Slashdot Mirror

← Back to Stories (view on slashdot.org)

EHR Privacy Debate Heats Up

Posted by Soulskill on from the doctored-files dept.

CurtMonash writes "The New York Times reports on President-Elect Obama's continued commitment to electronic health records (EHRs), which on the whole are a great idea. The article cites a number of legislative initiatives to deal with the privacy risks of EHRs. That's where things start to go astray. The proposals seem to focus on simply controlling the flow of information, but from a defense-in-depth standpoint, that's not enough. Medical care is full of information waivers, much like EULAs, only with your health at stake. What's more, any information control regime has to have exceptions for medical emergencies — but where legitimate emergencies are routine, socially-engineered fake emergencies can blast security to smithereens. So medical information privacy will never be adequate unless there are strong usage-control rules as well, in areas such as discrimination, marketing, or tabloid-press publication. I've provided some ideas as to how and why that could work well."

4 of 182 comments (clear)

  1. Dangers of EHR by gravos · · Score: 4, Interesting

    The danger of an Electronic Health Record is that it may perpetuate mistakes which of course do happen and any mistakes can carry on and lead to more problems. Sometimes for people with mental health problems, a diagnosis is made and then subsequently it's discovered that that was not the actual diagnosis. Having this kind of an electronic trail to follow you around forever could be extremely dangerous, in my opinion.

    --
    This game will waste your life. Don't clicky!
  2. Seperate nationwide network by modmans2ndcoming · · Score: 4, Interesting

    banking has a network for wire transfers that is not accessible from the internet. Make electronic medical records transferable and accessible only from within a closed off network. Then information can not be stolen from an outside attacker and you are left with the same risk you had before, insiders stealing data.

  3. Welcome to the 20th Century, USA. by tygerstripes · · Score: 4, Interesting

    This has been in place in many other countries for years, including the UK where - for all the bureaucracy and wastage of the NPfIT initiative - it's been largely successful.

    The system isn't perfect, and human error is the main source of problems and breaches (as ever), but the benefits have so vastly outweighed the risks that I'm surprised this is even being debated.

    Most importantly, all the problems envisaged by critics have already been anticipated, encountered and (largely) overcome in other countries. Take a look outside your borders and learn a few things. Find out what works and what doesn't, and use the mistakes of others to build a better system. Just don't start panicking over nothing. This is not a pioneering initiative, in global terms.

    --
    Meta will eat itself
  4. Why does the information need to be centralized? by jotaeleemeese · · Score: 4, Interesting

    Whose information is that?

    The patient's.

    Who should control it?

    The patient.

    Any other solution should not be allowed to prevail.

    An intelligent card, easy to back up at home and protected by well thought of security mechanisms is all what is needed.

    There is no need for massive centralized databases, you just send the encrypted information to the person that needs to see it in an "as needed basis", perhaps by swapping your card in terminals connected to a private network that allows the sharing of this data.

     

    --
    IANAL but write like a drunk one.