EHR Privacy Debate Heats Up 182
CurtMonash writes "The New York Times reports on President-Elect Obama's continued commitment to electronic health records (EHRs), which on the whole are a great idea. The article cites a number of legislative initiatives to deal with the privacy risks of EHRs. That's where things start to go astray. The proposals seem to focus on simply controlling the flow of information, but from a defense-in-depth standpoint, that's not enough. Medical care is full of information waivers, much like EULAs, only with your health at stake. What's more, any information control regime has to have exceptions for medical emergencies — but where legitimate emergencies are routine, socially-engineered fake emergencies can blast security to smithereens. So medical information privacy will never be adequate unless there are strong usage-control rules as well, in areas such as discrimination, marketing, or tabloid-press publication. I've provided some ideas as to how and why that could work well."
Dangers of EHR (Score:5, Interesting)
Seperate nationwide network (Score:5, Interesting)
banking has a network for wire transfers that is not accessible from the internet. Make electronic medical records transferable and accessible only from within a closed off network. Then information can not be stolen from an outside attacker and you are left with the same risk you had before, insiders stealing data.
Re:Dangers of EHR (Score:3, Interesting)
The thing is there is likely embarrassing stuff on most people's medical records.
A used to use drugs
B had a horrible depression
C has a fatal disease that kill them over the next 10 years
D got an STD at a sex party
etc...
Right now people freely talk about physical injuries they got from reckless behavior. It could be that with leakage mental disorders stop being something that people have more embarrassment about discussing.
Welcome to the 20th Century, USA. (Score:5, Interesting)
This has been in place in many other countries for years, including the UK where - for all the bureaucracy and wastage of the NPfIT [wikipedia.org] initiative - it's been largely successful.
The system isn't perfect, and human error is the main source of problems and breaches (as ever), but the benefits have so vastly outweighed the risks that I'm surprised this is even being debated.
Most importantly, all the problems envisaged by critics have already been anticipated, encountered and (largely) overcome in other countries. Take a look outside your borders and learn a few things. Find out what works and what doesn't, and use the mistakes of others to build a better system. Just don't start panicking over nothing. This is not a pioneering initiative, in global terms.
DRM based OSes (Score:3, Interesting)
Essentially what you need is DRM. The data is only available on a limited number of machines and then strictly limited in what you can do with it, with strong audit trails. Not using general purpose computers but rather devices might help.
But in the end I don't think this is likely to work, the incentives for hacking are too strong and the distribution has to be too wide. EHRs mean that there will be substantially less medical privacy in exchange for better medical care and lower costs (70b-300b / year). That doesn't seem like a bad trade.
Re:i can see it now (Score:3, Interesting)
Might not be spam. ALL marketing based on medical information should be illegal, with only the narrowest of carve-outs for your actual healthcare providers.
Which will work just fine with respect to traditional marketing channels, but will be as effective against much Internet-based advertising as CAN-SPAM is against spam.
I have no objection to legal protections, but laws are insufficient. Actually, I do have one objection: laws often provide a false sense of security, and occasionally even work against the interests of the people they're supposed to protect.
What we need to assure the privacy of medical information is technological means to place the control of the data squarely in the hands of its rightful owner -- its subject. My doctor shouldn't have my file, I should. What information from that file is available in emergency situations should be under my control. Whether or not any of my data is available for use by researchers should be my decision.
The first step is to legally bar medical providers from storing patient data at all, and require them to give it to the patient. Unlike random distributed marketing organizations, health care providers are very easy to regulate and control. To make that work, we need solid, implementable standards for health care information exchange, not the convoluted, under-specified crap that HL7 et al have thus far developed. We also need a standardized FREELY AVAILABLE coding system, rather than the balkanized for-fee code sets we have now (ICD9, etc.).
Of course, after you put peoples' medical data under their control, there's a risk that they'll do stupid things and release stuff they shouldn't. To some extent, that's on them, but it's probably a good idea to back it up with legislation of the sort you propose, but as a backup, a safety net, rather than the primary privacy/security mechanism. Defense in depth is a key feature of any trustworthy security scheme.
Re:Dangers of EHR (Score:3, Interesting)
The problem with the credit industry is that they are not held accountable for the losses of information, so it is more profitable for them to play fast and loose with it and hand out loans and credit in the hopes of profit. Hospitals ARE held accountable for lost information, and their model of profit doesn't even begin to resemble the credit industry. In fact, hospitals LOSE money when the records aren't accurate because insurance/medicare/medicaid/etc refuse to pay out. Hospitals invest a tremendous amount of resources in making sure all of their records are as accurate as humanly possible for that very reason.
Many people have private insurance. (Score:3, Interesting)
I am by no means rich and have been privately insured all my working life in the UK.
When I need to be treated quickly I go for private insurance, for long term treatment I rely on the NHS.
Why does the information need to be centralized? (Score:5, Interesting)
Whose information is that?
The patient's.
Who should control it?
The patient.
Any other solution should not be allowed to prevail.
An intelligent card, easy to back up at home and protected by well thought of security mechanisms is all what is needed.
There is no need for massive centralized databases, you just send the encrypted information to the person that needs to see it in an "as needed basis", perhaps by swapping your card in terminals connected to a private network that allows the sharing of this data.
Re:Why does the information need to be centralized (Score:3, Interesting)
I completely agree. I do not understand, whatsoever, how it is burdensome for a patient to bring their medical records to their doctor. The doctor and/or hospital keep those records privately; access and review/add to them when necessary--- and if the patient needs to see another doctor, they can get a copy and carry them on over to the new doctor.
This is how it already works; this is NOT a big deal.
Re:Unlikely (Score:2, Interesting)
If I want to order by telephone the operator cannot access my records before I have entered a pin-code. At the pharmacy I need to present a drivers license or other valid ID and the pharmacist(?) must scan the barcode in order to access my records. This access is also logged.
Electronic medical records can be handled in a similar way where audit trails are present. One could limit access to health providers that the patient has authorized.
Having a privatized health care system presents a problem since it probably is impossible to create a central system for handling records. This means that synchronization and securing that data is handled in a safe manner is very difficult. Using oublic key encryption on all data makes it easier as only the private keys need to be handled safely. Requiring that keys must be requested each time the data is to be accessed is perhaps a good way to be keep access auditable and lessening the risk that lost data can be read by unauthorized persons.
The case you mention with unresponsive patients is easy. All data can be added to the e-journal using the public key. The data can also be sent the normal electronic way internally within the hospital to be deleted after the patient has checked out. Emergency procedures can be implemented so a notification is sent to the patient via snail mail if they are used thus limiting misuse. Or simply stop non-authorized care givers to access the data. Sure, ERs will not have access to all info, but that is not any different from the situation today.
I'm sure experts on public key encryption can device a system which works well if they are consulted.
Re:Seperate nationwide network (Score:3, Interesting)
I think the medical system warrents it as well.
As part of the EMR legislation, there is no reason that a network connecting hospitals over an air-gap netowrk could not be included with funding. If they want to go as far, they can even fund dr's offices getting connected.
Re:Why does the information need to be centralized (Score:3, Interesting)
> What if the patient loses his/hers card?
What if the government or insurance company loses the card?
> What if his in an emergency and happens not to walk with that card in the pocket?
Gee, I don't know. What do they do now?
> Also, these information is not relevant only when the patient is in front of a
> doctor - sometimes, the case is reviewed by a board, or acessed for preventive
> care... or for scientific research or juridical purposes.
Did I consent to my medical records being public or semi-public? I don't care what the purpose is. My medical information is private and no one has the right to that information unless I (not the government) gives it to them. Ok?
Re:Dangers of EHR (Score:1, Interesting)
It also provides accurate records of those mistakes.
The hell it does. When I was a kid my dad once took me to the doctor. Unsure of my allergies, the nurse played it safe and put 'shellfish' down.
I eat shellfish all the time, I love it. Yet every time I visit the Dr. or hospital, they say "I see you have a shellfish allergy" & I say "No I don't you need to correct that" to which they respond "we can't".
The best way to get security in our medical records is this:
Hack as many records as possible, and add the proper information that will allow someone to receive Medical Marijuana (in the states which allow it. Then 'blow the whistle'.
The government couldn't care less about your personal information, but if the hippies are allowed to smoke more pot it'll be the biggest issue since 9/11.