Fraud fighting plan for HER data has privacy experts up in arms

December 1, 2007

The Bush administration has signed off on a plan to detect health-care fraud and gather evidence for fraud prosecutions using electronic health record (EHR) systems.

The Bush administration has signed off on a plan to detect health-care fraud and gather evidence for fraud prosecutions using electronic health record (EHR) systems. The plan includes a provision that would allow payers to act as fraud monitors by giving them remote access to patient records. Payers would then be allowed to review patient records regardless of whether the record involves a specific claim.

The plan has raised concerns among privacy and security experts. "Fraud prevention is not the purpose of the initiative," Twila Brase, president of the patient advocacy group, Citizen's Council on Health Care, told Modern Healthcare (8/20/2007). "More likely, it's meant to cajole a resistant public and worried policymakers. Who can argue against fraud protection? The focus on fraud prevention is meant to impede public resistance to broad data collection and access."

Moreover, allowing remote access to EHRs by payers could increase the risk of hackers getting an open door to patient records. "Whenever you open up the record, you're creating greater security aspects that have to be covered and built into the (EHR) product," said Don Schoen, president and chief executive officer of MediNotes, a developer of EHR systems, and chairman of the Electronic Health Record Vendors Association.