[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Confidentiality Policies

  At 06:57 AM 5/8/96 -0400, you wrote:
  >I recommend to my friends, "Don't ever do anything on, at or near a computer
  >that you would not wish to be broadcast to the world."
  The solution to any individual not wanting their medical records (or credit
  or financial records) held in a computer of some sort is to not accept the
  benefits of participating in that system.  Find and use a doctor who does
  not use computers, with labs that do not and hospitals that do not and
  imaging labs that do not, pay with cash and take your records with you.  You
  will have the anonymity and freedom that people could enjoy 75 years ago -
  with, unfortunately, the level of care of 75 years ago. (You also can have
  no phone, no credit card, no bank account, no insurance, no pension plan)
  Life is changing and we must learn to cope with the different challenges
  that are the side-effects of the changes. 
  An observation: Please note that the portion of the medical community that
  is most insistent on absolute security and confidentiality without regard to
  the effect on the efficiency of providing care is the
  psychiatrists/psychologists. Their specialties depend almost not at all on
  technology and functions, on a mechanical level, the same now as 75 years
  ago.  Removing technology from their medical practice, except for the
  relatively infrequent lab test, would not much hinder the care.  Virtually
  every other type of health care provider depends on information technology
  in some crucial way to do her/his job more efficiently or even at all.
  >I predict that within the next 20 years the USA will experience a colossal
  >medical-records scandal, as the result of a single criminal act, resulting in
  >the records of 100 million or more people being irretrievably broadcast to 
  >the whole world on the Internet.
  Having looked at bazillions (a technical term for many) medical records, I
  can confidently predict, that all 100 million records will have gazillions
  (a technical term for even more many) of useless boring, inscrutable
  factoids about anonymous people - like their weight or temperature or the
  size of the blemish on their butt (another technical term).  Yes it is to be
  avoided, yes it is wrong, No, the possibility or scale of any damage is
  completely unpredictable. 
  What must be protected against is not the mass exposure of data by evil
  hackers but the use of data for incorrect purposes by entities who get the
  data in ways that are currently legal. 
  By waving large and smelly red herrings, the focus of the security effort
  will be shifted from the real and difficult problems of properly restricting
  access without hurting health care to much simpler, more familiar and more
  fun problems of safe-guarding systems against evil-doers.  
  The purpose of the health care industry is to provide care. The purpose of
  information technology is to make the care better and more efficient. The
  purpose of security and confidentiality safeguards are to protect the rights
  of the individual against unwarrented intrusion. It is impossible to
  construct a system which maximizes each of these unless those involved
  understand the issues and the technology and accept that compromises must be
  made by all sides and that all sides are honorably intent on doing their job
  Predicting a catastrophe is a no-lose action. Nothing is invested but
  hot-air through the vocal cords.  
  The real challenge is to improve security and balance the costs against the
  effects on efficiency so that all stakeholders can live with the results.
  Lew Lorton
  a member of the health care community and a patient