(Reuters Health) - The move to electronic health records comes amid laws in most places requiring patient personal information to be protected, but it may also be creating a new risk to patient privacy, Canadian researchers say.
In an audit of recycling bins at five hospitals in Toronto, researchers found more than 2,500 paper documents with personally identifiable patient information, according to a report in JAMA.
“Patients divulge private information to their doctors and hospitals, often that they wouldn’t want widely known, and we need to maintain that information in a confidential way,” said senior study author Dr. Nancy Baxter of St. Michael’s Hospital in Toronto.
In Ontario, as in the United States, legislation requires personal health information to be protected. As more patient data is kept in electronic health records, however, paper records may be discarded more frequently and create risk for privacy breaches, Baxter’s team writes.
In the U.S., the federal Health Insurance Portability and Accountability Act of 1996 spells out privacy rules for patient information.
“We didn’t have as much paper around 20 years ago as we do now because we’d receive a test that would be the only copy, so we’d put it in the chart,” Baxter said in a telephone interview. “Now we print for convenience, and although most of these thousands of documents go into shredding bins, some go astray.”
The researchers conducted a recycling audit at five teaching hospitals in Toronto between November 2014 and May 2016. Each hospital had personal health information policies, as well as recycling bins and secure shredding bins for disposal of sensitive material. At each site, the researchers collected recycling three times a week during a four-week period from inpatient wards, outpatient clinics, emergency departments, physician offices and intensive care units.
The study team looked for any papers with personally identifiable information, including single sheets or stapled documents, and then they classified the sensitivity of the contents: low for identifiable information only, medium for information about a diagnosis and high for a description of the patient’s medical condition.
The research team found 2,687 documents and rated 807 as low, 843 as medium and 1,042 as high sensitivity. Personal information was found at all the hospitals and in all locations, although more than half (1,449 items) were found in doctor’s offices. The most commonly found personally identifiable documents included clinical notes, summaries and medical reports.
“Although some sites in hospitals can get chaotic, those areas aren’t the ones with problems,” Baxter said. “Instead, we found the most in physicians’ offices, which should get as close to 100 percent appropriate shredding as possible. We really need to work on this.”
Baxter and others created a podcast called “The Differential” to highlight issues in healthcare delivery, and launched the series March 20 with an episode detailing what they found in this study (bit.ly/2DMNRX8).
Baxter said she has talked to the privacy commissioner of Ontario about what to do moving forward, including the importance of maintaining patient trust about confidentiality.
“My concern is that additional rules and regulations won’t get to the heart of the problem. We could focus on shredding, but we should really focus on reducing paper waste,” she said.
“For patients, privacy comes first, so what security measures do we have in place to prevent a breach and then how can we talk to patients about them?” said Mohamed Abdelhamid of California State University Long Beach, who wasn’t involved in the study.
“Although private information on paper is of concern, that’s limited to the people who can physically get to those papers,” Abdelhamid told Reuters Health by phone. “Once you go electronic, you’re subject to hackers from elsewhere, and we need to be aware of how we protect that information.”
Ultimately, patients should understand that sharing information is not a binary “yes-or-no” decision and often varies by situation, Abdelhamid said. Sharing records when seeking a second opinion for a diagnosis, for instance, could cause bias for the second doctor who sees the first doctor’s notes. On the other hand, sharing documents that outline medical history or track medications that may interact could help doctors create the best medical plan.
“Increase your awareness of both the positive and negative sides of sharing data electronically,” he said. “Consider your own privacy barometer and calculate what’s beneficial for you in your specific case.”
SOURCE: bit.ly/2GavAbD JAMA, online March 20, 2018.