Your Medical Records Online

um... Lucas writes "Apparently, Intel's teaming with the AMA to help post patient records online. It's way too early to tell what they're thinking, but I want to know if I can opt-out now." This could be a good thing if it's done right ... or a privacy disaster if it's done wrong.

Clinical Trials for Free

[jake_the_blue_spruce]

One of the advantages to a national repository is that researchers or programs can flag correlations that might otherwise get unnoticed. For instance, if people on a certain drug all develop arthritis, perhaps a clinical trial is called for. If a certain city has a much higher incidence of cancer, perhaps there's a contaminant in the water. This is especially useful for bizzarre combinations which aren't tested in drug trials. For instance, everyone who's on 5 unrelated drugs, might get symptoms that normal test subjects won't.

I hope they take this seriously...

[handorf]

"If you're buying a book online, it's not critical that I know your ID," said Mariah Scott, manager for Intel's authentication services unit. "If you're talking about accessing your health records online, you really need to know that this is a physician," Scott said.

I hope they live up to that. If not, I may just have to find me a country doctor who don't know diddly about computers.

"Well, Mr. Smith, I see you have an impressive resume, but our records indicate you have heart problems and that makes you an unacceptable risk. And you would push up our health insurance premiums."

I don't like this new world, can I have the old one back?

I don't like it at all

[Wyatt+Earp]

I've had a very interesting medical history (think cancer x2) and I know that I don't want my medical records on-line.

Now if this stuff gets out in the public sector with insurance companies and employeers getting ahold of this it could become hard to find a job, especially if the economy dips and the job market flip-flops so that employeers have the upper hand.

Although I would love to have a copy of my Mayo Clinic records just to page through...I don't want this information on a vulnerable network...and you know when this stuff is put online it will prbly be sitting on NT boxes.

This is scary

[Nicolas+MONNET]

Think AIDS. So you'r HIV positive? Good! Everybody will know about it.

Not to do some US bashing AGAIN, but in France, Doctors are'nt even allowed to give personal medical information to other doctors (without the patient's assentment, of course).

Be Afraid.

A hospital I used to work for was implementing a system to allow patients to access their medical records via the internet. The idea was that you could access your medical records, send emails to your Doctor's office, etc. They were doing this in conjunction with a vendor.

This was all very well and good, except that this hospital, like most hospitals, took technical incompetence to a level that I have never seen anywhere else. I am not exaggerating in the slightest -- most of the "IS Staff" were nurses who had been promoted into IS!

You can imagine what security looked like. Literally, all the passwords in the NT domain were "password" or null. Likewise for Netware passwords. Passwords for system accounts were things like "nascar" (the nurse who ran that system was a fan -- but that password had been changed when I left). In fact, I don't think I ever saw anyone but myself set a password that could not be broken by crack in 30 seconds flat.

On top of that, this organization would try to run on the least technical staff possible. That's good as far as it goes, but when you have a $500,000 UNIX system that you are trying to run with a mail clerk! I'm not exaggerating in the slightest: this organization spent upwards of $3 million on software, $500,000 on the database server, and tried to run it with an employee making less that $10/hour. On this particular system, mos accounts had a password of their user name. After all, anything else was too hard to remember. The root password (until I came on and straightened them out) was "superman".

And, you guessed it, all those wide open accounts were accessible from the dial-in rack. Any fool with a war dialer could get in at any time. I tried to inform them of this, and they ignored me. On the other hand, they were genuinely paranoid about Internet access. So paranoid that they refused to allow access to just about anything without begging, cajoling and everything else, but not so paranoid that they would hire someone technically competent to manage it.

Their biggest problem was that they had no respect for or desire to have around technical competence. I was isolated from day one because I did not pander to their sloppy practices. They didn't want a nerd, they wanted a "manager".

At any rate: do you think that this bunch could keep your data secure? Get real.

rural medicine

[cogitatio]

Having health records online would be a huge boon to rural medical practice, especially given the already surging growth in telemedicine. By having medical records already available online, practitioners in areas with limited medical resources (such as Alaska's bush communities) could greatly increase the speed of treatment for difficult medical and trauma patients. By already having the records online, the temporal gap between presentation in the primary care clinic and a second opinion by a specialist would be greatly shorted, in many cases increasing the chances of a successful recovery. Having medical records online wouldn't just help "one or two patients" as someone else commented, it would be of great advantage to many....IF they can get the encryption software to work properly. As a future rural physician, I know I would appreciate having my patients' records online. Knowing what I do about encryption and the privacy issues involved in an issue like this, I'm just not so sure I'd want MY records online. Hopefully they'll work it out, because this could be a huge advantage to the medical community, as well as to they patients they treat.

As always...caution should be paramount...

[Dark+Father+Amadeus]

I've worked in the information systems branch of the medical industry for the past four years now. I've seen time and again how badly patient records are protected electronically in clinic, hospital, and corporate office.

Where possible, I've always taken steps as the chief technology employee to protect the patient's records and rights to privacy. I've tightened security systems, making workflow in the clinic a little more attentive to computer usage, so that our patients could rest with the knowledge that all steps had been taken to protect their privacy.

This development scares me. Certainly there is the possiblity to use this information to detect patterns otherwise unseen, but largely such patterns are detected from abstract databases already maintained at the state or inter-state level. For example, cancer clinics maintain tumor information at the state level not only for statistical reporting usage, but also for usage as a pattern detector. But the patients are ultimately proctected from becoming anything more than a number.

A nationwide system with full medical records runs dangerously close to causing mroe harm than good. The patients are no longer a statistical element whose anonymity is fairly well protected by abstraction from their medical chart. Instead, their medical chart is now a part of this database? I am indeed most concerned as to where this development will lead.

Obviously it could be a Good Thing for both patients and their physicians to have quick and ready access to a patient's medical record and history. However, the rush of technology must be tempered with a careful evaluation of necessity. Is it absolutely necessary for this sytem to be available to both the public and physicians. Would it not instead be better served as a carefully controlled, non internet, system available only through licensed professionals?

I would say the patients should express any concerns they have to the proper branch of the AMA. They can try to protect this information all they want. The ultimate question is whether or not the information needs to be made available in such a venue in the first place.


ta,
Jason
# Jason A. Dour

Demand open source

[jflynn]

This is a case where the people who are being exposed have a clear right to inspect the software they are entrusting their records to. We should demand they open source the system in the public interest. At the least this will slow things down while the bugs are fixed.

Even if the software were completely secure, I still have doubts about this. Just how hard is it to find a licensed physician with a need for money that would be willing to broker requests? Blackmail? Besides the obvious problems with insurance companies and employers having access, if you have ever answered "yes" to a doctor's question about drug use, you may not want the government to have access either. You really think they won't?

Yes, this could do a lot of good for statistical studies. So we might consider a system where all individual identification data was stripped from the records prior to storage, and placed somewhere isolated from the internet with a warrant required for access. Difficult though, since you'd need to store hereditary relationships and approximate patient location to distinguish genetic from environmental disorders.

Delusions?

[BootHead]

Anyone under the impression that your medical records are safe and private are seriously mistaken.Everytime you visit the doctor or the hospital a electronic record it generated. It is called a recepit. The insurance companies get on your doctors office gets one.Heck, even you get one. So how safe are the hospital, doctors offices, and insurance company networks? I've worked with many doctors and let me tell you... a lot of the time all you need is the modem number to access the entire network of a doctor's office. Security is lacking because the doctors don't think to hire real sys-admins. Again, this is only in my experiance.But I don't believe any of my medical records are safe

HIPAA - You need to know this

[the+red+pen]

Healthcare Information Portability and Accountability Act. It's not just a good idea, it's the law (in the USA). Within the next two years, agencies dealing in personalized medical records will be forced to submit to HIPPA regulation. This includes hospitals, "health web sites," pharmaceutical companies and so forth. If they have your medical data, they must conform to HIPPA.

What does that mean?

• Medical data must be stored in a secure manner. Yes, there is no perfect security, but let's just say that Windows NT is about to suffer greatly in the medical marketplace...
• Medical data must be protected in transit. That means RC4-128bit or 3DES. Even on a hospital LAN. That's right: sanity at last.
• There must be published and audited policies and procedures governing storage, transit and disclosure of electronic medical records. That may sound like a drag to Slashdotter's who work in chaotic, fast-paced tech companies, but this bureucratic overhead means clear liability concerning your personal data.
• Included in the auditability guidelines is non-repudiation. This means digital signatures and X.509 certificates. This is an excellent technology which has been resisted due to cost and complexity. Not anymore.

Bottom line: nobody is going to be putting your medical records on a public website.

Less management, more clue

[LL]

Hmmm .... having a family member who's part of the medical fraternity could be dangerous to your faith in the hospital system. People sometimes conveniently ignore the fact that the point of a health system is public reassurance, ie to avoid the suggestion of public rorting and keep psychos/mortalities off the front page. Hence you may be surprised at the ratio of managers, biostatisticians, procurement specialists, ethical reviewers, etc to actual medical staff. Adding an unstable IT system to the mix sounds like a recipe for disaster. If you think your medical bills are expensive, wait until you add the cost of a multimillion dollar system (+ ongoing maintenance/replacement) and another layer of staff onto the bill. Also, if trends are any indication, management will take this opportunity to replace highly trained auxiliary medical staff with less skilled button-pushers. It's bad enough having bank tellers believing the printout as gospel truth when you know there has been a screwup but with a medical system, who bears the utimate risk of mistakes/errors? I'd like the see the end-user-license for this one! Plus with more detailed records being permanently kept, expect litigation to go up.

The whole point of a hospital system should be to keep people out as much as possible, ie focus on preventive health rather than fixing up the mistakes where the costs are so much more significant. Ie more time on the design rather than final quality control to the afterlife. This is where I see IT making more of an impact in the long-term like mobile devices that make periodic medical checks. Also giving people more information about the efficiency (and thus cost) of their insurance coverage allows them to make more informed choices. Given the advances in basic health, most medical problems nowadays are life-style related (obesety, alcohol-related liver damage, lung cancer, mental health, etc). With better information, expect to see more carefully targeted insurance plans. By tying costs back to the source, it will hopefully create a dampening feedback cycle.

Sure the medical system will change but don't expect it to happen overnight.

LL

Re:what exactly does health care mean, and

[drwolf]

I'm an MD who works in the medical IT industry.

Having access to records on-line benefits a variety of parties:

1) Clinician
If there was a universal repository for records that the clinician could query, care could be delivered more efficiently. You wouldn't need to repeat your in-depth medical history every time you visit a new doc. 90% of medical diagnoses can be made from history alone, so having an accurate, ubiquitous record benefits both the patient and clinician.

This is especially true in situations where the patient cannot communicate. [think of someone coming into the ER comatose, without any records.]

2) Insurance Companies
Obviously,having this info in a universal repository provides the payer with more accurate information about your past medical history. This may not always be in the patient's best interest [consider: if you thought you had HIV or suffer from a psychiatric disorder, would the availability of your record online deter you from seeing a doc? It might. Not good.]

3) Pharmaceutical Companies
Recruiting people for clinical trials is a big business. The more efficiently you can enroll people in trials, the faster your drug can get approbed. A compound can take 10-15 years to reach market after it is discovered. Shaving off a couple of months of development time can mean hundreds of millions of dollars in increased revenue.

I agree that caution needs to be taken WRT the development of a universal system to get the records online. Serious thought has to be given over access methodologies.
Ultimately, _you_ own your medical record, and _you_ have the right to determine who uses it. Any system that is developed should reflect this reality. [That said, I won't hold my breath :( ]

docwolf

Large med. databases?

It's been done, and is still being done, and we are taking lots of security precautions.

The company I work for develops and sells a patient records and practice management software package. Our security requirements are downright freaky. FULL DISCLOSURE: Yes, it runs on NT, but, when done right, you can secure an NT network.

1) No outside connections unless they come through our firewall. Period. We do not have a dial-in system, and our ISDN links to doctor offices are password protected three times (router, VPN authentication, user password). Yes, we have Internet access, but only certain people have access to it, and it is logged as well.

2) If you are not using our machines with our software, no network link for you. We have two doctors who have a home link. They come in, using NT systems configured separately from their home machine, owned by us, through a VPN tunneling link using 128-bit encryption. Slow as hell, but its secure.

3) Every action is logged, right down to checking a patient in or out. Our logging database takes up its own 12G hard drive, and is backed up to tape every night, along with the rest of the system.

4) Database security: Every user has specific access rights which cannot be changed by anyone but our administrators (duh). They are finely grained, down to controlling which functions in what applications can be performed.

5) No FDD access at all, nor data dumps, from user applications. It is not possible to get a raw data dump from our system without us knowing it (and doing it). This is analogous to the credit reporting agencies' systems. You may can get one or two patients before someone notices you're not supposed to be at another person's machine, but you won't get them all. Oh, and this also prevents installing any software but ours (no CD-ROMs, either, and network-based installs are only accessible to administrators).

6) Network based anti-virus protections: You will run our anti-virus software (as well as remote control software using AT&T's open source VNC program) with virus definitions updated nightly.

See? Life's not so bad, as long as its done right.

Is your name Buttle?

[Wohali]

Oh, I'm sorry, we needed heating engineer Tuttle, not Buttle! It's too late though, your husband is dead.

WHAT DID YOU DO WITH HIS BODY?

Get your morning tea, Wohali....

^^^^^ Moderate this up!

[fable2112]

I understand legitimate privacy concerns. But there ARE times when people actually DO have a right to access certain information. For instance, someone in a nearby small town who tested HIV+ and had reported over 100 sexual partners (MANY of them underage girls). In a case where something is a legitimate public health hazard, there needs to be a way for the appropriate authorities to get the necessary information.

Nobody was EVER talking about putting medical records on a public website. I used to work for a medical school, and I know that the doctors would never allow that. However, being able to transfer treatment records more quickly to other medical professionals is enough of a benefit that with decent security in place it FAR outweighs the risks IMHO.

Some Medical Records Are Already Online

[esme]

Some medical records are already online.

For example, I'm the sysadmin for a project called PCASSO (Patient-Centered Access to Secure Systems Online), which is led by Dixie Baker at SAIC and Dan Masys at UCSD. The basic idea is secure access for providers and patients over the net. We're currently at the end of a three-year grant, and are in the middle of a field test with a few hundred providers and a few dozen patients at a local university medical group.

And the whole focus of the project was security. It was designed from the ground up with HIPAA in mind. A little bit of detail is available at our website, but the basics are:

• Server runs B2-class DG/UX and Trusted Oracle 7, and MAC labels are implemented both in the database and in the OS.
• The client is a Java applet, so it can't damage the client env. No plaintext identifiers exist in the client env, and input is done using a graphical keyboard so the keypresses can't be captured.
• Multi-factor auth: username and password, plus challenge-response, plus digital cert. And, our SSL is not the usual anonymous kind, so both the client and the server have to prove who they are.
• Role-based access controls, so patients can't see patient-deniable data, and providers can see only their own patients' records (with provisions for emergencies, of course).

There was an article in SysAdmin magazine (no fulltext online, unfortunately :( ) last month where the previous sysadmin and I discussed some of our experiences with the system and with the users' reactions. Basically, doing things right is a pain, and some users (mostly the providers who are used to easy and unlimited access) hate the multi-factor auth. We'll have a better idea of what the patients think once we've gotten a critical mass and done some surveys.

HIPAA Needs Complimentery Legislation

[Theory]

In general, I think that the requirements of the HIPAA are a Good Thing(TM). As someone who has worked in Medical IT for three years, I understand the need for high levels of security in order to insure patient confidentiality. However, I also see the benefits to a universal, centralized database of patient clinical data - most of which Dr. Wolf mentions below.

Given the state of the law and the technology, however, and given the threat to patient confidentiality posed by such a centralized database (can you be refused a job or health insurance because of your prior medical record?), I think it is extremely important that further legislation be passed in order to make such uses of patient data illegal. Such legislation must be very specific in terms of what constitutes abuse and what the consequences of said abuse will be. Only with such a legal framework in place will the technological be able to move ahead while offering patients some level of comfort regarding the confidentiality of their data.

And as for the techology, it must have, at a minimum, the following features (IMO):

• HIPAA compliance, perhaps through an XML data exchange format.
  
• Security to ensure Patient Confidentiality: minimum 1024-bit PK encryption and triple-DES private-key encryption.
  
• Access authentication, so that it is clear who accesses a record, every time it it accessed. Permission should be given to healthcare professionals and patients.
  

David

Re:What difference does it make

[Mr.+Slippery]

Of all the comments on here, there was only one other that questioned why privacy is needed here.

Sorry? Since when is it necessary to justify privacy?

I don't see why privacy is "needed" about who you sleep with, how often, and what positions you employ. There's no legal way for anyone to exploit it, so please post this information on the web for all to see.

Choosing what information we divulge about ourselves is a basic right.

*Patients* must own their data

[dublin]

One item I've not seen raised here is a vital one, which so far as I know is not addressed in the HIPAA/Kassebaum-Kennedy legislation. (Although I have not studied it, and I could be wrong.)

In order to prevent abuses of patient data it is *absolutely essential* that it be made completely clear and unambiguous in the law that *any* data about a patient's health is the *property* of that person. If this is not done, then all the other "security" assurances are meaningless. Information should be released to providers or payers *only* with the permission of the patient, on a transaction-by-transaction basis. That means that even your own doc should not be able to go pawing through your record without your consent, unless he is willing to certify that an emergency situation exists and you are incapacitated. Even then, an non-repudiatable entry should be made in the audit log to show that access.

Not only is this not clear in the federal legislation so far as I know, but few states have any sort of law stating that patients own thier information, either. It's easier to get your medical records in many places than your credit report, and we all know that's not too difficult.

BTW: Think not only of how information on you might be misused against you, but also how it could be misused against your offspring, since it will all be available on some big server somewhere. There's really no reason to expect that your records won't still be around long after you're gone, but they could be dangerous for quite a while: Hmm, his great-grandfather had cancer, eh? "I'm sorry, we don't have any positions that are a good fit for you at this time, but we'll keep your resume (and family health history) on file."

If the patient *doesn't* own their own data, then who does? It's likely some presently powerful entity that stands to benefit greatly from the serindipitous discoveries that doubtless lay waiting to be discovered in all that data. The data *is* quite valuable, and that's the problem - it's unlikely that the insurance companies, HMOS, pharma companies, etc. would let the patient own this data, they all want to control it themselves. The new federal directions on ownership of databaases make this even scarier.

At the same time, an ideal setup would allow anonymous searching across populations, but it's notoriously hard to prevent information about a single patient from being retrieved by data mining tools. (Show me the abstracted claim info for all female VPs at XYZ Corp that live in Yuma. Oops, there's only one? Well, that abstracting didn't hide much, now did it?)

Oh, and not to be alarmist, but as a former heatlhcare IT consultant, I can say that although most hospitals and docs are sincere in their intent to provoide privacy, in reality there is nearly none. The most secure systems you'll find in a hospital are the ones based on paper, and a big hospital loses thousands of charts and x-rays every year. Not like it really matters since all the most damaging info gets shuffled directly to the HMOs or insurance companies in already coded and classified form where it can *really* get misused behind closed doors. In my mind, the payers pose a far greater risk than the providers.

************************************************ *
Patients must own patient data, and the providers and payers must realize they have a
fiduciary responsibility to maintain the privacy
of that data.
************************************************ *