National Health Database: Good Medicine Or Privacy Nightmare? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Healthcare // Electronic Health Records
News
8/26/2014
02:50 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

National Health Database: Good Medicine Or Privacy Nightmare?

State health information exchanges could eventually pool patient data into a vast national database, but privacy advocates have significant concerns.

Healthcare IT Cloud Safety: 5 Basics
Healthcare IT Cloud Safety: 5 Basics
(Click image for larger view and slideshow.)

State health information exchanges could one day connect, compiling patient data into a vast national database.

Such a centralized repository of information won't necessarily result from a request for proposal and years of integration work. Rather, it's probably starting right now, as states create health information exchanges that ultimately will connect, allowing professionals from throughout the country to access records regardless of location or insurance plan.

Advocates argue that creating a centralized storage center makes sense medically. Patients located on the West Coast, for example, could get treatment from specialists in Boston, assured that clinicians can access their complete and current healthcare information. Patients would no longer spend hours completing duplicate forms for each individual clinician since every provider's office could access all patient records. Risks and costs would drop as test results and other medical information become available nationally.

[Has your organization taken these steps to bolstering security? See 10 Ways To Strengthen Healthcare Security.]

Earlier this year the Office of the National Coordinator (ONC) for Health Information Technology (HIT) unveiled its 10-year interoperability plan, which aims to improve care, cut costs, and enhance patient engagement by enabling government agencies to access patient data from a broader spectrum of providers.

"There is no better time than now to renew our focus on a nationwide, interoperable health IT infrastructure -- one in which all individuals, their families, and their healthcare providers have appropriate access to health information that facilitates informed decision-making, supports coordinated health management, allows patients to be active partners in their health and care, and improves the overall health of our population" the report says.

Access to patients' records regardless of their hometown or primary physician would reduce the number of accidental deaths related to medical errors, said Stephen Cobb, senior security researcher at ESET North America. In 2013, between 210,000 and 400,000 patients in the US died as a result of medical errors, according to the Journal of Patient Safety, with serious harm 10 to 20 times more likely to occur than lethal harm.

"If we had better... access to data, we could solve these [problems]," Cobb said. "Imagine if you were able to [swipe] an unconscious person's fingerprints and pull up the person's records to find they're allergic to latex or penicillin."

On the other hand, the Citizens' Council for Health Freedom argues that centralizing the nation's patient records is dangerous and intrusive. EMR benefits are negligible and unproven, countered Twila Brase, the organization's president and co-founder, and the risks far outweigh any rewards.

"Our government is funneling billions of dollars into systems that will dump all of our private medical records into one giant hub -- accessible by many," Brase said. "The government is touting these procedures as ways to streamline patient care, but they're actually an attempt to capture and store Americans' private medical data and share it with agencies that have nothing to do with health care."

Critics of a national health database worry about where this data will be stored, how it will be used, and who will have access to the information. Despite laws that protect individuals from discrimination due to medical condition, and insurers' inability to ban coverage because of prior medical conditions, skeptics of a nationwide health database fear misuse, abuse, and theft of these personal records. They suspect companies will profit

Alison Diana is an experienced technology, business and broadband editor and reporter. She has covered topics from artificial intelligence and smart homes to satellites and fiber optic cable, diversity and bullying in the workplace to measuring ROI and customer experience. An ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 4   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
9/10/2014 | 7:49:54 AM
Re: hours?
@Alison: Actually, now that you mention it, they gave me a survey to assess how -- if at all -- depressed I was.

Hmmm...
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
9/8/2014 | 10:07:34 AM
Re: Little of both
A national database would provide researchers, government, pharmaceutical companies, and others with tremendous insight into all sorts of things. For example, they could know, in real-time, when and where people are getting contagious diseases like flu, measles, or mumps, then act accordingly. It would also help combat things like Ebola and MERS, as well as cancer. As you say, @pfretty, it would be vital for buy-in that any and all participants reassure the general public about the sanctity of this data, that it's truly de-identified, and secure. Without those valid assurances, then the repercussions could be dangerous (as in some people might avoid healthcare, lie to clinicians, etc.).
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
9/2/2014 | 9:33:52 AM
Re: Sounds like a fairy tale more than a nightmare
Thanks for the international perspective, @Li Tan. Would you prefer to have your healthcare providers linked, so you (ideally, anyway!) didn't have to repeatedly provide new doctors or testing centers with the same information? Or do you prefer the way your healthcare system is structured? Is China looking to a more integrated network or is it keeping the status quo? It's fascinating to learn how other nations tackle this common problem: I think all countries face the same challenges -- trying to reduce the cost of care, while simultaneously improving the quality and scope. 
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
9/2/2014 | 9:30:09 AM
Re: hours?
Did the doctor's office say or do anything after you checked the "no" box, Joe? Like you, I certainly read the fineprint very carefully these days, although I wish I had gone to law school sometimes because some providers' paperwork is far from clear. I've never had a problem when I won't give an SSN, although I'm amazed at how many offices still include that line in their forms. 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
8/29/2014 | 10:28:40 PM
Re: Another Epic Government Fail to Screw Americans
@Susan: There's also insurance carriers.  Cyberinsurance carriers may require their clients to do more than the bare minimum.  What's more, some take measures to help ensure that their clients have better security, including training.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
8/29/2014 | 3:37:48 PM
Re: hours?
@Alison: I suppose that's true (re: the cumulative effect).  At the same time, from a risk standpoint, I'm not convinced it's worth it -- especially considering the heightened spotlight being shed on data breaches.

At my most recent physical, I was given a very lengthy, fine-print consent document to sign regarding putting all of my health data in a third-party-maintained public cloud database.  Given that the words "secure database" were used so often, the rather extreme fearmongering language used to coax me into signing (i.e., that i might not get the best medical care in an emergency), and my specialized knowledge of the subject of healthcare data security, I quickly checked "No, I do not consent" before I finished reading even half of it.

I've already had one compromise of my electronic health data.  I don't care for another.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/29/2014 | 9:06:33 AM
Re: Sounds like a fairy tale more than a nightmare
It is interesting to hear how different countries operate. I come from the UK originally, home of course to National Health which is also run by government. As I recall (I was a child when I relocated to US), you're given a National Health number when you're born (we don't have SSNs in UK). So of course the government knows all your health info. OTOH, you cannot be deprived of health insurance, irregardless of your condition. And, contrary to some things I've seen online, if you're wealthy enough or choose to spend your hard-earned money in this manner, you can purchase private insurance. 

Was this gentleman surprised at the complexity of the US system, since it's private instead of government-run? Really interesting story!
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/28/2014 | 2:23:54 PM
Re: Interoperability is positive, but accurate patient ID is the linchpin
I'm excited about patient use of biometrics and would love to know if any developers or providers are piloting this approach. Sure, it won't be 100% accurate or safe; nothing is! But what a big step forward this could be and what a simple, cost-effective way to improve security without adding onerous complexity. I'd love that option for a patient portal. It would definitely encourage me to access it and improve my comfort level with the security.
Alison_Diana
IW Pick
100%
0%
Alison_Diana,
User Rank: Author
8/28/2014 | 2:20:45 PM
Re: Another Epic Government Fail to Screw Americans
Those are great points, Susan. Tackling the first, I wholeheartedly agree that there's a huge difference between doing something because you have to and doing something because it's integral to your being, to your corporate philosophy, and to the way you think about your customers -- or, in healthcare's case, patients. It's also how you think about employees. After all, the same tools, technologies, and processes that protect (or don't) your customers protect your employee data. And that might not be good. When talking to a CISO/CSO who really gets how vital security is to an operation, who is viewed as key to the c-suite, you see the value s/he (usually he) provides. One reason: That exec educates other c-levels and board members about why security is vital, about the carrot/stick, and how it requires everything from ongoing education to technologies.

Regarding your second point, JP Morgan obviously is not spending enough on security -- and it is a relatively tiny amount of money, relative to the huge earnings it boasts. I am for small government, in general, and would never argue for regulations demanding a set percentage of spending on security. But you'd certainly hope some board members would be savvy enough to recognize that's nowhere near enough. Until shareholders and board members are held liable -- especially if they are on record blocking CSO/CIO recommendations for X tech or Y process -- then fines against the company, which invariably get passed along to consumers, won't do a thing. We really need bigger, sharper teeth that - like Sarbanes-Oxley - put people's names, not company names, on the line.

 

 

 
Susan_Nunziata
50%
50%
Susan_Nunziata,
User Rank: Strategist
8/28/2014 | 1:54:37 PM
Re: Interoperability is positive, but accurate patient ID is the linchpin
@M2SYS: Thanks for bringing up something I hadn't considerd -- two very different applicaitons for biometrics there. As patients themselves increasingly use elecronic health records, Biometrics could be an added tool in keeping patient data secure, especially since some smartpones now incorporate fingerprint readers as part of the authentication process.

Has the use of biometrics been effective in the clinical uses you've cited? Are you aware of cases in which the wrong playeres were able to gain access even with the biometrics in place.
Page 1 / 4   >   >>
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

News
Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
News
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
Slideshows
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll