EMR adoption higher in states with fewer privacy rules

Washington -- State laws in place to protect patients' confidentiality may be causing some hospitals to be more skittish about adopting electronic medical records systems, a factor that could impede the push for the industry to go paperless, a study says.

Researchers from the Massachusetts Institute of Technology and the University of Virginia recently concluded that state privacy regulations reduce aggregate EMR adoption by between 20% and 30%. States that got rid of some of their regulations experienced a 21% gain in hospital EMR adoption rates around the years the laws changed compared with just an 11% gain in states that kept them intact, said the study.

The authors concluded that state laws could hinder the federal government's goal of achieving industry-wide interoperability. Earlier this year, Congress allocated roughly $20 billion over 10 years in economic stimulus funding toward Medicare and Medicaid bonuses for physicians, hospitals and others that adopt paperless systems.

"What needs to happen is a lot more coordination of these privacy laws so hospitals don't have to deal with these patchwork systems," said Catherine Tucker, PhD, assistant professor of marketing at MIT's Sloan School of Management and one of the report's authors.

Several hospitals reported difficulties in exchanging information with systems in other states due to filters that must be installed to ensure that the transactions are done according to law, she said. "The extent you have to customize becomes very costly when you try to exchange health information," Tucker said.

Tucker used data from the 2005 release of the Healthcare Information and Management Systems Society Analytics Database for the research along with survey data from the American Hospital Assn. from 1995 to 2005. Data from more than 2,900 hospitals were analyzed.

The researchers measured adoption rates by whether hospitals had installed or were in the process of installing enterprise EMR systems or basic software with the capability for potential add-ins, such as clinical decision support and data repositories.

The study's findings were met with skepticism from some privacy advocates, who argued that uniformity exists between the states regarding privacy laws, contrary to what the researchers concluded.

Deborah Peel, MD, a psychiatrist and chair of the Patient Privacy Rights Foundation, a watchdog group based in Austin, Texas, said many states have laws that follow the standards set in the American Medical Association's Code of Medical Ethics, which helps provide strong protections for health information.

"The idea that there are somehow states in the U.S. that have vastly different laws protecting health information privacy is a fallacy," Dr. Peel said. If any factors are impeding EMR adoption, they are cost and system architectural designs that make them hard to maintain and support, she said.

Cost was cited as the No. 1 factor for low adoption rates of hospital paperless records systems in a study published in the March 25 online version of the New England Journal of Medicine. That study found only 1.5% of nonfederal U.S. hospitals use a comprehensive system, and only about 8% use a basic system in at least one unit that includes physician or nurse notes.

Deven McGraw is director of the health privacy project at the Center for Democracy and Technology, a public policy organization based in Washington, D.C. She dismissed the study's findings as well, noting "there have been a lot of developments that have happened since they looked at the data," such as the passage of the most recent economic stimulus bill.

Dr. Peel said she's concerned that policymakers could look at this study and use it as a rationale for scaling back patient privacy protections, which she said are jeopardized as it is by the private data-mining industry. "It's far more lucrative than taking care of sick people. The data is going everywhere we don't want it to go. And the two people who should have it -- the patient and their doctor -- can't get their hands on it."

AMA policy supports prohibiting the sale and exchange of personally identifiable health information for commercial purposes without a patient's consent.