EHR Privacy Debate Heats Up 182
CurtMonash writes "The New York Times reports on President-Elect Obama's continued commitment to electronic health records (EHRs), which on the whole are a great idea. The article cites a number of legislative initiatives to deal with the privacy risks of EHRs. That's where things start to go astray. The proposals seem to focus on simply controlling the flow of information, but from a defense-in-depth standpoint, that's not enough. Medical care is full of information waivers, much like EULAs, only with your health at stake. What's more, any information control regime has to have exceptions for medical emergencies — but where legitimate emergencies are routine, socially-engineered fake emergencies can blast security to smithereens. So medical information privacy will never be adequate unless there are strong usage-control rules as well, in areas such as discrimination, marketing, or tabloid-press publication. I've provided some ideas as to how and why that could work well."
The temporal framework (Score:5, Insightful)
One of the problems with EHR is that it potentially follows you your entire life.
If information about your economic status, familiar situation, physical location, customs, etc. Usually becomes unreliable after some time. A leak on those informations slowly loses effect.
Medical information, however, is permanent in many cases. A single leak of a person's data can have fresh information for, literally, a lifetime.
Re:Dangers of EHR (Score:3, Insightful)
It cuts both ways. With electronic records some cross-checks are possible, such as checking prescribed drugs for interactions, or perhaps even checking that the symtoms and/or treatment really match the diagnosis.
Re:Dangers of EHR (Score:4, Insightful)
It also provides accurate records of those mistakes. The lack of medical information following you is going to be FAR more dangerous than a mistake in that record. Picked up on emergency? Can't talk? I hope you don't have any allergies or you could be killed by the response team. Heart condition, diabetes, etc... The number of circumstances where NOT having this information readily available is extremely dangerous outnumber your circumstances by a large factor. Nevermind that EHRs can be corrected and probably far easier than the existing mess of paper records.
In other news, going outside your house is extremely dangerous. For that matter, just staying inside your house is extremely dangerous. Driving to the store for food is extremely dangerous.
Re:Dangers of EHR (Score:2, Insightful)
Re:Dangers of EHR (Score:3, Insightful)
having a record of "nope, not that" helps any other doctor know what has already been ruled out.
Apparently you watch enough house to quote it, but not enough to know that a chart with records of what it's not will only make doctors less thorough! What if the test was done wrong? Do it again! "But we already did the test." Test again!
Re:Logged in computers (Score:4, Insightful)
USA TODAY, circa 2015:
"It has reported that a laptop has been stolen, allowing thieves to gain access to over 1 million patients' records. Officials lied.... er, reassured the public that no harm has been caused."
Re:Dangers of EHR (Score:4, Insightful)
The thing is that everyone is an A,B a C or a D.... You have to hire someone.
Re:Dangers of EHR (Score:4, Insightful)
Read the stories who have had their Credit Records hijacked with false information, and their inability to get loans due to that.
Now imagine the same thing with Medical records, but instead of just inability to get a loan, now you cannot get a job because your employer thinks you suffer from paranoia ("it's right there in your record Mr. Smith, it must be true. I'm sorry but we can't hire you."). For that matter the employer might not even tell you the reason. They might just never call back.
You may think this sounds absurd, but the same thing is happening now with the internet, where employers are digging-up 10-15-20-year old posts or photos from the net, and using them as justification to not hire someone. ("We found this photo of you drinking beer in a frat party in 1995. It's at the psu.edu/alphadelts website. We can't hire you as a teacher. Sorry.")
Re:Welcome to the 20th Century, USA. (Score:3, Insightful)
The difference being that Americans have been fed so much corporate propaganda about healthcare and political propaganda about expansion of government services, that they just dismiss successful programs overseas as impossible or astroturf right-wing talking points about "how they dont really work." You'll see this in replies to your post in 3...2...1...
Re:Welcome to the 20th Century, USA. (Score:3, Insightful)
There is a private health-care industry in the UK - and it's growing all the time, out of sheer necessity. It's just prohibitively expensive for the proles, especially given that we already pay for the NHS, which is chartered to provide for every person's health-care needs.
"From the cradle to the grave" used to be an unofficial slogan, back in its more socialist hey-day. Now it's more of a grim prediction...
Re:Dangers of EHR (Score:3, Insightful)
I absolutely agree. The point of getting a second or third opinion is not to have them use the first opinion in their diagnosis. Not even your auto mechanic should do that. If you take your car in and say it sounds like the transmission and all your mechanic does is check the transmission, he's a shitty mechanic.
Records are good, but they are of limited use for most people, most of the time. Sure that medica-alert bracelet is almost ALWAYS useful in medical emergencies, so would a bracelet with USB/MicrSD card attached, but the ER nurse really doesn't need to know you had crabs last year to set your broken bone.
Imagine you are walking across a big bridge during a rainstorm and get swept over the railing through wind and clumsiness. As you are being wheeled into the ER, that is exactly the wrong time for them to read that you once tried to overdose on aspirin 25 years ago, as a 14 year old. I know, bizarre example, but there are others. I want medical staff diagnosing my problem, not my record.
How long before DNA sequencing becomes cheap enough to quickly add it to your records? What are the dangers of that?
Re:Dangers of EHR (Score:3, Insightful)
HR managers (or bosses or small business owners) already violate all kinds of laws against discrimination. What makes you think they'll just suddenly stop when they learn you have heart problems? They'll discriminate then, just as they discriminate now in regards to color, sex, religion, and so on.
Over in my local university, Millersville PA, they refused to hire an adjunct teacher because she posted a photo on her myspace.com where she was drinking beer. She tried to sue, but the court determined they can refuse to hire for whatever reason. If you can refuse to hire someone over a stupid photo, or because they have bad credit ratings (companies are checking that too), there's nothing to stop the Corporate masters from denying access for medical reasons.
Wake up! The corporations have access to the information, and they will use the internet to uncover facts and deny jobs.
Re:Dangers of EHR (Score:2, Insightful)
While I would agree with you on most points, as it matches my personal experience with EHR systems (ie. that the systems I've seen in place so far tend to be more secure than the equivalent paper-trail), I think the point most people are trying to get across is that, for the most part, those systems exist as completely separate entities and what little interaction exists between the DBs of those different entities is easy to monitor.. For now.
In my country the majority of health services are provided by the State through State-funded (or public) Medical Institutions. Most of them have, in recent years, deployed their own versions of flow-control, occupation-rates monitoring, stock accounting, resource allocation and (more to the point) patient medical information systems. There are, as you might expect, several vendors out there for these integrated systems and even though most of these institutions are funded primarily by the State, even Medical Institutions that "belong"/operate/form the very same healthcare network (ie, they serve the same population, each on different levels with a small degree of services overlap), you don't usually find them using the same vendor's product. Which basically means they don't usually play well with each other (for example, trying to convert one system's DBs to another because the hospital switched vendors can be a freaking nightmare, don't even get me started on bad DB design!).
To tackle this, interoperability standards were set forth (although I don't exactly know how well _that's_ working).. But the truth is, very few information is actually shared through the systems themselves. There simply isn't a centralized way, much less a centralized database, that can give _anyone_ (doctors, nurses, the patient him/herself or the State) access to all your medical information. You're usually limited to what that particular institution has on file, the file they've built from every visit to their facilities, and whatever files/tests you've brought with you.
This means that you need to supply the rest or (re)do all sorts of tests.. And I agree that in many cases this is the best way to go. It's the way doctors are trained to operate. Blind faith in charts can kill your patient as fast as completely disregarding them.
Back on topic, though, what I believe has most people worrying about this is the whole notion of near-free information flow, and who actually gets to access it, security policies notwithstanding. With a population of a couple hundred million people (far larger than my country's), the volume of information would be gigantic, as would be the flow of information back and forth between medical institutions. To the point where monitoring, let alone investigating, every single apparent breach in data transmition/sharing policy would become impractical. We've seen that happen in other supposedly high-security systems (credit card info, anyone? -- and the corporations actually HAVE an interest in keeping these private!). Add to that the many greedy corporations just itching to make money/sell all sorts of services off of that information (I mean, it's just too good to pass), or to use it to simply refuse you service, and you have a potentially very dangerous situation. I don't think it's a matter of "if" the system is going to be gamed but more of a "when". There's just too much money involved.
Even if there aren't currently any plans to actually centralize the information (even in a "cloud-like" system), or facilitate the hassle-free sharing of information, I'm pretty sure the "special interest groups" would soon find a way to push that through.. It's to their advantage, after all, and it would be just a small change in actual policy. I don't dispute the many benefits that might come of this, but I'm also a cinic and have very little faith in any corporation's "don't be evil" pledges. The further erosion of patient-doctor privilidge, more than anything else, scares the begeezus out of me.
Re:Dangers of EHR (Score:4, Insightful)
You're doing it wrong, then. You seem to think that you're third opinion doc is supposed to think up everything de novo? Repeat all the tests the other docs did? Repeat all the other drug trials the other docs did? You would end up in a room with many corridors, all alike. You would go back and forth. And never get out.
While there are certainly times that the second / third / x+1 opinion really looks at things in a totally new and different light and comes up with the one absolutely unusual little tidbit that everyone else has overlooked, the much more usual scenario is that 1) either the problem goes away 2) the problem now is so obvious that even your teenage daughter can figure it out or 3) the other docs have tried several reasonable things and by a process of elimination (rather than deduction or induction), the answer becomes more apparent. You want to keep re inventing the wheel?
You just might want to let the nice trained medical professional skim an accurate and complete history and then let him or her decide what parts of it are useful to the current encounter, perhaps? Maybe?
Well, the danger, if you will, would be that you would have an enormous amount of information in the chart that we would have no idea WTF to with it. I don't think the danger lies in the sequence information - it's the data interpretation which would give you risking data for various ailments. It would likely help you and your primary care doc carefully review what you should be doing in your life, although the conversation likely would be on the order of "get more exercise, eat something healthy occasionally, quit smoking" that we can do quite nicely without your gene sequences. However, you don't want insurance companies to get a hold of it.
That said, the biggest problem with promulgating medical information into the "fog / cloud / Wikipedia" is that OTHER (evil, nasty) people besides medical professionals will get a hold of it. And use the information in ways that doesn't really help you. But not to worry. It's going to happen anyway.
Now, roll up you're sleeve and bend over....
Solution to a problem that a patient doesn't have (Score:3, Insightful)
Have you ever read your records?
They ALL have errors. And omissions. Lots of them. Often important ones. There is even relevent information that is not included with them.
It won't get better with electronic records. It will probably get worse (one universal input format). The (unwilling) doctor will be expected to enter the information into the computer. As a result, the information will be notated on paper or recording device (more errors) and transcribed (yet more errors). Then any information that does not fit into a standardized category will be lost. Wow, what an improvement!
Not to mention the fact that my records will now be public for all intents and purposes. At least with paper records you have to know what doctors I have seen and have to physically find and access them.
Re:Welcome to the 20th Century, USA. (Score:1, Insightful)
>take a look outside your borders and learn a few things
I am originally from outside the U.S. borders, from a country with social medicine and the thought of having my medical records in an unprotected form, or a form that is dictated by the medical industry for their own gain scares the hell out of me.
Why? The level of corruption and collusion between elected officials and industry is staggering. Look at the past eight years and if you think that those kinds of politicians and the government official they put in charge would not release the information contained in medical records for their own gains, then you're an idiot.
Re:Why does the information need to be centralized (Score:2, Insightful)
Unfortunately life is never that simple.
Medical records may contain information that the patient should not see - or to put it better - doctors constrained by the restriction that the patient sees everything will not provide optimal health care. For example, if a doctor suspects a patient is an alcoholic, but letting the patient know that will cause them to stop seeing the doctor ... how should that be documented? If we say the patient owns their records and can see everything then doctors simply won't document these things at all, which is not an optimal outcome.
Also - can we hold doctors legally liable for information in the health record if they themselves do not have access to it? This is a thorny issue. I would not like to be held responsible for information that I cannot even myself view. What happens if a doctor thinks of a complication after the patient left?
Re:Dangers of EHR (Score:3, Insightful)
Once everyone's records are out there everyone ends up having bad stuff.