Why Do We Need Electronic Medical Records? So Your Personal Data is More Readily Available to the Government

Given recent legislative and judicial decisions, there are vanishingly few electronic records that the government cannot rape at will.  Increasingly, government agencies can access electronic data without even bothering with silly stuff like warrants or judicial review.  

The Drug Enforcement Administration is trying to access private prescription records of patients in Oregon without a warrant, despite a state law forbidding it from doing so. The ACLU and its Oregon affiliate are challenging this practice in a new  that raises the question of whether the Fourth Amendment allows federal law enforcement agents to obtain confidential prescription records without a judge’s prior approval. It should not.

In 2009, the Oregon legislature created the Oregon Prescription Drug Monitoring Program (PDMP), which tracks prescriptions for certain drugs dispensed by Oregon pharmacies, including all of the medications listed above. The program was intended to help physicians prevent drug overdoses by their patients and more easily recognize signs of drug abuse. Because the medical information revealed by these prescription records is highly sensitive, the legislature created robust privacy and security protections for the PDMP, including a requirement that law enforcement must obtain a warrant before requesting records for use in an investigation. But despite those protections, the DEA has been requesting prescription records from the PDMP using administrative subpoenas which, unlike warrants, do not involve demonstrating probable cause to a neutral judge.

While the government needs a search warrant to access paper medical records, it apparently feels it can look at electronic records without a warrant,.  Which explains one reason why the Administration is so excited about the new medical records requirements in Obamacare.   You didn't think HIPAA applied to the government, did you?  And if you wondered why Obamacare requires doctors to ask medically-unrelated questions (e.g. on gun ownership), now you know.


  1. LarryGross:

    Oh good lord!
    everything is a conspiracy!

  2. Dustoff:

    Yeah the good old Gov would never lie & cheat would they. Remember Joe the Plumber when all of a sudden his IRS tax records became public.

  3. Matthew Slyfield:

    The only real conspiracy is the conspiracy by the conspiracy nuts to make everything else LOOK like a conspiracy. It's a meta conspiracy. :)

  4. wintercow20:

    I was once asked in an appointment to examine my back if I was having an affair ...

  5. marque2:

    If you read the HIPPA, it basically says that no-one may have data, unless a government official asks nicely. We are doing a criminal investigation, can we see Mrs Marque2's medical forms.

    It is terrible. The only thing HIPPA prevents, is me from asking about information about my spouse and questioning billing for medical services for her. (Why is there this charge for blah blah blah - Sorry we can't tell you - HIPPA - grrr)

    Seriously a husband is a threat - random people from the government are A-OK!

  6. marque2:

    They also force pediatricians to ask if you have a gun at home during your kids annual physical (at least in California) and then if you say yes, they strongly urge you to get rid of it.

  7. marque2:

    Have you actually read any of the HIPPA forms you have signed? Probably not.

  8. mesaeconoguy:

    Everything government does is a disaster, Larry.

    Remove your cranium from your rectum, pretty please.

  9. mesaeconoguy:

    The hilarious irony and staggering stupidity of government (endorsed by morons like Larry) is that in 1 motion, they require ironclad security and protection for personal non public information, and in another they mandate transmission of that same information for use in tracking people and transactions, increasing the likelihood of malfeasance.

  10. ColoComment:

    that's why the answer should always be, "No," whatever the truth may be.

  11. Madison Libertarian:

    Okay, commenters, first of all, it's "HIPAA" (two As, not two Ps). Also, HIPAA clearly does not apply to the government per statute, unless the government qualifies as a regulated "covered entity" (e.g., health care provider) or "business associate."

    marque2, your summary of "the HIPPA [sic]" is wildly oversimplified and incorrect. I don't disagree with you on governmental officials' approach to our privacy, but don't lay the blame at HIPAA's feet.

    The default rule under HIPAA is that protected health information (PHI) may not be used or disclosed unless it meets one of the specific exceptions under the law. Yes, many of those exceptions allow for government access, and I will tell you that our goverment officials (whether professional licensing agencies or law enforcement) believe that HIPAA allows them broad access to PHI in many cases where it does not.

    On top of that, you need to layer in state laws that are more protective of privacy, in which case they preempt HIPAA - e.g., in Wisconsin, law enforcement often needs a warrant or court order to get PHI in cases where HIPAA would allow access with a subpoena.

    So if you are concerned about HIPAA being too lax on privacy, look to your state to provide more protections for your PHI.

    And regarding your complaint about assisting your wife with billing - all she should have to do is pop on the phone for a minute and confirm that you are involved in her treatment/payment to allow you to speak on her behalf (or submit an authorization in writing to the entity you want to speak with). It's pretty simple.

    (Oh, by the way, I'm an attorney with about 50% of my practice in health privacy, and I can tell you that if your oversimplification of HIPAA were even remotely accurate, I wouldn't be nearly as busy as I am.)

  12. marque2:

    Have you actually read a HIPAA disclosure form before you signed it? What you say may be correct, but it really does say if a government agency asks nicely they can get the info, they just have to cite law enforcement issue - it could be your disappearance, death, involvement in crime, being suspect, or just some investigation is going on. There is no indication that they need a warrant. They also can claim it is a "public health issue" and grab it that way.

    The obstruct me from legitimate use, make it difficult for my doctor to transfer the info on my behalf, and they allow government almost unlimited access. Please read one, next time you go to the doctor.

    Here you go I found the "other uses" section online Thanks to Winchester Orthopaedic Associates. Read all the exceptions for government - there is almost no way to keep the data away


  13. marque2:

    Here is the section of how government can access your medical data under HIPAA


    There are so many loopholes the government can pretty much get your medical data whenever they want to. The only thing HIPAA does is restrict legitimate uses, like my Dr faxing data to another doctor (without me signing consent forms), or my getting info on my wife - to correct billing errors, for instance. It didn't protect us from beans.

  14. Madison Libertarian:

    I'm assuming you're referring to the notice of privacy practices? Yes, I've read them and drafted them. All they do is give you notice of what's in the regulations - they don't provide for separate rules on uses and disclosures of PHI. That's a very broad overstatement again about "almost no way to keep the data away."

    And are you really opposed to most of the disclosures listed there (e.g., a serious threat, like a patient's statement that they're going to go on a shooting spree)?

    It's not that the government just gets to claim a basis for PHI and then get it - the covered entity/business associate holding the PHI has to determine that there's a legitimate and lawful purpose under HIPAA and state law.

    There are additional restrictions beyond what you see in the document - take a look at the Office for Civil Rights summary here: http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html (see "permitted uses and disclosures")

    Or if you want to read the relevant portion of the rule itself, go here to see the more detailed restrictions than those that appear in the notice of privacy practices you cite: http://www.gpo.gov/fdsys/pkg/CFR-2012-title45-vol1/xml/CFR-2012-title45-vol1-sec164-512.xml
    Note also that the HIPAA Privacy Rule was just revised - you had an opportunity (now closed) to comment on the proposed changes back in 2010.

  15. Madison Libertarian:

    Take a look at the actual rule, which I just linked to below. Your comment about restricting legitimate uses - at least for the examples you cite - isn't true. Health care providers are permitted to disclose your PHI to other health care providers for the purpose of treatment, and the usual "minimum necessary" limitation (i.e., that the use or disclosure must involve the minimum amount of PHI necessary to accomplish the purpose of the use/disclosure) does not apply to such treatment disclosures.
    Also, I've already explained how your wife can easily provide permission for you to speak on her behalf - see my initial comment below.

  16. marque2:

    If they can freely give the info out for legitimate use, why do I always have to sign a release form for this purpose? I guess the doctor's attorney's are stupid. Next time I have to fill out such a form, I'll just refer them to you instead.

    And yes, I would have to badger my wife to fill out a release form for a period of no more than a year. No popping on the phone doesn't work, because many doctors offices don't have a good way to verify who you are over the phone. We had a problem last month where my wife called my child,s pediatrician to get info about my daughter for another doctor, and the pediatricians staff refused to give the info over the phone since they couldn't identify my wife. Seriously I am having these problems - not just making it up

    You are living in an idealistic legal world. And maybe these doctors are all wrong in the way they implement the rules but then they are scared about the law - and being over precaution then, so the result is - even if they don't legally have to, I am being denied information I should be able to get.

  17. marque2:

    Reading this makes me even more scared.

    I stand by what I said, based on the information you provided and encourage everyone reading this to look at


    as suggested byMadison Libertarian for yourselves.

    The only way you can think this not frightening is if you assume the government and government intent is always totally benign. Nah, they wouldn't ever not tell folks they syphilis or spray disease in a community to see how populations react. Right?

  18. skhpcola:

    Larry is the embodiment of the typical leftist low-information voter. He stocks up his arsenal with all sorts of links to partisan and BS data, spews them out like a good automaton, and smugly acts like he's defending his sophomoric and thoroughly ignorant ideology. You can't reason with him, because he is blissfully and proudly a dumbass. He first and foremost reflexively defends statist policies, regardless of the evidence. Typical progtard trash.

  19. Madison Libertarian:

    I don't know the details of your specific requests for information or records or the potentially over-cautious providers you work with - I can tell you what I advise my clients and what the law says. I don't understand why your wife can't just vouch for you? Presumably the provider can verify her identity?

    Settle down - I'm in no way suggesting other attorneys are stupid.

    Regarding treatment disclosures, take a look at the permitted disclosures section of the link I sent you earlier - treatment disclosures are a very clearly permitted disclosure without required authorization from the patient. Perhaps your disclosure was not for treatment but for another purpose?
    In any event, I can assure you I'm not living in some "idealistic legal world," although I don't understand how you can make such a ridiculous suggestion. I work with hospitals and clients on a daily basis on privacy matters - I'm not sitting in a law school writing articles or doing stale legal analysis with no application to the real world.

  20. Madison Libertarian:

    Alex Jones? Is that you? Believe me, I'm a skeptic when it comes to the government, but this discussion has officially derailed as of your last comment. Toodles.
    By the way, if you want to know how your health care provider has disclosed your information, ask them for an accounting of disclosures. The same OCR site I directed you to before has relevant information.

  21. Goober:

    Or even better yet: "none of your goddamned business." As politely as possible, of course.

  22. LarryGross:

    re: "accessing your data"

    your cell phone records, your DMV info, your tax info, your gun registration issue, your toll road transponder info, .. I'm sure I've left out a few..... Hell.. they can even scan your license plate anywhere they set up the equipment.

    so DUDEs - you're ALREADY TOAST! Don't ya'll watch NCIS? ;-)

    so you're die in the ER to keep the govt - AND the docs from seeing your Medical Records?

    Now THAT's WHAT I call a REAL Conspiracy! ;-)

  23. marque2:


    Youtube of it.

    And what do you know, US government apologizes for infecting folks with disease in Guatemala!

    And here is the wiki on that

    And wait, Here is a TV station doing a report on the US government spraying of the projects with some chemical in ST Louis
    Army did it - the TV station is interviewing the victims.

    Here is a wiki on human testing of radiation

    And the FDA has the right to monitor drugs to see how they are being prescribed in different areas per your link, and get your medical records if you use certain drugs. Hmm, it could never happen again. Spray some chemical around and use the FDA authority to see how far and wide skin cream medication is being used? And health departments could get these records for research. It isn't so far fetched and conspiratorial as you might think.

    Surprised you don't know any of this
    And surprised you think that document you referenced is so mild.

    TTFN back at you!

  24. marque2:

    I forgot, you think these are all old things, the government was doing/monitoring. Well just a few years ago EPA did illegal human testing with pollutants that sent some asthmatics to the hospital


    So this HIPAA allowing the government to monitor drugs and various diseases is really just OKey dokey? The trust has been abused many times before and continues to be abused.

  25. Berourke:

    Don't forget Bill & Hill and the FBI files

  26. mesaeconoguy:

    Larry, you finally got one right.

    Your conclusion is completely wrong, and is fatuously moronic in its justification.

    Correct, people are already tracked to an enormous degree. Just because that is true doesn't make it right, or good.

  27. Chrispy:

    Electronic medical records sound nice at first, but they're really a terrible idea, even if you ignore the privacy issues. EMRs are enormously expensive. Anything saved on filing physical records is more than made up for by hiring computer tech people. Doctors hate them; they end up spending more time typing on the computer than treating patients. About the only thing EMRs have going for them is that they might prevent someone from getting a medication they're allergic to Of course that only applies if the information is already in the system AND if the nurse checks it before administering the drug (which no-one ever does). Nation-wide access to any provider in the country is a ridiculous pipe dream that will never happen in my lifetime.

  28. LarryGross:

    are paper medical records also useless?

  29. Ron H.:

    Absolutely right. It's always best to address people directly by name or title when answering such impertinent questions, as in "It's none of your goddamned business - asshole."

  30. teapartydoc:

    I'm on the inside on this. I work for one of the mega ACO/ university medical conglomerates that seem to be taking over many states as a surgical sub-specialist. If you are a conspiracy theorist and you have some preconceptions about health care, I can tell you that you need to look up Muggeridge's Law, because there is no outlandish nutty conspiracy theory you can come up with that is even half as bad as what is actually happening, even without any conspiracy per se. Everything that is happening is based on a fallacy and that fallacy is the application of analytical thinking to the exclusion of anything else to life in general and everything in particular. It is the idea that everything can be understood and in turn manipulated in expectation of a particular predicted outcome by the breaking down of anything one chooses into it's constituent parts and manipulating them. It is the attempt to use scientific methods on things that are not suited for those methods. The problem is the conceit of the actors involved that they can do this and that it is their destiny to do so. It is another manifestation of historicism as criticized by Karl Popper. These people have big money behind them, and a fascist government at their beck and call. Ultimately this will fail. Hopefully it will fail before it is able to suck us all into the maelstrom. My advice? Vote for state legislators who will refuse to form state exchanges, and governors who will refuse to implement the law. Keep your kids away from the big state colleges that are in the health care business as much as you can to deprive them of money. Send them to community college for a year or two before sending them to the indoctrination centers, if you have to eventually. Use medical facilities and doctors who are unaffiliated with these mega-groups. I don't care if my business hurts, personally. I have all I can do anyway. The point is to starve the beast while it gets weaker, and with declining revenues, it will.

  31. LarryGross:

    what kind of gobblygook is this? This is a simple thing. Do you think that when you get treated by a doctor
    that having access to your medical records is important? Or do you think they are not and are simply bureaucratic paper shuffling? When any of you visit a doctors office - do you ever notice how many people are in the office and how many folders are on the wall? Do you wonder how those folders are updated ? Would you wonder if you were in another city and got sick and went to the ER that those records might be important to the new doctor treating you? If you were unconscious or so sick you could not recount all the things that ever happened to you like your vaccinations or allergies or prior sicknesses like chickenpox or measles, do you think it might be important for the doctor in making decisions about how to treat you?

    this is nutty. It has little to do with whether paper records are converted to shareable electronic records, this loony tune stuff is essentially about whether medical records themselves are important.

    If you feel that the medical records themselves are not important then I congratulate you for consistency in the anti-electronic stance but if you think your medical records are important then what kind of sense does this make? You are in another city. Your child is sick. You cannot remember exactly what the doctor said when he go sick before - and your view is that the records are not important?

    this whole anti-govt conspiracy deal is just plain loony tunes.

    If you bank, your account is kept on electronic records. If you use a credit card, electronic records. Cell phone -electronic records, passport- electronic records, airline reservations - electronic records, your own health insurance - electronic records, prescriptions - electronic records, your license plate and drivings license, ditto.... just about everything you do now days results in the creation of an electronic record - and yes.. the govt can get to any/all of them but what kind of sense does it make to have all these other electronic records and not medical records when it might come to saving your own life?

    this is just plain dumb... sorry.. it is.

  32. Steven Greffenius:

    Excellent post. Thanks.

  33. hllm:

    When asked about something I do not wish to share, the old standby, "I can't recall" is repeated until the questions cease.

  34. Ted Rado:

    It would be a blessing if all my medical records were available to health professionals everywhere. I have had to go to the ER on several occasions when out of town. I don't understand everyone's alarm over this issue. The IRS has all your financial records and does not divulge them.
    The fact that a medical professional could retrieve my records is not a threat; it is an asset for quick, accurate treatment in an emergency.
    If there are things in your medical records that could be an embarrasment (STD, unwed motherhood, etc.), everyone probably knows about it anyway. Further, doctors MUST report STD's to the authorities. It seems to me that the bebfits FAR outweigh any privacy issues.
    It would be an easy matter to made divulging medical records to unauthorized people a felony, if thet would make the idea more acceptable.

  35. marque2:

    Because the government has a bad history of spreading disease and monitoring the results. See some of my posts below. Do you want throw a vial of disease in a city, and monitor the drug use to see how the disease spreads? Well the government has done it and HIPAA allows that, and though many of these studies were in the 1930s - 1960's the EPA did illegal human testing just a few years ago. As long as the monitoring is for a PC purpose it is OK (used to be OK for military purpose - how times have changed. )

  36. marque2:

    ?? The issue is government grabbing the info. Electronic makes it much easier to do.

  37. marque2:

    But they are doing it in 4000 planets and 400,000 countries across the Universe, so it must be OK.

  38. marque2:

    We have a lawyer who is also oblivious to the problem because he is reading between the lines that what is stated won't/can't happen probably because the government is so benevolent.

  39. Pradeep Misra:

    Nice and informative information shared by your blog. I really appreciate it.
    Integrated EHR with Billing
    Integrated EMR with Billing