Medical Records and Privacy Rights: The Unintended Consequences of Aggregated Data in Electronic Health Records

In an era of rapid-pace technological innovation and political focus on healthcare, the federal government is pushing for nationwide interoperability of electronic health records. While there are many benefits from such a program, the lack of federal or state privacy regulations for patients\u27 personal data opens up the possibility of widespread dissemination of private and sensitive information. This inattention to privacy will cause major problems if exploited. Currently, there are no federal or Colorado laws that protect against potential privacy violations and provide recourse for a patient if a medical professional decides to insert nonmedical information, such as information about the patient\u27s housing status, into a patient\u27s electronic health record without the patient\u27s prior consent. Although innocuous enough when only the doctor has access to this record, with the increased use of health information exchanges, this information can be disseminated to thousands of healthcare providers around the country. This Comment argues that a comprehensive privacy protection act is critical and long past due for patient protection in the quickly evolving intersection of health care and technology

E-Health Hazards: Provider Liability and Electronic Health Record Systems

In the foreseeable future, electronic health record (EHR) systems are likely to become a fixture in medical settings. The potential benefits of computerization could be substantial, but EHR systems also give rise to new liability risks for health care providers that have received little attention in the legal literature. This Article features a first of its kind, comprehensive analysis of the liability risks associated with use of this complex and important technology. In addition, it develops recommendations to address these liability concerns. Appropriate measures include federal regulations designed to ensure the quality and safety of EHR systems along with agency guidance and well crafted clinical practice guidelines for EHR system users. In formulating its recommendations, the Article proposes a novel, uniform process for developing authoritative clinical practice guidelines and explores how EHR technology itself can enable experts to gather evidence of best practices. The authors argue that without thoughtful interventions and sound guidance from government and medical organizations, this promising technology may encumber rather than support clinicians and may hinder rather than promote health outcome improvements

Promoting Healthcare Innovation on the Demand Side

Innovation policy often focuses on the incentives of firms that sell new products. But optimal use of healthcare products also requires good information about the likely effects of products in different patients, and it is hard to provide the right incentives for producers to develop and disclose information that could limit future sales. Regulation partially fills this gap by requiring sellers to conduct clinical trials and report adverse events. But it is inherently problematic to rely on producers to supply negative information about their own products. Healthcare payers, however, can profit from avoiding inappropriate use of costly technologies. Recent technological advances enable insurers to innovate by analyzing their data about healthcare provision and outcomes. The federal government seeks to promote this sort of innovation through a series of initiatives; some picture insurers as passive data repositories, while others provide opportunities for insurers to innovate more directly. In this paper, we examine the role of health insurers in developing new knowledge about the provision of quality healthcare—what we call “demand-side innovation.” We address the contours of this underexplored area of innovation and describe the behavior of participating firms. We examine the legal rules surrounding privacy and their effects on this research, and consider the effect of market structures and intellectual property rules on incentives for demand-side innovation. Throughout, we highlight the multi-pronged way that government facilitates payer innovation, apart from the traditional tools of innovation policy

Health IT Legislation in the United States: Guidelines for IS Researchers

In this tutorial, I review the most pressing legal issues that health information systems (IS) professionals face and how health information technology (IT) legislation drive them. The issues I discuss include the confidentiality and security of electronic protected health information, meaningful use of health IT, health information exchanges, and information governance. I also provide directions for future research

Security Strategies of Electronic Health Record Systems

Users of electronic health record (EHR) systems lack data security mechanisms and are at risk of patient data breaches. Grounded in routine activities theory, the purpose of this qualitative case study was to explore strategies information technology security managers in the health care industry use to minimize electronic health record data breaches. The participants were nine information security managers of large, medium, and small health care organizations in the Midwest United States. Data collection included semistructured interviews and organizational documents. Through methodological triangulation, three themes emerged: (a) requirements based on government and organizational regulations, (b) implementation of best practice industry-standard security measures, and (c) emerging interoperability with a security and privacy program. A key recommendation is for information security managers to understand the motivations and triggers of positive behavior change that minimizes organizations\u27 external and internal data breaches. The implications for positive social change include the potential to enhance the security presence and reputation of the health care organizations

Finding a Cure: The Case for Regulation and Oversight of Electronic Health Record Systems

In the foreseeable future, it is likely that the familiar, paper-based patient medical files will become a thing of the past. On April 26, 24, President George W. Bush announced a plan to ensure that all Americans\u27 health records are computerized within ten years and to establish a National Health Information Network. Many advocates are enthusiastically promoting the adoption of health information technology (HIT) and electronic health record (HER) systems as a means to improve U.S. health care. HER systems often not only serve as record-keeping systems, but also have multiple capabilities, including drug ordering, decision support, alerts concerning patient allergies and potential drug interactions, reminders concerning routine tests, and various treatment management and data analysis tools. Because these capabilities require sophisticated software, significant risks of software failure exist, which can lead to life-threatening medical errors. Thus far, scholars have not provided a comprehensive assessment of the benefits and risks of this complex technology and evaluated the need for careful regulatory oversight akin to that required, in principle, by the FDA for life-critical medical devices. This paper begins to fill that gap. It analyzes HER systems from both legal and technical perspectives and focuses on how the law can be used as a tool to promote HIT. It is the first law journal article to provide an extensive proposal for regulations to maximize the technology\u27s benefits and reliability. We argue that the advantages of HER systems will outweigh their risks only if these systems are developed and maintained with rigorous adherence to best software engineering and medical informatics practices. To ensure that these goals are achieved, regulatory intervention is needed. The paper carefully delineates recommendations that address the questions of who should regulate HER systems and how they should be regulated, including their approval and continual monitoring. It also proposes requirements for several significant features, including decision support mechanisms, audit trails, and interoperability. Because HER systems are safety-critical, the public\u27s health and welfare will depend upon their effective oversight

Data driven health system

Thesis (S.M.)--Massachusetts Institute of Technology, Engineering Systems Division, 2013.Cataloged from PDF version of thesis.Includes bibliographical references (p. 106-110).Effective use of data is believed to be the key to address systemic inefficiencies in health innovation and delivery, and to significantly enhance value creation for patients and all stakeholders. However, there is no definition for health data. Rather, data in health is an assortment of observations and reports varying from science to clinical notes and reimbursement claims that emerge from practice rather than design. What is health data? In this thesis we try to answer that question by looking at the system of health almost exclusively as a system that generates, transforms, and interprets data. We overview the different meanings data has throughout the health system, we analyze systematically the inefficiencies and trends as they emerge from data, and propose a new architecture for the system of health in which data is not present by accident. The result of this thesis is a new architecture for the system of health that is consistent with its present state but also consistent with a future learning system and a redefinition of value in health care that is patient and information centric.by Melissa Beth Rosen Ceruolo.S.M

Finding a Cure: The Case for Regulation and Oversight of Electronic Health Record Systems

In the foreseeable future, it is likely that the familiar, paper-based patient medical files will become a thing of the past. On April 26, 24, President George W. Bush announced a plan to ensure that all Americans\u27 health records are computerized within ten years and to establish a National Health Information Network. Many advocates are enthusiastically promoting the adoption of health information technology (HIT) and electronic health record (HER) systems as a means to improve U.S. health care. HER systems often not only serve as record-keeping systems, but also have multiple capabilities, including drug ordering, decision support, alerts concerning patient allergies and potential drug interactions, reminders concerning routine tests, and various treatment management and data analysis tools. Because these capabilities require sophisticated software, significant risks of software failure exist, which can lead to life-threatening medical errors. Thus far, scholars have not provided a comprehensive assessment of the benefits and risks of this complex technology and evaluated the need for careful regulatory oversight akin to that required, in principle, by the FDA for life-critical medical devices. This paper begins to fill that gap. It analyzes HER systems from both legal and technical perspectives and focuses on how the law can be used as a tool to promote HIT. It is the first law journal article to provide an extensive proposal for regulations to maximize the technology\u27s benefits and reliability. We argue that the advantages of HER systems will outweigh their risks only if these systems are developed and maintained with rigorous adherence to best software engineering and medical informatics practices. To ensure that these goals are achieved, regulatory intervention is needed. The paper carefully delineates recommendations that address the questions of who should regulate HER systems and how they should be regulated, including their approval and continual monitoring. It also proposes requirements for several significant features, including decision support mechanisms, audit trails, and interoperability. Because HER systems are safety-critical, the public\u27s health and welfare will depend upon their effective oversight

Slouching Toward Open Innovation: Free and Open Source Software for Electronic Health Information

This Article argues that some software markets are more favorable for open source approaches than others. Using a case study of one particular software market, this Article develops a tentative framework of factors characterizing markets likely to disfavor contemporary approaches in free and open source software

Fighting Cybercrime After \u3cem\u3eUnited States v. Jones\u3c/em\u3e

In a landmark non-decision last term, five Justices of the United States Supreme Court would have held that citizens possess a Fourth Amendment right to expect that certain quantities of information about them will remain private, even if they have no such expectations with respect to any of the information or data constituting that whole. This quantitative approach to evaluating and protecting Fourth Amendment rights is certainly novel and raises serious conceptual, doctrinal, and practical challenges. In other works, we have met these challenges by engaging in a careful analysis of this “mosaic theory” and by proposing that courts focus on the technologies that make collecting and aggregating large quantities of information possible. In those efforts, we focused on reasonable expectations held by “the people” that they will not be subjected to broad and indiscriminate surveillance. These expectations are anchored in Founding-era concerns about the capacity for unfettered search powers to promote an authoritarian surveillance state. Although we also readily acknowledged that there are legitimate and competing governmental and law enforcement interests at stake in the deployment and use of surveillance technologies that implicate reasonable interests in quantitative privacy, we did little more. In this Article, we begin to address that omission by focusing on the legitimate governmental and law enforcement interests at stake in preventing, detecting, and prosecuting cyber-harassment and healthcare fraud