Tuesday, March 3, 2009

Medical Data Privacy: Consumers v Hackers

I just left the following as a comment over at THCB, but after I got done ranting it seemed like a mouthful so I'm reposting it here.

I enjoy the position of being involved in HIT, clinical and claims data, *and* being one of the afore-mentioned hackers. Please distinguish hacker from malicious hacker or "cracker". The term "hacker" has no negative connotation in the community.

That said, I'd like to promise you all this:

When we're done, your health information will be as private and secure as your credit card information.

It will flow across secured networks using portions of the public Internet. It will be covered by copious security policies, all well-intentioned, and few implemented fully.

It will be accessible to you, the patient, electronically. A vague audit trail will also be available.

People who have access to this data - doctors, nurses, covered entities, HMOs, government workers, will store it on their laptops. Their thumb drives. Some will have identifiable data. Some will have deidentified. Some will have patient-level data, some will have aggregated.

Some of them will have their laptop stolen, forget it at the airport, lose their thumb drive. Some will just take it because they can sell it to some guy in Romania.

Third parties will make decisions about you based on your unique profile. Some of these decision will help you, such as reminding you to go get that mammogram. Some will hurt you, because you, like me, have not yet fully quit smoking.

All the above is going to happen. You have no say in it. It's begun, it's overdue, and it will be as imperfect a system as the current one, but with more detailed history of its imperfections.

It will surface new ways to practice medicine, and many of them will be for the collective good. It will surface new ways to lower cost, and many of them will be for the collective good.

You will be as secure in the safety of your medical data as you currently are with your credit data. You all punch your PIN in to the supermarket checkout machine while 15 people watch you. Right?

The government does not have your credit history any more than I have your credit history. The government may have your health score, the same way it can access your credit score. Or your landlord, or your employer, or your private detective.

You will have no more and no less security than with any other confidential information you currently manage, such as your Web site password for your online broker or your online checking account, the credit card bill you throw away unshredded, your mother's maiden name.

I don't hear any of you cutting up your credit cards.

I am not a doctor, a health provider, nor a policy maker. I am merely a tech-savvy consumer who happens to build health report cards using what little data is available to me. If nothing else, I look forward to the day I can actively score the use of evidence based medicine using clinical data delivered deidentified. That and I'd like to know what my last test result were, even if they were a couple years ago.

This is a non-conversation, and allowing the world and their mother to have a say in the indisputably inevitable is merely costing more money and wasting more time. HIPAA already covers who can see what when; properly implemented using standards-based EHR software is already happening, and will continue to happen.

The sooner we build it, the sooner we can start making it better day by day.


Jen McCabe Gorman said...

Jazz -

Clapping. Excellent, excellent post. Clearest representation I've seen.

Jen McCabe Gorman

Anonymous said...

I recently came accross your blog and have been reading along. I thought I would leave my first comment. I dont know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.



Kim said...

I think that we all have to accept that big brother or someone else will always be watching and that privacy is something of the past, just google your name and you will be amazed, beside which everytime someone swipes your card through a medical card reader they get to see all your info which I personally dont think they should have any access to. I guess its something we have to accept

Disclosures and Disclaimers


My employer is compensated through funding to provide analytical research, technology solutions, and Web-based public and private health care performance reports by the State of New York, the State of Illinois, the Centers for Medicare & Medicaid Services, the Agency for Healthcare Research and Quality, the Commonwealth Fund and Bridges to Excellence. I am not being compensated by any of these organisations to create articles for or make edits to this Web site or any other medium; and all posts authored by me are as an individual and do not represent my employer or the agencies I work for.