Is There A Balancing Act Between Sharing Health Info And Privacy?

from the how-can-it-be-dealt-with dept

Over in the UK, as they're getting ready to rollout a new electronic patient record system for healthcare, there are a number of worries that such a system will inevitably lead to huge privacy breaches. Since it will be a centralized system that many people will have access to (and which many others may eventually figure out how to access illegally), there are legitimate fears that one of these days, rather than reports about social security numbers and credit card numbers lost through a data breach, it will be your personal medical records -- which aren't as easy to change as a credit card number. However, those behind the system insist that they've built it with security and privacy in mind -- and point out that the alternatives (basically, the current system) is that much worse. While it may not be as accessible, the paper records system is slow, inefficient, doesn't help you very much when you're at a different location -- and not all that secure in the first place. But the real question is whether or not this needs to be a balancing act. Are there better ways to construct a system that has the benefits of making information available while also protecting your privacy from prying eyes? Or are these two things mutually exclusive?


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    SecurityDog, Dec 18th, 2006 @ 11:26pm

    Well...

    As long as people want the information, they will find ways to get it. Doesn't matter what system is in place, the paranoia and the actual threat will always exist.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    reed, Dec 18th, 2006 @ 11:54pm

    Bigger questions

    I think there may even be a bigger question going on here than just are they mutually exclusive.

    As every piece of your personal information is converted into 1's and 0's you are fighting a losing battle for privacy. Technology has changed how privacy is percieved and ultimately it will elimanate privacy as we know it.

    I think the real question is are we going to allow these closed networks of information to benefit everyone or just a select few. The digital age is all about knowledge and whoever knows what is going on has the upper hand.

    I guess what I am saying is whats the point of hiding medical records when any insurance company can still look them up? Whats the point is worrying about privacy when programs like echelon, carnivour, and now the newly formed Homeland security violate it on a regular basis?

    It is too late to look back to a time when confidentiality once existed. I think it time for a new way of thinking. We need to open up to each other and live our lives as a open book. Of course this should start at the top and work its way down not the other way around!

    So I say we all use technology to spy on every major corporation, every politician, and every government official and then make that information available to everyone. It is time for technology to even the playing field between the haves and the have-nots!

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Compound, Dec 19th, 2006 @ 12:43am

    The digital age is all about knowledge and whoever knows what is going on has the upper hand.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Efficiency Expert, Dec 19th, 2006 @ 1:03am

    We need to open up to each other and live our lives as a open book

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Effucuency Failure, Dec 19th, 2006 @ 3:28am

    Re: (Blankness)

    The human race is still too 'tribal' in nature for that to work. You'll need to wait a good 100-200 years until most of the color differences are gone and everyone is kinda of a neutral tan color. There probably wont be any more blonds left, but at least we all look the same and we can share our thoughts like the hippies would of wanted!

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    The infamous Joe, Dec 19th, 2006 @ 3:59am

    I don't mean to downplay..

    I understand that it's a matter of privacy, but who would want my medical records? I mean, besides the sensitive numbers that aren't medical record specific (e.g. Social security) knowing I have had my nose broken a lot helps a would be criminal how, exactly?

    Just asking, it's early-- I hope it's not obvious. :)

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    qaqwex, Dec 19th, 2006 @ 4:15am

    People are the problem

    The general idea of the Health db is a good idea. I live in London and have an accident in Glasgow they will have access to medical records that show medication I am on and thus maybe avoid any potential side affects. Likewise if I go into a diabetic coma it will be recognised as that and not passed out drunk especially as I am tee-total now.

    However, it is all the others that have gained access through scope creep such as social services, police, taxmen and virtually anyone other department in the public sector. We have problems with the abuse of the DVLA db, the CRB db, PNCU et al yet the health department are taking the 'King Canute' approach that it won't happen to the health db. I have news for them any time you involve people in a IT system it has the potential to be insecure and this one will be no different.

    Also the police initially will need a warrant to access it, but soon either in the name of "the war on terror" or "protect the children" (whichever is the current money spinner for them) they will gain unlimited warrantless access. Do you really want that and all it implies?

    Also the private sector will have a foot in the door as well and, like baliffs, once they have a foot in the door they force their way in and grab the lot. My guess the excuse will be 'preventing fraud' or "making the system revenue neutral". So you develop MS and can't work any more. You claim on your critical illness policy, the insurance companies grabs the DNA test results on your file and discovers a gentetic pre-disposition you never knew about and rejects your claim.

    It will happen, access to DNA results is the Holy Grail for insurance companies becouse of the potential to reject claims. An Insurance underclass is the inevitable result and it will be the taxpayer that picks up the bill.

    I have already informed my GP that my data is not to go on the "Spine". If I need to carry important data about medication or the fact I am diabetic I will do what I do at the moment and have it on a 'medic-alert' bracelet.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    SD, Dec 19th, 2006 @ 5:00am

    Is it any less secure?

    Why is everyone so sure that centralising medical records onto a database makes the information any less secure than it already is? What makes paper so secure? Recently my local GP was burgled. Admittedly the thieves were probably after drugs as they ransacked the pharmacy but what could have stopped them rifling through doctor's filing cabinets? Personally I feel that my records are probably a bit more secure stored on a multi billion pounds database than in a hundred pound filing cabinet. It would take more than a two bit thief to break into the Spine (I work in very closely with those that are developing the technology, the people and the kit are among the very best I have ever encountered.)

    I also think that it is worth the risk. I like anybody else do not want my personal details out there, but if that is the trade off for a system that may well save my life, I think it is worth it.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Nobody Special, Dec 19th, 2006 @ 5:27am

    health privacy does matter

    Contrary to a few posts, your privacy does matter if you have a socially unacceptable disease. And it matters if you face discrimination because of health issues.

    The problem against which people must fight though is the idea that every doctor needs to have all of your health record or even cares. The simple fact is that most of the time your doctor doctors only care about a few things which all fit on about a half sheet of paper. They don't care to look at the entire history.

    Centralized databases should follow a number of things:

    1) Allow the patient to opt out.
    2) Only contain the limited information that is typically "pre-loaded" into the system.
    3) Become de-centralized for all other tasks.

    It would be beneficial to make all health databases follow a common schema. That way your information can be easily imported into another doctor's records. (Or carried around for those who wish to do so.) But there is no need for a centralized database outside auditing the doctors.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Alex, Dec 19th, 2006 @ 5:43am

    Can't it just be the same system we have now, except digital? The data could all be held in a centralised database, but health professionals would have to "sign out" every record they need, thus keeping total control over the information. Obviously this doesn't prevent against attacks against the database itself, but decent encryption could cover that hole I'd imagine.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    SD, Dec 19th, 2006 @ 6:04am

    Re: health privacy does matter

    The points you raise here are quite correct. What you must understand is that a doctor will only have the same access to records that he/she has now. Just because the records are centralised it does not mean that those accessing the data automatically have carte blache to see whatever they want. In fact, it is more likely that doctor or a medical practitioner will not be able to access data that would be useful due to the cautious nature in which the project has been set up.

    As a point of note I think that you are right that you should be able to opt out and this is indeed the case.

    In terms of privacy I feel that there is an unjustified assumption that someone will make this data public somehow. Breaking into an encrypted and secure network is not like it is in the movies where some geeky looking actor taps a few keys and access to the entire database of the Pentagon! I will however concede that there will be individuals out there who will a project of this magnitude as a challenge and that it will require vigilance in order to protect it.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Dec 19th, 2006 @ 6:43am

    Re: I don't mean to downplay..

    Well, let's say that it's something a bit more personal than a broken nose. Let's say you were treated for an STD. Or that a young woman had an abortion she didn't want anyone to know about. Or that you were treated for a psychiatric condition that you're embarrased about. Can you say "extortion" boys and girls?

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    The infamous Joe, Dec 19th, 2006 @ 9:10am

    Re: Re: I don't mean to downplay..

    That's just silly. Hiding the fact that I have an STD or had an abortion doesn't change the fact that I had them...

    It seems like people want privacy to protect their vanity/pride/self image. I assumed it was some type of identity theft issue.

    I agree with whomever said it above: If this prevents lost information, and helps them get my record faster, let's do it.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Davey, Dec 19th, 2006 @ 9:13am

    Re: Re: I don't mean to downplay..

    It ain't just about embarrassment. America has always fancied itself as the land of second chances. With med info dragging after you like a millstone all your life, you're at the mercy of all kinds of bad intentions. A religious nut employer knows whether you're circumsized, or had a miscarriage or donated eggs or sperm, or attempted suicide, or had a scrip for prozak, for example. None of his damn business, but once it's out it's out and you're economically damaged. Or think about similar info in the hands of a typical bigoted American sherrif -- "equal justice under law" is only a fantasy. The reality is what kind of impression you make on the powers that be.

    And then, of course, there's the question of whether insurance cos. have any right to any information. I think not. They managed for centuries without it, they'll just have to adapt again. The whole problem could probably be solved by deeply encrypting the information and making the password available only to the patient and perhaps a trustee designated by the patient. All other access would bring down extreme criminal penalties.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    eb, Dec 19th, 2006 @ 11:14am

    Bad Here in US

    With the costs of health care in the U.S. escalating out of sight for businesses, many companies would love nothing more than to see if you have a history of chronic disease before hiring you--or not hiring you if they had access to the information. I think discrimination on the basis of health problems is going to become a real economic problem in the next 10 years, in addition to the fact that more and more people are not going to have health insurance.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Sample Accounting Resume, Nov 29th, 2010 @ 3:47pm

    hi..

    Great web page! I don`t imagine Ive seen every one of the angles of this theme the way in which you`ve pointed them out. You`re a accurate star, a rock star guy. You`ve got a great deal to say and know so much about the subject that i think you ought to just teach a class about it.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Sample Accounting Resume, Nov 29th, 2010 @ 3:48pm

    hi..

    Great web page! I don`t imagine Ive seen every one of the angles of this theme the way in which you`ve pointed them out. You`re a accurate star, a rock star guy. You`ve got a great deal to say and know so much about the subject that i think you ought to just teach a class about it.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This