Electronic Health Records and the National Health Information Network: Patient Choice, Privacy, and Security in Digitized Environments

The World Privacy Forum has been particularly interested in developments related to EHRs and the NHIN. Given the impetus of the 2004 Executive Order 1 mandating forward movement in these areas, and the broad impact digitized medical records will potentially have on patients and on the healthcare sector, the World Privacy Forum believes that the decisions this Committee and others shaping these efforts arrive at will be of lasting importance. Given the transition of many parts of our society from analog to digital, it is crucial to ask what this digitization will look like and to carefully examine and discuss what form EHRs and related systems should take in regards to patient choice, privacy, and security.

The Core Role of Patient Choice in Electronic Health Records and EHR-Related Systems

Electronic health records do not exist within a vacuum. Like paper medical files, EHRs must be stored somewhere. And in order to be used and compiled, the records must be accessed in some manner. Unlike paper medical files with their unique set of physical controls which have inadvertently slowed dissemination (often called "privacy through obscurity"), EHRs are prone to rapid dissemination and can be called up from multiple access points simultaneously.

Because of the substantial changes that digitization of EHRs and other medical data brings, patient choice in the realm of digitized medical data will be a core issue that this Committee must grapple with. It is in this area that the strengths and weaknesses of any EHR system, large or small, networked or not, become evident. Patient choice becomes particularly important, for example, in light of medical identity theft and medical security breaches.