Electronic Medical Records, Google, and Microsoft

[David Farber <dave () farber net>]

Begin forwarded message:

From: Lauren Weinstein <lauren () vortex com>
Date: January 19, 2009 3:30:51 PM EST
To: dave () farber net
Cc: lauren () vortex com
Subject: Electronic Medical Records, Google, and Microsoft



              Electronic Medical Records, Google, and Microsoft

                 http://lauren.vortex.com/archive/000497.html


Greetings.  It's well known that a significant portion of the Obama
administration's stimulus plans will likely be a major thrust toward
electronic medical records.  These are touted as reducing errors,
creating jobs, and saving money -- though it's arguable if medical
consumers are the ones who actually pocket the savings in most cases.

But there are serious concerns about these systems as well --
reminding us that exactly the same sorts of problems that tend to
plague our other computer-based ecosystems could now start hitting
people's medical records in pretty much the same ways.

Today's New York Times has an excellent story about privacy and
security issues associated with electronic medical records -- and the
medical industry heavyweights who are trying to water down related
provisions in associated and upcoming legislation
( http://www.nytimes.com/2009/01/18/us/politics/18health.html ).  A few
days ago, AP reported on a range of potentially serious medical errors
*created* by the Veterans Administration's new electronic medical
records system
( http://www.tampabay.com/news/military/veterans/article967778.ece ).

Both Google and Microsoft have unveiled electronic medical records
systems for users, and are actively seeking partnerships with major
medical treatment organizations.  While they both promise
comprehensive privacy and control by users -- in some ways that exceed
those mandated by HIPAA privacy requirements, these systems are
explicitly not actually covered by HIPAA -- though my hunch is that
this status is likely to change in the near future.

The key concern with such non-HIPAA medical records systems isn't
their privacy and security at the moment -- which as I noted appear to
be good at present.  Rather, an important aspect of HIPAA is that it
represents a set of rules that cannot be arbitrarily changed by the
organizations involved.  Consumers need to know that the "rules of the
game" when it comes to their medical records will not be subject to
unilateral alterations on the basis of business conditions or
management changes, outside the realm of legislated national rules.

My belief is that electronic medical records in general, and the
services like those from Google and MS in particular, have the
potential for significant benefits.  I also believe that a massive
rush into any of these environments could end up creating a whole new
range of problems that could waste money, risk privacy, and in the
worst case even cost lives.

I trust that Congress will move with deliberate speed, but not be
pressured, in the area of electronic medical health records
implementation, and that they will put patients' rights to privacy,
accuracy, security, control, and choice at the top of agenda.  A
stampede to electronic medical records without due consideration and
care would be a very dangerous prescription indeed.

--Lauren--
Lauren Weinstein
lauren () vortex com or lauren () pfir org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
  - People For Internet Responsibility - http://www.pfir.org
Co-Founder, NNSquad
  - Network Neutrality Squad - http://www.nnsquad.org
Founder, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com





-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com