David St. Clair on privacy

It’s a few weeks old and you may have seen it elsewhere, but I see no harm posting this commentary from David St. Clair, founder and CEO of care management software company MEDecision. You’ll note that the CNN video he references also appeared on my blog last month.

Consumers Need All of the Facts in the Privacy Debate

By David St.Clair

The economic stimulus package that President Obama has signed contains upwards of $20 billion to create electronic health records for most Americans within five years. The president has been very outspoken in his belief that EHRs are essential to health care reform and that the subsequent savings they’ll generate will help to strengthen the larger overall economy.

Whenever the subject of proliferating EHRs catches the national spotlight, you can bet that debates about privacy aren’t far behind. Indeed the privacy issue has already started to gain some traction in the media. In this video clip, CNN’s Campbell Brown and Elizabeth Cohen examine how easy it is for someone to obtain private medical information online by simply using someone’s Social Security number and date of birth.

While this assessment may be accurate, it’s a bit light on the fairness scale. Brown and Cohen only make a very brief mention of facts like President Obama’s plan to appoint a chief privacy officer and to implement unprecedented privacy controls to safeguard the EHR transformation. Instead they emphasize the more sensational angle implying that electronic health information just isn’t safe. They also seem to downplay the fact that a simple thing like creating a password can protect one’s private information.

I suspect the privacy issue is going to reach a crescendo in the coming months, and it’s very important that Americans have all of the facts. There are unfortunately people in the world who are going to try to illegally obtain and misuse private health information. But that doesn’t mean we should just write off EHRs as a bad idea. We simply need to be vigilant and proactive in incorporating the highest security measures into the planning process — which the president has done. To borrow an analogy from a close colleague: we don’t stop building roads because some people drive drunk. We punish the drunk drivers and continue building roads because of the tremendous benefits they bring to the rest of our law-abiding society. There is too much at stake for the health care system and the nation’s economy to allow over-dramatized and misperceived weaknesses in EHR security to thwart progress.

Additionally, to make the privacy debate a fair one we must ask what’s more dangerous: the potential misuse of information or simply not using information at all? Should we put the privacy of an overwhelming minority of people ahead of safer, more efficient, more affordable and potentially life-saving health care for the overwhelming majority? In reality, the only people who stand to be harmed by an unlikely EMR privacy breach are celebrities and other high profile individuals. Even if someone were to gain access to the average person’s health information, there isn’t much they could do with it, other than cause that person some personal embarrassment. In a very real sense, the question then becomes whether we value the privacy of information more than its potential to help us lead healthier lives.

Without question we must make ensuring privacy a top priority in any plans to implement EHRs. I’m confident that the Obama plan does so and, in fact, I think we’ll see even stronger controls than we may have previously imagined. No EHR is going to come with guaranteed safety, but I would argue that the risk level is the same or less than that associated with online retail and banking transactions. The public needs to understand this. It is up to those of us in the industry to ensure that the facts are clear and readily available. Hopefully the media will choose to report all of them so that Americans can form opinions based on complete information.