Telemedicine Provides Benefits, but Security and Privacy Risks Abound

Published June 1, 2006

The Internet is transforming the way Americans interact with the health care system, and consumers want more opportunities to use it.

According to a 2002 Harris Interactive poll, 90 percent of patients with Internet access would like to be able to consult their physician by e-mail. Doctors and health care providers are increasingly using telemedicine for remote monitoring of patients’ health, according to an April 2006 Wall Street Journal article. As insurers begin to cover the costs of telemedicine, both avenues are likely to widen.

Another way the Internet is about to transform health care is through electronic medical records (EMR). A fall 2005 report published in the journal Health Affairs found EMR could improve efficiency and safety for an estimated savings of about $81 billion per year, and a RAND Corporation study released last September quotes the potential savings at $77 billion a year–quite a coup, considering total national health care expenditures were $1.9 trillion in 2004. Storing medical records electronically also improves care coordination and boosts survival rates by allowing medical providers and facilities to share medical information more easily, according to the Health Affairs report.

That’s a major reason the U.S. Department of Health and Human Services is working to create a National Health Information Network (NHIN)–a national database linking patients’ records with health care providers, insurers, pharmacies, labs, and claims processors–by 2009.

“Electronic health records will re-engineer health care in a way that will save thousands of lives and billions of dollars,” NHIN Director David Brailer told Consumer Reports in March.

Protecting Privacy

Although transferring personal health information electronically–whether in e-mails or EMR–between patients and providers may be efficient, it also raises the possibility of private medical information being viewed by others or stolen to perpetrate fraud.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires health care providers, health plans, and business associates to adopt security and privacy standards for electronic communications, medical records, and medical transactions. Adopting privacy standards for electronic health communication will improve the efficiency and effectiveness of the nation’s health care system by encouraging the widespread use of electronic data interchange in health care.

Wiring a Solution

In April 2005, Houston, Texas-based SafetySend, Inc. formed a partnership with the American Association for Medical Transcription to create a private system that transmits personal health information securely. SafetySend’s service, available for businesses and individuals, includes large-scale enterprise solutions for organizations needing secure file transfer, such as health plans and providers whose medical records must meet HIPAA privacy standards.

Medical file transfers and e-mail communications are not the only place where health care transactions need to be protected. Currently, most patients’ medical records consist of paper files stored at each provider’s facility. As physicians retire or merge practices, medical records are often relegated to offsite storage facilities where they are inaccessible and vulnerable to theft, arson, and natural disasters.

“Never has the need for electronic storage of critical health and personal information been evidenced than [by] the recent disasters,” SafetySend CEO Mark Sharp said. “[Hurricanes] Katrina and Rita and the tornadoes of the central U.S. showed us how important it is to have a safe place to keep a disaster backup in case of emergency.”

SafetySend also offers secure e-mail and fax components that work with existing computer systems–no expensive additional hardware is required. Individuals can purchase the service for as little as $8 per month.

Preventing Fraud

Health records may be vulnerable in other ways as well, such as impersonators accessing other people’s information. Unscrupulous providers can bill for services that were never given. Providers or third parties might bill for patients they have never seen. Medicaid fraud may occur when enrollees let non-covered friends or relatives borrow their Medicaid cards so they can receive free care. Stolen or counterfeit Medicaid cards may even be used to fraudulently obtain controlled drugs for sale on the street.

To improve the security of face-to-face medical transactions, eMedicalfiles–a private firm based in Atlanta–uses fingerprint authentication that positively identifies the health plan enrollee and prevents access by unauthorized persons. The system keeps a record of the date and time services are received. It also alerts providers if their patients are seeing other physicians and being prescribed other drugs. Through this system, individuals seeing multiple doctors to obtain large amounts of narcotic drugs are unable to conceal their activities.

eMedicalfiles also has created a HIPAA-compliant interface for sharing information across different electronic medical record systems from different vendors. This is important because people may have multiple doctors and get treated at multiple locations, such as laboratories, clinics, and hospitals.

Talking with the System Wayne Singer, senior vice president at eMedicalfiles, explained there are a variety of EMR systems but most cannot talk with each other without this application. “The eMedicalfiles application makes electronic medical records talk to each other,” Singer said, by creating the communication bridge with absolute patient authentication using biometrics.

eMedicalfiles also offers a system where medical records are stored on special, HIPAA-compliant USB jump drives. Though jump drives are ubiquitous nowadays, the ones available for $20 at the local office supply store aren’t secure enough for medical data transfer–if lost, anyone finding such a drive might be able to access the contents. eMedicalfiles solves this problem with a small window in the tip of the drive that scans the user’s thumbprint or fingerprint before allowing access to medical records contained on the drive.

The firm also offers Smart Card technology, which stores information about the user’s health plan, demographics, allergies, prescribed medications, and medical conditions on a device similar to a credit card. The company also has a secure Internet vault for firms needing a safe and secure way to store or host medical records.

Devon M. Herrick, Ph.D. ([email protected]) is a health economist and senior fellow at the National Center for Policy Analysis.

For more information …

“Patients Want Online Communication With Their Doctors,” Medscape Medical News, April 17, 2002,

Elena Cherney, “New Ways to Monitor Patients at Home; As Insurers Increasingly Cover ‘Telemedicine,’ Companies Launch Wave of Devices,” Wall Street Journal, April 18, 2006. Text (subscription required),

Richard Hillestad, et al., “Can Electronic Medical Record Systems Transform Health Care? Potential Health Benefits, Savings, and Costs,” Health Affairs, Vol. 24, No. 5, September/October 2005, pp.1103-1117,


American Association for Medical Transcription,