Health Plan May Expose Medical Records to Hackers, Experts Fear

Mar. 23: President Obama waves after signing the comprehensive health care reform legislation in the White House. (Reuters)

President Obama's goal of digitizing all medical records by 2014 could be realized by his new health care law, which requires research and reporting through electronic health care records.

But privacy advocates fear that the speed at which the government is moving to digitize records will increase the risk of medical identity theft, and they are concerned about what the government will do once it has access to Americans' medical history.

The new law sets up a research center to compare the effectiveness of medical treatments, something critics fear will enable bureaucrats to start issuing justifications for denying patients access to the latest medical technology.

"Realistically, our nation is going to be facing tough challenges with Medicare, Social Security and this new system," said Sue Blevins, a former nurse and head of the Institute for Health Freedom. "I don't care who's in office, I think there will be more decisions made by government regarding health care, more control of scarce resources and who's going to win and lose."

Last year, Obama included $36 billion in the stimulus package to create electronic record systems, saying the technology will cut costs, eliminate paperwork and help doctors deliver high-quality, coordinated care to patients.

But critics say electronic medical records won't accomplish any of those goals if patients fear sharing information with health care providers because they fear it won't remain private.

"When patients realize they can't control who sees their electronic health records, they will be far less likely to tell their doctors about drinking problems, feelings of depression, sexual problems, or exposure to sexually transmitted diseases,"  Deborah C. Peel, the founder of Patient Privacy Rights, wrote in an opinion article published in the Wall Street Journal on Wednesday.

Critics say the technology also increases the risk of medical identity theft.

"Electronic record systems that don't put patients in control of data or have inadequate security create huge opportunities for the theft, misuse and sale of personal health information," Peel said

"The privacy of an electronic health record cannot be restored once the contents are sold or otherwise disclosed," she added. "Every person and family is only one expensive diagnosis, one prescription, or one lab test away from generations of discrimination."

Since January 2005, the U.S. has suffered more than 260 million data breaches, including those covering health-related records, according to Privacy Rights Clearinghouse.

According to Open Security Foundation, 12 percent of data breaches involve medical organizations.

The Health and Human Services Department has released privacy principles and a toolkit to protect patient data and improve consumer access to their information, including individual access and limitations on the collection, use and disclosure of the data.

But that doesn't go far enough for critics.

Peel said her organization is starting a "Do Not Disclose" petition to urge Congress to pass a law to build an online registry where individuals can express their preferences for sharing their health information or keeping it private.

Pam Dixon, executive director of the World Privacy Forum said the health care sector is moving toward digitization at the speed of an ox cart, digitizing 20 percent so far, a rate she believes is appropriate because of the complexity of the industry.

"The problem is the stimulus package basically put modern jet engines on that ox cart and tipped it over," she said, noting that the money has drawn scores of vendors who provide software and cables, among others, seeking a piece of the federal funding.

"It's an old fashioned, Wild West land grab," she said. "The problem with all of this is the money is preceding safeguards for patients."

Dixon said the industry needs to modernize eventually.

"You cannot have paper files in an electronic world," she said. "But you also cannot have the Wild Wild West with patient medical data. You need a balance."