National Health Database: Good Medicine Or Privacy Nightmare?

State health information exchanges could eventually pool patient data into a vast national database, but privacy advocates have significant concerns.

from consumers' medical data. And they wonder whether the government has other reasons for seeking such personal information from everyone -- even those it does not insure or treat.

For example, what if healthcare providers, government agencies, insurers, or self-insured employers were to marry consumers' health records with voluntarily revealed information from social media posts, or credit report data? Some insurers already buy consumer information from data brokers to identify high-risk patients -- those who smoke, regularly eat at fast food restaurants, or drink excessive amounts of alcohol, for example -- and use predictive modeling to find those patients who need the most medical attention.

Critics also worry that a nationwide central database could become a "back door" into other issues. Florida, for example, recently barred physicians from asking patients about gun ownership -- a ruling lobbied by the National Rifle Association, among other groups. The Firearm Owners' Privacy Act, which passed in 2011 in response to the American Medical Association's plea to promote safe gun ownership, was appealed but upheld in court. The Act, which aimed to help doctors discuss gun safety and storage, represented a privacy breach to some who worried it enabled government or other agencies to accumulate information about gun owners.

According to the Christian Science Monitor, for example, one physicians' office separated a mother from her children in order to question the youngsters about the family's gun ownership; in another case a pediatrician reportedly refused to serve a mother who declined to answer a question about guns. Judges ruled, however, that doctors are encouraged to ask about guns if relevant, such as in the case of someone threatening suicide, judges ruled.

Still, the likelihood of a national health record database being developed is slim, according to John Hoffstatter, a physician assistant and delivery director, advisory services, at CTG Health Solutions in Jacksonville, Fla. "Interoperability is just not where it needs to be," he said in an interview.

Given breaches like last month's hacking of Community Health Systems' network, consumers will be more concerned about data security, Hoffstatter pointed out. "People are more aware of breaches and the dangers they pose."

Chris Zannetos, CEO and founder of security developer Courion, agreed. "The advent of one health database is unlikely," he said, pointing to the industry's current integration woes, multiple disparate systems, and protection worries.

"Security professionals would look at this in contradictory ways," he noted. "On one hand, they would be extremely worried if the government had a single repository for all that information because it creates a single point of failure. From a security and privacy perspective, actually having information dispersed is in many ways viewed as optimal -- you don't have single point of failure or that catastrophic breach where everything is exposed." "On the other hand," Zannetos continued, "from healthcare provider's viewpoint, if there was a way for doctors to see all a patient's records, it would improve care."

Creating a central medical database is both a security risk and potentially beneficial, Cobb agreed. "There are trends in technology that would facilitate the move to that, and reasons to think it could be a good thing from a security and privacy view," he said. "If a central repository for everyone's healthcare data [became] a crown jewels situation, protected by people whose job is to protect things -- not people whose job is to treat patients."

If the world wasn't changing, we might continue to view IT purely as a service organization, and ITSM might be the most important focus for IT leaders. But it's not, it isn't and it won't be -- at least not in its present form. Get the Research: Beyond IT Service Management report today. (Free registration required.)