EHR Privacy Debate Heats Up

CurtMonash writes "The New York Times reports on President-Elect Obama's continued commitment to electronic health records (EHRs), which on the whole are a great idea. The article cites a number of legislative initiatives to deal with the privacy risks of EHRs. That's where things start to go astray. The proposals seem to focus on simply controlling the flow of information, but from a defense-in-depth standpoint, that's not enough. Medical care is full of information waivers, much like EULAs, only with your health at stake. What's more, any information control regime has to have exceptions for medical emergencies — but where legitimate emergencies are routine, socially-engineered fake emergencies can blast security to smithereens. So medical information privacy will never be adequate unless there are strong usage-control rules as well, in areas such as discrimination, marketing, or tabloid-press publication. I've provided some ideas as to how and why that could work well."

i can see it now

[ionix5891]

$emails = $DB->get('SELECT email FROM records WHERE records.dysfunction LIKE "%erectile%"');

foreach( $emails as $email ){

      mail($email, 'hello i hear you are in need of herbal via....');
}

Re:The temporal framework

[MadKeithV]

To counteract that problem, I change my DNA and fingerprints every few weeks, together with my windows login and password.

Re:i can see it now

[swillden]

LOL.

Exactly one of the things I suggested be made illegal.

Spam is already illegal, so that problem is taken care of.