How do I stay off the electronic medical records? I like my Doc. We are pretty informal. She got sick of me not granting authorization for e-medical records. Finally, she was just, like, “I put you into the electronic medical record. That’s just how it has to be.” I am already seeing negative results. I don’t want to make it impossible or difficult for her office to work, but I can’t have that stuff for a variety of reasons. Any practical solutions? I don’t want to change Docs - shes been my Doc for a decade, but I don’t see any other way around it. Plus, I think that I am likely to have the same hang-up with a new Doc. Thanks for any ideas you have.
You will probably have the same hang-up with a new Doc. The EMR or electronic medical record has been mandated by law and all medical records will be electronic over the next few years. Currently this mandate is behind schedule. I have been on EMR for several years with good results but like everything else including paper records things happen.
It’s not really an option. As a medical provider, I honestly wouldn’t treat someone who refused EMRs, because it’s required by my institution (and the law), and even if I were private practice, if it’s how my system worked, I’d need to keep that consistent, because good record keeping is essential for both good care and legal reasons (and from experience I can tell you, it works much better with EMRs than paper). EMRs also work so much better in terms of sharing information across providers, which is essential with a disease like diabetes which typically needs to involve multiple specialists eventually. You may be able to find a doctor still behind the times, but I would honestly question what else is not up to date with them if they aren’t planning to move to EMRs shortly.
You may however be able to ask for extra security around your EMR. For example, in hospital networks, certain files are marked as higher security (anyone who works within that hospital, celebrities/VIPs where someone might be more likely to want to access their record for non-medical reasons), and for those files, people have to go through a much more deliberate process to access them/log their reason, and it’s reviewed. (Other files are subject to spot checks re: who is accessing them and if it makes sense, but it’s less systematic and you don’t have to go through that process in the system to access them.) Not all files are marked this way, because it really is kind of a pain, and it would probably lose its effectiveness if they had to review each file to this degree. But if you have a particular reason for being concerned about someone accessing your EMR records unscrupulously, you can discuss that with your doctor (or their admin most likely) or the hospital records admins, and they may be able to help you out.
Are you asking about EMRs or EHRs?
The difference, as I understand it, is EHRs allow your health info to move with you from practice to practice, whereas the EMR lives “within” an individual practice (used for billing, coordinating benefits/payments from insurers, etc).
Having worked in a practice, if a patient specifically requested NO EMR, it would create an absolute billing nightmare for the staff if any type of insurance was involved (aka - way, way more time spent for the practice to receive payment, keep track of how current your account is, etc). Even if you were self-pay, I just tend to think, OY!
And when the manual paperwork hit the insurance it would be put into the computer system anyway. Any outside labwork performed would be in the lab company computer system even if the requisition is a paper req. Any prescriptions at national chains are in their computer even if from a paper prescription.
I think it would really depend on the particular reason for the request. Depending on the need, there may be no practical solution.
I understand where @mohe0001 is coming from, maybe I’m too old school but I don’t trust the electronic means that are used. I see it like this, Once my records leaves the confines of my doctors office I feel they become unsecured. The medical community is doing very little to reassure old fogies like me.
As it is now my files are uploaded to a separate entity, its nice to be able to view them online but I worry about who else can see them, many a company is being hacked these days. I don’t believe they can be truly secured.
I know this is a good thing but they need to do more to convince me.
Here’s my confusion. We used to have to sign a piece of paper stating that we ‘agreed to the digitizing of our medical records.’ I refused to sign and have thus been protected for some time. Perhaps something has changed, anybody know what?
@Stemwinder_Gary, the ‘old fogies’ are right. The young fogies agree with you wholeheartedly. More than you ever wanted to know here: Healthcare data security Please see the reference list if you are genuinley interested. Medical/hospital records are some of the most insecure and frequently breached records that exist. Healthcare records cost more, on the black market, than financial records. That’s because one can cancel a credit card, but one cannot cancel their healthcare data. Once its out there, its there for good. Breached healthcare records often include credit card information - so, its a 2 for 1. Healthcare records are also the most targeted - by hackers and by ‘insider’ attacks. 60% of hospitals have been breached (but they are rarely required to report that). Its an issue. That’s why we always had the freedom to ‘opt out.’
@Tim35
An insurer admitted this week, to my little brother, that they basically, ‘had no idea’ how to operate their database. They had the same bug for two years. It took him 20 minutes to fix it. I would expect any high school kid could have done the same. I don’t think that they are as dependent on electronic systems as they would have you believe. In fact, the industry seems to be deriving very little value from their electronic records. The burden of risk is almost entirely on patients. They are not acting as responsible stewards. Here is a link to a recent article from my local paper that demonstrates successful insurer efforts to undermine care using those records. For every instance that they are caught, how many times to they get away with it? Fraud allegations
I personally, am thankful for the electronic records…it takes on visit to an ER to realize HOW important it is…just one. The Dr and nurses were able to look at my history, past scans and make an informed decisions without needlessly repeating tests and the treatment was much more precise…so while it may sound scary, it has it’s benefits too…
Inaccuracies in my EMR at the ER has presented me with significant difficulty. Are you thankful for an inability to make corrections in those records or the fact that everyone on the planet gets access to your personal medical records/credit card information? How about when they use those records to prevent you from accessing care? What about when they provide care for conditions that you don’t have? It does more than ‘sound scary.’ It does significant, irreversible damage. I would like to ‘opt out.’ I used to have that right. I do not know where it went.If anyone can tell me, I will be very grateful.
Yes, this is the crux of the problem. We have raced to embrace on-line, e-everything because it’s the logical step to take when you have millions of patients, providers and centralized payers (gov’t, insurance providers, etc). Unfortunately, the security systems haven’t evolved as quickly and, like viruses, the hackers evolve after every attack is foiled, then the dance begins again.
@mohe0001, and everyone else, curious as to what you think the solution might be?
The problem is worse in that all attacks are not even identified. Data breaches are often not known until well after the fact. Once known, many organizations choose to keep such breach confidential even when such non-disclosure is in violation of laws at various levels of the local, state and federal governments. It often takes a whistle-blower from within an organization to make known the fact and scope of a data breach.
Anybody who claims their data is completely secure is clearly not tech savvy. Organizations can be “more secure” or “less secure”. But nobody is invulnerable.
2 Likes
My health records have been breached. A company hired by my employer to conduct biometric screening was breached. Luckily very little information was available in this company’s data base, just the information gathered during biometric screenings.
My social security number was not in this database, only my employee ID#. Since this was paid for by my employer there was no credit card information. Even though this breach caused me no apparent harm I shudder to think of the possible damage I could have suffered.
I was given a year of ID protection because of this breach.
@YogaO, all I think of is to get a new doc, which I don’t want to do. I think that I am likely to have the same problem, or a very similar one. The other option would be to not have a doctor, but then I will ave to give up my drivers license.
@Stemwinder_Gary, that’s interesting. If you don’t mind me asking, what type of biometric data did they get? Does that sort of screening ever make you nervous? I’m not that comfortable with employers collecting health information from me. Just curious what you think, as a diabetic.
Maybe I can just request a copy of my medical record (which is short because they only recently moved to EMR), and try to identify the hang up.
This is a bit of a red herring. The real risk in having your health data breached is that it may include enough other data (address, SSN, person to contact in case of emergency) that your identity may be stolen and then your credit can get trashed, your bank accounts transferred, etc.
I refuse to give my SSN to my medical providers. They simply do not have the need to know.
I refuse to give them my drivers license. I just say that I don’t have it and ask them if they are going to give me a ticket. They usually laugh and don’t care.
The drivers license (or other state issued ID) you may not be able to get away with forever or even currently with all medical providers. That particular requirement is coming down from the Feds and likely depends on how willing your provider is to push back on the Government.
With the change in administration and all the talk about Health Care Legislation at the Federal level, the Feds may not be doing significant enforcement of this sort of thing currently and might be waiting to see what ends up coming out of all of this?
In terms of the SSN, the only two (slightly) valid reasons I have heard that a medical provider (claims) to need it:
- As a unique identifier. Guess what. Not my problem.
- To be able to easily give the account to a collection agency if any follow-up billing is not paid. Guess what. Yeah. Not my problem.
A common bogus reason is that the SSN is required to process the insurance. This is erroneous. The insurance requires the Insurance ID, the subscriber name and the subscriber DOB. SSN is simply not required to process an insurance claim.
None of this applies to Medicare although I hear they are finally coming round to the new reality and starting to treat the SSN as information that should be protected.
If you think that your “paper” record is secure you are sadley mistaken. I’ve worked in health care for over 40 years and both paper and electronic charts have there issues. I remember paper charts disappearing off the face of the earth never to be found, paper charts destroyed and medical information lost forever, and charts lost in the mail. So no system is perfect. I remember nurse aids knowing more about a patient personal, medical and family life than the patient themselves because they would read the chart for a form of entertainment on slow days. At least with electronic charts nurse aids, office staff, techs, and nurses can only see information that their job entails .
@David61, point taken. I have, personally, thrown paper medical records into the trash, although I always tore them into pieces and tried to throw different pieces into different receptacles, thereby significantly decreasing the odds that they could be accessed by unauthorized individuals. I had my old, paper records sent to my Doc’s new clinic. Much to my satisfaction, they were lost in the shuffle.
Not to preach, but the concern over unauthorized access by a wayward tech represents a much smaller risk than access by an unlimited number of random dudes on the internet. The internet is a bad neighborhood. Your privacy isn’t an issue…until it is. Women worry more about this, I think. Security can really be ‘our baby.’
1 Like