February 27, 2001, 2:41 PM — "When a doctor e-mails a patient, he doesn't know who's actually picking up that mail, how quickly it's being read or what frame of mind the patient is in when he gets it."
-John Glaser, CIO, Partners HealthCare System
Your head's been stuffed for weeks, and you don't know why. Having gone to an allergist for a round of tests, you leave with a PIN, a password and a URL. This allows you to log in to a secure, personalized website to check the results of your tests, send your doctor a question via e-mail and schedule a follow-up appointment. While you're on the site, you take a look at your medical record and notice it lists a medication you're no longer taking. You e-mail the hospital records department to make the change and, just for good measure, add a list of herbal supplements you take at home. It's just the kind of accurate, convenient, cooperative interaction that has the potential to tilt the power balance in medicine back toward the patient.
But what if you weren't waiting for allergy medicine?
What if you were awaiting results from a test for pregnancy, HIV or prostate cancer?
What if your doctor's e-mail reply was picked up by your spouse, coworker or a stranger bent on mischief?
What if the person looking at that medical record wasn't you but a bored admissions clerk idly surfing the hospital's intranet, or your nosy neighbor who happens to be in the office of a small debt-collection agency, or your ex-spouse's attorney gathering evidence to be used against you in a child-custody case?
What was convenient and empowering can quickly become an invasion of privacy. If consumers are cautious with their credit cards online, imagine their concern when the most intimate details of their body and mind are computerized and circulated to a potentially wide audience for myriad reasons, often without their knowledge or expressed informed consent.
Yet make no mistake about it: Electronic medical records are coming, slowly but inevitably, to a health-care facility near you. The "carrot" is cost savings. One study, by the Workshop on Electronic Data Interchange, estimated that the health-care industry could save at least $73 billion annually by adopting electronic data-exchange practices. The "stick" is the federal government. Frustrated with HMOs' high bureaucratic costs, the Department of Health and Human Services has mandated, through its Health Insurance Portability and Accountability Act of 1996 (HIPAA), that large health-care organizations be prepared to adopt more cost-effective, uniform procedures for exchanging digital data with their business partners by 2002, with smaller companies to follow suit a year later.