Electronic health record: political issues and privacy
Summary: 1. Keynotes. – 2. What is an electronic health record? – 3. Which values does the balancing test of electronic health record take into account? – 4. The USA system. – 5. The European Union system. – 6. Open issues and possible solutions.
In my speech concerning the Electronic health record, hereafter EHR, I will focus on four keynotes. What is an EHR? Which values does the balancing test of an EHR take into account? Which legal systems will be considered here? Are there any questions, still open and unresolved, in those systems?
2 What is an electronic health record?
First of all, we need to clarify what EHR is. It may be defined as a dynamic digital storage of a patient’s medical history, which keeps a record of all his past health data and is continuously updated with all the data related to his medical treatments.
Its benefits consist of cost saving and efficiency of healthcare because every time the patient needs a medical treatment the doctor will not have to reconstruct his previous medical history. A few clicks are sufficient to have it fully displayed.
We must complete the definition, remembering its potential advantages for patients and public health.
Furthermore, the variability of the health care may be reduced by use of data. In fact, EHR promotes the adoption of a common model of healthcare, that could be delivered to a broad patient base, assuring more informed clinical decisions and improving patient physician communication tracking. In such a way, EHR tends to reduce the probability of human errors in the treatments. It has also been noted that EHR may help in determining provider performance outcomes, monitoring chronic diseases, monitoring medication adherence and promoting safety metrics.
To sum up, EHR is coherent with the public goal of cost saving and increasing the medical system’s efficiency. However, it should be said that cost saving and efficiency could only be obtained if all, or nearly all, health care organizations participate in sharing EHRs.
The benefits described above should be weighed against the risk that the same technology could undermine the guarantees of privacy and decrease of the security to sensitive personal data.
Now I will delve into these disadvantages. The risk concerning privacy is double. First, if the patient’s consent could not be given in absolute freedom and awareness, because he doesn’t pay enough attention or does not fully understand, or fears that a denial of consent may result in a less adequate treatment. The second risk is due to the possibility of medical identity theft, of inadequate systems of security, of widespread data-sharing. To this it must be added that, should the vendors of EHR software go out of business, the patient may ignore what will happen to its data.
I want to attract your attention to this latter circumstance. The vendors of EHR software have a policy of privacy completely inconsistent with the privacy demands of patients. “Only two of thirty vendors describe what would happen to consumers’ data if vendors were sold or went out of business”.
The transition from paper to EHR and the storage of information in electronic databases have exponentially increased the number of patient records exposed to the risk of theft, opening the door to a massive damage to privacy. Therefore, the success of a widespread use of EHR requires that the risks to privacy and security be mitigated, and the patients’ confidence in the digitalization system be strengthened. Only by acting on these two levers, the aforementioned benefits could be likely achieved.
3 Which values does the balancing test of electronic health record take into account?
Moving on to the second point of my reasoning: which values does the balancing test of EHR take into account?
We have before us two competing values: on one side, the right to health, consisting of receiving the best, most efficient and least expensive treatment available.
On the opposite side, the patient’s right to privacy, i.e. that sensitive health data be kept confidential unless data-sharing or data-transfer be permitted upon the patient’s express, free and informed consent, which may at any moment be withdrawn.
There is no doubt that a better and more efficient health care may be provided through EHR. But it is also clear that massive use of EHR may endanger the patients’ privacy. The central issue for a policymaker is therefore the search for an appropriate balance. This is a political choice, even though it is strictly intertwined with technical issues, which may per se be neutral, but are nevertheless oriented by the policymaker.
The solution varies from State to State and this is the confirmation of its nature as a political issue. Some States have strongly privileged the efficiency of the health care system upon the reasons of privacy; other States have chosen an opposite path. I will try later on, in the final steps of my reasoning, to suggest a third way.
4 The USA system
We will now consider two different approaches to the balancing test we referred to above: USA and EU.
In Whalen v. Roe, 429 U.S. 589, 603-04 (1997) the US Supreme Court recognized a limited constitutional right to individual privacy with respect to information held in governmental databases. More recently, the Supreme Court has moved towards a new dimension and a stronger protection of privacy, applicable to the collection and transmission of digital data (United States v. Jones, 565 U. S. ____ (2012) n. 10-1259, January 23 (2012). In Rely v. California, n.13-132, June 25 (2014), the Court has held that police may not, without a specific warrant, search digital information on a cell phone seized from an individual who has been arrested. As a general principle, the owner of the data does not lose his right on his personal sphere in virtue of fact that the data are collected or held by a public body, because the focus is concentrated on the expectation of the private owner. We may imply that, if he has a “reasonable expectation” that the public body should keep the data confidential, any transfer without his consent to a third party is a breach of his right to privacy.