Privacy rules hamper adoption of electronic medical records, study says

Choice for policy-makers may be between tough patient privacy rules and speedy EMR deployments, researchers claim

In a study that is unlikely to find favor among privacy advocates, researchers from two academic institutions warned that increased efforts to protect the privacy of health data will hamper the adoption of electronic medical records systems.

The study, conducted by researchers at MIT and the University of Virginia, said EMR adoption is often slowest in states with strong regulations for safeguarding the privacy of medical records.

On average, the number of hospitals deploying EMR systems was up to 30% lower in states where health care providers are forced to comply with strong privacy laws than it was in states with less stringent privacy requirements. That's because privacy rules often made it harder and more expensive for hospitals to exchange and transfer patient information, thereby reducing the value of an EMR system, the study found.

"Despite EMR's effectiveness at and improving baseline indicators of patient health, hospitals are deterred from adopting it by strong health care privacy laws," the study states.

The results of the research, which looked at EMR adoption in 19 states over a 10-year period, was originally presented at a Federal Trade Commission workshop in April 2008. It was publicly released only this week following its acceptance in the journal Management Science, an MIT spokesman said.

The research suggests that there's a trade-off between achieving fast adoption of EMR technology and strong health care privacy laws, said Catherine Tucker, an assistant professor of marketing at MIT's Sloan School of Management and one of the report's authors. In general, while medical privacy is a good thing, it doesn't always allow for quick adoption of EMR systems, she said.

"What we found was that privacy laws are getting in the way of hospitals'" trying to exchange information with one another, Tucker said. "Policy-makers are going to have to choose how much EMR adoption they want and at what cost to patient privacy."

It's a viewpoint that is unlikely to sit well with privacy advocates, who are already nervous about the accelerated move to a nationwide EMR system under a health care modernization program announced by President Obama earlier this year. The Health Information Technology for Economic and Clinical Health Act was introduced by Obama as part of the economic stimulus package earlier this year. It provides $20 billion for the creation of a national electronic health records system that would fundamentally improve the way health information is electronically accessed, stored and shared.

Health care security experts and privacy advocates cautiously lauded the bill for the many provisions it includes for protecting patient health care data. However, they claimed it doesn't go far enough in addressing all the privacy concerns raised by the use of EMR systems, although they have acknowledged the bill is a step in the right direction.

Among the welcomed provisions are those that require health care organizations and professionals to implement better controls over who can access and share different categories of medical information. Also seen as long overdue is a provision that prohibits health care providers from selling protected health information in electronic medical records and imposes limitations on the marketing of such data.

Such requirements have been considered long overdue in the health care sector. "However, if the end result of Obama's new privacy legislation is to add extra layers of complexity and necessitate hospital-specific customization of privacy filters, then there is the potential for there to be a negative effect," Tucker said.

Hospitals and other health care entities are often reluctant to implement an EMR system if it requires a lot of customization in order to accommodate privacy requirements, she said. For example, if a state law allows only specific groups of people within an organization to access specific kinds of medical information, a hospital might need to implement filters and access controls to comply with the requirement, she said. Such customization also can be costly, which is another factor that results in slower adoption of EMR in states with stringent privacy requirements, Tucker said.

Deven McGraw, director of the health privacy project at the Center for Democracy and Technology, blasted the study's conclusions. She said the study was based on old data and didn't consider all of the factors that a health care organization would typically look at when deciding whether to adopt an EMR system.

The study simply looked at whether a state has a medical privacy law and then looked at EMR adoption in that state to draw its conclusions, McGraw said. What it doesn't appear to have done is to examine whether other important factors, such as funding and business value, might have also had an impact on EMR adoption. Often health care providers point to those two issues as being the two most important considerations when making decisions on EMR systems, she said. As a result, the study is "not of much value," she said.

"We just had $19 billion put on the table by the federal government to spur adoption of electronic medical records," McGraw said. "There's been an acknowledgment by this Congress that you need privacy protections," for people to begin trusting their health care data to EMR systems. Trying to suggest at this stage that policy-makers might have to choose between privacy and speedy adoption of EMR technology is disingenuous, she said.

Deborah Peel, who founded and chairs the Patient Privacy Rights Foundation in Austin, also slammed the study. Suggesting that privacy protections could hamper adoption of e-health systems is "preposterous," Peel said. The fact that only about 5% of hospitals nationwide have implemented EMR systems thus far has nothing to do with privacy issues, she added.

"There are many reasons why there is low adoption, but privacy is not one of them," Peel said. EMR systems are costly and can be "prone to errors and glitches," she added. "A lot of them don't work well, so hospitals and physicians don't like them."

Join the discussion
Be the first to comment on this article. Our Commenting Policies