The owners of electronic health records aren't necessarily the patients. How much control should patients have? Electronic medical records contain highly personal information, from illnesses to family matters to emotional statuses. Yet those records don't necessarily belong to the patient. The question this raises in the digital age is: Just how much control should people have over their own records?
Electronic health records (EHRs) have become invaluable collections of information used by a diverse group ranging from government agencies and disease researchers to marketing firms and for-profit data brokers. Government and for-profit businesses have long collected, parsed, and used collective patient data to track the path of chronic conditions and contagious diseases, follow the success rates of new and old treatments, develop new cures, and improve the quality of providers' services. But because today's electronic records are easily shareable -- and hackable -- and have different rules depending on state and organization, some patients fear they have little to no control over the information that tracks their very personal health information.
"It's like we have a vacation home, and we've given out keys to 50 different people, and they all show up at the same time," says Chris Zannetos, CEO and founder of security developer Courion, which counts healthcare organizations as about one-third of its customers. In other words, as patients we want our data to be shared when needed, but then we're surprised at how quickly we lose control of how it's shared.
Consumers don't "own" their health records any more than they own the vast troves of data that retailers, financial institutions, and government agencies collect about them, says Dr. Josh Landy, a physician and co-founder of Figure 1, a text-messaging app for healthcare professionals. Instead of ownership, healthcare professionals and patients should discuss electronic patient data in terms of "stewardship," he says. Although the creator of the record -- such as a hospital or physician's practice -- controls the record and data, patient data has multiple stewards.
Complete records might well include a combination of handwritten medical notes scanned as PDFs into a patient's file; information manually or electronically entered from monitoring and collection tools such as stethoscopes and scales; and data entered directly into the EHR. And the picture is going to get more complex. Soon, electronic records might collect data from wearable devices -- purchased as consumer gadgets -- that gather health data around the clock.
In addition, consumers often see a variety of healthcare practitioners. Each one -- primary care doctor, orthopedic surgeon, hospital doctor, or psychiatrist -- typically uses the referring doctor's record and creates a copy appended to his own electronic health record for the individual.
With all this sharing, what if a patient has a diagnosis he doesn't agree with or doesn't want shared? Can he contest, say, a diagnosis of alcoholism?
"We have to give due course to the patient," says Richard Rosenhagen, assistant VP for EMR/HIM/CDIP at South Nassau Communities Hospital. "If you're not transparent, you're going to end up in a bad place." The hospital has a process for discussing such conflicts with patients and making their disagreement part of the record, though the diagnosis remains. "If they disagree with what's in there, they have a right to voice their opinion," he says. "That disagreement doesn't give them the right to amend the record."
Incorporating more patient-driven data changes will present a whole new set of challenges for health IT professionals.
One reason is that, as a rule, consumers are "horrible historians," says John Hoffstatter, a physician's assistant and delivery director of advisory services at CTG Health Solutions. People forget to bring in a list of current medications or don't know why they take a particular pill. Having patients read through their electronic record is essential to improve care and reduce costs, he says.
