is required to be included in a discharge summary and no longer to providers actually read a record for information that would substantiate the truth. I’ve seen patients labeled as depressed, dysthymia, paranoid, and drug seeking with the worst of all labeling them as overt addicts or munchausens. These patients are doomed to abuse by the system and the situation will only worsen if they are kept in the dark by information being disseminated about them without their knowledge. One of our most glaring repercussions of denying medical information to patients is the protection afforded pharmacies and providers through the constrolled substances monitoring programs. I’ve seen many instances where patients names and insurance information is being used by drug stores to divert opiates etc. Staye record’s can be accessed by anyone BUT the patient, so a pharmacy can use any patients information to divert meds in their name without the patients knowledge. The only way a patient can know if a prescription has been filled and charged to them is by an EOB sent by their insurance company, but pharmacies can easily circumvent this by indicating cash was paid. One report I saw indicated a patient had received
well over 500 hydrocodone tabs from 3 related pharmacies in 30 days, and over 300 in just 4 days alone. There was no way the patient could have been aware of this UNLESS the treating physicians hearing about it had told them, but human nature and our terriblly flawed system encourages the keeping of secrets. The doctors involved simply terminated the patient’s care without cause so the patient remained totally unaware of what was going on. Denying patients access to, and even control over medical records can only end badly for all honest and ethical patients and providers. There is no justification for restrictions and sadly it currently rules end the age old promise of doctor patient privacy and confidentiality. HIPPA laws and patient confidentiality was designed to encourage honesty while being critical to the public health and welfare. The only ones who benefit from its demise are the dishonest