The year 1984 didn't materialize as grimly as author George Orwell anticipated, nor did Y2K cause a millennial breakdown of society.
In all likelihood, the leap into the realm of electronic medical records won't destroy patient privacy, either, despite the fears of consumer advocacy groups and those whose minds race ahead of what's probable.
Throughout history, fear has often accompanied progress. In the realm of electronic healthcare data, that anxiety has translated into concerns that as patient information moves from paper to computer screen, the door to privacy abuses will swing wide open.
The general media has done nothing to quell privacy concerns, with screaming headlines like "Invasion of Privacy" and "Naked Before the World," invoking images of Big Brother looking over patients' shoulders at every doctor's visit.
Aside from Orwellian images, some experts say the shifting of medical records from the dusty storeroom to the server brings with it many advantages for both patients and healthcare professionals.
But observers also are mindful that people's concern with their privacy -- especially their medical privacy -- is a fact of life that is not going to go away anytime soon. That means that healthcare providers will have to deal with it, and the sooner the better.
"My sense is certainly that people's perception of privacy issues is probably at an all-time high; I don't think you can pick up a newspaper or magazine today that doesn't have an article in it that's focused either on new privacy protections or breakdowns in privacy," says Brent Saunders, a consultant in the healthcare practice of PricewaterhouseCoopers and also a founder of the Privacy Officers Association, a not-for-profit organization promoting privacy programs.
"It's never too early to think about the privacy consideration, given the new technology," he says.
If an electronic records system is designed and used correctly, healthcare providers can actually detect abuses of privacy more easily through tracking, and they can control access to records more effectively than with paper files, say technology advocates.
And by making physician access to patient data quicker and easier, electronic records provide benefits to the healthcare community that easily outweigh the extra effort that must go into addressing legitimate patient privacy and security concerns.
"People are uneasy about leakage of their healthcare data, and they're more uneasy about that than about leakage of their financial data," says John Glaser, vice president and chief information officer of Partners HealthCare System in Boston.
"What you can't do is just ignore it and pretend it's a nonissue. That's just dumb," he says.
What you can do, though, is deal with it and move on.
Perception vs. reality. "The reality is that it's probably more safe in digital form than it is in paper form," says Stephen Savas, a vice president at Goldman Sachs & Co., about the patient record. "And the reason why is if it's in digital form, it's not actually hard to track anyone who accesses the information."
The trade-off for conversion of records to electronic form is improved care, he says. "The people who complain about privacy are the same people who complain about the quality of healthcare," he adds. "You can't have it both ways."
In a research report from the Gartner Group on healthcare security and privacy risks, analyst Matthew Duncan cites several well-publicized violations of patient privacy.
There was the assumed violation of medical confidentiality that forced tennis star Arthur Ashe to go public with his AIDS status once it had been published by USA Today.
And there was the story of a banker on a state health commission who accessed a list of local cancer patients and then cross-referenced it to a list of bank customers who had outstanding loans -- using the medical information to call in the loans of the cancer patients.
These privacy violations occurred, however, with paper records. Under the penalty provisions of HIPAA, that kind of illegal activity using either paper or electronic records could trigger a 10-year imprisonment and as much as $250,000 in penalties, which Duncan argues will be a significant deterrent.
Clement McDonald, M.D., a professor of medicine at Indiana University School of Medicine and pioneer in the field of healthcare informatics, says the penalty provisions will go a long way to discourage the mining of medical records for bribes or cash.
"One major contribution from all the privacy regulations will be almost certainly very strong laws or penalties for doing anything for-profit or self-use -- that is, taking advantage of the information in contrast to making a mistake," he says.
He says people are nervous about the use of electronic databases to store records because of the ease with which computers allow the transfer of data.
By contrast, some believe that messy chart rooms and notes scribbled in illegible handwriting can act as a safeguard against outsiders accessing the information.
One industry report questions the "crisis" in privacy that has formed the basis for the legislative remedy, contending that it's not supported by evidence.
"While privacy concerns are real, privacy violations are rare, making privacy legislation a big solution for a small problem," according to the report by the Robert E. Nolan Co., which fixed the five-year costs of privacy-related compliance at $43 billion for the healthcare industry.
In researching the issue for the Blue Cross and Blue Shield Association, Chicago, the Dallas-based company says it was "surprised to learn that there are perhaps fewer than two complaints per 100,000 Americans regarding privacy violations."
But others say the potential for breaches remains a powder keg that would be better kept away from any sparks.
Given public perceptions, "it makes public policy sense that there be some sort of prophylactic, proactive approach to protecting the confidentiality of information," says Richard Fischer, a specialist in healthcare information law with Chicago-based Foley & Lardner.
A public backlash against egregious breaches of confidentiality, combined with existing skittishness about putting medical records in electronic form, could set back the advance toward computerized medical information, observers say. "If you don't respect the privacy issue, you're going to be in trouble," says Fischer.
Tightening the protection. While electronic records can be built with many safeguards, they are only as useful as the employees who use them. In his report, Duncan urges healthcare systems to educate their staffs on legal and ethical aspects of patient data privacy.
"No technology solution can prevent unauthorized disclosures from employees talking in the halls," he writes. "An informed and dedicated staff is the most important security capability a healthcare organization can have."
Some steps might include requiring employees to sign confidentiality agreements annually, as well as maintaining warnings on electronic systems advising employees to protect privacy and reminding them that their access is on a "need to know" basis.
In addition, Duncan says in an interview, provider organizations can make small, sensible changes to their computer systems that will help protect privacy. These can include automatic logging off from workstations and withdrawing system access immediately to anyone who is terminated.
"My hope is that people will get worked up about it," he says, "but not from a fear perspective as much as an opportunity perspective."
Software systems designers also are acutely aware of privacy issues.
For example, Eclipsys Corp. has designed steps to help providers determine who gets to see certain records and what kind of changes they can make.
Eclipsys, based in Delray Beach, Fla., designs healthcare information technology applications, including financial systems, clinical systems and medical records systems.
Kelly McLendon, director of Eclipsys' record manager domain, says his company's system allows records to be managed in such a way that changes can't be made unless the user meets certain access requirements. Once a document -- in this case a medical record -- is complete, it cannot be changed except through an addendum.
"That's how you make sure there's no tampering with it after it's complete," he says.
Also, every electronic move that's made within the system is tracked in an audit log. "You leave tracks in the sand wherever you've been and whatever you've been doing," he says. "You need to monitor the audit logs to understand whatever's been happening in your system."
Martha Skeens, who is Eclipsys' product planner for its medical records system, says that she uses a simple example when explaining electronic medical records to healthcare providers.
"Any physician, any person who works within a hospital, could go to one of their patient-care units and pick up a patient-care record and review it completely," she says. "With an electronic record, that same person would have to have an established identity, a password, and to update that record they'd have to have a personal ID number."
An electronic record also lends itself to controlling access because unlike a paper record, it cannot be moved from place to place, she says.
"This whole question of fears of people accessing information has to be balanced with the need to know," she says. "You don't want to have any system or policy that would prevent a valid user from accessing information that they would need immediately."
For example, with an electronic medical record, access could be tailored to the different needs of personnel within various hospital departments. A hospital could provide its emergency department with access to any record, while other patient-care areas would have limited access. Nurses, for example, can be given access to patients in their units but not to patients in other units.
Time could provide another control mechanism. Records could be available for 48 hours after the patient leaves the area and then could become inaccessible. In these ways, the electronic system can be adapted to meet the security needs of the hospital.
But there is no amount of technology, however, that can replace adequate training, Skeens says.
Electronic records in action. At Alta Bates Summit Medical Center in Oakland, Calif., Laura Valadez is the project manager implementing Eclipsys' electronic chart for patient records. Eventually the plan is to expand it to the entire Alta Bates campus and to take the whole system paperless, but that may take a while.
The electronic chart, a document imaging system, replaces the paper chart and also allows physicians to sign documents electronically and edit some documents online.
Valadez says HIPAA compliance is one of her biggest concerns.
The hospital's system requires logging on and use of passwords and includes a log-out capability that automatically kicks people off the system if they haven't used a terminal in the past 10 minutes. Computer terminals also are kept out of high-traffic areas of the hospital.
The hospital does keep audit trails, or an electronic record, of who has accessed patient information.
Physicians have unlimited access to patient data, while nurses have limited access based on the time during which their patients are hospitalized.
Valadez says about two-thirds of the hospital's physicians have been trained to use the chart manager system, which has enabled doctors to access patients' data much more quickly.
"It can only impact the patient positively if a doctor gets access to a chart faster," she says.
In addition, the chart manager system has shortened the hospital's number of days in accounts receivable by two, a huge financial incentive that brings cash into the system more rapidly.
It is yet another example of what computerized healthcare information initiatives can accomplish.
Even privacy expert Robert Gellman, who along with Indiana University's McDonald sits on a federal advisory committee that reviews the HIPAA regulations, agrees that computerized records are not in and of themselves offensive to the notion of privacy.
"Medical records aren't confidential; they haven't been confidential for decades," he says.
Some of his current privacy concerns focus on the unrestricted access to medical records that law enforcement agents can obtain, as well as the potential use of records for marketing purposes disguised as disease management.
"But there are trade-offs, I don't deny that," he says. "Computer records, network records are not inherently evil. It depends on what you do with them."