Thursday, March 17, 2011

Facebook, Patient Rights and Medical Records

The European Union is going to put legal pressure on Facebook to ramp up their privacy disclosure and protection, including the Facebook Right to Be Forgotten.  I have a feeling that the same right will someday be extended to a patient's medical record, no matter what the content.

Once upon a time at Northwestern University, I helped build the curriculum for an "Ethics in Medical Informatics" class, and I would occasionally return to give guest lectures.  I enjoyed all of the classes that I taught and those that I lectured, but the ethics class was the most fun.

One of the questions I would pose to the ethics students was based on a true story.  In 1999, a wealthy and successful business woman requested that her high school era abortion be stricken from her medical records at the local hospital.  She didn't realize that the abortion was part of her current record because the procedure was performed at another facility, in secrecy.  But, in a somewhat passing comment to her primary care physician about the abortion some years later, he entered her comment into her medical record...and there it stayed unknown to her until she requested a copy of her record be transferred to another facility for a referral surgery on her lower back.  I note the year because in 1999 nobody was talking about patient rights as they related to electronic medical records.  The prevailing belief at that time was that those records belonged to the hospital or doctor.  Can you imagine this poor woman having to argue with a hospital administrator over an already very embarrassing part of her life?  Can you imagine a pompous-- definitely pompous-- male hospital administrator forcing her to participate in several meetings to discuss the situation, in the presence of other hospital staff, and then asking her to put her request in writing and then forcing her to sign a release and indemnity?  After this hideous journey to arrive at what should have been an easy decision, the actual deletion of the information from her electronic medical record was technically very challenging because virtually all electronic medical records in existence then and now are designed to make true deletions nearly impossible, due to the overly conservative interpretation of laws that govern medical record auditing.  The best that you can easily do is hide something in an electronic record, but the audit functions prevent the data from actually being deleted.

About two-thirds of the students in each class would consistently vote to defend her right to remove the entry from her record, while the remaining third would defend retaining it as medically important to her safe care and the right of the hospital to know everything necessary to offer the best care, in protection of their reputation and standing. I'm in the two-thirds.

How far will we go in the future to allow patients full rights to edit their medical records?  How far do we go now?  Does it depend on the mental faculties of the patient?  How will we decide which patients are intellectually capable of editing their records in such a way that it won't place their healthcare at risk?  Should society care if these patients place their own well-being at risk?  Should you be able to delete something from your medical record that might be used to deny your insurance coverage, the ability to purchase a gun, or obtain a government security clearance?

Someday, personal health records will hopefully turn all of this debate of content ownership upside down, but we have a long way to progress in the industry-- many years-- before we reach that point.

That ethics class was a lot of fun.  :-)

No comments:

Nuclear and Healthcare Decision Making

Nuclear warfare operations was my data-driven decision making environment before the healthcare phase of my career. It was all about recogni...