Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

More Regarding the Online Medical Records Trap

From: David Farber <dfarber () cs cmu edu>
Date: Fri, 5 Oct 2007 17:37:21 -0400


Begin forwarded message:

From: Lauren Weinstein <lauren () vortex com>
Date: October 5, 2007 11:58:56 AM EDT
To: dave () farber net
Cc: lauren () vortex com
Subject: More Regarding the Online Medical Records Trap



                 More Regarding the Online Medical Records Trap

                  http://lauren.vortex.com/archive/000307.html


Greetings.  In response to my discussion of "The Online Medical
Records Trap" ( http://lauren.vortex.com/archive/000306.html ), I've
been asked what would happen if a central medical records system
were encrypted in the manner I suggested, where the service provider
couldn't access the records even in the face of an outside demand
(like a court order) without the user's permission, in the case of
the person being incapacitated or unconscious.

There are several rather simple answers to this.  The most basic is
that to depend on a centralized system as the only location where
medical records are stored would be incredibly foolhardy.  If
doctors or hospitals needed access to that data, and their local
computers or Internet connections were down, or if the central
servers had been hacked or were having other problems (including
possible connectivity issues) then patients would be S.O.L.  (that
is, up the creek without a paddle).

It should be required that doctors and hospitals maintain local
copies of patient records, ideally not only on their local computers
(the same level of encryption and access control that I propose for
central medical records systems would not be necessary nor desirable
on these local systems), but also the records should be kept in
hardcopy form as well.

Yes, I said hardcopy.  A hassle that devalues the computerized
systems?  Yep, but I want my medical records kept locally in a form
that doesn't depend on computers or even electricity.  I like those
manila folders on the shelves, especially living in an area where
earthquakes and other natural disasters (with their resulting power
outages) are always a possibility.  Most other areas also have their
own risks of disasters or problems that could make computer-based
access to patient records impossible just when they're needed most,
especially if those records are centralized and communications are
down.

As far as access to a central system is concerned, nothing says that
a user couldn't provide friends, next-of-kin, etc. with their access
key, or even have it noted on whatever emergency contact information
that they hopefully carry routinely.  I have a slip of paper in my
wallet with a few contact names and numbers for emergency use,
mainly in case some idiot wipes me out making a left turn in front
of me when I'm riding, but the point is that while carrying around
your passwords isn't a great idea in the general case, this is one
specific situation where it could make sense.

I should add that it's also wise to include on your contact sheet
full information about any allergies or other serious medical
conditions that exist so that responders will know about them in
emergencies.  To depend on access to a centralized medical system
for such info in these situations could be disastrous, even if none
of the central data were encrypted or otherwise access controlled --
there's no guarantee that the central system would be reachable when
you might need it most.

So what does this all boil down to?  A centralized medical records
system should never be depended upon for anything other than
secondary access to medical data, if that.  Doctors and hospitals
must be required to maintain local copies of patient data since
there is no guarantee that central systems will be accessible at any
given time, particularly in disaster or other emergency situations.

To help prevent misuse of central medical records systems, all
personal medical data on those central systems should only be
accessible with the permission of the user or their designated
contacts, and should be encrypted in a manner that makes other
access impossible.  Period.  Anything short of this opens up
enormous abuse potential.

--Lauren--
Lauren Weinstein
lauren () vortex com or lauren () pfir org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
   - People For Internet Responsibility - http://www.pfir.org
Founder, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com


-------------------------------------------
Archives: http://v2.listbox.com/member/archive/247/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: