Your Medical Records Online

um... Lucas writes "Apparently, Intel's teaming with the AMA to help post patient records online. It's way too early to tell what they're thinking, but I want to know if I can opt-out now." This could be a good thing if it's done right ... or a privacy disaster if it's done wrong.

Be Afraid.

A hospital I used to work for was implementing a system to allow patients to access their medical records via the internet. The idea was that you could access your medical records, send emails to your Doctor's office, etc. They were doing this in conjunction with a vendor.

This was all very well and good, except that this hospital, like most hospitals, took technical incompetence to a level that I have never seen anywhere else. I am not exaggerating in the slightest -- most of the "IS Staff" were nurses who had been promoted into IS!

You can imagine what security looked like. Literally, all the passwords in the NT domain were "password" or null. Likewise for Netware passwords. Passwords for system accounts were things like "nascar" (the nurse who ran that system was a fan -- but that password had been changed when I left). In fact, I don't think I ever saw anyone but myself set a password that could not be broken by crack in 30 seconds flat.

On top of that, this organization would try to run on the least technical staff possible. That's good as far as it goes, but when you have a $500,000 UNIX system that you are trying to run with a mail clerk! I'm not exaggerating in the slightest: this organization spent upwards of $3 million on software, $500,000 on the database server, and tried to run it with an employee making less that $10/hour. On this particular system, mos accounts had a password of their user name. After all, anything else was too hard to remember. The root password (until I came on and straightened them out) was "superman".

And, you guessed it, all those wide open accounts were accessible from the dial-in rack. Any fool with a war dialer could get in at any time. I tried to inform them of this, and they ignored me. On the other hand, they were genuinely paranoid about Internet access. So paranoid that they refused to allow access to just about anything without begging, cajoling and everything else, but not so paranoid that they would hire someone technically competent to manage it.

Their biggest problem was that they had no respect for or desire to have around technical competence. I was isolated from day one because I did not pander to their sloppy practices. They didn't want a nerd, they wanted a "manager".

At any rate: do you think that this bunch could keep your data secure? Get real.

rural medicine

Having health records online would be a huge boon to rural medical practice, especially given the already surging growth in telemedicine. By having medical records already available online, practitioners in areas with limited medical resources (such as Alaska's bush communities) could greatly increase the speed of treatment for difficult medical and trauma patients. By already having the records online, the temporal gap between presentation in the primary care clinic and a second opinion by a specialist would be greatly shorted, in many cases increasing the chances of a successful recovery. Having medical records online wouldn't just help "one or two patients" as someone else commented, it would be of great advantage to many....IF they can get the encryption software to work properly. As a future rural physician, I know I would appreciate having my patients' records online. Knowing what I do about encryption and the privacy issues involved in an issue like this, I'm just not so sure I'd want MY records online. Hopefully they'll work it out, because this could be a huge advantage to the medical community, as well as to they patients they treat.

As always...caution should be paramount...

I've worked in the information systems branch of the medical industry for the past four years now. I've seen time and again how badly patient records are protected electronically in clinic, hospital, and corporate office.

Where possible, I've always taken steps as the chief technology employee to protect the patient's records and rights to privacy. I've tightened security systems, making workflow in the clinic a little more attentive to computer usage, so that our patients could rest with the knowledge that all steps had been taken to protect their privacy.

This development scares me. Certainly there is the possiblity to use this information to detect patterns otherwise unseen, but largely such patterns are detected from abstract databases already maintained at the state or inter-state level. For example, cancer clinics maintain tumor information at the state level not only for statistical reporting usage, but also for usage as a pattern detector. But the patients are ultimately proctected from becoming anything more than a number.

A nationwide system with full medical records runs dangerously close to causing mroe harm than good. The patients are no longer a statistical element whose anonymity is fairly well protected by abstraction from their medical chart. Instead, their medical chart is now a part of this database? I am indeed most concerned as to where this development will lead.

Obviously it could be a Good Thing for both patients and their physicians to have quick and ready access to a patient's medical record and history. However, the rush of technology must be tempered with a careful evaluation of necessity. Is it absolutely necessary for this sytem to be available to both the public and physicians. Would it not instead be better served as a carefully controlled, non internet, system available only through licensed professionals?

I would say the patients should express any concerns they have to the proper branch of the AMA. They can try to protect this information all they want. The ultimate question is whether or not the information needs to be made available in such a venue in the first place.


ta,
Jason
# Jason A. Dour

HIPAA - You need to know this

Healthcare Information Portability and Accountability Act. It's not just a good idea, it's the law (in the USA). Within the next two years, agencies dealing in personalized medical records will be forced to submit to HIPPA regulation. This includes hospitals, "health web sites," pharmaceutical companies and so forth. If they have your medical data, they must conform to HIPPA.

What does that mean?

• Medical data must be stored in a secure manner. Yes, there is no perfect security, but let's just say that Windows NT is about to suffer greatly in the medical marketplace...
• Medical data must be protected in transit. That means RC4-128bit or 3DES. Even on a hospital LAN. That's right: sanity at last.
• There must be published and audited policies and procedures governing storage, transit and disclosure of electronic medical records. That may sound like a drag to Slashdotter's who work in chaotic, fast-paced tech companies, but this bureucratic overhead means clear liability concerning your personal data.
• Included in the auditability guidelines is non-repudiation. This means digital signatures and X.509 certificates. This is an excellent technology which has been resisted due to cost and complexity. Not anymore.

Bottom line: nobody is going to be putting your medical records on a public website.

Large med. databases?

It's been done, and is still being done, and we are taking lots of security precautions.

The company I work for develops and sells a patient records and practice management software package. Our security requirements are downright freaky. FULL DISCLOSURE: Yes, it runs on NT, but, when done right, you can secure an NT network.

1) No outside connections unless they come through our firewall. Period. We do not have a dial-in system, and our ISDN links to doctor offices are password protected three times (router, VPN authentication, user password). Yes, we have Internet access, but only certain people have access to it, and it is logged as well.

2) If you are not using our machines with our software, no network link for you. We have two doctors who have a home link. They come in, using NT systems configured separately from their home machine, owned by us, through a VPN tunneling link using 128-bit encryption. Slow as hell, but its secure.

3) Every action is logged, right down to checking a patient in or out. Our logging database takes up its own 12G hard drive, and is backed up to tape every night, along with the rest of the system.

4) Database security: Every user has specific access rights which cannot be changed by anyone but our administrators (duh). They are finely grained, down to controlling which functions in what applications can be performed.

5) No FDD access at all, nor data dumps, from user applications. It is not possible to get a raw data dump from our system without us knowing it (and doing it). This is analogous to the credit reporting agencies' systems. You may can get one or two patients before someone notices you're not supposed to be at another person's machine, but you won't get them all. Oh, and this also prevents installing any software but ours (no CD-ROMs, either, and network-based installs are only accessible to administrators).

6) Network based anti-virus protections: You will run our anti-virus software (as well as remote control software using AT&T's open source VNC [att.com] program) with virus definitions updated nightly.

See? Life's not so bad, as long as its done right.