The Risks of Digital Medical Records

by | Apr 29, 2008

One of the better, more balanced articles on privacy and security of medical records can be found in today’s WSJ. Unlike many articles on the subject of privacy of digital medical records, this article actually goes into some depth on the issue, what have been some of the major breaches as of late, a classic quote from Jill Dennis, a SVP at AHIMA (see below), as well as what some hospitals are doing to insure the privacy of medical records.

The internal mistakes and the internal carelessness seem to be more prevalent than the stranger from the outside trying to crack into your system. -Jill Dennis, Senior VP, AHIMA

As with just about any article in the popular press that addresses privacy and security of medical records, there is always some issue that gets skipped or is not addressed in adequate depth that would bring even greater balance to an article. As good as it is, this article misses a couple of important points:

Risk/Benefit Analysis

Article lacks any risk/benefit analysis of moving to a digital construct. Yes, there are certainly a fair share of risks as we move to digital records, but they also can bring a wealth of benefits such as better population disease management, improved diagnosis, better medication management (and minimizing adverse drug events), etc. Also, digital records may, in many cases, guarantee a higher level of security as one has to physically log-in to view a record, thereby leaving an audit trail. This is how many breaches have been caught to date. And as the SVP from AHIMA points out, risks may not be so much a function of the technology ( I would argue it has absolutely nothing to do with the technology) but of internal processes, or lack thereof, to insure proper procedures are in-place and precautions are taken.

Managing Sensitive Data

As we move to a digital healthcare environment (it is inevitable), how will the consumer manage their records more effectively and more broadly, how will providers manage these records?

The CIO, John Halamka, who had a good post last week that I referenced on the “Ideal EHR System“, has a post this week on what they are doing internally to digitize care practices via integrating all of the digital silos at Beth Israel Deaconess Medical Center here in Boston. Unfortunately, though he provides an extensive list of some 40 interconnects and interoperability touch points for their Integrated Delivery Network (IDN), nowhere in those 40 is there any mention of security and privacy.

In such a broad distributed network of providers in this region, I sure would like to know what rights I have as a customer to sequester data that I may not want to share within this network, but just with those that truly need to know. Taking this one step further beyond the IDN, as we move to a National Health Information Network (NHIN), again, how will I, as a consumer, have some say as to what is distributed in that network and who has access to it? As an extension of this theme, as more and more computing moves to the Web, e.g., MS’s announcement last week of Live Mesh, how will sensitive records such as these be managed in such cloud computing environments?

Granted, these are some tough questions, but what I want to see are some well-thought out answers and unfortunately, they seem to be too few and too far between.

To close, a couple of action items for you dear reader:
First, go over to the WSJ and take their quick poll on whether or not the digitization of medical records makes you nervous (FWIW, I answered No). Somewhat surprising to me, I am in the majority with two-thirds of voters casting a No vote.

Second, the Healthcare IT consulting firm Kroll did a report with HIMSS Analytics on data security and privacy. They published a report a couple of weeks ago and as serendipity would have, will be sponsoring a webcast today at 2pm EST. Here’s the link to register.


  1. WEL


    I had eye surgery and in the post-op pack was MAXIDEX(dexamethasone) drops by Alcon Labs.

    Two days later I was BLIND

    Use Google and enter EPOCRATES MAXIDEX to verify

  2. John

    What exactly is your point in referencing Maxidex here. Your comment is not that relevant to the post.

    Also, took up your suggestion and did a quick search on Maxidex. Like any drug, there is the potential for an adverse reaction but I did not find anything particularly unusual about this drug if it is administered properly. That is not to debase your comment, which if true, is truly tragic. But please, relate this issue to the post.

  3. alex

    “Digital Medical Records” Alex Papas, the creator and developer of the prepaid phone card in the United States has just created a new medical breakthrough called the MedeFile Card. MedeFile’s centralized, confidential electronic portfolio gives you 24/7 access to your medical history. No more wasting time and filling out paperwork when you go to the doctor or the hospital. All Medefile Card members get a free MedeDrive (a small usb drive) that fits on your key chain, so now, just hand your MedeDrive to the receptionist its that simple…Imagine that you, your parent, or your child has suddenly become ill. You are in a place where no one knows you, your blood type, what medications you are on, or what allergies they have. Quick decisions could mean the difference between life and death. Each year the lack of accurate medical information or the wrong information takes a terrible toll. With MedeFile you can be better prepared with vital information should such an emergency arise. Alex Papas is donating $100 million in Medefile Cards to everyone and there families.Your Medical records are going Green. For more info go to Or contact Alex Papas at



  1. Keeping Medical Records Safe « Chilmark Research - [...] 8, 2008 by John Last week, I wrote a post addressing the risks of digital medical records and referenced…
Submit a Comment

Your email address will not be published. Required fields are marked *

Related Content

Introducing the Health Impact Project

Introducing the Health Impact Project

The imperative for a new value assessment mindset in healthcare IT Early on in my taking the helm of Chilmark at the beginning of this year, it dawned on me how many new conversations I was seeing happen in the space about the difficulty assessing the value of IT in...

read more
A Redeterminations Disaster

A Redeterminations Disaster

The necessity of patient engagement with Carrie Kozlowski and Ed Marx In this episode of the Chilcast, Managing Partner John Moore is joined by Carrie Kozlowski, COO and co-founder of Upfront Healthcare, and Ed Marx, CEO and Founder of Marx Advisory and host of the...

read more
Powered By MemberPress WooCommerce Plus Integration