Access to Electronic Medical Records

Here’s an interesting debate:

Epic Systems, one of the largest medical records companies, emailed the chief executives of some of the largest hospitals in the U.S. on Wednesday, urging them to oppose proposed regulation designed to make it easier to share medical information.

The email, which was written by Epic CEO Judy Faulkner and addressed to CEOs and presidents of hospital systems, urges recipients to sign a letter alongside Epic that voices disapproval for rules the Department of Health and Human Services proposed in 2019. These rules aim to make it easy for patients to access their health information at no cost, and make it more challenging for companies to block access to that information.

The proposed rules have pit patient advocates against some doctor groups and companies, like Epic. Critics say they don’t have enough provisions to protect patients’ privacy. Epic’s Faulkner has been vocal in her criticism of the rule, which she believes will result in app makers having access to patient data without consent.

On the other side, patient advocates have spoken out in favor of the rules, which aim to make medical records accessible through application programming interfaces (APIs). The rules are also designed to make it easier for hospitals to share patient records with other medical offices or hospitals. That’s been a big challenge for years, and studies have shown that it has a negative impact on patient’s health.

Patient groups have criticized medical record vendors, like Epic and its chief rival Cerner, for failing to do enough to support health data interoperability. Both companies have stressed that they’re doing more to fix the problem, although progress has been slow.

As always… follow the money. Epic and some other EMR companies are notoriously closed systems. The reason is simple. If Epic controls access to the data and the integrations, they can charge for it. This is a revenue stream for them. Of course they do not want to be required to provide APIs unless it is on their terms.

That being said, their concerns about data privacy are valid. The more you expose the underlying data through APIs, the more potential data breaches are possible. This has been a concern with EMR in general. While electronic medical records are convenient and helpful to share complete patient data across multiple medical specialties, they are also subject to hacking and manipulation. But that ship has sailed. We have culturally decided that the rewards outweigh the risks.

Everything depends on the implementation of a law like this. It could be beneficial by offering patients greater visibility and control of their records. It could also be a security nightmare with millions of people’s medical records being leaked for the purposes of extortion, predatory violence, discrimination, and, worst of all, targeted robocalls.