EHR Privacy Debate Heats Up

CurtMonash writes "The New York Times reports on President-Elect Obama's continued commitment to electronic health records (EHRs), which on the whole are a great idea. The article cites a number of legislative initiatives to deal with the privacy risks of EHRs. That's where things start to go astray. The proposals seem to focus on simply controlling the flow of information, but from a defense-in-depth standpoint, that's not enough. Medical care is full of information waivers, much like EULAs, only with your health at stake. What's more, any information control regime has to have exceptions for medical emergencies — but where legitimate emergencies are routine, socially-engineered fake emergencies can blast security to smithereens. So medical information privacy will never be adequate unless there are strong usage-control rules as well, in areas such as discrimination, marketing, or tabloid-press publication. I've provided some ideas as to how and why that could work well."

Dangers of EHR

[gravos]

The danger of an Electronic Health Record is that it may perpetuate mistakes which of course do happen and any mistakes can carry on and lead to more problems. Sometimes for people with mental health problems, a diagnosis is made and then subsequently it's discovered that that was not the actual diagnosis. Having this kind of an electronic trail to follow you around forever could be extremely dangerous, in my opinion.

Re:Dangers of EHR

[Wormholio]

The danger of an Electronic Health Record is that it may perpetuate mistakes which of course do happen and any mistakes can carry on and lead to more problems.

It cuts both ways. With electronic records some cross-checks are possible, such as checking prescribed drugs for interactions, or perhaps even checking that the symtoms and/or treatment really match the diagnosis.

Re:Dangers of EHR

[db32]

It also provides accurate records of those mistakes. The lack of medical information following you is going to be FAR more dangerous than a mistake in that record. Picked up on emergency? Can't talk? I hope you don't have any allergies or you could be killed by the response team. Heart condition, diabetes, etc... The number of circumstances where NOT having this information readily available is extremely dangerous outnumber your circumstances by a large factor. Nevermind that EHRs can be corrected and probably far easier than the existing mess of paper records.

In other news, going outside your house is extremely dangerous. For that matter, just staying inside your house is extremely dangerous. Driving to the store for food is extremely dangerous.

Re:Dangers of EHR

[jbolden]

The thing is that everyone is an A,B a C or a D.... You have to hire someone.

Re:Dangers of EHR

[commodore64_love]

Read the stories who have had their Credit Records hijacked with false information, and their inability to get loans due to that.

Now imagine the same thing with Medical records, but instead of just inability to get a loan, now you cannot get a job because your employer thinks you suffer from paranoia ("it's right there in your record Mr. Smith, it must be true. I'm sorry but we can't hire you."). For that matter the employer might not even tell you the reason. They might just never call back.

You may think this sounds absurd, but the same thing is happening now with the internet, where employers are digging-up 10-15-20-year old posts or photos from the net, and using them as justification to not hire someone. ("We found this photo of you drinking beer in a frat party in 1995. It's at the psu.edu/alphadelts website. We can't hire you as a teacher. Sorry.")

Re:Dangers of EHR

[ColdWetDog]

I absolutely agree. The point of getting a second or third opinion is not to have them use the first opinion in their diagnosis.

You're doing it wrong, then. You seem to think that you're third opinion doc is supposed to think up everything de novo? Repeat all the tests the other docs did? Repeat all the other drug trials the other docs did? You would end up in a room with many corridors, all alike. You would go back and forth. And never get out.

While there are certainly times that the second / third / x+1 opinion really looks at things in a totally new and different light and comes up with the one absolutely unusual little tidbit that everyone else has overlooked, the much more usual scenario is that 1) either the problem goes away 2) the problem now is so obvious that even your teenage daughter can figure it out or 3) the other docs have tried several reasonable things and by a process of elimination (rather than deduction or induction), the answer becomes more apparent. You want to keep re inventing the wheel?

Imagine you are walking across a big bridge during a rainstorm and get swept over the railing through wind and clumsiness. As you are being wheeled into the ER, that is exactly the wrong time for them to read that you once tried to overdose on aspirin 25 years ago, as a 14 year old. I know, bizarre example, but there are others. I want medical staff diagnosing my problem, not my record.

You just might want to let the nice trained medical professional skim an accurate and complete history and then let him or her decide what parts of it are useful to the current encounter, perhaps? Maybe?

How long before DNA sequencing becomes cheap enough to quickly add it to your records? What are the dangers of that?

Well, the danger, if you will, would be that you would have an enormous amount of information in the chart that we would have no idea WTF to with it. I don't think the danger lies in the sequence information - it's the data interpretation which would give you risking data for various ailments. It would likely help you and your primary care doc carefully review what you should be doing in your life, although the conversation likely would be on the order of "get more exercise, eat something healthy occasionally, quit smoking" that we can do quite nicely without your gene sequences. However, you don't want insurance companies to get a hold of it.

That said, the biggest problem with promulgating medical information into the "fog / cloud / Wikipedia" is that OTHER (evil, nasty) people besides medical professionals will get a hold of it. And use the information in ways that doesn't really help you. But not to worry. It's going to happen anyway.

Now, roll up you're sleeve and bend over....

EHR from a software testing point of view

I saw this the other day. Basically, a pair of professors, one in law and another in computer science (specializing in software testing) are trying to bring the problems with EHR to a wider audience.

They call for testing and certification of EHR systems (Though thankfully not through the FDA).

It'll be interesting whether anyone listens to them.

i can see it now

[ionix5891]

$emails = $DB->get('SELECT email FROM records WHERE records.dysfunction LIKE "%erectile%"');

foreach( $emails as $email ){

      mail($email, 'hello i hear you are in need of herbal via....');
}

The temporal framework

[Thanshin]

One of the problems with EHR is that it potentially follows you your entire life.

If information about your economic status, familiar situation, physical location, customs, etc. Usually becomes unreliable after some time. A leak on those informations slowly loses effect.

Medical information, however, is permanent in many cases. A single leak of a person's data can have fresh information for, literally, a lifetime.

Re:The temporal framework

[MadKeithV]

To counteract that problem, I change my DNA and fingerprints every few weeks, together with my windows login and password.

Seperate nationwide network

[modmans2ndcoming]

banking has a network for wire transfers that is not accessible from the internet. Make electronic medical records transferable and accessible only from within a closed off network. Then information can not be stolen from an outside attacker and you are left with the same risk you had before, insiders stealing data.

Welcome to the 20th Century, USA.

[tygerstripes]

This has been in place in many other countries for years, including the UK where - for all the bureaucracy and wastage of the NPfIT initiative - it's been largely successful.

The system isn't perfect, and human error is the main source of problems and breaches (as ever), but the benefits have so vastly outweighed the risks that I'm surprised this is even being debated.

Most importantly, all the problems envisaged by critics have already been anticipated, encountered and (largely) overcome in other countries. Take a look outside your borders and learn a few things. Find out what works and what doesn't, and use the mistakes of others to build a better system. Just don't start panicking over nothing. This is not a pioneering initiative, in global terms.

Re:Logged in computers

[commodore64_love]

USA TODAY, circa 2015:

"It has reported that a laptop has been stolen, allowing thieves to gain access to over 1 million patients' records. Officials lied.... er, reassured the public that no harm has been caused."

Unlikely

[professorguy]

OK, I run a hospital network, so I see medical data whizzing around more than most people. Here's a typical example:

.

A doctor dictates his diagnosis into a microphone on a PC. It becomes a data file. It sits in his output queue. It is then sent to a server to be electronically signed (a Word Macro is run). It sits on it's input queue until done then sits in its output queue. Then it gets sent to an HL7 routing engine where it sits on queues. Then on to our medical database. This generates some billing info which goes to the HL7 router then on to a private company in Tennessee, which sends results to a website....

Now I'm sure there will be controls on who can get at the medical database. But what about the data whizzing around the network? Tell me about the audit trail that lets me know who saw some of the info generated by that one encounter. Because it sat on at least 7 machines in 3 states for some amount of time.

And now you want each of those machines to check to see if the patient has signed off on that machine getting the info? Good luck with that.

And if someone shows up unresponsive in the ER, how do we send the X-ray to the remote radiologist if the patient can't release the data? And if 'emergencies' override that control, expect to see EVERY encounter be an emergency.

Why does the information need to be centralized?

[jotaeleemeese]

Whose information is that?

The patient's.

Who should control it?

The patient.

Any other solution should not be allowed to prevail.

An intelligent card, easy to back up at home and protected by well thought of security mechanisms is all what is needed.

There is no need for massive centralized databases, you just send the encrypted information to the person that needs to see it in an "as needed basis", perhaps by swapping your card in terminals connected to a private network that allows the sharing of this data.