Security and EMR: How Afraid Should We Be?

by Briana Campbell (@MsMatchGirl)

Imagine the embarrassment of your sexual dysfunction being made public.

Imagine the worry, especially in this tenuous economy, of your employer finding out that you have a genetic condition that could grow to be debilitating.

Imagine trying to protect your familys privacy only to discover that your childs schoolmates have learned of his disability.

Emotional, financial, social privacy and security: thats what we all expect of our medical records. Coming in a close second to the effective, affordable treatment itself is the expectation that that treatment, and the condition its treating, will remain completely confidential.

The introduction of electronic medical records have offered many benefits to both healthcare professionals and patients. EMR are easier to search, easier to find potential drug interactions, take up a tiny fraction of the physical space, make record-keeping much faster and easier, and allow us to move or share our records among our care team.

But do they risk the safety of our data? The answer to this question depends on two things. First is the infrastructure. Is it built without loopholes, with adequate encryption and protection?

But the second element – the one that I have heard much less about – on which our EMR security depends, are the people involved in the process. Whether our records are on paper in a folder in a filing cabinet, or data saved in a digital file, we rely on the physicians, physician assistants, nurse practitioners, nurses, clerks, receptionists, and all others – not only from our practitioners office, but also from our managed care provider, our banking institution, and all others who access our files.

We assume that everyone working with our files has been adequately trained, is working on adequate equipment, has adequate time to do their work, and is adequately following adequate procedures. Thats a lot of assumptions, it seems to me – and even the best structure cant fix human error.

Im impressed by the steps that the industry has taken since its inception, which have resulted in about half of all physicians using EMR. But I havent heard much about the people side of things. What are the training protocols? What are the background checks? Who are the people who have access to my records – how many different points of entry are we talking about?

Weve got a bank with a crackerjack vault… but whos guarding it, and how good are they at it?

I dont suspect doctors or their staff of widespread ill intent – far from it. But what is the potential for error? Where do those decisions points exist, and how are they being safeguarded?

Im not raising my questions to make anyone afraid; just the opposite, Id love to find official answers to put these questions to rest for good. Here at Pixels & Pills wed love to do an interview with an EMR expert to answer these questions straight from the horses mouth. Are you one? Do you know one? Please get in touch.