By Mitch Wagner
December 5, 2009
While electronic medical records promise massive opportunities for
patient health benefits and reductions in administrative costs, the
privacy and security risks are equally huge.
The Obama administration has set an ambitious goal--to get electronic
medical records on file for every American by 2014. The administration
is offering powerful incentives: $20 billion in stimulus funds as per
the American Recovery and Reinvestment Act (ARRA) of 2009, and stiff
Medicare penalties for healthcare providers that fail to implement EMRs
EMRs offer tantalizing benefits: Improved efficiency via the elimination
of tons of paper files in doctors' offices, and better medical care
through the use of the same kinds of database and data mining
technologies that are now routine in other industries. One example: EMR
systems can flag symptoms and potentially harmful drug interactions that
busy doctors might otherwise miss.
But the accompanying privacy and security threats are significant. When
completed, the nation's EMR infrastructure will be a massive store of
every American's most personal, private information, and a potential
target of abuse by marketers, identity thieves, and unscrupulous
employers and insurance companies.
Regulators are attempting to craft rules that would unlock the benefits
of EMRs while protecting Americans from the security risks. Healthcare
IT pros will be required to implement systems and business processes
that conform to these regulations, or face lost funding, institutional
fines -- and, in some cases, personal criminal penalties.
The new regulations come as the healthcare industry faces big privacy
problems, going back years. In 2003, a medical transcriptionist in
Pakistan threatened to post patient records from the University of
California San Francisco's Medical Center on the Internet unless she was
paid for her work for a transcription service company hired by the
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News