[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Fwd: networked medical records and confidentiality: time for honesty
Med-privacy:
The following illustrates the casual and non-chalant attitude towards medical
privacy. Lately, I had a very private conversation with my neurosurgeon on
the phone. Towards the end I realized he was calling on a cellular phone.
Anyone with a scanner and a sorry attitude could use that call for any
purpose, including blackmail. In Tennessee's last Senatorial race, the
incumbent made a cellular call, in desperation to a contributor, which was
tape recorded and turned over to the nuewspapers, which gave the story front
page status.
This attitude is what will get us in trouble.
In a message dated 96-09-02 15:23:47 EDT, john@umnhcs.labmed.umn.edu (John
Faughnan) writes:
<< To: fam-med@gac.edu (Multiple recipients of list)
I received an email regarding issues of medical record confidentiality.
I've removed identifiers to protect the author's identity, but I'm
forwarding my reply to the list because the author's question is probably
more widepsread than I'd realized. I get so used to thinking about this
stuff I tend to forget no everyone works with it every day.
>Its interesting that a number of people I speak with whom are concerned
about
>the confidentiality of EMRs do not employ encryption when sending faxes
which
>include patient data and don't worry about discussing patient cases on
mobile
>cell phones which are very easy to listen in on. Furthermore their paper
>record handling is no where near as protected as they feel EMRs should be.
> Given your background on the topic perhaps you could point out the dynamic
>here to me. Any insight?
XXXXX,
I thought this issue was fairly clear from the context of my original
message. Encryption protects against non-legitimate users (hackers, spies,
etc). Non-legitimate users are NOT felt to be a serious concern. They can
be trivially managed by encryption and standard security. Their lack of
importance is why we don't invest a lot of work with encrypting faxes and
phone calls (Though, in fact, we should do more and increasingly we are
more cautious.)
The concern is access to large databases by those who have access to the
data in its unencrypted form or who may have the right to request keys
(government, insurers, etc.). The interests of the individual are
necessarily different from those of their employer, insurer, pharmaceutical
provider, state, or even physician.
These are new issues -- by virtue of the cost of wide access this was not
an issue for paper based records.
Note I do not say that government should not have the right to break
confidenitiality restrictions under certain circumstances. (I do think
that insurers should be strongly restricted, however). I wrote the note to
point out tha patients need to understand that we cannot promise them
confidentiality in this new setting.
I hope this note has clarified the issues, and given you insight into "the
dynamic".
john
--
John Faughnan >>
NOTE: to med-privacy: Need I say more?
---------------------
Forwarded message:
From: john@umnhcs.labmed.umn.edu (John Faughnan)
Sender: fam-med@gac.edu
Reply-to: fam-med@gac.edu
To: fam-med@gac.edu (Multiple recipients of list)
Date: 96-09-02 15:23:47 EDT
I received an email regarding issues of medical record confidentiality.
I've removed identifiers to protect the author's identity, but I'm
forwarding my reply to the list because the author's question is probably
more widepsread than I'd realized. I get so used to thinking about this
stuff I tend to forget no everyone works with it every day.
>Its interesting that a number of people I speak with whom are concerned
about
>the confidentiality of EMRs do not employ encryption when sending faxes
which
>include patient data and don't worry about discussing patient cases on
mobile
>cell phones which are very easy to listen in on. Furthermore their paper
>record handling is no where near as protected as they feel EMRs should be.
> Given your background on the topic perhaps you could point out the dynamic
>here to me. Any insight?
Kevin,
I thought this issue was fairly clear from the context of my original
message. Encryption protects against non-legitimate users (hackers, spies,
etc). Non-legitimate users are not felt to be a serious concern. They can
be trivially managed by encryption and standard security. Their lack of
importance is why we don't invest a lot of work with encrypting faxes and
phone calls (Though, in fact, we should do more and increasingly we are
more cautious.)
The concern is access to large databases by those who have access to the
data in its unencrypted form or who may have the right to request keys
(government, insurers, etc.). The interests of the individual are
necessarily different from those of their employer, insurer, pharmaceutical
provider, state, or even physician.
These are new issues -- by virtue of the cost of wide access this was not
an issue for paper based records.
Note I do not say that government should not have the right to break
confidenitiality restrictions under certain circumstances. (I do think
that insurers should be strongly restricted, however). I wrote the note to
point out tha patients need to understand that we cannot promise them
confidentiality in this new setting.
I hope this note has clarified the issues, and given you insight into "the
dynamic".
john
--
John Faughnan
http://dragon.labmed.umn.edu/~john/
john@umnhcs.labmed.umn.edu