Healthcare // Electronic Health Records
News
8/26/2014
02:50 PM
50%
50%

National Health Database: Good Medicine Or Privacy Nightmare?

State health information exchanges could eventually pool patient data into a vast national database, but privacy advocates have significant concerns.

Healthcare IT Cloud Safety: 5 Basics
Healthcare IT Cloud Safety: 5 Basics
(Click image for larger view and slideshow.)

State health information exchanges could one day connect, compiling patient data into a vast national database.

Such a centralized repository of information won't necessarily result from a request for proposal and years of integration work. Rather, it's probably starting right now, as states create health information exchanges that ultimately will connect, allowing professionals from throughout the country to access records regardless of location or insurance plan.

Advocates argue that creating a centralized storage center makes sense medically. Patients located on the West Coast, for example, could get treatment from specialists in Boston, assured that clinicians can access their complete and current healthcare information. Patients would no longer spend hours completing duplicate forms for each individual clinician since every provider's office could access all patient records. Risks and costs would drop as test results and other medical information become available nationally.

[Has your organization taken these steps to bolstering security? See 10 Ways To Strengthen Healthcare Security.]

Earlier this year the Office of the National Coordinator (ONC) for Health Information Technology (HIT) unveiled its 10-year interoperability plan, which aims to improve care, cut costs, and enhance patient engagement by enabling government agencies to access patient data from a broader spectrum of providers.

"There is no better time than now to renew our focus on a nationwide, interoperable health IT infrastructure -- one in which all individuals, their families, and their healthcare providers have appropriate access to health information that facilitates informed decision-making, supports coordinated health management, allows patients to be active partners in their health and care, and improves the overall health of our population" the report says.

Access to patients' records regardless of their hometown or primary physician would reduce the number of accidental deaths related to medical errors, said Stephen Cobb, senior security researcher at ESET North America. In 2013, between 210,000 and 400,000 patients in the US died as a result of medical errors, according to the Journal of Patient Safety, with serious harm 10 to 20 times more likely to occur than lethal harm.

"If we had better... access to data, we could solve these [problems]," Cobb said. "Imagine if you were able to [swipe] an unconscious person's fingerprints and pull up the person's records to find they're allergic to latex or penicillin."

On the other hand, the Citizens' Council for Health Freedom argues that centralizing the nation's patient records is dangerous and intrusive. EMR benefits are negligible and unproven, countered Twila Brase, the organization's president and co-founder, and the risks far outweigh any rewards.

"Our government is funneling billions of dollars into systems that will dump all of our private medical records into one giant hub -- accessible by many," Brase said. "The government is touting these procedures as ways to streamline patient care, but they're actually an attempt to capture and store Americans' private medical data and share it with agencies that have nothing to do with health care."

Critics of a national health database worry about where this data will be stored, how it will be used, and who will have access to the information. Despite laws that protect individuals from discrimination due to medical condition, and insurers' inability to ban coverage because of prior medical conditions, skeptics of a nationwide health database fear misuse, abuse, and theft of these personal records. They suspect companies will profit

Alison Diana has written about technology and business for more than 20 years. She was editor, contributors, at Internet Evolution; editor-in-chief of 21st Century IT; and managing editor, sections, at CRN. She has also written for eWeek, Baseline Magazine, Redmond Channel ... View Full Bio

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 5 / 6   >   >>
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/27/2014 | 12:45:53 PM
Re: Another Epic Government Fail to Screw Americans
There are many points of failure in the health system, more than we realize, and allowing multiple systems to integrate or intercommunicate will only further weaken security. We already know that these data chains are only as strong as their weakest link (Target breach, anyone?). The same thing will, no doubt, occur in healthcare when some cybercriminal hacks into a second-string partner of a first-level partner of a drug store, HIX, or healthcare system and grab millions of patient records (and credit info, for good measure). 
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/27/2014 | 12:43:34 PM
Re: Safety and security
I agree: The lack of transparency is one of the biggest concerns -- and it's one of the causes of conspiracy theories and scares. As you say, private pharmacies already have access to a ton of information about patients but many consumers don't realize this. Sometimes it's very helpful: It can prevent allergic reactions, illegal doctor-shopping for controlled substances, and over-medication, but when the public doesn't know about these rules or procedures, I think that's wrong. More openness is the way to go.
MedicalQuack
50%
50%
MedicalQuack,
User Rank: Moderator
8/27/2014 | 11:26:58 AM
Time and Cost..
There's better ways to do this with connecting versus yet one more big data base and using the cloud can create these types of connections. 

http://ducknetweb.blogspot.com/2014/07/zoeticx-clarity-server-middleware-hie.html

It kind of says a lot for keeping a PHR if you will too.  As you mentioned, the security risks here are big too as all you have to do is look at the breaches we have had so far. 
progman2000
50%
50%
progman2000,
User Rank: Ninja
8/27/2014 | 10:30:57 AM
Sounds like a fairy tale more than a nightmare
It's hard getting a couple of hospitals to share patient information.  Having a true unified National Health Database sounds like something that will never happen.  On paper the benefits probably outweight the risks, but, yes, given the security involved I'd say the risks are probably pretty large.
M2SYS
50%
50%
M2SYS,
User Rank: Apprentice
8/27/2014 | 10:07:33 AM
Interoperability is positive, but accurate patient ID is the linchpin
Great post Alison. We consistently hear about the positive effects of establishing state and national HIEs and the benefits which could be derived from these repositories to advance both individual and population health. However, the one key linchpin to the success of any HIE or interoperability initiative is the ability to accurately identify patients and match that identity with a unique medical record. The horrors of dduplicate medical records and overlays put into question the data integrity of certain healthcare providers, some of which have proactively adopted more modern technologies (biometrics for example) to accurately identify patients which drastically improves data integrity and practically eliminates duplicates, and others who still rely on older, antiquated methods of identifying patients. You would most likely feel much more confident in the integrity of health data if a patient's identity is not only accurate, but you know that there aren't any duplicates or overlays that exist for the patient to ensure that the medical data you see is accurate and there isn't any additional information that may exist. We always have believed that when it comes to HIEs, interoperability, etc. the industry is very much putting the cart before the horse in terms of securing technology that has the ability to offer near 100% patient identfication accuracy. 
Stratustician
50%
50%
Stratustician,
User Rank: Ninja
8/27/2014 | 9:34:02 AM
Re: Safety and security
I agree @impactnow. While I absolutely love the idea of having a connected, national healthcare system that will allow for the sharing of records between agencies, the reality is that the more providers and other utilizers of the data (such as pharmacies etc), the more points of entry we have into this system. This is especially worrisome since if the proper controls aren't even in place on the government side, how can we expect these other agencies to have the right controls to protect user data.  Could you imagine if healthcare records were breached at the retail level?  In order for a system like this to work, the security and privacy policies must be enforced on all levels, not just the government end.
Susan_Nunziata
50%
50%
Susan_Nunziata,
User Rank: Strategist
8/26/2014 | 9:42:27 PM
Re: Safety and security
@impactnow: Yikes! our pharmacy records are in the hands of retail national operations already...thanks for giving me something else to lose sleep over.

Have there been any major hacks (yet) at these pharmacy chains that you're aware of? They'd seem to be quite a likely target.
Susan_Nunziata
50%
50%
Susan_Nunziata,
User Rank: Strategist
8/26/2014 | 9:39:36 PM
Re: Another Epic Government Fail to Screw Americans
@asksqn: The hacking is inevitable. This is one of those scenarios where it's fitting to ask, in a voice dripping with sarcasm, "what could possibly go wrong?" As a patient whose medical records span multiple states due to the need for specialists and a cross-country relocation, I can see the value in interoperability and shared information. At the same time, I agree it just makes it that much easier for my information to be accessed. I think for now I'll choose the inconvenience that the lack of shared data means for me as a patient...
asksqn
50%
50%
asksqn,
User Rank: Ninja
8/26/2014 | 7:10:17 PM
Another Epic Government Fail to Screw Americans
You mean instead of having my confidential EMR hacked while stored at the local HMO I can now have it hacked by international criminals?  Sign me up, Obama.  What a brilliant plan!
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
8/26/2014 | 3:56:38 PM
Re: Consider the source
Absolutely there are privacy and security risks, as there are any time PII is out of the owner's direct control. My point was that groups with the end goal to kill the ACA have zero incentive to help figure out how to offset those risks. In fact, a breach plays into their agenda. Having them as part of the conversation pretty much guarantees that no solution will be found, because they don't want one.
<<   <   Page 5 / 6   >   >>
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.