Welcome to TechnologyProfessional.Org

Advance the profession. Advance your career.

Login now!

Member Login

Lost your password?

Healthcare IT Privacy Concerns

April 24, 2009

Each day, thousands of people visit doctors and hospitals across the nation. Each of these patients is associated with a wealth of information, from medical history to a long list of medications. The medical community uses this information to carry out treatment and maintain an ongoing relationship between the patient and the medical staff. Access to and use of this information requires a great deal of responsibility that could literally make a difference between life and death.

In 2007, actor Dennis Quaid and his wife gave birth to twins. But soon, the twins developed staph infections, and the parents took their newborns to Cedars-Sinai Medical Center in Los Angeles for treatment. The infants were to receive 10 units of Heparin, but human error crept in causing a catastrophe. Unaware that a pharmacist had mixed the 10-unit bottles with those containing larger doses of the same medicine, a nurse grabbed the larger bottles by mistake. As a result, the infants received nearly 1,000 more units of medication than necessary, and the babies nearly lost their lives.

The disastrous dosing triggered Cedars-Sinai to transform their patient care technology. The hospital employed RFID technology, or Radio Frequency Identification, which involves a barcode system to eliminate human error dramatically. This scanning system enables healthcare workers to verify medications, track and monitor mobile equipment, identify and track patients and employees, and maintain inventory.

Another advancement in healthcare technology is the utilization of e-prescriptions. This relatively new concept is the electronic substitute for traditional prescriptions. The revision on e-prescriptions took effect after President Bush signed Medicare Prescription Drug Improvement and Modernization Act into law on December 8, 2003. Then, in July of 2006, the Institute of Medicine reported that e-prescriptions resulted in fewer medication errors. This helped garner publicity and support for the new technology. This method enables the medical community to quickly learn of plan benefits, past and present medications, and whether or not a patient has filled his or her medication. Such efficiency promotes medication compliance and optimal accuracy.

According to Dr. John D. Halamka, Associate Dean for Educational Technology at Harvard Medical School, healthcare information technology employs various data grouping techniques, depending upon how medical records are used. For example, an “electronic medical record” is a health record used “within one healthcare organization.” By comparison, an “electronic health record” is a health record used “within more than one health organization.” Similarly, a “personal health record” is a health record from “multiple sources” that individuals can “manage, share, or control.”  Lastly, Dr. Halamka states that “practice management” is when a doctor maintains his or her practice via “scheduling, registration and billing.” Ambiguous as the classification appear to some, they nevertheless designate simple ideas that can facilitate better patient care.

With so much information passing between people, privacy is most certainly a concern. Perhaps Oscar May, Chairman and Chief Development Officer of Quality Surgical Centers, said it best:

It is my impression that most patients believe that their health information is protected by the HIPAA legislation (and to a large degree it may be), but that isn’t the stated purpose of the law.  Consequently, the move to establish electronic medical record as the norm must specifically address individual privacy concerns.

Beginning October 27, 2008, the U.S. Office of Management and Budget, the General Services Administration, the Federal Chief Information Officers Council, and the National Academy of Public Information worked together to host a National Dialogue, or a public discussion, via the internet to address the question, “How should we expand the use of information technology and protect personal privacy to improve health care?” The six-day discussion attracted many users, and together, they concluded that privacy included three main areas: individual person, environment, and synthesis.

An individual or a health care beneficiary is associated with personal medical records. Healthcare workers may need to legitimately share those records for the sake of insurance or research. Additionally, as discussed, “A person should know what individual health information is being collected, for what purpose, and for what use.” Furthermore, as stated in the National Dialogue report, “Except where required by law, the individual should have ultimate control over who their personal health information is shared with and for what purpose.”

The second area of concern regarding privacy is the environment the new technology has created, which many stakeholders believe, should be one of transparency. The discussion panel also stated that people should have access to their personal medical records on a records system. Additionally, officials should not need individual consent when submitting reports to health authorities. Regarding personally identifiable information, however, the panelists did want mandatory consent. Participants also concluded that should the information be de-indentifying, there might not be a need for consent.

Synthesis, the third and final aspect of privacy, implies that one’s consent can apply to all future information transactions by all health care providers. With that said, panelists felt that people should be allowed to privatize particularly personal health information, even if it inhibits health care. Further still, patients want the option to share information with selected individuals. During situations when patients are too ill to give consent, panelists stated that professionals should maintain privacy according to the patient’s previously expressed consent. Additionally, they stated that organizations should release only the absolutely necessary information to insurance companies to initiate payment. Finally, participants in the discussion emphasized that organizations should protect personally identifiable information with the strongest security measures available.

As technology advances, health care becomes more streamlined. This efficiency brings with it a sense of responsibility and trust. Patients trust their physicians to provide accurate care while maintaining privacy and security. From computerized care to a public panel discussing privacy, America is well on its way to a healthy, secure future.


  • Text of the dialogue on Health IT and Privacy can be viewed at http://www.scribd.com/doc/12345523/A-National-Dialogue-on-Health-IT-and-Privacy-Final-Panel-Report.
  • The various facets of e-prescription are explained at the Center for Medicare and Medicaid Services Web site, http://www.cms.hhs.gov/eprescribing.
  • The details of RFID technology can be viewed at http://www.rfidhealthcare.com/rfid-patient-healthcare-solutions.aspx.
  • Dr. Halamka’s article on healthcare and IT can be viewed at http://geekdoctor.blogspot.com/2009/03/healthcare-it-primer.html.

2 Responses to “ Healthcare IT Privacy Concerns ”

  1. Jan on May 11, 2009 at 8:13 am

    Trust is the major component of the patient-health care professional relationship and that is why patients are hesitant to consult a health care professional fearing that the latter will not take care of him appropriately. This is also the reason why patients would prefer on going to a health care professional who is related to them or who is their friend because they know that they will be in good hands and will be well taken care of. I am relieved to know about the RFID technology as its aim is to prevent human error to happen. This system would be beneficial for all patients because they will feel secure that they will be given the right dosage and proper medication.

  2. Deanna Brownlee on June 2, 2009 at 12:30 pm

    Hello Jan,

    I am the author of this article. I’m not entirely sure if you’ll read this, but if you do, I want to personally thank you for commenting on my article. It’s both humbling and rewarding. I’m glad you felt compelled to comment on it. Thanks again.

Leave a Reply