Ensuring the privacy and confidentiality of electronic health records
In 2004, President Bush announced his plan to ensure that more Americans would have electronic health records (EHRs) within ten years. Although substantial progress has been made toward achieving that goal, this progress has primarily reflected institutional interests and priorities by focusing on system architecture and technical standards. This article argues that in order for a nationwide transition to EHRs to be successful, however, the system must receive acceptance from patients and physicians. Thus, it must address and protect issues at the forefront of their concerns; namely, privacy and confidentiality. Instead of merely adopting the minimal protections afforded by the Health Insurance Portability and Accountability Act (HIPAA), the EHR system must embrace an autonomy-based, default position of full patient control over personal information, with very limited exceptions. Consequently, hard choices must be made as to the architectural and patient consent models that may involve subjugating some interoperability and comprehensiveness ambitions to principled protections of patient autonomy.