http://www.aapsonline.org/newsoftheday/00276 from the Association of American Physicians and Surgeons Thu, 07 Apr 2011 16:47:01 +0000 hourly 1 http://wordpress.org/?v=3.3 http://www.aapsonline.org/newsoftheday/00276#comment-3108 Gale Oleson MD Fri, 28 Aug 2009 18:05:32 +0000 http://www.aapsonline.org/newsoftheday/?p=276#comment-3108 First let me say I am glad there are others who are concerned about security and Medical records. Susan Rojo is completely right when she says she has yet to see a system that cannot be hacked. You will recall all the incidents in which the Department of Defense had it's systems hacked over the years (they don't make them public anymore). These were all done by high school kids...just think what a college grad with a degree in computer science could do! Imagine the dollar value of being able to data mine from a national health data base. Drug companies would pay big bucks for this (a possible solution for our national debt here Ha ha) as would nursing homes, equipment makers etc. How about the Enquirer paying a good chunk for the complete medical record of Michael Jackson. The potential is endless. And as Ms Rojo says we have good evidence that the data is no more secure than the people who have access to it. I was one of the veterans who had his medical record in the laptop that was stolen (or was it sold) from the car seat of the VA employee who decided to take the computer home with him. I am still waiting for the identity theft to show up on my credit. Having worked at the National Security Agency (that's right, I was a spy before I became a doc) I have a little different way of looking at security and communication systems, which is what we are really looking at here. The Internet is an "open broadcast" form of communication (it is not a point to point connection as so many of you would like to believe) and as such is the most vulnerable form of communication to interception. If it can be intercepted, it's encryption can be broken or the "backdoor" access that is built in to many systems is findable. Having such sensitive data "out there" circulating through multiple nodes is risky. If not for identity theft, how about things patients tell you that they wouldn't want their kids, spouses and neighbors to know about. Patients tell us things about their lives that no one else (including their insurance company and the government) need to know about. Will they begin to omit critical information if they know it is going into a data bank that is potentially accessed by hundreds of people (read that as "potential leaks"). Will we need to keep a separate "in-house" addendum of information the patient wants "absolutely secure"? First let's ask ourselves some important questions. The government says they want to cut health care costs by instituting a standardized EMR. Now REALLY, when was the last time the government wanted to help YOU make money? NEVER you say? Well then do you suppose that what they really mean is "We (the government) want to save money by shifting costs to the doctors via forced IT. And we think we can save money by linking all of the personal health data into one big data base. We will not only be able to manipulate payments to doctors, we will be able to send out personal letters to patients advising them on specific health care issues (maybe even "time for your 'end of life' planning)." I will admit that there are some potential great social advantages to having a national health data base such as early identification of infectious disease outbreaks, environmental effects etc but these need not be tagged to personally identifiable information and the complete contents of the medical record...which is where I believe we are eventually heading when they say they want all the patients doctors to have access to the other doctors notes (and MAN what a liability issue "And tell me doctor did you read ALL of the notes from ALL of the doctors before you ________!" I will likely be squeezed out of medicine if I don't retire first. I have already refused to give out my patients social security numbers for the state's required melanoma reporting unless I have received prior approval from the patient. I was surprised to find out that pathologists and oncologists have been giving out this information WITHOUT NOTIFYING PATIENTS for years. To me this is a breach of doctor/ patient priviledge. The government should be asking the patient to participate not putting the doctor in the position of "I vas only followink orders". In my office we have taken the oath of confidentiality seriously and have released information only with the patients permission. When the government begins to believe that they are in charge and make us their unwitting snitches it is time to wake up and speak up. First let me say I am glad there are others who are concerned about security and Medical records. Susan Rojo is completely right when she says she has yet to see a system that cannot be hacked. You will recall all the incidents in which the Department of Defense had it’s systems hacked over the years (they don’t make them public anymore). These were all done by high school kids…just think what a college grad with a degree in computer science could do!
Imagine the dollar value of being able to data mine from a national health data base. Drug companies would pay big bucks for this (a possible solution for our national debt here Ha ha) as would nursing homes, equipment makers etc. How about the Enquirer paying a good chunk for the complete medical record of Michael Jackson. The potential is endless. And as Ms Rojo says we have good evidence that the data is no more secure than the people who have access to it. I was one of the veterans who had his medical record in the laptop that was stolen (or was it sold) from the car seat of the VA employee who decided to take the computer home with him. I am still waiting for the identity theft to show up on my credit.
Having worked at the National Security Agency (that’s right, I was a spy before I became a doc) I have a little different way of looking at security and communication systems, which is what we are really looking at here. The Internet is an “open broadcast” form of communication (it is not a point to point connection as so many of you would like to believe) and as such is the most vulnerable form of communication to interception. If it can be intercepted, it’s encryption can be broken or the “backdoor” access that is built in to many systems is findable. Having such sensitive data “out there” circulating through multiple nodes is risky. If not for identity theft, how about things patients tell you that they wouldn’t want their kids, spouses and neighbors to know about. Patients tell us things about their lives that no one else (including their insurance company and the government) need to know about. Will they begin to omit critical information if they know it is going into a data bank that is potentially accessed by hundreds of people (read that as “potential leaks”). Will we need to keep a separate “in-house” addendum of information the patient wants “absolutely secure”?
First let’s ask ourselves some important questions. The government says they want to cut health care costs by instituting a standardized EMR. Now REALLY, when was the last time the government wanted to help YOU make money? NEVER you say? Well then do you suppose that what they really mean is “We (the government) want to save money by shifting costs to the doctors via forced IT. And we think we can save money by linking all of the personal health data into one big data base. We will not only be able to manipulate payments to doctors, we will be able to send out personal letters to patients advising them on specific health care issues (maybe even “time for your ‘end of life’ planning).”
I will admit that there are some potential great social advantages to having a national health data base such as early identification of infectious disease outbreaks, environmental effects etc but these need not be tagged to personally identifiable information and the complete contents of the medical record…which is where I believe we are eventually heading when they say they want all the patients doctors to have access to the other doctors notes (and MAN what a liability issue “And tell me doctor did you read ALL of the notes from ALL of the doctors before you ________!”
I will likely be squeezed out of medicine if I don’t retire first. I have already refused to give out my patients social security numbers for the state’s required melanoma reporting unless I have received prior approval from the patient. I was surprised to find out that pathologists and oncologists have been giving out this information WITHOUT NOTIFYING PATIENTS for years. To me this is a breach of doctor/ patient priviledge. The government should be asking the patient to participate not putting the doctor in the position of “I vas only followink orders”. In my office we have taken the oath of confidentiality seriously and have released information only with the patients permission. When the government begins to believe that they are in charge and make us their unwitting snitches it is time to wake up and speak up.

]]>