National Health Database: Good Medicine Or Privacy Nightmare? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Healthcare // Electronic Health Records

National Health Database: Good Medicine Or Privacy Nightmare?

State health information exchanges could eventually pool patient data into a vast national database, but privacy advocates have significant concerns.

Healthcare IT Cloud Safety: 5 Basics
Healthcare IT Cloud Safety: 5 Basics
(Click image for larger view and slideshow.)

State health information exchanges could one day connect, compiling patient data into a vast national database.

Such a centralized repository of information won't necessarily result from a request for proposal and years of integration work. Rather, it's probably starting right now, as states create health information exchanges that ultimately will connect, allowing professionals from throughout the country to access records regardless of location or insurance plan.

Advocates argue that creating a centralized storage center makes sense medically. Patients located on the West Coast, for example, could get treatment from specialists in Boston, assured that clinicians can access their complete and current healthcare information. Patients would no longer spend hours completing duplicate forms for each individual clinician since every provider's office could access all patient records. Risks and costs would drop as test results and other medical information become available nationally.

[Has your organization taken these steps to bolstering security? See 10 Ways To Strengthen Healthcare Security.]

Earlier this year the Office of the National Coordinator (ONC) for Health Information Technology (HIT) unveiled its 10-year interoperability plan, which aims to improve care, cut costs, and enhance patient engagement by enabling government agencies to access patient data from a broader spectrum of providers.

"There is no better time than now to renew our focus on a nationwide, interoperable health IT infrastructure -- one in which all individuals, their families, and their healthcare providers have appropriate access to health information that facilitates informed decision-making, supports coordinated health management, allows patients to be active partners in their health and care, and improves the overall health of our population" the report says.

Access to patients' records regardless of their hometown or primary physician would reduce the number of accidental deaths related to medical errors, said Stephen Cobb, senior security researcher at ESET North America. In 2013, between 210,000 and 400,000 patients in the US died as a result of medical errors, according to the Journal of Patient Safety, with serious harm 10 to 20 times more likely to occur than lethal harm.

"If we had better... access to data, we could solve these [problems]," Cobb said. "Imagine if you were able to [swipe] an unconscious person's fingerprints and pull up the person's records to find they're allergic to latex or penicillin."

On the other hand, the Citizens' Council for Health Freedom argues that centralizing the nation's patient records is dangerous and intrusive. EMR benefits are negligible and unproven, countered Twila Brase, the organization's president and co-founder, and the risks far outweigh any rewards.

"Our government is funneling billions of dollars into systems that will dump all of our private medical records into one giant hub -- accessible by many," Brase said. "The government is touting these procedures as ways to streamline patient care, but they're actually an attempt to capture and store Americans' private medical data and share it with agencies that have nothing to do with health care."

Critics of a national health database worry about where this data will be stored, how it will be used, and who will have access to the information. Despite laws that protect individuals from discrimination due to medical condition, and insurers' inability to ban coverage because of prior medical conditions, skeptics of a nationwide health database fear misuse, abuse, and theft of these personal records. They suspect companies will profit

Alison Diana has written about technology and business for more than 20 years. She was editor, contributors, at Internet Evolution; editor-in-chief of 21st Century IT; and managing editor, sections, at CRN. She has also written for eWeek, Baseline Magazine, Redmond Channel ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
8/26/2014 | 3:36:11 PM
Consider the source
This "Citizens' Council for Health Freedom" is nothing more than a front for factions that want to undo the ACA. They probably also worry about alien abductions and Sharia law being established in Iowa. 
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/26/2014 | 3:46:51 PM
Re: Consider the source
Not every organization that wants to do away with ACA is filled with wingnuts. This group does. however, seem to have its share of conspiracy theories but on the other hand, it makes logical sense that we are moving toward a time when all state's HIX networks will interconnect and either become one database (unlikely) or accessible from anywhere in the country (very likely, IMHO). The ONC said as much and some privacy advocates are concerned -- which has some merit, i think. I do, however, believe the benefits far outweigh any risks. Any time there's change, especially change regarding storage and access to personal information, you're going to have a hue and cry and lots of worry. That's a good thing. It helps stop worst-case scenarios, I think!

Last year a friend had a stroke while driving solo in California, far from his east coast home. It took EMTs forever to figure out his medical information because he couldn't talk (he has, thankfully, improved since then). Had they been able to simply plug in his name and DOB or license info and learn his conditions, treatment would have been faster -- and better. 
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
8/26/2014 | 3:56:38 PM
Re: Consider the source
Absolutely there are privacy and security risks, as there are any time PII is out of the owner's direct control. My point was that groups with the end goal to kill the ACA have zero incentive to help figure out how to offset those risks. In fact, a breach plays into their agenda. Having them as part of the conversation pretty much guarantees that no solution will be found, because they don't want one.
Henrisha
50%
50%
Henrisha,
User Rank: Strategist
8/27/2014 | 2:22:35 PM
Re: Consider the source
I agree. If you work with people who might have alternate motives, then you're basically better off working alone.
impactnow
IW Pick
100%
0%
impactnow,
User Rank: Author
8/26/2014 | 3:39:03 PM
Safety and security

While I see the benefits of such a system the issues around privacy and security are tremendous. Having universal access to medical record by thousands of medical professionals is great but also very dangerous. It's currently happening at the drugstore clinics like Walgreens and CVS without many even knowing that their medical records are available in their local drugstore. There is so much sensitive data in a patient's medical records the access at so many points is still unnerving.

Susan_Nunziata
50%
50%
Susan_Nunziata,
User Rank: Strategist
8/26/2014 | 9:42:27 PM
Re: Safety and security
@impactnow: Yikes! our pharmacy records are in the hands of retail national operations already...thanks for giving me something else to lose sleep over.

Have there been any major hacks (yet) at these pharmacy chains that you're aware of? They'd seem to be quite a likely target.
Henrisha
50%
50%
Henrisha,
User Rank: Strategist
8/27/2014 | 2:20:57 PM
Re: Safety and security
At the rate things are going--privacy breaches, data hacks, and whatnot--what information of ours, that is supposedly private, isn't already out there, I wonder?
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/27/2014 | 2:46:49 PM
Re: Safety and security
I've seen articles that demonstrate how much medical information is out there based on our own social media posts. Software can troll through Facebook, Twitter, etc., to discover all those posts about headaches, flu, stomachaches, etc., and determine who has what and when. I do worry about the patient-focused support groups for chronic conditions -- online forums hosted by healthcare providers, pharma companies, or patients. While they are generally a great idea since patients (and caregivers) can learn about new cures and treatments, best practices, get mental and emotional support, and educate themselves about the condition, I do wonder just how much information is accessible about members if somebody wanted to learn that data for nefarious reasons. 

OTOH, a number of people tell me a growing number of patients are open about their conditions, hopeful their transparency will prompt more research, understanding, and treatments. As with everything medical, I believe it HAS to be transparent and opt-in: If you want to share information, go for it -- but that decision has to be in readily understandable non-legalese and must be up to the patient.
Stratustician
50%
50%
Stratustician,
User Rank: Ninja
8/27/2014 | 9:34:02 AM
Re: Safety and security
I agree @impactnow. While I absolutely love the idea of having a connected, national healthcare system that will allow for the sharing of records between agencies, the reality is that the more providers and other utilizers of the data (such as pharmacies etc), the more points of entry we have into this system. This is especially worrisome since if the proper controls aren't even in place on the government side, how can we expect these other agencies to have the right controls to protect user data.  Could you imagine if healthcare records were breached at the retail level?  In order for a system like this to work, the security and privacy policies must be enforced on all levels, not just the government end.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/27/2014 | 12:43:34 PM
Re: Safety and security
I agree: The lack of transparency is one of the biggest concerns -- and it's one of the causes of conspiracy theories and scares. As you say, private pharmacies already have access to a ton of information about patients but many consumers don't realize this. Sometimes it's very helpful: It can prevent allergic reactions, illegal doctor-shopping for controlled substances, and over-medication, but when the public doesn't know about these rules or procedures, I think that's wrong. More openness is the way to go.
asksqn
50%
50%
asksqn,
User Rank: Ninja
8/26/2014 | 7:10:17 PM
Another Epic Government Fail to Screw Americans
You mean instead of having my confidential EMR hacked while stored at the local HMO I can now have it hacked by international criminals?  Sign me up, Obama.  What a brilliant plan!
Susan_Nunziata
50%
50%
Susan_Nunziata,
User Rank: Strategist
8/26/2014 | 9:39:36 PM
Re: Another Epic Government Fail to Screw Americans
@asksqn: The hacking is inevitable. This is one of those scenarios where it's fitting to ask, in a voice dripping with sarcasm, "what could possibly go wrong?" As a patient whose medical records span multiple states due to the need for specialists and a cross-country relocation, I can see the value in interoperability and shared information. At the same time, I agree it just makes it that much easier for my information to be accessed. I think for now I'll choose the inconvenience that the lack of shared data means for me as a patient...
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/27/2014 | 12:48:31 PM
Re: Another Epic Government Fail to Screw Americans
As I see it, we now have the worst of both worlds as patients. We still have to complete reams of paperwork whenever we start at a new doctor's office but insurers and most physician offices can access our records electronically to find other physicans' notes, billing information, or to get us to pay that growing co-pay. All that digitization leads to increased risk of hacking or illicit access -- but we seldom (I've never yet, to be honest) reap the benefits we're supposed to. Until that day comes, the healthcare system will have a tough time arguing we're in better shape.
Henrisha
50%
50%
Henrisha,
User Rank: Strategist
8/27/2014 | 2:21:43 PM
Re: Another Epic Government Fail to Screw Americans
There are pros and cons to every new piece of technology that is introduced. To come up with a hack-proof system that keeps patients' records and information private in the event of a hack is something that experts are already working on.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/27/2014 | 2:50:12 PM
Re: Another Epic Government Fail to Screw Americans
Well, yes, most people want a system that cannot be hacked. I don't necessarily think security is the highest priority for healthcare providers, as a rule. That's not to say some providers don't do an excellent job of securing data. They do. But some have not invested enough or the right resources to secure data or privacy. There are many reasons why: There are so many mandates and only so many dollars and people, and obviously something has to give! The type of security needed now in healthcare is foreign to the industry, which hasn't historically needed to think of data in this manner or scope. And it's challenging to find the money or the people to fill the needs, especially as so many other industries -- often higher paying -- are competing for the same people. That said, excuses don't protect our information and many healthcare providers have figured out a way to safeguard our information.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
8/27/2014 | 3:38:24 PM
Re: Another Epic Government Fail to Screw Americans
If you ask an HC CIO why they don't fully follow HIPAA rules, and they're in a truth-telling mood, they'll say that it's because it's much, much less expensive to pay the fines than to implement the programs to comply with the letter and spirit of the law. That's human, and corporate, nature. Unless regulators have the manpower and legal authority to inflict real pain on entities that fail to secure PII well, security will be spotty.

And again, this goes back to the worldview that the ACA should be scrapped, even that governance in and of itself is bad and should be shrunken until of drownable size. Putting someone with that opinion in charge of deciding whether to take steps and allocate funds to make the law work is folly, most especially given the role of money in politics. 
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/27/2014 | 5:20:00 PM
Re: Another Epic Government Fail to Screw Americans
I don't even know whether ACA is part of this any more. Data is good business, whether or not people are insured or not, whether Meaningful Use 2 or 8 is in effect, or whether CPOE is rule of law or voluntary (in which case, most likely nobody would do it!). But I totally agree with you, Lorna, regarding compliance vs. penalties. What continues to stick out regarding the Community Health Systems breach is that the company's stock rose after the news broke. Sure, it dropped a bit a couple of days later, but who knows whether the breach had anything to do with that downward movement? Just as we saw BoA pay a big penalty it can mostly or totally write off on its taxes and no one got jail time (many years after the financial crash it helped cause), relatively toothless HIPAA penalties won't do much to protect data or privacy. 
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
8/27/2014 | 5:27:56 PM
Re: Another Epic Government Fail to Screw Americans
Yes, exactly. Willfully ignoring security seems to happen less with PCI-regulated entities because there could be business-ending consequences. There rarely are, but at least the threat is there. HIPAA is like a guard dog with no teeth.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
8/27/2014 | 11:52:44 PM
Re: Another Epic Government Fail to Screw Americans
I think data breaches have attracted so many headlines these days -- and have become so (unfortunately) common -- that data breaches don't even have that much effect on a company's stock any more unless the breach is especially significant (think Target or Adobe levels).
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/28/2014 | 9:45:35 AM
Re: Another Epic Government Fail to Screw Americans
Unfortunately I think you're right. Just this morning we heard about the breach at JP Morgan (and other banks). For one, I was furious that the "other banks" were yet to be named. For another, we have to rely on JP Morgan assuring us that everything's fine. Well, somehow that's not really too comforting. And just yesterday -- more than a week after it went public and more than a month after it knew about the breach -- Community Health Systems began notifying affected patients. There's a real disconnect here.
Susan_Nunziata
50%
50%
Susan_Nunziata,
User Rank: Strategist
8/28/2014 | 1:44:47 PM
Re: Another Epic Government Fail to Screw Americans
@Alison: It seems to me that the response to customers is designed to merely meet what is required by legisltation, as opposed to really keeping the best interests of the customers in mind. What shocked me the most about today's bank breach news is this statement in a Bloomberg News article: JPMorgan Chase spends about $200 million each year to protect itself from cyber attacks, Chief Executive Officer Jamie Dimon wrote in a April 2013 letter to shareholders.

For a financial institution that earns billions dealing with our $$, doesn't $200 million a year seem like an awfully small amount to spend on security?

And, if a bank is only spending that much, how much can we possible expect healthcare providers or for-profit health insurance companies to spend?
Alison_Diana
IW Pick
100%
0%
Alison_Diana,
User Rank: Author
8/28/2014 | 2:20:45 PM
Re: Another Epic Government Fail to Screw Americans
Those are great points, Susan. Tackling the first, I wholeheartedly agree that there's a huge difference between doing something because you have to and doing something because it's integral to your being, to your corporate philosophy, and to the way you think about your customers -- or, in healthcare's case, patients. It's also how you think about employees. After all, the same tools, technologies, and processes that protect (or don't) your customers protect your employee data. And that might not be good. When talking to a CISO/CSO who really gets how vital security is to an operation, who is viewed as key to the c-suite, you see the value s/he (usually he) provides. One reason: That exec educates other c-levels and board members about why security is vital, about the carrot/stick, and how it requires everything from ongoing education to technologies.

Regarding your second point, JP Morgan obviously is not spending enough on security -- and it is a relatively tiny amount of money, relative to the huge earnings it boasts. I am for small government, in general, and would never argue for regulations demanding a set percentage of spending on security. But you'd certainly hope some board members would be savvy enough to recognize that's nowhere near enough. Until shareholders and board members are held liable -- especially if they are on record blocking CSO/CIO recommendations for X tech or Y process -- then fines against the company, which invariably get passed along to consumers, won't do a thing. We really need bigger, sharper teeth that - like Sarbanes-Oxley - put people's names, not company names, on the line.

 

 

 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
8/29/2014 | 10:28:40 PM
Re: Another Epic Government Fail to Screw Americans
@Susan: There's also insurance carriers.  Cyberinsurance carriers may require their clients to do more than the bare minimum.  What's more, some take measures to help ensure that their clients have better security, including training.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/27/2014 | 12:45:53 PM
Re: Another Epic Government Fail to Screw Americans
There are many points of failure in the health system, more than we realize, and allowing multiple systems to integrate or intercommunicate will only further weaken security. We already know that these data chains are only as strong as their weakest link (Target breach, anyone?). The same thing will, no doubt, occur in healthcare when some cybercriminal hacks into a second-string partner of a first-level partner of a drug store, HIX, or healthcare system and grab millions of patient records (and credit info, for good measure). 
M2SYS
50%
50%
M2SYS,
User Rank: Apprentice
8/27/2014 | 10:07:33 AM
Interoperability is positive, but accurate patient ID is the linchpin
Great post Alison. We consistently hear about the positive effects of establishing state and national HIEs and the benefits which could be derived from these repositories to advance both individual and population health. However, the one key linchpin to the success of any HIE or interoperability initiative is the ability to accurately identify patients and match that identity with a unique medical record. The horrors of dduplicate medical records and overlays put into question the data integrity of certain healthcare providers, some of which have proactively adopted more modern technologies (biometrics for example) to accurately identify patients which drastically improves data integrity and practically eliminates duplicates, and others who still rely on older, antiquated methods of identifying patients. You would most likely feel much more confident in the integrity of health data if a patient's identity is not only accurate, but you know that there aren't any duplicates or overlays that exist for the patient to ensure that the medical data you see is accurate and there isn't any additional information that may exist. We always have believed that when it comes to HIEs, interoperability, etc. the industry is very much putting the cart before the horse in terms of securing technology that has the ability to offer near 100% patient identfication accuracy. 
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/27/2014 | 12:51:37 PM
Re: Interoperability is positive, but accurate patient ID is the linchpin
Really good point, M2SYS. I recall, years ago, seeing one specialist who was ahead of the curve in including digitally taken photos into patient records. It was reassuring, especially given the nature of the specialty he had, to know it would be more diffiicult for someone else to pretend to be me at an appointment. Of course, tech has come a long way since then as you point out, and biometrics are much less expensive and easier to implement. However, I would want reassurance that related securities also protect the actual data to ensure thieves couldn't steal not only my medical records, insurance, and credit card info, but also my fingerprint/iris scan!
M2SYS
50%
50%
M2SYS,
User Rank: Apprentice
8/27/2014 | 2:30:25 PM
Re: Interoperability is positive, but accurate patient ID is the linchpin
Thanks for the feedback Alison and you bring up a valid point when referring to assurances that if you provide your biometric information, it is kept safe and secure. We should preface this with saying that there isn't a database on this planet that isn't susceptible to hackers - and it is a disservice to the indutsry to claim that database security could "never" be compromised.

With that in mind, most biometric identification providers take great measures to ensure that patient identities are secured starting with strong encryption of enrollment templates. Most people don't realize that there isn't an image of your fingerprint, or iris stored on a database - instead it's a series of unique data points that have been mapped out based on an image of your biometric credential so the likelihood that a hacker could let alone breach a biometric database and reverse engineer your template to create an image of your biometric credential is extremely slim. Second, most biometric capture devices are now equipped with very sophisticated "liveness" detection technology that prevents spoofing and makes it nearly impossible. Meaning, if someone were to reverse engineer a biometric enrollment template and attempt to use it claiming the identity of another person, most biometric devices have technology that can decipher a fake image from a real one or contain multimodal capabilities - meaning that the device measures two biometric credentials, not one, making it next to impossible for an impostor to fool.

So the biometrics industry has implemented safeguards that help protect your credentials and ensure thay they are kept safe and out of the hands of criminals or hackers.  
Alison_Diana
100%
0%
Alison_Diana,
User Rank: Author
8/27/2014 | 2:53:41 PM
Re: Interoperability is positive, but accurate patient ID is the linchpin
Absolutely true: We cannot wait for a 100% impenetrable database. If we do, we'll never get anywhere! And you'd certainly imagine biometric developers are at the head of the security process for ensuring the protection and integrity of such personal information. 

One interesting tidbit I learned regarding biometrics in healthcare: Fingerprints can be challenging since so many healthcare positions require users to wear latex (or similar) gloves. It's one reason I think iris scans will be a big boon in this sector at some point, at least among employees (if not patients, too). In one case, a relatively high percentage of pilot users had to resort to the back-up mode to log on because they couldn't operate the system due to their gloves. Some developers have, however, figured this out, apparently, and have fingerprint systems that take gloves into account. Anyone know more about this?
M2SYS
50%
50%
M2SYS,
User Rank: Apprentice
8/27/2014 | 3:05:36 PM
Re: Interoperability is positive, but accurate patient ID is the linchpin
Alison - the sophistication of fingerprint readers has advanced to the point where some are able to read fingerprints even when an end user is wearing latex gloves. Not all fingerprint providers can boast this, but the more savvy ones have built devices that are more practical for Dr's and nurses to use in a clinical setting where wearing gloves is mandatory. Usually though, these deployments of biometrics are for medication access, or single sign on applications to log into a hospital EHR database, or any database that contains PHI for that matter.

For patient identification, fingerprints are an option but when presented with the hardware modality options, most healthcare orgs choose something like palm vein or iris recogniton due to the fact that they don't rely on skin integrity (which fingerprint does, and may inadvertently exclude a percentage of the patient population from eligiblity) to identify a patient and some (iris) are non-contact which supports hospital infection control protocols.

So it's important to distinguish the use of biometrics for clinicians to access medicine or a medical database vs. biometrics for patient identification, but as you point out, the use of biometrics for both capacities is certainly rising in the industry. 

 
Alison_Diana
100%
0%
Alison_Diana,
User Rank: Author
8/27/2014 | 3:09:47 PM
Re: Interoperability is positive, but accurate patient ID is the linchpin
Thanks for the updated information, M2SYS. I had been talking to the IT director at a hospital at the time, hence the clinician example. Obviously if a system's for use by patients, gloves aren't an issue -- and healthcare providers can use less expensive, less sensitive systems. Good to know there are systems that do offer providers more sensitivity. Time is so important to clinicians; saving a few seconds per patient adds up, and biometrics offers healthcare providers a way to shave off time -- improving care and security.
Thomas Claburn
IW Pick
100%
0%
Thomas Claburn,
User Rank: Author
8/27/2014 | 4:36:59 PM
Re: Interoperability is positive, but accurate patient ID is the linchpin
The whole idea of a central health database should be turned on its head. Patients should have the infrastructure to make their data accessible to relevant parties upon request and to do so in a way that does not compromise their privacy.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/27/2014 | 5:21:54 PM
Re: Interoperability is positive, but accurate patient ID is the linchpin
I agree completely with this approach. With the huge infiltration of smartphones today, might this approach actually work best? You'd think we could all carry our health information with us (I know, it's been tried!), making patients responsible for data, instead of organizations. 
tekedge
50%
50%
tekedge,
User Rank: Moderator
8/27/2014 | 6:35:08 PM
Re: Interoperability is positive, but accurate patient ID is the linchpin
@Alison, sometimes it seems like a better option making the patient responsible for the data than organisations! But having said that there are lots of reasons that is not feasible in so many ways!
Susan_Nunziata
50%
50%
Susan_Nunziata,
User Rank: Strategist
8/28/2014 | 1:54:37 PM
Re: Interoperability is positive, but accurate patient ID is the linchpin
@M2SYS: Thanks for bringing up something I hadn't considerd -- two very different applicaitons for biometrics there. As patients themselves increasingly use elecronic health records, Biometrics could be an added tool in keeping patient data secure, especially since some smartpones now incorporate fingerprint readers as part of the authentication process.

Has the use of biometrics been effective in the clinical uses you've cited? Are you aware of cases in which the wrong playeres were able to gain access even with the biometrics in place.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/28/2014 | 2:23:54 PM
Re: Interoperability is positive, but accurate patient ID is the linchpin
I'm excited about patient use of biometrics and would love to know if any developers or providers are piloting this approach. Sure, it won't be 100% accurate or safe; nothing is! But what a big step forward this could be and what a simple, cost-effective way to improve security without adding onerous complexity. I'd love that option for a patient portal. It would definitely encourage me to access it and improve my comfort level with the security.
progman2000
50%
50%
progman2000,
User Rank: Ninja
8/27/2014 | 10:30:57 AM
Sounds like a fairy tale more than a nightmare
It's hard getting a couple of hospitals to share patient information.  Having a true unified National Health Database sounds like something that will never happen.  On paper the benefits probably outweight the risks, but, yes, given the security involved I'd say the risks are probably pretty large.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/27/2014 | 12:54:48 PM
Re: Sounds like a fairy tale more than a nightmare
Yes, everyone I spoke to basically agreed we won't have one big database a la Britain's NHS. But I think we're moving to a de facto system of multiple, interconnected databases that serve the same purpose. Not sure when that will happen. As we all know, all HIXs aren't exactly meeting their projected dates and goals! Eventually, however, all 50 states will no doubt have some form of HIX and multiple ACOs, all of which inter-communicate data on all patients. Combine that with the huge percent of patients covered by government -- Medicare, Medicaid, VA, Tristar, jail/prison -- and you've already got a big portion of the nation's population in a national database of sorts.
progman2000
50%
50%
progman2000,
User Rank: Ninja
8/28/2014 | 7:57:06 PM
Re: Sounds like a fairy tale more than a nightmare
Slightly off topic, but I once interviewed someone for a technical position in my company, which writes software for hospitals.  This candidate was an intern from Germany in the US working for a large EMR.  I was explaining to him how our software collects all of the information from the patient at registration (insurance cards, driver license, etc).  He kept looking at me like I had three heads and when I was done told me in Germany they just go into a hospital with their ID card which has their info barcoded on since their healthcare is run by the government.  It was eye opening for both of us.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/29/2014 | 9:06:33 AM
Re: Sounds like a fairy tale more than a nightmare
It is interesting to hear how different countries operate. I come from the UK originally, home of course to National Health which is also run by government. As I recall (I was a child when I relocated to US), you're given a National Health number when you're born (we don't have SSNs in UK). So of course the government knows all your health info. OTOH, you cannot be deprived of health insurance, irregardless of your condition. And, contrary to some things I've seen online, if you're wealthy enough or choose to spend your hard-earned money in this manner, you can purchase private insurance. 

Was this gentleman surprised at the complexity of the US system, since it's private instead of government-run? Really interesting story!
progman2000
50%
50%
progman2000,
User Rank: Ninja
8/29/2014 | 9:16:49 AM
Re: Sounds like a fairy tale more than a nightmare
Yes - the whole basis of our application is to collect the whirl wind of documentation that surrounds a patients visit, he had no concept of any of that.  We didn't didn't hire him although it would have been interesting to see how he would have worked out.
Li Tan
50%
50%
Li Tan,
User Rank: Ninja
9/2/2014 | 1:43:48 AM
Re: Sounds like a fairy tale more than a nightmare
Some cents from my side - in China we are far from establishing a centralized data warehouse to store personal health information. Even different hospitals are not interconnected and patient information is not shared. In other words, you need to create a new profile if you change the hospital! So the threats/fairy tale described in this post should not happen in short term in China.:-)
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
9/2/2014 | 9:33:52 AM
Re: Sounds like a fairy tale more than a nightmare
Thanks for the international perspective, @Li Tan. Would you prefer to have your healthcare providers linked, so you (ideally, anyway!) didn't have to repeatedly provide new doctors or testing centers with the same information? Or do you prefer the way your healthcare system is structured? Is China looking to a more integrated network or is it keeping the status quo? It's fascinating to learn how other nations tackle this common problem: I think all countries face the same challenges -- trying to reduce the cost of care, while simultaneously improving the quality and scope. 
MedicalQuack
50%
50%
MedicalQuack,
User Rank: Moderator
8/27/2014 | 11:26:58 AM
Time and Cost..
There's better ways to do this with connecting versus yet one more big data base and using the cloud can create these types of connections. 

http://ducknetweb.blogspot.com/2014/07/zoeticx-clarity-server-middleware-hie.html

It kind of says a lot for keeping a PHR if you will too.  As you mentioned, the security risks here are big too as all you have to do is look at the breaches we have had so far. 
tekedge
50%
50%
tekedge,
User Rank: Moderator
8/27/2014 | 6:48:03 PM
Good medicine or privacy nightmare!
I feel privacy issues cause nightmares for good medicine to be practiced. How much privacy and at what cost. Where does one draw the line. There are healthcare organisations that are able to do a decent job of protecting privacy, but with big data on the rise it costs dollars and may eventually push the costs of healthcare!
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/28/2014 | 9:41:44 AM
Re: Good medicine or privacy nightmare!
I think many organizations that use or create big data have integrity. My personal fear is the start of the big-data brokers, companies that simply vacuum up health information for packaging and resale. As we see that business model flourish, there'll be more line-fudging, more intermingling of other data (read consumer shopping and demographics), IMHO, and that could lead to more easily identifiable information floating around. That, at least, is what bothers me. That's why I want more oversight on de-identification and anonymization of data and usage. That's just my personal opinion, not a particularly scientific one!
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/28/2014 | 9:48:03 AM
Re: Good medicine or privacy nightmare!
Why will big data cause healthcare costs to go up, @tekedge? Is it because some patients might not tell doctors the truth or may not disclose everything, fearful that some factor could end up in their "permanent record"? I see that point; as consumers get more educated about how permanent and far-reaching everything they tell their doctors is becoming, they could well become more leery of admitting to that extra glass of wine, that occasional marijuana use, or that tendency to eat six bowls of ice cream on Sundays.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
8/27/2014 | 11:46:04 PM
hours?
"Hours" filling out forms???  How are these hours spent?  I just filled out one of those forms a week ago.  You write your name and address, check a box, and sign.

I'd rather keep my privacy.  You still have to fill out other paperwork when you see a new doctor anyway.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/28/2014 | 9:43:32 AM
Re: hours?
It's cumulative, @Joe. If you see multiple doctors and go for multiple tests in one year, you do spend hours filling out forms. And if you have kids, then double (or more) that time. So yes, figure about 15-20 minutes per doctor and that time quickly adds up if you unfortunately have to see more than one or two new physicians, test centers, or specialists per year.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
8/29/2014 | 3:37:48 PM
Re: hours?
@Alison: I suppose that's true (re: the cumulative effect).  At the same time, from a risk standpoint, I'm not convinced it's worth it -- especially considering the heightened spotlight being shed on data breaches.

At my most recent physical, I was given a very lengthy, fine-print consent document to sign regarding putting all of my health data in a third-party-maintained public cloud database.  Given that the words "secure database" were used so often, the rather extreme fearmongering language used to coax me into signing (i.e., that i might not get the best medical care in an emergency), and my specialized knowledge of the subject of healthcare data security, I quickly checked "No, I do not consent" before I finished reading even half of it.

I've already had one compromise of my electronic health data.  I don't care for another.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
9/2/2014 | 9:30:09 AM
Re: hours?
Did the doctor's office say or do anything after you checked the "no" box, Joe? Like you, I certainly read the fineprint very carefully these days, although I wish I had gone to law school sometimes because some providers' paperwork is far from clear. I've never had a problem when I won't give an SSN, although I'm amazed at how many offices still include that line in their forms. 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
9/10/2014 | 7:49:54 AM
Re: hours?
@Alison: Actually, now that you mention it, they gave me a survey to assess how -- if at all -- depressed I was.

Hmmm...
pfretty
50%
50%
pfretty,
User Rank: Ninja
9/8/2014 | 9:29:31 AM
Little of both
Assuming organizations are diligent in complying with best practices, this goal of a centralized health database has far more benefits than detractors. Not only could it help ease usage when people travel, it also opens up the opportunity for strategic big data analysis that could help create better interfaces and treatments. Insight discovery is one of the most powerful goals as echoed in a recent SAS survey. The more organizations understand their environment, the better they operate. The key is compliance and adhereance to proven security tactics. 

 

Peter Fretty
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
9/8/2014 | 10:07:34 AM
Re: Little of both
A national database would provide researchers, government, pharmaceutical companies, and others with tremendous insight into all sorts of things. For example, they could know, in real-time, when and where people are getting contagious diseases like flu, measles, or mumps, then act accordingly. It would also help combat things like Ebola and MERS, as well as cancer. As you say, @pfretty, it would be vital for buy-in that any and all participants reassure the general public about the sanctity of this data, that it's truly de-identified, and secure. Without those valid assurances, then the repercussions could be dangerous (as in some people might avoid healthcare, lie to clinicians, etc.).
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll