After Hurricane Katrina devastated New Orleans and Mississippi, thousands of evacuees with health problems faced double jeopardy because their medical records had been lost -- forcing doctors in evacuation centers to rely on educated guesswork in treating patients they’d never seen before.
One group was spared that risk: former members of the armed forces whose records were available electronically from the Department of Veterans Affairs. For these patients, doctors in Texas, Arkansas and other states that took in Katrina refugees could call up medical charts, prescriptions, lab results -- even videos of medical imaging tests.
Congress is trying to bring the benefits of computerized medical records systems like the VA’s to the whole country. By reducing reliance on paper records, lawmakers hope to save billions of dollars. And by tying computerized records systems together in networks, they hope to reduce medical errors by making information instantly available wherever it is needed.
But legislation to encourage a move to computerized records, now moving through the final stages of congressional approval, has provoked opposition from privacy advocates, consumer groups and civil libertarians who point to recent security breaches -- including the much-publicized theft of a VA laptop containing personal information on millions of veterans.
These groups warn that the legislation wouldn’t provide enough safeguards.
On one side of the debate is the issue of ensuring adequate protection for a person’s most personal information. On the other side is the imperative from government, employers and insurers to curb the seemingly unsustainable growth of healthcare spending, as well as to improve medical treatment.
“We are not going to be able to get healthcare costs under control and improve quality without dramatic implementation of health [technology] over the next 10 years,” said Robert Laszewski, a health policy consultant. “It’s one of those things where choices are going to have to be made.
“That doesn’t mean give the healthcare industry a blank check -- we’ve got to have standards -- but I’m afraid we’re going to have to take some risks,” he said.
Privacy advocates say the legislation needs stronger protections, such as provisions that would allow patients to control who sees their records or even to opt out of the electronic system. Agencies should be required to notify patients of a security breach, and patients should have the right to sue over unauthorized disclosures, privacy advocates say.
“The main thing we are concerned about is that if this information leaks out to employers, it can destroy people’s reputations and livelihoods,” said Dr. Deborah Peel, a leading critic and a psychiatrist who heads the Patient Privacy Rights Foundation in Austin, Texas.
Under the legislation, patients would not “have the basic right to control who can see and use the most sensitive information on Earth about you,” Peel added.
Supporters of the legislation -- known as the Health IT bill -- say existing federal medical-privacy laws offer sufficient safeguards. Such laws “already provide absolute protection of our health information,” said Rep. Nancy L. Johnson (R-Conn.), a coauthor of the legislation.
The Senate unanimously approved a version of the Health IT bill last year. The House version sparked partisan battles over complex technical and legal issues, as well as privacy. But House Republicans won passage over Democratic opposition last month.
A House-Senate conference to try to iron out differences promises to be contentious. Sen. Edward M. Kennedy (D-Mass.) has branded the House legislation “a weak, partisan bill.”
Both versions share the same goal -- to establish a legal and technical framework for a records system that would guarantee that doctors and hospitals anywhere could seamlessly share patient files.
Private industry would design and build the system, and pay for most of the cost. A federal technology czar in the Health and Human Services Department would oversee standards and ensure that computer systems could communicate with one another.
Architects of the system envision achieving more than a vast records repository. It could help doctors, for example, by warning them if they are about to prescribe a medication to which a patient is allergic. Patients would also have access. For instance, people with heart disease and diabetes could report daily blood pressure and blood sugar readings online, instead of bringing handwritten notes to their medical appointments.
The Bush administration strongly supports the legislation.
“We would love nothing more than to see the entire country covered,” Veterans Affairs Secretary Jim Nicholson said. “And most especially the Department of Defense -- they come to us with paper files, which is sort of an anachronism.”
Independent analyses suggest the cost savings would be considerable. A Rand Corp. study last year estimated savings of at least $81 billion a year, mostly from lower administrative costs. And with increasing use of the system, the practice of medicine could become more efficient, eventually saving as much as $346 billion annually. Even for a country that spends about $2 trillion a year on healthcare, the savings would be substantial.
The study also found that about 20% to 25% of hospitals are now using electronic records systems, along with about 15% to 20% of doctors’ offices. One reason for the small numbers is cost. Installing a nationwide system in hospitals and doctors’ offices would take about $7.7 billion a year over a 15-year period. The Senate bill provides some modest federal starter grants, but the House bill does not.
Opponents of the legislation deny that they are trying to hold back progress. “I want medical science to go forward,” said Rep. Lois Capps (D-Santa Barbara), “as long as we take care that what we are going to do is not going to expose people’s privacy.”
As a former nurse, Capps said she would be glad to see note-taking and deciphering doctors’ squiggly handwriting relegated to the realm of lost arts, but added: “If people don’t trust the [new] system, they are not going to sign up for treatment.”
House Republicans backed off an initial attempt to preempt state laws, but privacy will remain a delicate issue for the conference committee. Major labor unions and consumer groups, including AARP, are calling for stronger protections than those currently in either bill.
Some physicians are also concerned. Dr. Jack Lewin, chief executive of the California Medical Assn., said he worries such powerful technology could be misused by hospitals and insurers to coerce doctors.
“It could conceivably be used in a witch hunt, going after a doctor who is outspoken on quality issues,” Lewin said. “While we don’t think that would commonly occur, medical staffs want to make sure these kinds of protections are considered.”
In addition to the privacy issues, the conference committee must grapple with a House provision that would waive anti-kickback laws to allow doctors to accept electronic records systems from hospitals and other enterprises.
Veterans Affairs department officials say that their electronic medical records system has not been breached in its six years in operation and that they have saved $100 million a year. The VA was widely criticized earlier this year after a laptop with other kinds of personal data on 28.6 million veterans and active-duty service members was stolen from an employee’s home. The computer was later recovered, and FBI analysts said the data had not been compromised.
“We have never had someone hack the [records] system, nor have we ever had a data loss,” said Dr. Robert Lynch, who chairs the internal VA committee that oversees the system, called VistA.
Paper records were not always more secure, Lynch said. “The controversy is that [electronic] data is more transportable,” he said.
The agency uses a variety of strategies to protect its system, he said, such as data encryption and monitor screens that prevent the data from being seen by a visitor in a medical office.
Although the transition to electronic records would be a major change for hospitals and doctors, Lynch said he is not sure that it represents a new privacy frontier for patients.
“The reality is that you and I already have our major diagnoses coded in computers all over the place,” he said. “Even without electronic records, that information is already in cyberspace because of the billing system. If anything, this is just more detail.”