Ensuring the Privacy and Confidentiality of Electronic Health Records

Abstract

In 2004, President Bush announced his plan to ensure that most Americans would have electronic health records within ten years. Al- though substantial progress has been made toward achieving that goal, this progress has primarily reflected institutional interests and priorities by focusing on system architecture and technical standards. This article argues that in order for a nationwide transition to elec- tronic medical records to be successful, however, the system must re- ceive acceptance from patients and physicians. Thus, it must address and protect issues at the forefront of their concerns: namely, privacy and confidentiality. Instead of merely adopting the minimal protec- tions afforded by HIPAA, the electronic health records system must embrace an autonomy-based, default position of full patient control over personal information, with very limited exceptions. Conse- quently, hard choices must be made as to the architectural and patient consent models that may involve subjugating some interoperability and comprehensiveness ambitions to principled protections of patient autonomy.