COVID-19 and Privacy

Health Data, Even at a Privacy Loss, Proves Invaluable in Emergency Rooms

By Samantha Stone

The global COVID-19 pandemic has brought thousands of people to hospital emergency rooms, where the urgent pace and the need for information are at odds.

After the first critical hours, patients are stabilized and doctors then can review health histories from electronic medical records (EMR).

But what is the nature of that information? How wide and how deep is the data reservoir that doctors can plumb for guidance? Is the patient’s full history stripped bare?

“If you’re part of a treatment team, legitimately, then you can have access to the record,” Dr. Eric Howell, chief operating officer at the Society of Hospital Medicine and a Johns Hopkins University clinician, told Digital Privacy News.

“We don’t have access to … financial reporting, or social reporting, or their Facebook account.”
— Dr. Eric Howell, Society of Hospital Medicine and Johns Hopkins University.

Not Full Data Access

Howell can view most, but not all stored medical records from sources that interoperate with the hospital EMR system, he said. He’s locked out of a few categories where privacy laws apply, however.

Psychiatric history is one. “If those records aren’t allowed to be accessed legally, then they’re firewalled so you can’t even get them if you want them,” he said.

Howell relies first on patients and families for health history.

“They’ll tell you a lot,” he told Digital Privacy News. But not everything.

When the diagnosis isn’t clear, stored medical records guide the next steps.

“You can go back and look and say: ‘Aha! They had an echocardiogram and it was completely normal,’” Howell said. “But they had a lung-function test, and that showed severely damaged lungs.” 

Separating Sensitive Records

The vision for electronic medical records was precisely that: An emergency team treating a COVID-19 patient would be alerted to the patient’s damaged lungs. But EMR systems must facilitate those disclosures while preventing privacy-law violations.

Federal privacy laws apply to everyone in the medical sphere, said Nadine Parmelee, a software tester in Austin, Texas, who’s done work for large EMR companies.

Access to patient records is governed primarily by log-in credentials assigned when medical personnel are initially hired.

“It’s a user group,” Parmelee told Digital Privacy News. “If you get added to this particular group, you have access to (patient data).”

The exception is prescription records, which every doctor can see, Parmelee said, because treatment decisions may hinge on which drugs the patient is taking already.

Prescription data could lead emergency staff to deduce mental-health status, even without viewing the patient’s history, she told Digital Privacy News.

Life or Death Calculations

Earlier in the COVID-19 crisis, the medical field discussed how to ration ventilators and other crucial equipment, should it become necessary.

In those cases, how would doctors decide whom to save and who would be left to die, and what data would dictate the decision? 

Those questions linger beneath the surface as the world emerges from the first wave of infections and prepares for the next, which epidemiologists say might be more overwhelming.

“There’s going to be a group of patients who are going to die, probably die soon, whether we give them a ventilator or not.”
— Bruce Jennings, Vanderbilt University.

“There’s going to be a group of patients who are going to die, probably die soon, whether we give them a ventilator or not,” said Bruce Jennings, an adjunct faculty member at Vanderbilt University’s Center for Biomedical Ethics and Society. 

Throughout history, he told Digital Privacy News, triaging protocol has discouraged using scarce resources for a patient with low odds of survival, while others with a better chance might worsen and die.

Medical ethicists also contemplate a patient’s remaining years of life, and whether age alone is a useful indicator.

“You worry that if we categorically rule out anyone over 60… we’re maybe doing something that is unjust and wrong,” Jennings said.

Keeping It ‘Quantitative’

“Do we really want to say that a 50-year old, who maybe — who knows — is not really going to produce much in the rest of their life, has more value over a 70-year-old who still has a wonderful symphony to write?

“We try to keep it as quantitative as possible,” he told Digital Privacy News. “Ultimately, when you’ve got a patient in the bed in front of you, as a doctor, it’s something of a judgment call.”

But Jennings recoiled from using nonmedical patient profiles to determine social value. No such personal data is available in the emergency room, anyway, he said.

Howell, the Johns Hopkins clinician, said physicians don’t rely on data from outside sources.

“We don’t have access to — I don’t know what — financial reporting, or social reporting, or their Facebook account,” he told Digital Privacy News. “It’s all basically in the electronic medical record.”

Samantha Stone is a Nevada writer.

Sources: Interviews

Photo Credit: Reuters (Italy)