Digital files raise security concerns

Hospitals and doctors are shifting more patient records to computer files, but no one has settled how the nation should safeguard the sensitive information once it is transformed into bits and bytes, according to consumer healthcare advocates gathered in Boston.

The lack of uniform privacy standards is becoming a problem, they say, as communities in Massachusetts and around the country experiment with ways to share electronic records between providers.

``We're in totally uncharted terrain," said John McDonough , executive director of Health Care for All, the nonprofit consumer organization in Boston that sponsored Friday's forum on health records.

Unanswered questions are these:

Should data shared in these networks be made available to insurance companies? Health researchers? Drug companies? The easiest answer would be no. But what if the information could help insurance companies control costs, or help medical researchers spot risks, or develop better treatments?

Meanwhile, what level of control should patients have over who views their records? Should patients be allowed to view their own records from home? And how should hospitals and doctors respond after a security breach?

The federal government established a panel to study these issues last year under the leadership of Health and Human Services Secretary Michael O. Leavitt , but it has yet to produce recommendations.

``The public is very sensitive about how their information is used," said David Lansky , a senior director at the nonprofit Markle Foundation in New York, which studies the impact of technology on society.

Not only are consumers worried about the theft or misuse of records, but their privacy rights may prove to be different from state to state and city to city unless there are uniform protections, he said.

``Let's say you move from Boston to San Diego and your health records follow you. What will happen at the other end of the line?" Lansky said. ``You need to have some level of confidence that everyone connected is playing by the same rules."

The forum focused on efforts around the country to encourage the use of electronic records, including a $50 million pilot project sponsored by Blue Cross and Blue Shield of Massachusetts to digitize medical records in Brockton, North Adams, and Newburyport.

Each of those communities has a committee that is deciding how security issues will be addressed. A bedrock principal so far in all three places is that only hospitals and doctors who are connected to those networks will be allowed to view the records, said Micky Tripathi, who is leading the effort as executive director of the Massachusetts eHealth Collaborative .

Speakers at the forum said patients should pay more attention to consent forms they sign at physicians' offices, which spell out with whom their medical information can be shared.

But reading the forms is one thing, and making decisions based on what they say, and their legal implications, is another. The eHealth Collaborative has hired an expert to help translate the legalese in consent forms into something patients can understand.

``Having people totally understand how their information is being used is complicated," said Ray Campbell, chief executive of the Massachusetts Health Data Consortium , a nonprofit healthcare consulting and technology group in Waltham.

Christopher Rowland can be reached at crowland@globe.com.