We recently had a discussion on this forum about developing an FMP
solution for a small clinic, with particular attention to the privacy
of medical records. This topic is now starting to loom large on the
national stage as well, and I thot those interested in the subject
would profit from the following comments from computer-privacy expert
Lauren Weinstein, appearing in the latest edition of the "Computer
Risks" newsletter:
= = = = = =
Date: Mon, 19 Jan 2009 12:25:51 -0800 (PST)
From: Lauren Weinstein <[email protected]>
Subject: Electronic Medical Records, Google, and Microsoft
Lauren Weinstein's Blog Update, 19 Jan 2009
http://lauren.vortex.com/archive/000497.html
Greetings. It's well known that a significant portion of the Obama
administration's stimulus plans will likely be a major thrust toward
electronic medical records. These are touted as reducing errors,
creating
jobs, and saving money -- though it's arguable if medical consumers
are the
ones who actually pocket the savings in most cases.
But there are serious concerns about these systems as well --
reminding us
that exactly the same sorts of problems that tend to plague our other
computer-based ecosystems could now start hitting people's medical
records
in pretty much the same ways.
*The New York Times* (19 Jan 2008) had an excellent story about
privacy and
security issues associated with electronic medical records -- and the
medical industry heavyweights who are trying to water down related
provisions in associated and upcoming legislation.
http://www.nytimes.com/2009/01/18/us/politics/18health.html
A few days ago, AP reported on a range of potentially serious medical
errors
*created* by the Veterans Administration's new electronic medical
records
system.
http://www.tampabay.com/news/military/veterans/article967778.ece
Both Google and Microsoft have unveiled electronic medical records
systems
for users, and are actively seeking partnerships with major medical
treatment organizations. While they both promise comprehensive
privacy and
control by users -- in some ways that exceed those mandated by HIPAA
privacy
requirements, these systems are explicitly not actually covered by
HIPAA --
though my hunch is that this status is likely to change in the near
future.
The key concern with such non-HIPAA medical records systems isn't their
privacy and security at the moment -- which as I noted appear to be
good at
present. Rather, an important aspect of HIPAA is that it represents
a set
of rules that cannot be arbitrarily changed by the organizations
involved.
Consumers need to know that the "rules of the game" when it comes to
their
medical records will not be subject to unilateral alterations on the
basis
of business conditions or management changes, outside the realm of
legislated national rules.
My belief is that electronic medical records in general, and the
services
like those from Google and MS in particular, have the potential for
significant benefits. I also believe that a massive rush into any of
these
environments could end up creating a whole new range of problems that
could
waste money, risk privacy, and in the worst case even cost lives.
I trust that Congress will move with deliberate speed, but not be
pressured,
in the area of electronic medical health records implementation, and
that
they will put patients' rights to privacy, accuracy, security,
control, and
choice at the top of agenda. A stampede to electronic medical records
without due consideration and care would be a very dangerous
prescription
indeed.
= = = = = =
Richard S. Russell, a Bright (http://the-brights.net)
2642 Kendall Av. #2, Madison WI 53705-3736
608+233-5640 • [email protected]
http://richardsrussell.livejournal.com/
= = = = = =
For any given complex, expensive, time-consuming problem there exists
at least one simple, cheap, easy wrong answer.
