Accessing Medical Files Over P2P Networks

Gov IT writes with this excerpt from NextGov: "Just days after President Obama signed a law giving billions of dollars to develop electronic health records, a university technology professor submitted a paper showing that he was able to uncover tens of thousands of medical files containing names, addresses and Social Security numbers for patients seeking treatment for conditions ranging from AIDS to mental health problems. ... The basic technology that runs peer-to-peer networks inadvertently exposed the files probably without the computer user's knowledge, Johnson said. A health care worker might have loaded patient files onto a laptop, for example, and taken it home where a son or daughter could have downloaded a peer-to-peer client onto the laptop to share music."

P2P?! Oh no!

[Manip]

Sorry but what does one have to do with another?

Currently Doctors are using word documents with every patient's name as the title in some locations. While others are using VB apps with a Acess Database type solution.

Putting real money into a real electronic system with access controls and a audit trail is a GOOD thing and will stop things like records spreading onto P2P networks.

It is good for patients, it is good for doctors, and it is good for the general quality of healthcare.

I grant that it is expensive though. I also grant that governments are bad at large IT projects and always give it to the lowest bidder.

Re:P2P?! Oh no!

[commodore64_love]

>>>will stop things like records spreading onto P2P networks.

Right because the government has never, ever accidentally let private information leak out ("Congressional worker has laptop stolen)." They government has never, ever let anyone have access to my social security number ("State website published millions of SS numbers online"). We can trust the government to keep our stuff secure ("Our records show you were unemployed in 2003." "How do you know that?" "We just called the IRS; they reported your income was near-zero.")

Go watch GATTACA if you believe having our medical records available to any doctor who asks is such a great idea. With public sharing of formerly-private data, companies can discriminate against unhealthy persons whenever they desire. Here's a link: http://isohunt.com/torrent_details/39287978/GATTACA?tab=summary

It's bad enough I have a credit score attached to my name, along with how much debt I owe, with which employers can decide to hire or not hire me. Now they'll learn about my heart condition, and in order to reduce medical costs, decide to skip-over me and give the job to someone else.

This idea is all kinds of bad.

Re:P2P?! Oh no!

[drewvr6]

On top of being expensive, I have a concern that such a huge system would be extrememly hard to upgrade on a consistent basis. My experience has been that government computer systems (outside of No Such Agency) tend to lag far behind commercial IT infrastructures. Quite possibly due to the massive budget/oversight/scale that the government impliments. I see in our own environment the difficulty in maintaining the most up-to-date versions of our software much less implimenting new technologies as they come to the forefront. Can a beauracracy stay close enough to cutting-edge to warrant the expenditure or are they biting off more than they can chew?

Re:P2P?! Oh no!

[webnut77]

Mod parent up!

When Big Brother collects information about us, the potential for harm far out-weighs the good. I think only I should decide who has access to my medical records. Not some secretary who gets charmed by an insurance company rep or bribed by a scam artist wanting to take advantage of my medical condition.

And billions of dollars! The President and Congress have no concept of how hard we work to get that money.

Re:P2P?! Oh no!

[RiotingPacifist]

>>>will stop things like records spreading onto P2P networks.

Right because the government has never, ever accidentally let private information leak out ("Congressional worker has laptop stolen)." They government has never, ever let anyone have access to my social security number ("State website published millions of SS numbers online"). We can trust the government to keep our stuff secure ("Our records show you were unemployed in 2003." "How do you know that?" "We just called the IRS; they reported your income was near-zero.")

An inperfect but well designed system is miles better than the current system.

Go watch GATTACA if you believe having our medical records available to any doctor who asks is such a great idea. With public sharing of formerly-private data, companies can discriminate against unhealthy persons whenever they desire. Here's a link: http://isohunt.com/torrent_details/39287978/GATTACA?tab=summary

Go watch people die when a doctor doesn't have a full medical record when treating a patient.Wow a sci-fi film must obviously have taken a lot more time to do a cost benifit analysis of the situation, and come to a much better conclusion about what would really happen, than an actual analysis of the situation.

It's bad enough I have a credit score attached to my name, along with how much debt I owe, with which employers can decide to hire or not hire me. Now they'll learn about my heart condition, and in order to reduce medical costs, decide to skip-over me and give the job to someone else.

This idea is all kinds of bad.

Erm when did the medical records become public information? Having a system where a doctor (when authorized), can access your medical records (when needed ( with proper punishment when its abused)), is very different from given everybody full access to your medical records.

Re:P2P?! Oh no!

[RiotingPacifist]

why does it need to be accessible from the latest and greatest system?

Re:P2P?! Oh no!

[mattwarden]

Spoken like an IT genius who doesn't understand a thing about non-technical business folk, especially non-technical government folk.

Would you care to estimate the percentage of end users who will copy&paste everything from this shiny new fully-encrypted fully-audited health records management system into their personal collection of word docs and excel sheets?

Re:P2P?! Oh no!

[p0tat03]

That makes no sense. Public health care has nothing to do with an advanced IT system; up here in Canada we didn't have anything that can even share files between doctors until relatively recently (less than a decade). The public health care system works without it.

The GP's point is that given this sort of system in a private health care environment, abuse is not only probable, but inevitable.

Wrong issue

[ZouPrime]

The issue here aren't P2P networks. The issue is government employees either loading confidential data on non-approved environments, or unauthorized software being installed on supposedly restricted environments. Both these problems must be addressed with traditional security controls that are completely independent of P2P technologies.

Re:Wrong issue

[evilkasper]

Exactly until they people handling the sensitive or classified material learn how to handle it with the care it needs we will keep seeing things like this. I mean how many times a week do we see something about a lost or stolen laptop or device that contained sensitive information. The issue (as per normal) is the USERS

Re:Wrong issue

[ValentineMSmith]

Neither the story nor the summary mentioned anything about government employees. The private sector is just as capable of screwing up as the government is.

Wouldn't a better headline be...

[scbomber]

"Clueless docs store patient data on wide-open PCs?"

The real problem here...

[jsiren]

If a doctor kept medical records on paper in a filing cabinet at home, would they let anybody else touch that cabinet?

The real problem here is that doctors take patient information home on a laptop, then allow somebody else to access that laptop. It's easiest to just get another laptop for the kids and not let them near your work computer.