Watch CBSN Live

Q&A: Electronic Health Records And You

Chuck Morton's family suffered three disruptive data breaches when its bank, its credit union, and a credit card processor were penetrated by hackers on separate occasions. The laborious process of closing and reopening accounts took them weeks.

So it's little surprise that Morton, who lives in Greensboro, N.C., and is in his late 40s, was not exactly delighted when he realized that his medical records would be computerized too.

"I don't know who has access to that information, who's selling it, who's doing what with it," Morton said. "Can you imagine someone showing up and saying, 'I'm going to extort some money out of you?'" After discussions with his physician, Morton said he's managed to keep his medical record largely offline.

If a recent federal law is as successful at promoting computerized medical records as its backers hope, Morton may become part of a shrinking minority of Americans. The stated goal of the stimulus bill that President Obama signed in February is sweeping and optimistic: "utilization of an electronic health record for each person in the United States by 2014."

To answer some common questions about electronic medical records and how they might affect you, CNET News has prepared the following list of frequently asked questions:

What do people mean by electronic medical records?

Instead of having your medical history saved in paper files, it would be computerized and stored electronically. That promises some obvious automation benefits and could reduce mistakes such as improper medications prescribed, but it raises new questions about privacy and security. For instance, a burglar breaking into a doctor's office would be able to access hundreds of physical files, but a hacker breaking into a database could abscond with millions.

Some of the advantages of electronic medical records come only if older paper records are scanned or incorporated into the new system, a laborious and expensive process.

What are the promised benefits of electronic medical records?

Supporters say electronic medical records will boost the quality of medical care, reduce duplication of services, and limit errors, all of which could save money and lives. The National Academy of Sciences' Institute of Medicine estimates that between 44,000 and 98,000 people in the United States die each year because of errors such as being prescribed medicine to which they are allergic.

Google Health, for instance, is designed to check your prescriptions for potential interactions between your drugs, allergies, and conditions. In addition, a physician making a referral could, depending on the system, forward a patient's complete medical records with a single keystroke.

Not everyone agrees with those optimistic notions. An analysis published this year in the Health Affairs journal analyzed four years of Medicare patient data and found that electronic medical records have only a "small, positive effect on patient safety." It recommends that more evaluations be performed.

How many physicians are currently using electronic medical records?

An in-depth survey published last year in The New England Journal of Medicine found that about 4 percent of physicians have a fully functional electronic-records system and 13 percent have a basic system.

Another 34 percent had ordered one but had not installed it or planned to purchase one in the next two years. Details of these systems vary, so the fact that a physician uses an electronic system for medical records does not necessarily mean that the data can be shared with colleagues.

What form is an electronic medical record likely to take?

For physicians who are early adopters, the common practice has been to store data as an extension of their existing records on patients, sometimes called an "integrated personal health record."

The competing model, targeted at consumers, is to create a standalone personal health record, an idea that companies such as Google, Microsoft, and WebMD are supporting.

Standalone records may incorporate data from existing health care providers, and the companies behind them are hoping to convince pharmacies, lab operators, and physicians to encrypt and share data. Sometimes the existing records can be imprecise, as cancer survivor Dave deBronkart learned recently, when his Google Health record said cancer had spread to his brain or spine, thanks to not-quite-accurate billing records using codes required by insurers.

Microsoft, Google, WebMD, the American Medical Association, Aetna, Blue Cross Blue Shield Association, and others have jointly endorsed a set of guidelines for personal health records. An opinion article published in The New England Journal of Medicine in March recommends that future development focus on open standards, citing the Apple iPhone as an example of a device with a published interface for which independent software developers can create applications. One benefit of standalone records is that they're under the patient's control.

Which of these approaches is the federal government likely to back?

It's too early to tell. David Blumenthal, a former Harvard Medical School professor who has written about electronic medical records, was appointed to the post of national coordinator for health information technology in March.

Kenneth Mandl of the Children's Hospital Boston told The New York Times that it would be a bad idea to lock in the current office-based systems.

"If the government's money goes to cement the current technology in place," Mandl said, "we will have a very hard time innovating in health care reform."

Instead, as Mandl and a co-author suggested in their New England Journal of Medicine column in March, the federal government should encourage "interoperability and substitutability" similar to what Apple's online store provides to iPhone and iPod Touch customers. The key, Mandl says, is to be able to swap modules.

Why did the stimulus package that Congress enacted earlier this year push for electronic medical records?

Democrats who inserted the language in the bill defended it as a long-term investment designed to curb the rate of increase in health care costs. Sen. Patrick Leahy of Vermont predicted that "long-term cost-cutting measures, such as the use of electronic medical records, can help stimulate the health care economy and create much-needed jobs." Peter Orszag, the White House's budget director, warned last week that Medicare and Medicaid costs will spiral out of control in the next few decades, and said electronic medical records are one way to control costs.

Perhaps just as importantly, it was President Obama's chance to fulfill a campaign pledge. As a candidate, Obama incorporated electronic medical records into his campaign platform, arguing that they would save $120 billion a year, or $2,500 per family. In a town hall meeting last year, Obama said his plan would, within four years, "lower premiums by up to $2,500 for a typical family per year" by taking steps including "investing in a paperless health care system to reduce administrative costs."

Not everyone buys Obama's numbers: The nonpartisan Annenberg Public Policy Center of the University of Pennsylvania, which runs, called this claim false. "We find his statements to be overly optimistic, misleading and, to some extent, contradicted by one of his own advisers," Factcheck said in a June 2008 article, in part because it's based on a study estimating cost savings that won't happen until 2019.

What might be the downsides of the electronic medical records ushered in by the stimulus package?

There are four big ones: cost, complexity, privacy, and security. A few years ago, after spending $34 million on a computerized system, the prestigious Cedars-Sinai Medical Center ditched it after three months. It proved to be slow, unwieldy, and complicated, requiring some technicians to spend 30 minutes checking boxes about a patient's condition rather than three minutes scribbling notes.

Privacy and security are what worry Twila Brase, a former nurse and current president of the Citizens' Council on Health Care in St. Paul, Minn., a state think tank that focuses on genetic privacy and medical-record privacy rights.

They're creating a national template or national standard that everyone has to follow," she said. "The idea is for it to be interoperable. That means it's available and accessible and linkable and searchable, and all of those things. So everyone has, as the bill says, one medical record...We're going to lose the frank conversations that a patient really needs to have with his doctor and a doctor needs to have with his patient."

Other groups, including Consumer Watchdog and the World Privacy Forum, have raised similar concerns.

What, exactly, does the stimulus package say?

The legislation (PDF, on page 244) envisions the "utilization of an electronic health record for each person in the United States by 2014." Selecting official standards will be left to the Department of Health and Human Services, and many details are still unclear.

The databases will, "at a minimum," include information on every American's race and ethnicity. They will be used for "biosurveillance and public health," and "medical and clinical research," both of which raise privacy questions. They will become part of a "nationwide system for the electronic use and exchange of health information."

To accelerate this transition, the federal government will use its vast purchasing power--think Medicare and Medicaid--to compel adoption of e-records that meet government "standards and implementation specifications."

There are two pro-privacy components. The first says electronic-record holders "shall have a right to obtain" a copy of their data in an electronic format. The second includes a notification requirement in the case of a data breach, if the information is not encrypted, though, according to the definitions used, no notification is necessary, if the unintentional disclosure was made "in good faith."

How will the stimulus package encourage physicians and hospitals to adopt electronic medical records?

Through using the threat of smaller (or the promise of larger) Medicare and Medicaid reimbursements. Physicians who are "meaningful users" of a government-certified e-record database get bonus payments, as long as the database meets still-to-be-determined regulations about information exchanges.

Physicians who don't participate in such a data-exchanging system, on the other hand, will see their Medicare and Medicaid reimbursements begin to decline by a few percentage points in 2015. The U.S. Department of Health and Human Services is required to improve the adoption of e-records "over time by requiring more stringent measures of meaningful use."

Will Americans be able to opt out?

Although a single paragraph promises that data sharing will "be voluntary," critics argue that there's no unambiguous way to opt out.

That's what worries Sue Blevins, a former nurse and head of the Institute for Health Freedom, a nonprofit, nonpartisan group founded in 1996 that advocates for free-market principles in health care. "The stimulus package calls for the government to plan for everyone to use an electronic health record," she said. "My concern is, it doesn't say whether the electronic health record will be voluntary or mandatory."

"You need to make sure that if you don't want to use an e-health care record, you don't have to," Blevins said. "You need to have consent in there. If you think about it, with old paper records, when you had to give consent, do you know hard it would be to share those? Now data can be shared with the click of a mouse."

How secure will the data be?

We've recently seen some high-profile electronic intrusions, including a report saying a hacker broke into Virginia's "Prescription Monitoring Program," deleted records on 8 million patients, and demanded a $10 million ransom. Another report says overseas hackers gained access to the confidential medical information of students at the University of California at Berkeley, including 97,000 Social Security numbers, by electronically bypassing security mechanisms used by the campus health center.

The best answer might be that no data stored on a computer connected to the Internet can be completely safe. Rather, it makes sense to talk about multiple layers of defenses, solid audit logs, and making individual decisions about weighing the risk of placing the data online against the rewards it may provide.

Doesn't the Health Insurance Portability and Accountability Act (HIPAA) protect my privacy? Only to some extent, and the Bush administration rewrote and reinterpreted some of the HIPAA regulations. A 2006 article in The Washington Post noted that the administration had received 19,420 complaints about wrongful disclosure but imposed only one fine.

An article in a journal published by The Hastings Center, a nonpartisan bioethics group, says, "When sharing health information during health care operations, HIPAA could permit an insurer to give data to a bank it owns, which might then deny someone a loan on the basis of those data...While some laws protect against the disclosure of special kinds of information, such as HIV status, the lack of a HIPAA audit trail on routine disclosures means that HIPAA tends to undercut these restrictions."

Will the stimulus funds be sufficient to convince health care providers to switch to electronic health records?

That remains unclear. A consultancy in Washington, D.C., called Avalere Health estimates that a solo or small-group physician practice will spend an estimated $124,000 from 2011 to 2015 to adopt electronic medical records but will receive only $44,000 from the federal government toward doing so. That means that the out-of-pocket cost would still be $80,000.

Even after reductions in Medicare and Medicaid penalties kick in, starting in 2015 for doctors who aren't using electronic records, Avalere estimates that the reductions in reimbursements would amount to no more than $5,100 a year, or less than the cost of the switch. And because plenty of physicians already don't accept Medicare, the incentives may be weaker than federal officials would prefer. Economics, not privacy concerns, might prove to be the greatest hurdle for backers of electronic medical records to overcome.

More From CNET:
Why Are Doctors Suck Luddites?
Health Records Enter Into The Digital Age
Microsoft, Google In Healthy Competition

©2009 CBS Interactive Inc. All rights reserved