Sunday, February 18, 2007

Privacy of the Health Network? What Privacy?

Many moons ago, before departing the Silicon Forest for the Ivory Tower, I worked for a company that was trying to design a way for patients and doctors to have internet office visits. Several large companies in my field has discovered that most of the time they lost to employees going to the doctor was spent in driving and waiting. The obvious solution was to make little internet kiosks on campus, where you could video conference with your doc. It was an interesting idea, although a bit ahead of its time.

One large aspect of my job was to wrestle with HIPAA guidelines, specifically making sure that all of the patient records we had were safe. Defining safety in terms of the internet is not easy, as the Bush Administration is now learning. It seems that the GAO has discovered that the Administration plan for a network linking health care providers and insurance companies has no strategy to address security concerns. This is a big woops! It sounds like there is a systematic and uncomprehensive strategy towards privacy and security at HHS.

Speaking from long hours of personal experience and many HIPAA-induced headaches, generating compliant security online is a constantly shifting game of playing catch-up. The technology is constantly changing, and what is cutting edge today will be obsolete security next week. Online medical records, in any sort of centralized system, is going to require not a couple of people doing security, but an entire department of health record security, able to mobilize on a moment's notice to protect those records.

Right now, it sounds like what we have is a far cry from that, and I'd be highly apprehensive of any effort to import my medical records into their currently existing "system".

No comments: