Abstract
United States health care is engaged in an ambitious
project to make its clinical and administrative records “100%
electronic.” Substantial benefits are expected in both clinical care
delivery and medical research (especially for public health surveillance and
outcomes/effectiveness studies). Substantial costs also potentially accrue,
beyond the large outlays for an expanded computer and telecommunications
infrastructure. Privacy and confidentiality are obviously at risk if such
systems cannot be made secure. Limited empirical evidence currently available
suggests health information systems security may not be very good, at least in
the “average” institutional setting. Privacy-focused critics of
electronic record-keeping are sometimes accused of taking Luddite stands,
insufficiently attentive to IT's benefits. It may also be fair to worry about
a certain Panglossian tendency in “industry” commentary,
insufficiently attentive to potential problems. Better federal and state laws
structuring health data use will help; the industry must also attend more
candidly to the technical uncertainties.