EHR Privacy Debate Heats Up 182
CurtMonash writes "The New York Times reports on President-Elect Obama's continued commitment to electronic health records (EHRs), which on the whole are a great idea. The article cites a number of legislative initiatives to deal with the privacy risks of EHRs. That's where things start to go astray. The proposals seem to focus on simply controlling the flow of information, but from a defense-in-depth standpoint, that's not enough. Medical care is full of information waivers, much like EULAs, only with your health at stake. What's more, any information control regime has to have exceptions for medical emergencies — but where legitimate emergencies are routine, socially-engineered fake emergencies can blast security to smithereens. So medical information privacy will never be adequate unless there are strong usage-control rules as well, in areas such as discrimination, marketing, or tabloid-press publication. I've provided some ideas as to how and why that could work well."
EHR from a software testing point of view (Score:3, Informative)
I saw this [case.edu] the other day. Basically, a pair of professors, one in law and another in computer science (specializing in software testing) are trying to bring the problems with EHR to a wider audience.
They call for testing and certification of EHR systems (Though thankfully not through the FDA).
It'll be interesting whether anyone listens to them.
Re: (Score:2)
"Basically, a pair of professors, one in law and another in computer science (specializing in software testing) are trying to bring the problems with EHR to a wider audience."
And the problems essentially reduce to: do you want easy access or security. The best type of EHR is one that doesn't exist. I can't think of a good system that outweighs the negative. Although I would accept an opt-in system.
i can see it now (Score:5, Funny)
$emails = $DB->get('SELECT email FROM records WHERE records.dysfunction LIKE "%erectile%"');
foreach( $emails as $email ){
mail($email, 'hello i hear you are in need of herbal via....');
}
Re: (Score:2)
LOL.
Exactly one of the things I suggested be made illegal.
Re: (Score:3, Funny)
LOL.
Exactly one of the things I suggested be made illegal.
Spam is already illegal, so that problem is taken care of.
Re: (Score:2)
Might not be spam. ALL marketing based on medical information should be illegal, with only the narrowest of carve-outs for your actual healthcare providers.
Re: (Score:3, Interesting)
Might not be spam. ALL marketing based on medical information should be illegal, with only the narrowest of carve-outs for your actual healthcare providers.
Which will work just fine with respect to traditional marketing channels, but will be as effective against much Internet-based advertising as CAN-SPAM is against spam.
I have no objection to legal protections, but laws are insufficient. Actually, I do have one objection: laws often provide a false sense of security, and occasionally even work against the interests of the people they're supposed to protect.
What we need to assure the privacy of medical information is technological means to place the contr
Re: (Score:2)
In the developed, networked world, there are simple and obvious solutions to all of the problems you mention. I disagree that people choosing to withhold information from their physicians is a problem. Yes, it endangers their health, but that's their prerogative, or should be.
Re: (Score:2)
Re: (Score:2)
And how does you keeping records help with any of those problems?
Lets take that one step further - if these people know that the system is keeping records on them, then they probably aren't even going to come in for any treatment until its too late to help them any more.
It's all fine and dandy to argue that putting control of the system in the hands of benevolent professionals will end all kinds of bad behaviour, but the real world is never so simple. You take control away from people and they will do their utmost to assert it by any means they can, even if it is ultima
Re: (Score:2)
Spam being illegal certainly has curbed its proliferation - NOT !
Re: (Score:2)
Re: (Score:2)
Spam being illegal certainly has curbed its proliferation - NOT !
All kidding aside, I think you're wrong about that.
http://edge.networkworld.com/community/node/36965 [networkworld.com]
Re: (Score:2)
You're basing your argument on some random prediction that spam will stop being a problem during the next year, in spite of previous similar predictions which have been spectacularly wrong?
Spam is semi-controlled at the moment through purely technical means -- filtering. Unfortunately, filtering has made e-mail unreliable and reduced its value.
The temporal framework (Score:5, Insightful)
One of the problems with EHR is that it potentially follows you your entire life.
If information about your economic status, familiar situation, physical location, customs, etc. Usually becomes unreliable after some time. A leak on those informations slowly loses effect.
Medical information, however, is permanent in many cases. A single leak of a person's data can have fresh information for, literally, a lifetime.
Re: (Score:2)
Re:The temporal framework (Score:4, Funny)
Re: (Score:2)
>>>A single leak of a person's data can have fresh information for, literally, a lifetime.
Go watch GATTACA for an example. Yeah sure they had laws to forbid discrimination against employees who had bad medical records, but since when do corporations follow the law? It is easy to make-up other excuses:
"This guy has a high history of heart problems according to his government file, so let's not hire him."
"We need a better excuse then that."
"Um... he doesn't know how to program Cobol."
"Yeah that wil
Seperate nationwide network (Score:5, Interesting)
banking has a network for wire transfers that is not accessible from the internet. Make electronic medical records transferable and accessible only from within a closed off network. Then information can not be stolen from an outside attacker and you are left with the same risk you had before, insiders stealing data.
Re: (Score:2)
Re: (Score:3, Interesting)
I think the medical system warrents it as well.
As part of the EMR legislation, there is no reason that a network connecting hospitals over an air-gap netowrk could not be included with funding. If they want to go as far, they can even fund dr's offices getting connected.
Re: (Score:3, Informative)
The idea of a separate network is a great idea actually. The best I have heard so far. However, it does not need to be air-gapped.
This can be created with funding and some strict certification programs for manufacturers and service providers. I see no reason that access to these networks cannot be accomplished through VPN circuits offered by local ISPs. The idea being to make it suitably difficult for someone outside the network to hack it. Not so ludicrously difficult it requires Tom Cruise and Ving R
Re: (Score:2)
not sure that would really work. was in hospital 5 weeks last year over 3 occassions.
most of the pcs containing records were generic compaqs that we sell at work. i was left on many an occassion in cubicles with these machines with a curtain giving a fair chunk of privacy to any attempt i should want to attempt. and the medical staff are not i.t. people thinking of security or fast typists so i was able to see a few of the passwords been typed in. out of curiosity more than any other reason this was interes
Re: (Score:2)
it is more about remote attacks. Even with a paper record, someone can get in and take it. most of the time, paper charts are at the end of a bed, or outside a door, or on the front desk, etc.
Welcome to the 20th Century, USA. (Score:5, Interesting)
This has been in place in many other countries for years, including the UK where - for all the bureaucracy and wastage of the NPfIT [wikipedia.org] initiative - it's been largely successful.
The system isn't perfect, and human error is the main source of problems and breaches (as ever), but the benefits have so vastly outweighed the risks that I'm surprised this is even being debated.
Most importantly, all the problems envisaged by critics have already been anticipated, encountered and (largely) overcome in other countries. Take a look outside your borders and learn a few things. Find out what works and what doesn't, and use the mistakes of others to build a better system. Just don't start panicking over nothing. This is not a pioneering initiative, in global terms.
Re: (Score:2)
I hear a lot of UK citizens complain about Parliament's healthcare. One guy said, "We're treated as just another cog in the machine, and if the bill costs too much the politicians have decided to send us home without care so they can save money. This happened to me several times."
Re: (Score:2)
Fair comment, but that's because our health-care system is knackered and has been run into the ground by the government for years. Nothing to do with the information systems, everything to do with under-funding and heavy-handed, bureaucratic micro-management, usually based on political knee-jerk responses to the latest media orgy.
Any UK resident who's had dealings with the NHS (National Health Service) will tell you the same: no problems with records, information management or any of that. It's just the pr
Re: (Score:2)
>>>our health-care system is knackered and has been run into the ground by the government for years.
Wouldn't it be nice if you had CHOICE? i.e. If the Parliament-run hospital sucks, you could switch to a different hospital, like Apple or Linux or even (shudder) Microsoft Hospital? Choice is better than a monopoly. If the monopoly sucks (it does), you're stuck with it.
Re: (Score:3, Insightful)
There is a private health-care industry in the UK - and it's growing all the time, out of sheer necessity. It's just prohibitively expensive for the proles, especially given that we already pay for the NHS, which is chartered to provide for every person's health-care needs.
"From the cradle to the grave" used to be an unofficial slogan, back in its more socialist hey-day. Now it's more of a grim prediction...
Re: (Score:2)
That sounds a lot like the U.S. School System. We have private schools, but since the school tax is ~$3000 a year, people simply lack the money to choose the private option.
I'd like to see a system were, if parents send their kids to private school, they would be exempt from paying school tax for that year. It would give people the extra money they need to "escape" the government school.
Many people have private insurance. (Score:3, Interesting)
I am by no means rich and have been privately insured all my working life in the UK.
When I need to be treated quickly I go for private insurance, for long term treatment I rely on the NHS.
Underfunding? You are joking, right? (Score:2)
The amount Labour has thrown to the NHS is almost obscene.
There is a lot of mismanagement to be sure (if it is worst than a bank would be open to debate, at least most people get relatively decent health service) but to say the NHS is underfunded is not a serious point, as can be quickly checked.
Re: (Score:3, Insightful)
The difference being that Americans have been fed so much corporate propaganda about healthcare and political propaganda about expansion of government services, that they just dismiss successful programs overseas as impossible or astroturf right-wing talking points about "how they dont really work." You'll see this in replies to your post in 3...2...1...
Re: (Score:2)
I don't work with and haven't used any of the NPfIT systems, however I have read a lot of coverage regarding this including recent material in IT and Medical news sources. I certainly haven't gotten the impression the system is remotely successful. I'm not saying it isn't, but I'm yet to see anything that doesn't make it sound like a gigantic project failure, that has completely lost site of
The biggest difference..... (Score:2)
between the U.S. and the rest of the world is the rest of the world gives up their rights readily and freely without a fight. You claim to welcome us to the 21st century simply because it's based on technology, and I say, enjoy the your life in 16th century based on the rights your government protects for its citizens.
Re: (Score:2)
Most importantly, all the problems envisaged by critics have already been anticipated, encountered and (largely) overcome in other countries. Take a look outside your borders and learn a few things. Find out what works and what doesn't, and use the mistakes of others to build a better system. Just don't start panicking over nothing.
the importance of doing things right the first time in the US is paramount.
Unlike other nations, special interests will quickly man the barricades and block any and all attempts to remove "beneficial" loopholes from laws.
See: Medical insurance rate hike work-around for policy cancelleation, DMCA section 1201, Internet neutrality, and much much more.
Re: (Score:2)
DRM based OSes (Score:3, Interesting)
Essentially what you need is DRM. The data is only available on a limited number of machines and then strictly limited in what you can do with it, with strong audit trails. Not using general purpose computers but rather devices might help.
But in the end I don't think this is likely to work, the incentives for hacking are too strong and the distribution has to be too wide. EHRs mean that there will be substantially less medical privacy in exchange for better medical care and lower costs (70b-300b / year). That doesn't seem like a bad trade.
Re: (Score:2)
the incentives for hacking are too strong and the distribution has to be too wide.
Hence the need for strong laws to add to the DISincentives for hacking.
Re: (Score:2)
I don't see that as likely working. The main problem is the only crimes the US law enforcement seem to really care about are speeding and murder.
A produces a legit machine which can access records
B produces a machine that spoof being a machine of type A but also copies the records off via email.
C owns a medical office
D get a job in C's office as a receptionist. and replaces A's machines with B's machines over a period of a week. D then quits and gets a job at another office....
E lives outside the US and
Re: (Score:2)
And those records will illicitly be used -- how? Spam? We all get plenty of medical spam anyway. Non-spam? Legitimate businesses can be seriously penalized. Discrimination? Too much of a "paper" trail for discrimination to use that vector.
Re: (Score:2)
Oh I see. You mean make it illegal to receive the records not create them. That means you have to hit extracts from, derived works from the records regardless of source. I have some serious questions about the constitutionality of laws like that. Remember you have to be able to prove beyond a reasonable doubt a law was broken.
Try and write one up that gets around all the ways the data can me modified and then sold.
Re: (Score:2)
Oh I see. You mean make it illegal to receive the records not create them. That means you have to hit extracts from, derived works from the records regardless of source. I have some serious questions about the constitutionality of laws like that. Remember you have to be able to prove beyond a reasonable doubt a law was broken.
Try and write one up that gets around all the ways the data can me modified and then sold.
Now you're on the right track!
I'm sure I haven't thought of everything that's necessary. But I'm game for as many rings of defense as it takes. You mustn't transfer the info illicitly. You mustn't sell it. You musn't buy it. You musn't use it for the purposes people would want to buy it for. And you surely mustn't do hacking to get it.
Re: (Score:2)
OK I can see that working. With a dozen rings of defense you get rid of most of the incentives to puncture 5 of them since the majority are still left. The conspiracy just takes too many people.
Re: (Score:2)
There's only so strong you can make the laws. You can make the penalty death and forfeiture of all property to the state, but if the incentives FOR it are strong enough, and the chance of getting away with it perceived to be good enough, it'll happen anyway.
Re: (Score:2)
There's only so strong you can make the laws. You can make the penalty death and forfeiture of all property to the state, but if the incentives FOR it are strong enough, and the chance of getting away with it perceived to be good enough, it'll happen anyway.
No argument. But my point is that the incentives FOR using people's medical records against them aren't really that high, especially if the what the records show is merely elevated probabilities of some unfortunate outcome(s).
No, that's not what's necessary. (Score:2)
Develop a new network port completely different from cat5. (this network will be separate from the internet just like bank transactions are today)
Make regulations requiring any computer with this new network port not be allowed to carry cat5 or wireless, and that the computers be kept in a feraday caged room with no cat5 plugs or wireless.
Limit electronic storage of medical records to those computers, with transfer to paper required for every other use.
Then institute hefty criminal and civil penalties for a
Great idea? (Score:2, Informative)
Funny this should come up, considering what I just read last night in the RISKS Digest [ncl.ac.uk]:
Why does the information need to be centralized? (Score:5, Interesting)
Whose information is that?
The patient's.
Who should control it?
The patient.
Any other solution should not be allowed to prevail.
An intelligent card, easy to back up at home and protected by well thought of security mechanisms is all what is needed.
There is no need for massive centralized databases, you just send the encrypted information to the person that needs to see it in an "as needed basis", perhaps by swapping your card in terminals connected to a private network that allows the sharing of this data.
Re: (Score:3, Interesting)
I completely agree. I do not understand, whatsoever, how it is burdensome for a patient to bring their medical records to their doctor. The doctor and/or hospital keep those records privately; access and review/add to them when necessary--- and if the patient needs to see another doctor, they can get a copy and carry them on over to the new doctor.
This is how it already works; this is NOT a big deal.
Re: (Score:2)
"In that case it'd really suck for the hospital if they didn't have the record on file or access to another hospital that did."
Which is the current default. I don't see a huge outcry about this.
"Maybe the patient is severely allergic you're about to give him."
Also the current default. Which is why they make medalert bracelets. If you have a severe medical problem, you already have the info on you. At least if you give a damn. Problem solved.
EHR's are a solution to a problem that patients don't have. I
Re: (Score:2)
Unfortunately, patients are not trusted with medical records. Any possibility of alteration or forgery cannot be permitted, because this would invalidate the concept of those records being reliable.
Why would a patent alter their records? Malpractice for one. Insurance scams. Drug seeking parients. Basically anything you can imagine.
This is why you can have a copy and not the original of any records today in the US. And every provider is responsible for their own records.
Re: (Score:2)
Unfortunately, patients are not trusted with medical records. Any possibility of alteration or forgery cannot be permitted, because this would invalidate the concept of those records being reliable.
Easily solved with a system of digital signatures that enforce an audit trail.
Re:Why does the information need to be centralized (Score:2)
There is no need for massive centralized databases, you just send the encrypted information to the person that needs to see it in an "as needed basis", perhaps by swapping your card in terminals connected to a private network that allows the sharing of this data.
Wait what?
Re: (Score:3, Interesting)
> What if the patient loses his/hers card?
What if the government or insurance company loses the card?
> What if his in an emergency and happens not to walk with that card in the pocket?
Gee, I don't know. What do they do now?
> Also, these information is not relevant only when the patient is in front of a
> doctor - sometimes, the case is reviewed by a board, or acessed for preventive
> care... or for scientific research or juridical purposes.
Did I consent to my medical records being public or se
Dangers of EHR (Score:5, Interesting)
Re: (Score:3, Insightful)
It cuts both ways. With electronic records some cross-checks are possible, such as checking prescribed drugs for interactions, or perhaps even checking that the symtoms and/or treatment really match the diagnosis.
Re:Dangers of EHR (Score:4, Insightful)
It also provides accurate records of those mistakes. The lack of medical information following you is going to be FAR more dangerous than a mistake in that record. Picked up on emergency? Can't talk? I hope you don't have any allergies or you could be killed by the response team. Heart condition, diabetes, etc... The number of circumstances where NOT having this information readily available is extremely dangerous outnumber your circumstances by a large factor. Nevermind that EHRs can be corrected and probably far easier than the existing mess of paper records.
In other news, going outside your house is extremely dangerous. For that matter, just staying inside your house is extremely dangerous. Driving to the store for food is extremely dangerous.
Re: (Score:2, Insightful)
Re: (Score:2)
Re:Dangers of EHR (Score:4, Insightful)
Read the stories who have had their Credit Records hijacked with false information, and their inability to get loans due to that.
Now imagine the same thing with Medical records, but instead of just inability to get a loan, now you cannot get a job because your employer thinks you suffer from paranoia ("it's right there in your record Mr. Smith, it must be true. I'm sorry but we can't hire you."). For that matter the employer might not even tell you the reason. They might just never call back.
You may think this sounds absurd, but the same thing is happening now with the internet, where employers are digging-up 10-15-20-year old posts or photos from the net, and using them as justification to not hire someone. ("We found this photo of you drinking beer in a frat party in 1995. It's at the psu.edu/alphadelts website. We can't hire you as a teacher. Sorry.")
Re: (Score:3, Interesting)
Re: (Score:2, Insightful)
While I would agree with you on most points, as it matches my personal experience with EHR systems (ie. that the systems I've seen in place so far tend to be more secure than the equivalent paper-trail), I think the point most people are trying to get across is that, for the most part, those systems exist as completely separate entities and what little interaction exists between the DBs of those different entities is easy to monitor.. For now.
In my country the majority of health services are provided by the
Re: (Score:3, Informative)
The market takes care of that (Score:2)
Unless you were remarkably more stupid than everybody else, those old posts or photos will be much like everybody else's, and that employer will have a severe difficulty in finding *anyone* to hire.
The main difference between credit records, personal blogs, and health records is that you and nobody else was responsible for what you did in you personal and financial life. If you find it
Re: (Score:2)
That's why people with those conditions generally have a bracelet stating it (which EMTs are trained to look for). Compare that to the EHR: The guy can't talk? Check his wallet for a name. John Smith? Let me type that into the computer. Too many responses, what's his driver's license I.D.#? JSMITH234084329. Let me type that into the computer. Opps, we're in a dead zone for wireless in
Re: (Score:2)
Re: (Score:3, Interesting)
The thing is there is likely embarrassing stuff on most people's medical records.
A used to use drugs
B had a horrible depression
C has a fatal disease that kill them over the next 10 years
D got an STD at a sex party
etc...
Right now people freely talk about physical injuries they got from reckless behavior. It could be that with leakage mental disorders stop being something that people have more embarrassment about discussing.
Re: (Score:2)
A used to use drugs
B had a horrible depression
C has a fatal disease that kill them over the next 10 years
D got an STD at a sex party
A - I'm not hiring drug addicts in my company.
B - I'm not hiring him. He may have a depression during some important project.
C - I'm not hiring him. What if he dies before finishing the project?
D - I'm not hiring perverts in my company.
No, I don't think people will freely discuss their medical records.
(replace hiring with promoting for post interview discussion)
Re: (Score:2)
Exactly why we need anti-discrimination legislation in ADDITION to privacy protections.
Re: (Score:2)
Exactly why we need anti-discrimination legislation in ADDITION to privacy protections
Anti-discrimination laws aren't working, right now. What makes you think they'll start working if we make discrimination much easier and much (really, very much) more profitable?
P.S.: I speak from the PoV of Spain; maybe in the states anti-discrimination laws really work and saying you're two month pregnant during a job interview wouldn't alter the result in the least.
Re: (Score:2)
Exactly why we need anti-discrimination legislation in ADDITION to privacy protections
Anti-discrimination laws aren't working, right now. What makes you think they'll start working if we make discrimination much easier and much (really, very much) more profitable?
P.S.: I speak from the PoV of Spain; maybe in the states anti-discrimination laws really work and saying you're two month pregnant during a job interview wouldn't alter the result in the least.
Fair enough. But I was talking about discrimination for smaller factors, such as mere statistical risks of ill health.
You're right that anti-discrimination for gross disabilities is only partially successful. In the US it's the Americans With Disabilities Act.
Re: (Score:2)
anti-discrimination legislation
Anti-discrimination legislation will never work.
"Your honor, I did not not hire him because of his genetic defects, it's simply because he wasn't a perfect fit for the job. We found somebody who types faster."
Problem solved.
Re: (Score:2)
anti-discrimination legislation
Anti-discrimination legislation will never work.
"Your honor, I did not not hire him because of his genetic defects, it's simply because he wasn't a perfect fit for the job. We found somebody who types faster."
Problem solved.
Anti-discrimination legislation is, in general, partially successful. Your extreme position adds more humor than insight.
Re: (Score:2)
"Anti-discrimination legislation is, in general, partially successful."
But only against the extremely stupid or incompetent. Employers discriminate all the time against legally protected classes. They just use a legally protected reason.
Re: (Score:2)
What makes you think that will work???
"We can't hire him because he has repeating bouts of depression." ..... Well the damage is done, but we can't let anybody know what we did."
"You're not allowed to hack into medical records!"
"So? Do YOU want to hire a manic depressive?"
"Good point.
"Um..."
"Let's make up a false reason."
"He doesn't know how to use a Macintosh, and we have Macs in our labs."
"Yeah that sounds good. I'll send off the rejection letter immediately."
Watch the movie GATTACA to see how laws are
Re: (Score:2)
And HR managers will risk jail over the hacking to play out your scenario?
Re: (Score:3, Insightful)
HR managers (or bosses or small business owners) already violate all kinds of laws against discrimination. What makes you think they'll just suddenly stop when they learn you have heart problems? They'll discriminate then, just as they discriminate now in regards to color, sex, religion, and so on.
Over in my local university, Millersville PA, they refused to hire an adjunct teacher because she posted a photo on her myspace.com where she was drinking beer. She tried to sue, but the court determined they c
Re:Dangers of EHR (Score:4, Insightful)
The thing is that everyone is an A,B a C or a D.... You have to hire someone.
Re: (Score:3, Insightful)
Once everyone's records are out there everyone ends up having bad stuff.
Re: (Score:2)
I don't know about the US, but in England I had a pain in the ass of a time trying to get my medical history on paper records from one clinic to another 300 miles away.
Re: (Score:2)
It is almost impossible to get a complete medical history in the US. The system is too decentralized.
Re: (Score:2)
You guys don't have fax machines? Wow.
Re: (Score:2)
Data protection act, etc..
Re: (Score:2, Informative)
First off it's a good idea to define terms, as the risks for the various flavors of medical record differ. And, given that for the USA, at least, we now have some terms that are official, here's a summary from the document I recently put together for a medical IT conference, referenced at the end of this post.
EMR vs. EHR vs. PHR?
Many people use the terms electronic medical record (EMR), electronic health record (EHR) and personal health record (PHR) interchangeably. But arguably they mean very different thi
Solution to a problem that a patient doesn't have (Score:3, Insightful)
Have you ever read your records?
They ALL have errors. And omissions. Lots of them. Often important ones. There is even relevent information that is not included with them.
It won't get better with electronic records. It will probably get worse (one universal input format). The (unwilling) doctor will be expected to enter the information into the computer. As a result, the information will be notated on paper or recording device (more errors) and transcribed (yet more errors). Then any information tha
Re: (Score:3, Insightful)
having a record of "nope, not that" helps any other doctor know what has already been ruled out.
Apparently you watch enough house to quote it, but not enough to know that a chart with records of what it's not will only make doctors less thorough! What if the test was done wrong? Do it again! "But we already did the test." Test again!
Re: (Score:3, Insightful)
I absolutely agree. The point of getting a second or third opinion is not to have them use the first opinion in their diagnosis. Not even your auto mechanic should do that. If you take your car in and say it sounds like the transmission and all your mechanic does is check the transmission, he's a shitty mechanic.
Records are good, but they are of limited use for most people, most of the time. Sure that medica-alert bracelet is almost ALWAYS useful in medical emergencies, so would a bracelet with USB/MicrSD c
Re: (Score:2)
uh.. being able to see you might have a high risk of heart disease so checking that out first if you have such symptoms? possibly checking you for signs of cancer if you have a specific gene know to cause it so they will find it in early stages?
oh no, the horror?
Re:Dangers of EHR (Score:4, Insightful)
You're doing it wrong, then. You seem to think that you're third opinion doc is supposed to think up everything de novo? Repeat all the tests the other docs did? Repeat all the other drug trials the other docs did? You would end up in a room with many corridors, all alike. You would go back and forth. And never get out.
While there are certainly times that the second / third / x+1 opinion really looks at things in a totally new and different light and comes up with the one absolutely unusual little tidbit that everyone else has overlooked, the much more usual scenario is that 1) either the problem goes away 2) the problem now is so obvious that even your teenage daughter can figure it out or 3) the other docs have tried several reasonable things and by a process of elimination (rather than deduction or induction), the answer becomes more apparent. You want to keep re inventing the wheel?
You just might want to let the nice trained medical professional skim an accurate and complete history and then let him or her decide what parts of it are useful to the current encounter, perhaps? Maybe?
Well, the danger, if you will, would be that you would have an enormous amount of information in the chart that we would have no idea WTF to with it. I don't think the danger lies in the sequence information - it's the data interpretation which would give you risking data for various ailments. It would likely help you and your primary care doc carefully review what you should be doing in your life, although the conversation likely would be on the order of "get more exercise, eat something healthy occasionally, quit smoking" that we can do quite nicely without your gene sequences. However, you don't want insurance companies to get a hold of it.
That said, the biggest problem with promulgating medical information into the "fog / cloud / Wikipedia" is that OTHER (evil, nasty) people besides medical professionals will get a hold of it. And use the information in ways that doesn't really help you. But not to worry. It's going to happen anyway.
Now, roll up you're sleeve and bend over....
Re: (Score:2)
So easy to dig around STD /Pregnancy tests, or when little daughter sought the pill.
And why is privacy such a big deal in this situation ? What's so embarrassing about a person being mindful of diseases and/or unwanted demon spawn ?
The more secrets a person has, the more stress they carry with them. That's quite directly how you've wound up with so much crime and violence - the more you repress, the uglier it is when it finally comes out, and it ALWAYS comes out.
Re: (Score:2)
Think of a company deciding whether to hire person A or person B. If they were able to get hold of health records and find out that person B has a higher cardiac index than person A, and therefore hire person A, how would you feel if YOU were person B? What if the cardiac index is due to genetics and not life choices? There was a stupid movie that dealt with this, maybe had Ethan Hawke in it?
Would you like a diagnosis on your chart preventing you from being employed?
This is just one of many examples. Th
Re: (Score:2)
Re: (Score:2)
Patients should have their health records under their control. They can then allow people to look at them (e.g. their doctor) or not as they choose. Some records will have to be kept on the doctor's side, e.g. prescriptions for controlled medications such methadone, but many records need not be.
Re:Logged in computers (Score:4, Insightful)
USA TODAY, circa 2015:
"It has reported that a laptop has been stolen, allowing thieves to gain access to over 1 million patients' records. Officials lied.... er, reassured the public that no harm has been caused."
Re: (Score:2)
I'm glad to see so much emphasis on audit trails.
I called out that point in an early post re government data use, but you guys are right that it applies in the medical case as well.
Unlikely (Score:5, Informative)
.
A doctor dictates his diagnosis into a microphone on a PC. It becomes a data file. It sits in his output queue. It is then sent to a server to be electronically signed (a Word Macro is run). It sits on it's input queue until done then sits in its output queue. Then it gets sent to an HL7 routing engine where it sits on queues. Then on to our medical database. This generates some billing info which goes to the HL7 router then on to a private company in Tennessee, which sends results to a website....
Now I'm sure there will be controls on who can get at the medical database. But what about the data whizzing around the network? Tell me about the audit trail that lets me know who saw some of the info generated by that one encounter. Because it sat on at least 7 machines in 3 states for some amount of time.
And now you want each of those machines to check to see if the patient has signed off on that machine getting the info? Good luck with that.
And if someone shows up unresponsive in the ER, how do we send the X-ray to the remote radiologist if the patient can't release the data? And if 'emergencies' override that control, expect to see EVERY encounter be an emergency.
Re: (Score:2, Interesting)
If I want to order by telephone the operator cannot access my records before I have entered a pin-
Re: (Score:2)
>>>you shut yourself in and never gain the benefits of the technology.
Last I checked that's not even an option. You can't tell a doctor to erase your medical records from his PC, because he's reuired by Obama's new laws to keep it stored electronically.
Re: (Score:2)
"Medical care is full of information waivers, much like EULAs, only with your health at stake."
This is sloppily worded, but let's be clear that medical privacy is not the same thing as "your health". If someone sees my private medical records, it doesn't make me sicker. If anything, more eyeballs would tend to make me less sick, as medical errors would be more likely to be caught.
What I meant is that if you want to reject the EULA, you can't use the software. If you want to reject the waiver, you can't get healthcare.