In the developing world, access to a patient's medical records can mean the difference between life and death. Poor countries sometimes have high rates of AIDS and multi-drug-resistant tuberculosis, which require complicated drug regimens. To treat people with these illnesses, physicians need to see lab results; they need to know what drugs the patient has already taken and whether they worked. In many poor countries, however, medical records are hard to come by. If paper charts exist, they are often illegible, incomplete or inaccessible.

Electronic medical records have been touted as one solution to this problem. The systems can improve patient care, but they also raise questions about privacy. And although the World Health Organization (WHO) is seeking to address privacy concerns, gaps in legislation have already created ethical dilemmas in countries such as Haiti.

At least two dozen developing countries already have some type of electronic system in place, thanks in large part to an open-source program developed as part of a collaboration between the Boston-based nonprofit Partners in Health and the Regenstrief Institute, a research foundation affiliated with the Indiana University School of Medicine. Electronic records are typically encrypted and protected by passwords, but, if an individual does gain access, he or she can easily steal hundreds if not thousands of medical records—a feat that would be nearly impossible with a paper-based system.

Joaquin Blaya says that when he and his colleagues implemented a web-based system in 2006 to improve communication between laboratories and health centers in Lima, Peru, the question of privacy came up again and again. “People just assume that anything electronic is less private,” says Blaya, a research fellow at Partners in Health and Brigham and Women's Hospital in Brookline, Massachusetts.

However, he explains that electronic records can, in some cases, provide greater privacy protection than paper records. In Peru, researchers used to go from village to village collecting paper charts from various health centers as part of a study on multi-drug-resistant tuberculosis. Had they lost those files, the data would have been accessible to anyone. Now, however, they use handheld PDAs with password protection. Blaya coauthored a paper published last month on the promise of e-health in developing countries (Health Aff. 29, 244–251, 2010).

In some cases, the very attributes that make electronic records a privacy risk—portability and accessibility—also provide enormous benefit. After a contested election in 2007, Kenya erupted in ethnic violence. In such situations, “there's always a fear that public records of any sort could be used to target populations for abuse,” says Christopher Bailey, the WHO's coordinator for healthcare informatics. In Western Kenya, however, the electronic medical records system allowed health workers to distribute antiretroviral drugs to HIV-infected people in the refugee camps. “These are people who had lost their families, lost their homes. But the one thing they had in their pocket was their patient card,” Bailey says.

True to type: Medical files get uploaded Credit: Istockphoto

Few developing countries have passed laws to ensure that medical records remain confidential. The WHO is working with its member states to help them adopt policy that protects the population “but at the same time doesn't unintentionally limit efforts to strengthen the health system,” Bailey says. “We have an opportunity with the developing world to get the policy right in the early days so that we don't face some of the fragmentation and confusion that is somewhat institutionalized in developed settings.” Still, Bailey says, privacy policies shouldn't be seen as a prerequisite to the implementation of electronic records. That sends a message that the developing world isn't ready for twenty-first-century technology, he says.

In the absence of national laws, however, questions can arise about appropriate use of patient data. One health systems expert, who spoke on the condition of anonymity, said that before the earthquake in Haiti the country's government had requested that organizations working in the country provide the medical records of individuals infected with HIV. Health officials hoped to use the data to build a national database to calculate HIV prevalence and other statistics. Many organizations complied, but others were uncomfortable handing over data without the patients' consent.

Before the earthquake hit, Haiti's government was working to pass privacy laws that provide clear-cut rules on how the data can be used. But as the country struggles to rebuild, the fate of such privacy protection remains in limbo.