With EHR security, there's nothing to fear but fear itself

FierceEMR recently reported on a North Carolina State University study that says it isn't necessarily the unwillingness of stakeholders or cost issues that's impeding the proliferation of EHRs, it's primarily consumers' concerns about the privacy and security of their medical information. This really struck a chord with us here at MEDecision. It has long been our position that fears over EHR privacy have been largely unfounded and, perhaps, a bit misinformed.

Without question, ensuring the ironclad privacy and security of personal health information must be the utmost priority of any EHR enterprise, bar none. But, at the same time, we're doing a grievous disservice to consumers, the healthcare system and society at large by allowing the erroneous fear of a potential--and unlikely--security problems to suppress the vast benefits EHRs hold. Do we really want to allow extremely valuable, potentially life-saving medical data to sit idle because we're afraid it might fall into the wrong hands; or do we want to have faith in the vigilant, proactive and increasingly airtight measures we've devised to ensure its security and leverage it to improve healthcare for us all?

It's perplexing that we could so enthusiastically embrace electronic banking, retail, social networking--even dating--with minimal regard for the security of that information (which would be vastly more damaging if its privacy were breached) and still maintain such skepticism over the safety of our medical records.

It would be negligent and naïve not to acknowledge that there have indeed been EHR security breaches in the past, and some highly publicized ones at that. Unfortunately, the facts in these cases have often been misreported, feeding the fears of an already-paranoid public.

Yes, there are people out there who are going to try and illegally acquire and misuse private health information, but their already-limited ability to do so is diminishing dramatically almost daily. And even in the rare instances that they might be successful, truly, the only ones among us who stand to be harmed by an EHR security breach are those with the most visible public profiles--celebrities, athletes, politicians, etc. The question then becomes whether the privacy of this overwhelming and exclusive minority of individuals is more valuable than safer, more affordable, more accessible and more efficient healthcare for the overwhelming majority.

Again, ensuring the absolute privacy and security of personal health information must be the sine qua non in all implementations of EHRs and, for that matter, any endeavor that involves the use of electronic health information. The North Carolina State study raises the point that our industry must do a better job of educating consumers. Increasingly, we're seeing stricter privacy laws with stronger penalties, while electronic security safeguards are naturally evolving to be more impenetrable.

These are facts we must emphasize in order to assuage fears, change perceptions and, hopefully, help people form more informed opinions about EHRs.

Eric Demers is senior vice president of health and life sciences at MEDecision, a Wayne, Pa.-based provider of care management software and services.