According to the Australian Privacy Foundation, EHRs include the following privacy and security issues:
- consent - only enrolling people in an EHR system if they consent to be included
- transparency - allowing people to understand clearly how the system will work, and who can access what information in different circumstances
- control over the record - allowing patients to exercise some control over who can see which parts of their health record
- collection limitation - the system should only collect information that is relevant to a person's health record
- data security - ensuring the IT systems, policies and procedures in place is designed to minimise the chance of unauthorised access, modification, disclosure or deletion
- accuracy - ensuring the information in the record is correct, and is assigned to the correct person
- access and correction rights - ensuring people can access their own record easily, and can make corrections if they find mistakes
- use limitation - setting out who can access and use the health record, and who can add new information into it
- protection from disclosure - limiting the circumstances in which health information from the EHR can be disclosed by a clinician or by the organisation running the EHR database
- anonymity - not impinging on people's ability to seek healthcare anonymously
- identifiers - preventing unique identifiers development for an EHR system being used outside the health sector as a defacto "national identification number"
Privacy risks inherent in any system of EHRs include:
- the system by which patients can access their own records has poor security, so that the wrong people may easily gain access to patient records by posing as the patient (e.g. through guessing passwords, phishing, intercepting mail or email, or stealing token "keys")
- the system has poor online security, so that the wrong people may gain access to patient records by hacking into the database
- someone "inside" the system accesses patients' records for inappropriate reasons (e.g. to find our their ex-girlfriend's new address)
- a clinician allowed to see patient records then uses or discloses the information for an unauthorised purpose (e.g. selling patient records to a pharmaceutical company)
- the very existence of a consolidated health record will lead a patient's employer or insurance company to demand a copy of the full record from the patient, before they get the job or insurance cover
Click here for an overview of articles concerning EHR in Australia.
According to the website of the Canadian Health Ministry, "The development and implementation of effective, interoperable Electronic Health Record solutions in Canada is an immediate priority of Next link will open in a new window Canada Health Infoway Inc., an independent, not-for-profit corporation initiated as the result of the Canadian federal government's announcement in September 2000 to accelerate the development and adoption of modern systems of information technology in health care."
More information can be found on the website of Canada Health Infoway, or go directly to their most recent business plan.
A 2006 report by the Courtyard Group, "Status of EHR Adoption in Canada", does not mention patient record access.
Click here for an overview of articles concerning EHR in Canada.
The EHR is a core part of the developing Estonian e-Health Information System.
The goal is to have the EHR implemented at the beginning of 2009. Pilot studies have started in 2007 (more information in English).
Click here for an overview of articles concerning EHR in Estonia.
In July 2007 the Dutch government accepted a proposed law for the introduction of an EHR by 2009. The law still has to pass the chambers of parliament. The introduction of the EHR will be done in phases, the EMD (electronical medication record - document in English) and the WDH (electronic locum record - document in English) being the first parts to be implemented. For more information see the site of the Dutch Health Ministry.
On a limited scale small EPD projects have been installed in the Netherlands. Here a list of pilots and providers:
Concerning Patient Record Access, the government is establishing a programme, which is now in a pilot stage (see here).
There is a national EHR information site and a national record access discussion site.
October 2007 a study was published by mr. J. Bonthuis "Privacy en het landelijk Elektronisch Patiënten Dossier (EPD)" (privacy and the national EHR).
Click here for an overview of articles concerning EHR in The Netherlands.
In the United Kingdom, the legal underpinning to RA includes the Access to Medical Records Act, the Data Protection Act and the Freedom of Information Act.
The Freedom of Information Act 2000
- Access to Medical Reports Act 1988
establishes a right of access by individuals to reports relating to themselves provided by medical practitioners for employment or insurance purposes (subject to exceptions, broadly similar to those for the Data Protection Act, described below).
The Data Protection Act 1998 states that patients or anyone authorized by the patient, parents of children under 16 or a 'Gillick competent' child are entitled to access their medical records. Access can only be denied where the information:
may cause serious harm to the physical or mental health, or condition of the patient or any other person
- may relate to or be provided by a third person who had not consented to the disclosure.
gives people a general right of access to information held by or on behalf of public authorities. The Act provides that information is exempt if, inter alia, its disclosure under the Act would, or would be likely to
endanger the physical or mental health of any individual, (including the applicant, the supplier of the information or anyone else)
endanger the safety of any individual.
The Copying Letters to Patients initiative (DOH (2003)
enabling patients to see all letters written about them does not have any legal underpinning but raises many of the same issues as RA. It is slowly being adopted across the NHS, with general acceptance by patients and clinicians.
For a discussion on the "sealed enveloppe" issue, see:
Sealed envelope safety risk raised by BMA
e-Health Insider Primary Care, July 3, 2006
Click here for an overview of articles concerning EHR in the United Kingdom.
In the USA there is presently a large discussion going on about privacy and legal issues. Important documents are:
- The Summary of the HIPAA Privacy Rule, Department of Health & Human Services, March 2005.
- Recognized Ambulatory Electronic Health Record (EHR) Certification Criteria, CCIT, May 2006.
- Domestic and Offshore Outsourcing of Personal Information in Medicare, Medicaid and TRICARE, GAO, September, 2006.
- In June 2006, a number of World Privacy Forum, Delivered the following report before the National Committee on Vital and Health Statistics (NCVHS) Subcommittee on Privacy and Confidentiality: Electronic Health Records and the National Health Information Network: Patient Choice, Privacy, and Security in Digitized Environments.
Click here for an overview of articles concerning EHR in the USA.