1. Health

Limitations of Electronic Patient Record Keeping: Privacy and Security Issues


Updated February 19, 2009

When it comes to electronic health and medical records (EMRs), the digital technology has a few limitations. From the mechanical ability and methods for storage and transmission, to the ways they can be accessed, new and more advanced systems are becoming available every day.

However, definite limitations and issues arise from the implementation and use of EMRs and PHRs (personal health records). You may have already reviewed the hurdles created by the local nature of EMRs and their lack of standardization. Additional problems exist with security and privacy of these records.

Security Questions for EMRs

Security is potentially a major problem. There may be no system in the world that is entirely uncrackable, including EMRs or PHRs. Think back during the past few years to the losses of credit card records at large retails chains, or the 2006 Veterans' Administration loss of its patients' records. Despite tight security on these systems, data was lost or accessed by others who should not have access.

When it comes to EMRs, patients have little say in their participation; therefore, even if they have concerns about their records being a part of an EMR, there is almost nothing they can do about it.

With PHRs, however, patients have much more ability to control content and access. Because these records are developed by a patient for himself, the patient also determines who has access, and how that access is made.

Privacy Questions and HIPAA

Privacy is a similar concern. HIPAA, the Health Information Portability Accountability Act, federal law, determines how health information may be shared electronically.

This provides good opportunities for sharing the information, but it also creates roadblocks, too, when someone other than you, the patient, wants to access your records. That's good if the person wanting access isn't be allowed to get those records. It can be a major problem if a loved one, or a healthcare proxy wants access. Confusion about the HIPAA laws themselves and how they need to be implemented is rampant throughout doctors' offices and healthcare facilities across the country.

One other privacy concern for EMRs is the fact that most of the applications being used by health systems, doctor's offices, hospitals and other facilities, don't fall under HIPAA constraints themselves. A patient's records are kept in a format on computer servers that are owned by another company, and not by that hospital or doctor's office itself. That third party does not have the same restrictions as the healthcare professionals themselves have. Unless there is some other contractual reason for them not to share patient information, there is no law that says they can't do what they want to with it.

Privacy Questions for PHRs

Personal Health Records (PHRs) raise their own privacy questions. Some patients have developed PHRs on websites that provide applications for such a purpose. Some of the websites offering PHRs, mostly the ones that offer storage space for free, are not concerned with privacy. They may sell the data to other companies, or advertise on the same page as the content uploaded by the patient.

Other websites claim they will keep information private, but may claim other rights such as data-mining, the selling of patient information in bulk. As an empowered patient, if you want to keep your records online yourself, be clearly aware of privacy issues as they relate to the information you upload. Check the terms of service to learn what that website may do with your information.

These particular privacy questions are not a concern for records kept on a local/home computer or a personal (thumb) drive. Privacy of your information on these types of systems will be more at the mercy of how you handle them and less at risk from hackers or other violators. For example, if your thumb drive is attached to your keychain, and you lose your keys, your personal health information could be at risk. Or, if you sell your computer without completely erasing the hard drive, then the person who purchases your computer may be able to gain access.

A wise patient understands the privacy and security issues of keeping health and medical records in a digital format and plans accordingly for their use.

Learn More:

©2014 About.com. All rights reserved.

We comply with the HONcode standard
for trustworthy health
information: verify here.