Patients withholding info from EHRs has far-reaching consequences

I hope I'm not the only person who finds the results of a study recently published in the Journal of the American Medical Informatics Association on patient perceptions of electronic health record users troubling.

The study found that more people withhold information from their providers when the providers are using electronic health records due to the fear that the systems won't keep the information confidential.

I've warned before that consumers were going to wake up and realize how vulnerable EHRs can be to privacy and security breaches. It's unfortunately much easier for electronic patient records to be lost, stolen or hacked than paper records, and when a breach occurs, it usually affects many more records at a time. It's also harder to protect electronic patient records when they're stored or accessible in the cloud or via third-party health information exchanges, where the provider has less control over what safeguards are being taken with his/her patients' data.

According to recent statistics shared by the U.S. Department of Health and Human Services, 32 million EHRs have been breached since 2009, the year that providers were first required to report such incidents. The actual number is probably much higher.

I'm not surprised that patients are withholding information from their providers, even if disclosing it would improve the care they receive. People have always fudged a bit when talking to their doctors. They may not want to reveal that they haven't been taking their medication like they should, that they've been sneaking cigarettes, or engaging in other activities that are detrimental to their health.

But the fact that they're engaging in this deception more when providers are using EHRs has much greater implications for healthcare in this country.

It's one thing not to disclose your overconsumption of wine or potato chips to your primary care physician because you don't want that in your EHR. But if a patient is clamming up about serious issues--or not reporting a symptom or side effect--then that EHR is incomplete and inaccurate in a much more significant way, which can be catastrophic in an emergency. And if the EHR is being accessed by another provider, such as a hospital through a health information exchange, now that patient's records of both the physician and the hospital are inaccurate and unreliable.

There's also a deeper, more global problem that is unique to EHRs. Unlike paper records, electronic records increasingly are recognized for their secondary uses in clinical trials, big data research and public health. If the information in EHRs is incomplete and inaccurate, then the research being conducted based on all of this misinformation is flawed. That makes their findings unreliable and untrustworthy.

The researchers in the JAMIA study suggested that clinicians could reduce patient nondisclosure by communicating the benefits of EHRs and addressing privacy concerns. That's a nice idea, but that only works if the providers can really assure the safety and confidentiality of the records. And they haven't been doing a good job of that.

The real solution isn't better communication of the benefits of EHRs. The solution is to better protect them and reduce the risk of breach itself. Otherwise EHRs--with these deliberate gaps in them--are going to be much less useful and beneficial for everyone. - Marla (@MarlaHirsch and @FierceHealthIT)