Skip to content
  • About
  • Contact
  • Contribute
  • Book
  • Careers
  • Podcast
  • Recommended
  • Speaking
  • All
  • Physician
  • Practice
  • Policy
  • Finance
  • Conditions
  • .edu
  • Patient
  • Meds
  • Tech
  • Social
  • Video
    • All
    • Physician
    • Practice
    • Policy
    • Finance
    • Conditions
    • .edu
    • Patient
    • Meds
    • Tech
    • Social
    • Video
    • About
    • Contact
    • Contribute
    • Book
    • Careers
    • Podcast
    • Recommended
    • Speaking

A deal with the devil: The security of electronic medical records

David Mokotoff, MD
Tech
August 2, 2013
Share
Tweet
Share

With the recent NSA admission of recording phone conversations of US citizens, there has been renewed interest in the right to privacy. For the record, it is worth recalling what the Fourth Amendment to the Constitution says.

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

One can debate the NSA case versus the above, although I happen to agree with the ACLU that it is a constitutional breach. However, what about our health records? It has long been held that these should enjoy secure protection as well from public discovery. HIPAA laws reaffirmed this. However, in reality, it seems that violations of record privacy are far from rare.

Recently, it was discovered that approximately 3,300 Floridians’ confidential prescription drug information, stored in a statewide prescription drug database known as E-FORSCE, ended up in the hands of third parties without the knowledge or consent of the individuals whose prescription drug information was released.

The Electronic-Florida Online Reporting of Controlled Substances Evaluation program (E-FORCSE) is the Florida Prescription Drug Monitoring Program (PDMP). The PDMP was created by the 2009 legislature in an initiative to encourage safer prescribing of controlled substances and to reduce drug abuse and diversion within the state of Florida. It was set up after years of public outcries of how easy it was to purchase narcotics at pain clinics. The purpose of the PDMP was to provide the information that will be collected in the database to health care practitioners to guide their decisions in prescribing and dispensing highly abused prescription drugs.

Furthermore, the Florida Department of Health’s webpage states, “E-FORCSE complies with the Health Insurance Portability and Accountability Act (HIPAA) as it pertains to protected health information (PHI), electronic protected health information (EPHI), and all other relevant state and federal privacy and security laws and regulations. The information collected in the system will be used by the PDMP to encourage safer prescribing of controlled substances and reduce drug abuse and diversion within the state of Florida.”

How the above breaches in privacy happened are still under investigation. Yet, it seems that for every advance in electronic health records, there is a darker side of how to safeguard the information. Everyday, we use our smart phones to access banking and retail information. When done via a wireless network, the security is weak, at best. However, many of us readily give up some rights of privacy for the ease of commerce. Many of us understand and agree to this risk/benefit deal, but many do not. Recent revelations of retail stores tracking customers’ visits inside their stores via wireless networks and mobile phones seemed to shock us as well.

With or without our knowledge, we have made a bargain with the devil.

But if we cannot trust privacy when dealing with a healthcare provider, be it a doctor’s office, clinic, or hospital, then whom can we trust? Indeed, this privacy trust is stated in the Hippocratic oath, taken by physicians at the time of graduation from medical school 

“What I may see or hear in the course of the treatment or even outside of the treatment in regard to the life of men, which on no account one must spread abroad, I will keep to myself holding such things shameful to be spoken about.”

In some ways the electronic health record has made it harder to contravene privacy, since it requires an electronic consent that you are involved in caring for a patient before viewing the record. In the old days of paper charts, one could simply grab a chart and review information without being caught. But how often and forcefully these electronic record infractions are monitored are questionable.  Worse, doctors frequently walk away from computers logged-in, making it all too easy for someone to access any patient information for which they do not have privileges.

My feeling is that if properly administered, the EHR is far more secure than paper. Yet, no system is perfect, and if an ingenious hacker can find his or her way into the Department of Defense database, then surely, a medical electronic record can’t be all that hard for the highly determined and nefarious techno criminal.

The somewhat surprising lack of public outrage over the NSA phone tapping brouhaha indicates to me that the public has already relinquished its right to privacy in its mind. This is sad and regrettable. The price of convenience should not have to come with loss of privacy as part of the bargain. There is much that I disagree with the ACLU about, but in this case, I believe they are correct. EHR vendors have to do a better job of making the systems more secure, and those empowered in monitoring this security need to better job. And healthcare providers need to be cognizant of this as well, like always closing your EHR account before walking away from a computer screen.

ADVERTISEMENT

Thomas Jefferson said it best. “I would rather be exposed to the inconveniences attending too much liberty than those attending too small a degree of it.”

David Mokotoff is a cardiologist who blogs at Cardio Author Doc.  He is the author of The Moose’s Children: A Memoir of Betrayal, Death, and Survival.

Prev

Disruptive technology in medicine has the ability to heal or harm

August 2, 2013 Kevin 1
…
Next

MKSAP: 76-year-old woman with dizziness and palpitations

August 3, 2013 Kevin 0
…

Tagged as: Health IT

Post navigation

< Previous Post
Disruptive technology in medicine has the ability to heal or harm
Next Post >
MKSAP: 76-year-old woman with dizziness and palpitations

ADVERTISEMENT

More by David Mokotoff, MD

  • How tunnel vision can lead to bad medicine

    David Mokotoff, MD
  • Why doctors don’t like to retire

    David Mokotoff, MD
  • The unscientific lure of antibiotics

    David Mokotoff, MD

More in Tech

  • 3 tips for using AI medical scribes to save time charting

    Erica Dorn, FNP
  • Would The Pitts’ Dr. Robby Robinavitch welcome a new colleague? Yes. Especially if their initials were AI.

    Gabe Jones, MBA
  • Generative AI 2025: a 20-minute cheat sheet for busy clinicians

    Harvey Castro, MD, MBA
  • Why public health must be included in AI development

    Laura E. Scudiere, RN, MPH
  • Here’s what providers really need in a modern EHR

    Laura Kohlhagen, MD, MBA
  • AI and humanity in health care: Preserving what makes us human

    Harvey Castro, MD, MBA
  • Most Popular

  • Past Week

    • Why are medical students turning away from primary care? [PODCAST]

      The Podcast by KevinMD | Podcast
    • Why “do no harm” might be harming modern medicine

      Sabooh S. Mubbashar, MD | Physician
    • Here’s what providers really need in a modern EHR

      Laura Kohlhagen, MD, MBA | Tech
    • How New Mexico became a malpractice lawsuit hotspot

      Patrick Hudson, MD | Physician
    • How community paramedicine impacts Indigenous elders

      Noah Weinberg | Conditions
    • Why doctors are reclaiming control from burnout culture

      Maureen Gibbons, MD | Physician
  • Past 6 Months

    • Why tracking cognitive load could save doctors and patients

      Hiba Fatima Hamid | Education
    • Why are medical students turning away from primary care? [PODCAST]

      The Podcast by KevinMD | Podcast
    • What the world must learn from the life and death of Hind Rajab

      Saba Qaiser, RN | Conditions
    • Why “do no harm” might be harming modern medicine

      Sabooh S. Mubbashar, MD | Physician
    • Here’s what providers really need in a modern EHR

      Laura Kohlhagen, MD, MBA | Tech
    • How medical culture hides burnout in plain sight

      Marco Benítez | Conditions
  • Recent Posts

    • Who will train the next generation of primary care clinicians without physician mentorship? [PODCAST]

      The Podcast by KevinMD | Podcast
    • The hidden health risks in the One Big Beautiful Bill Act

      Trevor Lyford, MPH | Policy
    • The CDC’s restructuring: Where is the voice of health care in the room?

      Tarek Khrisat, MD | Policy
    • Choosing between care and country: a dual citizen’s Independence Day reflection

      Kathleen Muldoon, PhD | Policy
    • What Elon Musk and Diddy reveal about the price of power

      Osmund Agbo, MD | Conditions
    • 3 tips for using AI medical scribes to save time charting

      Erica Dorn, FNP | Tech

Subscribe to KevinMD and never miss a story!

Get free updates delivered free to your inbox.


Find jobs at
Careers by KevinMD.com

Search thousands of physician, PA, NP, and CRNA jobs now.

Learn more

View 7 Comments >

Founded in 2004 by Kevin Pho, MD, KevinMD.com is the web’s leading platform where physicians, advanced practitioners, nurses, medical students, and patients share their insight and tell their stories.

Social

  • Like on Facebook
  • Follow on Twitter
  • Connect on Linkedin
  • Subscribe on Youtube
  • Instagram

ADVERTISEMENT

  • Most Popular

  • Past Week

    • Why are medical students turning away from primary care? [PODCAST]

      The Podcast by KevinMD | Podcast
    • Why “do no harm” might be harming modern medicine

      Sabooh S. Mubbashar, MD | Physician
    • Here’s what providers really need in a modern EHR

      Laura Kohlhagen, MD, MBA | Tech
    • How New Mexico became a malpractice lawsuit hotspot

      Patrick Hudson, MD | Physician
    • How community paramedicine impacts Indigenous elders

      Noah Weinberg | Conditions
    • Why doctors are reclaiming control from burnout culture

      Maureen Gibbons, MD | Physician
  • Past 6 Months

    • Why tracking cognitive load could save doctors and patients

      Hiba Fatima Hamid | Education
    • Why are medical students turning away from primary care? [PODCAST]

      The Podcast by KevinMD | Podcast
    • What the world must learn from the life and death of Hind Rajab

      Saba Qaiser, RN | Conditions
    • Why “do no harm” might be harming modern medicine

      Sabooh S. Mubbashar, MD | Physician
    • Here’s what providers really need in a modern EHR

      Laura Kohlhagen, MD, MBA | Tech
    • How medical culture hides burnout in plain sight

      Marco Benítez | Conditions
  • Recent Posts

    • Who will train the next generation of primary care clinicians without physician mentorship? [PODCAST]

      The Podcast by KevinMD | Podcast
    • The hidden health risks in the One Big Beautiful Bill Act

      Trevor Lyford, MPH | Policy
    • The CDC’s restructuring: Where is the voice of health care in the room?

      Tarek Khrisat, MD | Policy
    • Choosing between care and country: a dual citizen’s Independence Day reflection

      Kathleen Muldoon, PhD | Policy
    • What Elon Musk and Diddy reveal about the price of power

      Osmund Agbo, MD | Conditions
    • 3 tips for using AI medical scribes to save time charting

      Erica Dorn, FNP | Tech

MedPage Today Professional

An Everyday Health Property Medpage Today
  • Terms of Use | Disclaimer
  • Privacy Policy
  • DMCA Policy
All Content © KevinMD, LLC
Site by Outthink Group

A deal with the devil: The security of electronic medical records
7 comments

Comments are moderated before they are published. Please read the comment policy.

Loading Comments...