[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Confidentiality Policies
At 06:57 AM 5/8/96 -0400, you wrote:
>
>I recommend to my friends, "Don't ever do anything on, at or near a computer
>that you would not wish to be broadcast to the world."
The solution to any individual not wanting their medical records (or credit
or financial records) held in a computer of some sort is to not accept the
benefits of participating in that system. Find and use a doctor who does
not use computers, with labs that do not and hospitals that do not and
imaging labs that do not, pay with cash and take your records with you. You
will have the anonymity and freedom that people could enjoy 75 years ago -
with, unfortunately, the level of care of 75 years ago. (You also can have
no phone, no credit card, no bank account, no insurance, no pension plan)
Life is changing and we must learn to cope with the different challenges
that are the side-effects of the changes.
An observation: Please note that the portion of the medical community that
is most insistent on absolute security and confidentiality without regard to
the effect on the efficiency of providing care is the
psychiatrists/psychologists. Their specialties depend almost not at all on
technology and functions, on a mechanical level, the same now as 75 years
ago. Removing technology from their medical practice, except for the
relatively infrequent lab test, would not much hinder the care. Virtually
every other type of health care provider depends on information technology
in some crucial way to do her/his job more efficiently or even at all.
>I predict that within the next 20 years the USA will experience a colossal
>medical-records scandal, as the result of a single criminal act, resulting in
>the records of 100 million or more people being irretrievably broadcast to
>the whole world on the Internet.
>
Having looked at bazillions (a technical term for many) medical records, I
can confidently predict, that all 100 million records will have gazillions
(a technical term for even more many) of useless boring, inscrutable
factoids about anonymous people - like their weight or temperature or the
size of the blemish on their butt (another technical term). Yes it is to be
avoided, yes it is wrong, No, the possibility or scale of any damage is
completely unpredictable.
What must be protected against is not the mass exposure of data by evil
hackers but the use of data for incorrect purposes by entities who get the
data in ways that are currently legal.
By waving large and smelly red herrings, the focus of the security effort
will be shifted from the real and difficult problems of properly restricting
access without hurting health care to much simpler, more familiar and more
fun problems of safe-guarding systems against evil-doers.
The purpose of the health care industry is to provide care. The purpose of
information technology is to make the care better and more efficient. The
purpose of security and confidentiality safeguards are to protect the rights
of the individual against unwarrented intrusion. It is impossible to
construct a system which maximizes each of these unless those involved
understand the issues and the technology and accept that compromises must be
made by all sides and that all sides are honorably intent on doing their job
well.
Predicting a catastrophe is a no-lose action. Nothing is invested but
hot-air through the vocal cords.
The real challenge is to improve security and balance the costs against the
effects on efficiency so that all stakeholders can live with the results.
Lew Lorton
a member of the health care community and a patient