Slashdot Log In
EHR Privacy Debate Heats Up
Posted by
Soulskill
on Mon Jan 19, 2009 08:15 AM
from the doctored-files dept.
from the doctored-files dept.
CurtMonash writes "The New York Times reports on President-Elect Obama's continued commitment to electronic health records (EHRs), which on the whole are a great idea. The article cites a number of legislative initiatives to deal with the privacy risks of EHRs. That's where things start to go astray. The proposals seem to focus on simply controlling the flow of information, but from a defense-in-depth standpoint, that's not enough. Medical care is full of information waivers, much like EULAs, only with your health at stake. What's more, any information control regime has to have exceptions for medical emergencies — but where legitimate emergencies are routine, socially-engineered fake emergencies can blast security to smithereens. So medical information privacy will never be adequate unless there are strong usage-control rules as well, in areas such as discrimination, marketing, or tabloid-press publication. I've provided some ideas as to how and why that could work well."
Related Stories
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
EHR from a software testing point of view (Score:3, Informative)
I saw this [case.edu] the other day. Basically, a pair of professors, one in law and another in computer science (specializing in software testing) are trying to bring the problems with EHR to a wider audience.
They call for testing and certification of EHR systems (Though thankfully not through the FDA).
It'll be interesting whether anyone listens to them.
i can see it now (Score:5, Funny)
$emails = $DB->get('SELECT email FROM records WHERE records.dysfunction LIKE "%erectile%"');
foreach( $emails as $email ){
mail($email, 'hello i hear you are in need of herbal via....');
}
Re: (Score:2)
LOL.
Exactly one of the things I suggested be made illegal.
Re: (Score:3, Funny)
LOL.
Exactly one of the things I suggested be made illegal.
Spam is already illegal, so that problem is taken care of.
Re: (Score:2)
Might not be spam. ALL marketing based on medical information should be illegal, with only the narrowest of carve-outs for your actual healthcare providers.
Re: (Score:3, Interesting)
Might not be spam. ALL marketing based on medical information should be illegal, with only the narrowest of carve-outs for your actual healthcare providers.
Which will work just fine with respect to traditional marketing channels, but will be as effective against much Internet-based advertising as CAN-SPAM is against spam.
I have no objection to legal protections, but laws are insufficient. Actually, I do have one objection: laws often provide a false sense of security, and occasionally even work against the interests of the people they're supposed to protect.
What we need to assure the privacy of medical information is technological means to place the contr
The temporal framework (Score:5, Insightful)
One of the problems with EHR is that it potentially follows you your entire life.
If information about your economic status, familiar situation, physical location, customs, etc. Usually becomes unreliable after some time. A leak on those informations slowly loses effect.
Medical information, however, is permanent in many cases. A single leak of a person's data can have fresh information for, literally, a lifetime.
Re: (Score:2)
Re:The temporal framework (Score:4, Funny)
Parent
Re: (Score:2)
>>>A single leak of a person's data can have fresh information for, literally, a lifetime.
Go watch GATTACA for an example. Yeah sure they had laws to forbid discrimination against employees who had bad medical records, but since when do corporations follow the law? It is easy to make-up other excuses:
"This guy has a high history of heart problems according to his government file, so let's not hire him."
"We need a better excuse then that."
"Um... he doesn't know how to program Cobol."
"Yeah that wil
Seperate nationwide network (Score:5, Interesting)
banking has a network for wire transfers that is not accessible from the internet. Make electronic medical records transferable and accessible only from within a closed off network. Then information can not be stolen from an outside attacker and you are left with the same risk you had before, insiders stealing data.
Re: (Score:3, Interesting)
I think the medical system warrents it as well.
As part of the EMR legislation, there is no reason that a network connecting hospitals over an air-gap netowrk could not be included with funding. If they want to go as far, they can even fund dr's offices getting connected.
Re: (Score:3, Informative)
The idea of a separate network is a great idea actually. The best I have heard so far. However, it does not need to be air-gapped.
This can be created with funding and some strict certification programs for manufacturers and service providers. I see no reason that access to these networks cannot be accomplished through VPN circuits offered by local ISPs. The idea being to make it suitably difficult for someone outside the network to hack it. Not so ludicrously difficult it requires Tom Cruise and Ving R
Welcome to the 20th Century, USA. (Score:5, Interesting)
This has been in place in many other countries for years, including the UK where - for all the bureaucracy and wastage of the NPfIT [wikipedia.org] initiative - it's been largely successful.
The system isn't perfect, and human error is the main source of problems and breaches (as ever), but the benefits have so vastly outweighed the risks that I'm surprised this is even being debated.
Most importantly, all the problems envisaged by critics have already been anticipated, encountered and (largely) overcome in other countries. Take a look outside your borders and learn a few things. Find out what works and what doesn't, and use the mistakes of others to build a better system. Just don't start panicking over nothing. This is not a pioneering initiative, in global terms.
Re: (Score:2)
I hear a lot of UK citizens complain about Parliament's healthcare. One guy said, "We're treated as just another cog in the machine, and if the bill costs too much the politicians have decided to send us home without care so they can save money. This happened to me several times."
Re: (Score:3, Insightful)
There is a private health-care industry in the UK - and it's growing all the time, out of sheer necessity. It's just prohibitively expensive for the proles, especially given that we already pay for the NHS, which is chartered to provide for every person's health-care needs.
"From the cradle to the grave" used to be an unofficial slogan, back in its more socialist hey-day. Now it's more of a grim prediction...
Many people have private insurance. (Score:3, Interesting)
I am by no means rich and have been privately insured all my working life in the UK.
When I need to be treated quickly I go for private insurance, for long term treatment I rely on the NHS.
Re: (Score:3, Insightful)
The difference being that Americans have been fed so much corporate propaganda about healthcare and political propaganda about expansion of government services, that they just dismiss successful programs overseas as impossible or astroturf right-wing talking points about "how they dont really work." You'll see this in replies to your post in 3...2...1...
DRM based OSes (Score:3, Interesting)
Essentially what you need is DRM. The data is only available on a limited number of machines and then strictly limited in what you can do with it, with strong audit trails. Not using general purpose computers but rather devices might help.
But in the end I don't think this is likely to work, the incentives for hacking are too strong and the distribution has to be too wide. EHRs mean that there will be substantially less medical privacy in exchange for better medical care and lower costs (70b-300b / year). That doesn't seem like a bad trade.
Re: (Score:2)
the incentives for hacking are too strong and the distribution has to be too wide.
Hence the need for strong laws to add to the DISincentives for hacking.
Re: (Score:2)
I don't see that as likely working. The main problem is the only crimes the US law enforcement seem to really care about are speeding and murder.
A produces a legit machine which can access records
B produces a machine that spoof being a machine of type A but also copies the records off via email.
C owns a medical office
D get a job in C's office as a receptionist. and replaces A's machines with B's machines over a period of a week. D then quits and gets a job at another office....
E lives outside the US and
Re: (Score:2)
There's only so strong you can make the laws. You can make the penalty death and forfeiture of all property to the state, but if the incentives FOR it are strong enough, and the chance of getting away with it perceived to be good enough, it'll happen anyway.
Why does the information need to be centralized? (Score:5, Interesting)
Whose information is that?
The patient's.
Who should control it?
The patient.
Any other solution should not be allowed to prevail.
An intelligent card, easy to back up at home and protected by well thought of security mechanisms is all what is needed.
There is no need for massive centralized databases, you just send the encrypted information to the person that needs to see it in an "as needed basis", perhaps by swapping your card in terminals connected to a private network that allows the sharing of this data.
Re: (Score:3, Interesting)
I completely agree. I do not understand, whatsoever, how it is burdensome for a patient to bring their medical records to their doctor. The doctor and/or hospital keep those records privately; access and review/add to them when necessary--- and if the patient needs to see another doctor, they can get a copy and carry them on over to the new doctor.
This is how it already works; this is NOT a big deal.
Re: (Score:3, Interesting)
> What if the patient loses his/hers card?
What if the government or insurance company loses the card?
> What if his in an emergency and happens not to walk with that card in the pocket?
Gee, I don't know. What do they do now?
> Also, these information is not relevant only when the patient is in front of a
> doctor - sometimes, the case is reviewed by a board, or acessed for preventive
> care... or for scientific research or juridical purposes.
Did I consent to my medical records being public or se
Dangers of EHR (Score:5, Interesting)
Parent
Re: (Score:3, Insightful)
It cuts both ways. With electronic records some cross-checks are possible, such as checking prescribed drugs for interactions, or perhaps even checking that the symtoms and/or treatment really match the diagnosis.
Re:Dangers of EHR (Score:4, Insightful)
It also provides accurate records of those mistakes. The lack of medical information following you is going to be FAR more dangerous than a mistake in that record. Picked up on emergency? Can't talk? I hope you don't have any allergies or you could be killed by the response team. Heart condition, diabetes, etc... The number of circumstances where NOT having this information readily available is extremely dangerous outnumber your circumstances by a large factor. Nevermind that EHRs can be corrected and probably far easier than the existing mess of paper records.
In other news, going outside your house is extremely dangerous. For that matter, just staying inside your house is extremely dangerous. Driving to the store for food is extremely dangerous.
Parent
Re: (Score:2, Insightful)
Re:Dangers of EHR (Score:4, Insightful)
Read the stories who have had their Credit Records hijacked with false information, and their inability to get loans due to that.
Now imagine the same thing with Medical records, but instead of just inability to get a loan, now you cannot get a job because your employer thinks you suffer from paranoia ("it's right there in your record Mr. Smith, it must be true. I'm sorry but we can't hire you."). For that matter the employer might not even tell you the reason. They might just never call back.
You may think this sounds absurd, but the same thing is happening now with the internet, where employers are digging-up 10-15-20-year old posts or photos from the net, and using them as justification to not hire someone. ("We found this photo of you drinking beer in a frat party in 1995. It's at the psu.edu/alphadelts website. We can't hire you as a teacher. Sorry.")
Parent
Re: (Score:3, Interesting)
Re: (Score:3, Informative)
Re: (Score:3, Interesting)
The thing is there is likely embarrassing stuff on most people's medical records.
A used to use drugs
B had a horrible depression
C has a fatal disease that kill them over the next 10 years
D got an STD at a sex party
etc...
Right now people freely talk about physical injuries they got from reckless behavior. It could be that with leakage mental disorders stop being something that people have more embarrassment about discussing.
Re: (Score:2)
A used to use drugs
B had a horrible depression
C has a fatal disease that kill them over the next 10 years
D got an STD at a sex party
A - I'm not hiring drug addicts in my company.
B - I'm not hiring him. He may have a depression during some important project.
C - I'm not hiring him. What if he dies before finishing the project?
D - I'm not hiring perverts in my company.
No, I don't think people will freely discuss their medical records.
(replace hiring with promoting for post interview discussion)
Re: (Score:2)
Exactly why we need anti-discrimination legislation in ADDITION to privacy protections.
Re: (Score:2)
Exactly why we need anti-discrimination legislation in ADDITION to privacy protections
Anti-discrimination laws aren't working, right now. What makes you think they'll start working if we make discrimination much easier and much (really, very much) more profitable?
P.S.: I speak from the PoV of Spain; maybe in the states anti-discrimination laws really work and saying you're two month pregnant during a job interview wouldn't alter the result in the least.
Re: (Score:2)
Exactly why we need anti-discrimination legislation in ADDITION to privacy protections
Anti-discrimination laws aren't working, right now. What makes you think they'll start working if we make discrimination much easier and much (really, very much) more profitable?
P.S.: I speak from the PoV of Spain; maybe in the states anti-discrimination laws really work and saying you're two month pregnant during a job interview wouldn't alter the result in the least.
Fair enough. But I was talking about discrimination for smaller factors, such as mere statistical risks of ill health.
You're right that anti-discrimination for gross disabilities is only partially successful. In the US it's the Americans With Disabilities Act.
Re: (Score:2)
anti-discrimination legislation
Anti-discrimination legislation will never work.
"Your honor, I did not not hire him because of his genetic defects, it's simply because he wasn't a perfect fit for the job. We found somebody who types faster."
Problem solved.
Re: (Score:3, Insightful)
HR managers (or bosses or small business owners) already violate all kinds of laws against discrimination. What makes you think they'll just suddenly stop when they learn you have heart problems? They'll discriminate then, just as they discriminate now in regards to color, sex, religion, and so on.
Over in my local university, Millersville PA, they refused to hire an adjunct teacher because she posted a photo on her myspace.com where she was drinking beer. She tried to sue, but the court determined they c
Re:Dangers of EHR (Score:4, Insightful)
The thing is that everyone is an A,B a C or a D.... You have to hire someone.
Parent
Re: (Score:3, Insightful)
Once everyone's records are out there everyone ends up having bad stuff.
Solution to a problem that a patient doesn't have (Score:3, Insightful)
Have you ever read your records?
They ALL have errors. And omissions. Lots of them. Often important ones. There is even relevent information that is not included with them.
It won't get better with electronic records. It will probably get worse (one universal input format). The (unwilling) doctor will be expected to enter the information into the computer. As a result, the information will be notated on paper or recording device (more errors) and transcribed (yet more errors). Then any information tha
Re: (Score:3, Insightful)
having a record of "nope, not that" helps any other doctor know what has already been ruled out.
Apparently you watch enough house to quote it, but not enough to know that a chart with records of what it's not will only make doctors less thorough! What if the test was done wrong? Do it again! "But we already did the test." Test again!
Re: (Score:3, Insightful)
I absolutely agree. The point of getting a second or third opinion is not to have them use the first opinion in their diagnosis. Not even your auto mechanic should do that. If you take your car in and say it sounds like the transmission and all your mechanic does is check the transmission, he's a shitty mechanic.
Records are good, but they are of limited use for most people, most of the time. Sure that medica-alert bracelet is almost ALWAYS useful in medical emergencies, so would a bracelet with USB/MicrSD c
Re:Dangers of EHR (Score:4, Insightful)
You're doing it wrong, then. You seem to think that you're third opinion doc is supposed to think up everything de novo? Repeat all the tests the other docs did? Repeat all the other drug trials the other docs did? You would end up in a room with many corridors, all alike. You would go back and forth. And never get out.
While there are certainly times that the second / third / x+1 opinion really looks at things in a totally new and different light and comes up with the one absolutely unusual little tidbit that everyone else has overlooked, the much more usual scenario is that 1) either the problem goes away 2) the problem now is so obvious that even your teenage daughter can figure it out or 3) the other docs have tried several reasonable things and by a process of elimination (rather than deduction or induction), the answer becomes more apparent. You want to keep re inventing the wheel?
You just might want to let the nice trained medical professional skim an accurate and complete history and then let him or her decide what parts of it are useful to the current encounter, perhaps? Maybe?
Well, the danger, if you will, would be that you would have an enormous amount of information in the chart that we would have no idea WTF to with it. I don't think the danger lies in the sequence information - it's the data interpretation which would give you risking data for various ailments. It would likely help you and your primary care doc carefully review what you should be doing in your life, although the conversation likely would be on the order of "get more exercise, eat something healthy occasionally, quit smoking" that we can do quite nicely without your gene sequences. However, you don't want insurance companies to get a hold of it.
That said, the biggest problem with promulgating medical information into the "fog / cloud / Wikipedia" is that OTHER (evil, nasty) people besides medical professionals will get a hold of it. And use the information in ways that doesn't really help you. But not to worry. It's going to happen anyway.
Now, roll up you're sleeve and bend over....
Parent
Re: (Score:2)
Patients should have their health records under their control. They can then allow people to look at them (e.g. their doctor) or not as they choose. Some records will have to be kept on the doctor's side, e.g. prescriptions for controlled medications such methadone, but many records need not be.
Re:Logged in computers (Score:4, Insightful)
USA TODAY, circa 2015:
"It has reported that a laptop has been stolen, allowing thieves to gain access to over 1 million patients' records. Officials lied.... er, reassured the public that no harm has been caused."
Parent
Re: (Score:2)
I'm glad to see so much emphasis on audit trails.
I called out that point in an early post re government data use, but you guys are right that it applies in the medical case as well.
Unlikely (Score:5, Informative)
.
A doctor dictates his diagnosis into a microphone on a PC. It becomes a data file. It sits in his output queue. It is then sent to a server to be electronically signed (a Word Macro is run). It sits on it's input queue until done then sits in its output queue. Then it gets sent to an HL7 routing engine where it sits on queues. Then on to our medical database. This generates some billing info which goes to the HL7 router then on to a private company in Tennessee, which sends results to a website....
Now I'm sure there will be controls on who can get at the medical database. But what about the data whizzing around the network? Tell me about the audit trail that lets me know who saw some of the info generated by that one encounter. Because it sat on at least 7 machines in 3 states for some amount of time.
And now you want each of those machines to check to see if the patient has signed off on that machine getting the info? Good luck with that.
And if someone shows up unresponsive in the ER, how do we send the X-ray to the remote radiologist if the patient can't release the data? And if 'emergencies' override that control, expect to see EVERY encounter be an emergency.
Parent
Re: (Score:2)
>>>you shut yourself in and never gain the benefits of the technology.
Last I checked that's not even an option. You can't tell a doctor to erase your medical records from his PC, because he's reuired by Obama's new laws to keep it stored electronically.