On Mar. 23, 2010 the WSJ had carried an Op-Ed entitled "Your Medical Records Aren't Secure" by patient privacy rights advocate Deborah Peel, MD, a psychiatrist and founder-leader of the organization Patient Privacy Rights. Dr. Peel's Op Ed can be read here.
My letter to the editor is in response to criticism of Dr. Peel's concerns. The criticism occured in a WSJ letter "Industry Rep Calls Patient Privacy 'Overblown' Worry" on Mar. 30, 2010 by Mary R. Grealy, president of the Healthcare Leadership Council, a "coalition" of chief executives from major healthcare companies and organizations. Ms. Grealy's letter can be read here.
In her letter, Ms. Grealy criticized Dr. Peel's concerns about medical record privacy. She opined that "Dr. Peel seeks to frighten people into believing electronic health records are more vulnerable than paper ones, which is not the case" and that "stymieing the necessary transfer of data contained in one diagnosis, one prescription or one lab test could mean the difference between life and death. That is a very high price to pay in order to address overblown privacy concerns."
My letter in response published today speaks for itself:
Concern About Medical Records Is Not Misplaced
Wall Street Journal
Letter to the Editor
April 3, 2010
In her letter of March 30, Mary Grealy, president of the Healthcare Leadership Council, implies that Dr. Deborah Peel is being alarmist and hysterical about fears of electronic medical records (EMR) privacy ("Your Medical Records Aren't Secure," op-ed. March 24). Ms. Grealy makes the fantastic assertion that EMRs are less vulnerable than paper ones. Nonsense.
I do not recall many news stories of trucks hauling away 10,000 or 100,000 paper charts for diffusion to identity thieves, but massive IT security breaches and computer thefts involving tens of thousands of records or more are increasingly common. As one example, your Feb. 18 article "Global Attack Snags Corporate, Personal Data," tells about how hackers in Europe and China broke into computers at more than 2,400 companies and government agencies over the last 18 months, as well as at 10 U.S. government agencies. [I'd written about this story at HC Renewal here - ed.] It is quite realistic to be concerned about how hospitals, generally an IT backwater, will fare.
Further, who's being hysterical? Ms. Grealy asserts that without the unrestricted flow of medical data for research, "one prescription or one lab test could mean the difference between life and death." This is classic fear-mongering.
EMRs remain an experimental technology of uncertain risks and benefits. EMR data, itself uncontrolled as entered into multiple vendors' disparate EMR systems by multiple personnel of varied medical backgrounds and research experience, under widely varied circumstances, make statistically meaningful EMR-based research quite difficult if not impossible.
The gold standard of medical research is the randomized controlled clinical trial (RCT), and the irrational exuberance over EMRs as somehow able to bypass or surpass the RCT is dollar sign-studded nonsense. Perhaps one day EMRs will be used to rigorously gather RCT-quality data, but not today. EMRs are not magic bullets.
I note from a bio that Ms. Grealy is neither a medical professional nor an IT/informatics professional:
Ms. Grealy has a bachelor degree from Michigan State University and a law degree from Duquesne University.
Somewhat concerning is the following:
Ms. Grealy has an extensive background in health care policy. She has led important initiatives on the uninsured, improving patient safety and quality, protecting the privacy of patient medical information and reforming the medical liability laws. She testifies frequently before Congress and federal regulatory agencies.
Along with other non-medical medical experts such as at the EPIC company who proffer authoritative statements at HHS meetings that physicians will be uncomfortable reporting EMR defects and EMR-related injuries to the FDA, someone needs to remind me why we need non-medical, non-IT, non-informatics "experts" as healthcare leaders and promoters of healthcare IT universal beneficence at all.
It is in my opinion injurious to have healthcare leaders who cannot count on their own personal expertise to partition fact from fiction in medical affairs, and who through lack of that expertise suffer impairment in judging the concerns, expertise and competence of others who are domain experts.
(I should also note that conflicts of interest can also cause people to make statements they know are false or misleading.)