Public split on privacy risks of electronic medical records, survey says

Feb. 23, 2005
Nearly half of adults says the benefits to patients and society of a patient EMR system outweighs risks to privacy, but nearly half also says the privacy risks outweigh the expected benefits.

U.S. adults are divided right down the middle on whether the potential privacy risks associated with a patient electronic medical record system outweigh the expected benefits to patients and society, according to Dr. Alan F. Westin, Professor of Public Law & Government Emeritus, Columbia University and Director of a new Program on Information Technology, Health Records & Privacy at Privacy & American Business (P&AB).

In testimony given Feb. 23 before the National Committee on Vital and Health Statistics of the Department of Health and Human Services, Dr. Westin released the results of a new national Harris Interactive(r) survey on the American public and what are known as Electronic Medical Records (EMR).

This telephone survey was conducted in conjunction with the new Westin Program and was fielded February 8-13, 2005.

Major Findings

* Half of U.S. adults - 48% - say the benefits to patients and society of a patient Electronic Medical Record system outweighs risks to privacy but 47% say the privacy risks outweigh the expected benefits. Four percent said they weren't sure.

* Majorities - between 62 and 70% of adults - are worried that sensitive health information might leak because of weak data security; that there could be more sharing of patients' medical information without their knowledge; that computerization could increase rather than decrease medical errors; that some people won't disclose necessary information to health care providers because of worries that it will go into computerized records; and that existing federal health privacy rules will be reduced in the name of efficiency.

"I am convinced that how the public sees the privacy risks and responses from EMR managers will be absolutely critical to the EMR system's success - or will be a major factor in its failure," Dr. Westin said. "That is the reality that program advocates will need to consider, respond to, and overcome by implementing a range of laws, rules, practices, technology arrangements, privacy education, and positive patient experiences - if EMRs are to win majority public support and high patient participation," Dr. Westin added.

* In what Dr. Westin calls the most important policy-input from the survey, more than eight out of ten respondents - 82% - say offering consumers tools to track their own personal medical information in the new EMR system and to assert their privacy rights is important to implement at the start of any EMR system. In fact, 45% of U.S. adults considered this to be Very Important. Only 17% did not see this as important, with 1% not sure.

"I view this result as a powerful, publicly-derived Privacy Design Specification for any national EMR system," Dr. Westin said. "It is a design approach that will be ignored, put off until a later time, or rejected as unworkable at the peril of any EMR system's entire future."

Additional Findings

* 14% of the public now believe their personal medical information has been released improperly, representing 30 million U.S. adults - down from 27% who thought this in 1993 (Harris-Equifax Health Information Privacy Survey).

* Two-thirds of the public - 67% - recall that they had received a HIPAA notice, representing 148 million adults. However, a surprising 32%, representing 68 million adults, say they had never received a HIPAA privacy notice. (Only 1% chose to say Not Sure).

* Two-thirds (67%) of those who remember receiving a privacy notice say their confidence in how their medical records are handled has increased a great deal (23%) or somewhat (44%), based on their experience and what they may have heard about HIPAA and the privacy notices. Thirteen percent said their confidence increased "not very much" and 18% "not at all."

* Less than a third of the public - only 29% - said they had read or heard about a national EMR program. This represents 62 million U.S. adults. Our demographic data showed that these were, predictably, primarily the better-educated, higher-income, technology-using members of the public.

Recommendations

In his testimony, Dr. Westin made several recommendations to the Committee, based on the survey findings:

* Create a "Privacy by Design Working Group" in the EMR Program now to:

* conduct continuing EMR Privacy Risk and Threat Assessments design and propose new privacy laws and regulations to accompany EMR roll-outs
* identify system design elements that would enhance rather than defeat privacy interests
* identify and test procedures to empower individual patients to access the EMR systems directly, to assert their privacy rights and carry out their individual privacy choices.

* Create an EMR Privacy Board with continuing problem-solving identification, investigative, and standards-recommending duties.

For more information, visit www.pandab.org. Media inquiries should be directed to Irene Oujo at [email protected] or (201) 996-1154.