Electronic health records can potentially save billions of dollars in health care costs and increase patient safety, but have considerable risks to individual privacy in the United States, more so than the European Union, says a new study co-authored by VA Tech Pamplin College of Business professor Janine Hiller.
“EU countries have adopted electronic health records and systems, or EHRs, and legally protected privacy at the same time,” Hiller says. EHRs include a wide range of patient medical information collected in digital format and accessible via computer, most often over a network.
Strengthening the legal and technical safeguards, she says, would significantly minimize the privacy and security risks and address public concerns in the U.S. about EHRs. Her study examines their benefits and drawbacks, the adequacy of U.S. laws to meet the challenges posed by the privacy risks and concerns, and compares the EU’s legal approach to EHRs.
The U.S. legal framework for health care privacy, she says, is “a hodgepodge of constitutional, statutory, and regulatory law at the federal and state levels.” Hiller and her co-authors believe that though federal efforts to protect privacy seem to be a step up from inconsistent state laws, Americans currently still “have no real control over the collection of sensitive medical information if they want to be treated,” in contrast to the choice accorded to EU residents.
Their study, Hiller says, makes it clear that the privacy issue should be central to any discussion of EHR implementation in the U.S. and the technical and policy framework that guides it. Her recent research in Sweden, she says, showed her “that the legal and technical frameworks cannot stand alone; that they should be developed hand in hand in order to design systems that will effectively protect patient privacy.”
Until then, she says, “public confidence and trust in EHRs is unlikely.”