Ensuring the privacy and security of electronic medical records could be one of the biggest challenges to public acceptance of EMRs, healthcare leaders told a government advisory body last week.

During a two-day hearing designed to explore issues surrounding privacy and healthcare information technology, physicians, healthcare IT vendors and privacy advocates told the National Committee on Vital and Health Statistics that while electronic records could help improve patient care and safety, work needs to be done to protect the confidentiality of this information.

There's some evidence that the public is concerned about computerizing medical records. A February survey from Harris Interactive found that U.S. adults are almost evenly split when it comes to whether the potential privacy risks of EMRs outweigh the benefits. The telephone survey of 1,012 adults also found that, among other concerns over computerized records, between 62 to 70 percent of adults are worried that:

- Sensitive health information could be compromised because of weak data security;

- There could be more sharing of patients' medical information without their knowledge; and

- Some people won't disclose certain health information because of worries that it will go into computerized records.

"I am convinced that how the public sees the privacy risks and responses from EMR managers will be absolutely critical to the EMR system's success or will be a major factor in its failure," said Alan F. Westin, MD, director of a new program on information technology and health records privacy for Privacy & American Business, a not-for-profit think tank. Westin, who commissioned the Harris survey, released its findings during his testimony Wednesday before the NCVHS.

Adding to these concerns are several high-profile privacy gaffes, including a recent incident in Florida where a statistician accidentally e-mailed a confidential list of AIDS and HIV patients to more than 800 employees of the Palm Beach County Health Department. In addition, a survey on HIPAA compliance from the Healthcare Information and Management Systems Society and Phoenix Health Systems found that only 78 percent of providers and 90 percent of payers said they met the requirements of the HIPAA privacy rule, two years after the deadline to ensure that the healthcare industry complied with the law.

Sue Blevins, president of the Institute for Health Freedom, a Washington-based think tank, told the committee that individuals lack control over who has access to their personal health information, and that electronic health records could compromise privacy because more people would have access to a patient's medical information.

"Americans highly value and respect medical privacy," Blevins said.

However, Linda Rosenberg, president of the National Council for Community Behavioral Healthcare, said there is no guarantee of privacy in paper-based medical records.

Westin told NCVHS that if the government is to meet its goal to give most Americans access to EMRs within the next 10 years, patients would have to be convinced their privacy would be protected. Westin called for an "active, well-funded" program to bring privacy to EMRs and said there should be an independent EMR privacy board that would identify and investigate problems as well as recommend privacy standards.

Government officials have said that protecting privacy and ensuring patients have control of their data are critical elements in creating a National Health Information Infrastructure that would allow the healthcare industry to electronically share information. The government recently requested feedback on ways to create such a network and what form it would take. David Brailer, MD, national coordinator for health information technology, said the need for privacy emerged as a common theme among respondents.

"Security to ensure protection of patient data was almost universally mentioned," he told attendees at the recent HIMSS conference in Dallas.