You may have seen the breathless news reports about Kaiser Permanente’s disciplining of twenty-three employees for unauthorized access to Nadya Suleman’s electronic records. These violations of policy and ethics are being described as “security breaches” that threaten the public’s confidence in, and support for, the effort to modernize medical record keeping.
Please.
I’ll let you in on a dirty little secret that will come as no surprise to those of us who have worked in the medical field. Health care workers have always dabbled in medical record snooping.
Had Ms. Suleman given birth to eight babies in 1989, the odds are that her paper chart would have made the rounds of every medical record clerk, much of the nursing staff, and at least half of the physicians at her hospital. The difference is that no one would have been fired, suspended, or made to stand in the corner.
The truth is that what the Kaiser employees did was wrong, and they got caught because Kaiser has a robust electronic system in place that allowed them to identify the miscreants. Could they have cranked up the access controls even higher and saved these people from their own destructive curiosity? Perhaps; but if doing so makes it more difficult to get to critical information when it’s needed to render care, who would they be helping?
My point is that violation of an organization’s privacy policies by its employees is serious, but it’s not a security breach- and it shouldn’t be news. (Though I must say it did give me a valuable object lesson to share with our employees. Call it a teachable moment.)
Our patients need to trust us or they won’t come to us for care. We have to let them know that everyone in our organization is committed to protecting their privacy, and that we have modern, technological methods for ensuring that anyone who violates that trust suffers the consequences.
Our healthcare information technology is what makes that possible.
So, Senator Leahy, the health privacy problem predates the electronic health record. The EMR is, in fact, part of the solution.