Fear of lost privacy costs lives

Avoidable medical errors -- so-called preventable adverse events, or PAEs -- contribute to the deaths of approximately 400,000 Americans each year. That makes PAEs the third leading cause of fatalities in the United States, behind heart disease and cancer. They are responsible for four times as many deaths as the number of people who perish from gun violence, breast cancer and automobile accidents combined.

We think that personal electronic health records, sometimes called PHRs, are an underutilized antidote to this problem; and that a perceived barrier to their adoption is a disproportional fear -- actively and cynically promoted in some circles -- that patients are at great risk of losing their privacy if their records are electronic, interoperable, accessible and shared.

Unfortunately, the discussion about poorly digitized medical practices and their contribution to the demise of nearly half a million lives annually is confined within the walls of hospitals, research institutions and the merchants of electronic medical records. And the first defense of inaction raised is almost always the well-flogged piñata of lost privacy.

Public response has been lackluster, we believe, for three reasons: shrill voices carry; the lexicon of encryption and breach is generally uninviting; and many Americans persist in their blind trust of clinical care. In other words, public response is muted because demand is diluted. The topic is relegated to the debates of policy wonks, which is exactly what the industry wants.

Our position, however, is that the societal and personal benefits of digitizing health information far outweighs the liabilities of scalable breach. We believe we keep the potentially life-changing -- and in many instances life-saving -- innovation of PHRs at arm's length to our peril.

This anxiety is nourished by all sides -- patient advocates and health institutions -- and with good reason. Patient data has been breached and continues to be hunted by determined criminals from all corners of the world. The economic costs of exposed health information are staggering, and the intangible costs of intrusion -- from lost employment opportunities to stigmatized social engagement -- are incalculable. In contrast to the nuisance of stolen financial and identity information, both of which are remediable, there is no mechanism to reverse the entropy of lost privacy.

Yet there must be a middle ground for patients whose priority is not lost privacy, but diminished health. Instead of allowing ourselves to be paralyzed by fear, tolerating inoperable data siloes in some cases and actually building them in others, we should embrace the lifesaving and revolutionary changes offered by safely putting our health information online. In government, the Defense and Veterans Affairs departments are working hard to do just that, but there's so much more that could be done.

PHRs that record a patient’s encounters, medicines, immunizations, surgeries, hospitalizations, appointments, and even costs and covered services would enable doctors to better coordinate care and avoid mistakes. Researchers and value-added service providers can leverage de-identified patient data to find trends and extract new information that enhances and saves lives. For example, Advera Health Analytics is on the vanguard of detection of (anonymized) adverse drug reactions, while Medecision has developed a suite of care coordination tools that analyze electronic medical records and claims data for their health system and health insurance customers.

We by no means advocate weak rules or lower responsibilities for those who collect and store personal health information. The reality is that we are all vulnerable to inter-networked threats -- but it is also true that security could be vastly improved by taking several relatively straightforward steps, like better passwords (for individuals) and stronger containers (for companies and government). If enough people demand easier access to and a safer way to share their personal health information, they will get it. This is not a technical problem anymore.

We make this case on Data Privacy Day -- a day to raise awareness for Americans to own and protect their online presence -- because our community's message about electronic health records should not just be frightening; it should be empowering. We think sincere but misplaced arguments about privacy run the risk of obscuring the real advantages of secure PHR ownership.

The potential of a complete, accessible, secure and ubiquitous personal health record infrastructure will save thousands of American lives from fatal medical error. It will also enable research science to improve care to millions of others. So on this Data Privacy Day, we call on Americans to consider what it means to "own your data."

We join our colleagues in promoting smart, protected use of your information. But let's also recognize the enormous positive power we unleash when we direct our data for social and personal good. We ought to enable, not restrict, that choice.