Give me security or give me death

When it comes to electronic medical records, it seems that many people have access to them who shouldn't - and some that need them in emergency situations don't have any access at all.

Last week I chronicled my vacation experience in Florida, which included a visit to an emergency room where I faced a few hours of sheer terror after the doctor told me I had the symptoms of end-stage congestive heart failure (it ended up being just a simple case of bronchitis). The fact that the doctor during this emergency did not have access to electronic medical records that could have saved me that ordeal - or under different circumstances might have saved my life - is difficult to accept in an information age where even sensitive financial records are readily acessible online.

Meanwhile, Sarah Rubenstein reports in this Wall Street Journal story that in hospitals that do have medical records, privacy and security practices aren't always up to snuff (Note: access to the story requires a WSJ subscription). Violations of patient privacy range from the curious hospital staff who peeked at Britney Spears' personal health data to traveling nurses who download more patient data than they need each day and carry it around in unencrypted form.

Hospitals are implementing systems and procedures to tighten security, such as ones that provides role-based access to restrict what users can view. But the article goes on to say that "...institutions also are reluctant to control access to patients' private data too tightly, for fear that doing so could get in the way of patient care, especially in emergencies." Of course that's assuming that a mechanism for ER doctors to access the patient EMR even exists. In most cases, that access is limited to just the ER that's part of the same local health care organization where your primary care physician practices.

There is a fear that without better control over privacy and security issues, the movement toward electronic medical records could be undermined. "What patient is going to want their data to be transmitted electronically if they can't trust the system to keep their data safe," asks Jill Dennis, with the American Health Information Management Association in the story.

Patients in the ER, that's who. When doctors are struggling to understand what is wrong with you, you don't give a damn what the security and policy issues are. You want that doctor to have immediate access to whatever data she needs to help you. Will you sign on the dotted line? Absolutely. And if you're incapacitated, you'll want the doctor to have emergency access on your behalf. Right now there is no inter-hospital protocol for accessing EMRs electronically. In most cases the ER doctor must call your provider, speak to the medical records staff, wait for them to turn those electronic medical records back into paper, and wait to receive them via fax or mail.

By that time you could be dead.