sents recommendations for improving the privacy and security of health information. Although a number of the recommendations are directed specifically to electronic health information, many are equally applicable to the protection of paper records.
Finding 1: Information technology is becoming increasingly important in improving the quality and lowering the costs of health care; attempts to protect patient privacy must therefore center on finding ways to protect sensitive electronic health information in a computerized environment rather than on opposing the use of information technology in health care organizations. As the site visits conducted for this study attest, the shift to integrated health care delivery systems and managed care creates a growing demand for electronic health information and for data networks capable of transferring data within and across organizations. Electronic health information allows such organizations to better analyze data for such purposes as improving care, monitoring the quality of care, analyzing the utilization of health care resources, and managing health benefits. Care providers claim that the availability of health information on-line helps them enhance the quality of health care delivery, as well as its efficiency. Patients will see the advantages of integrating and sharing data across the institution as they begin to receive a greater proportion of their care within integrated delivery systems. The application of information technology to health care is expected to help reduce the cost of administering care.
Each of the organizations visited as part of this study has ongoing programs to expand the use of information technology for clinical care and administration; all reported positive benefits of such applications. As long as health care organizations continue to find value in these activities, whether by improving the quality or reducing the costs of care, strong incentives will exist to pursue them. Thus, although opposition to the use of electronic medical records may succeed in delaying their widespread adoption, in the long run expectations of enhanced quality and improved efficiency, combined with economic pressures, are likely to dominate. From a policy perspective, it therefore makes far more sense for the health care system to find ways to handle legitimate privacy and security concerns without foregoing the benefits of information technology.
Furthermore, properly implemented EMRs offer great potential for improving the security of health information and the privacy of patients. EMRs allow the use of technical mechanisms to either impede unauthorized access or deter potential abuses. For example, authentication and access control technologies can help ensure that access to health informa-