[IP] Re: More Regarding the Online Medical Records Trap

[David Farber <dfarber@cs.cmu.edu>]

Begin forwarded message:

From: "Ed Biebel" <edward@biebel.net>
Date: October 5, 2007 6:49:24 PM EDT
To: lauren@vortex.com
Cc: ip@v2.listbox.com, dave@farber.net
Subject: Re: [IP] More Regarding the Online Medical Records Trap

Lauren,

I certainly agree with you about the danger of a centralized records
database.  Being gay, I have a heightened sense of concern because of
the many stories that I've become aware of over the years where
medical records were used to discriminate against LGBT folks.

Being an emergency provider though, I do see some value in being able
to access *some* patient medical information in the event of a person
being unconscious. What I think most laypeople don't understand is
there is a decidely small set of information that is valuable to
emergency personnel and ER staff in the event of an acute illness.

Emergency reponders are looking for information of three key types:

1.  Information that will allow us to quickly identify a chronic
problem that a person may be experiencing.  These are conditions that
might cause a person to wear a "medic-alert" bracelet.

2.  Information that will affect emergent treatment decisions.  This
includes things like "I'm allergic to x medication" or "I have a
pacemaker."

3.  Emergency contacts or next-of-kin information.

In addition, it would be "nice to know" things like a quick summary of
medical history -- patient has emphysema, high blood pressure, cardiac
problems -- and what medications a patient takes in order to assess
how serious a condition is.  (In fact meds are probably more valuable
than anything because they give a reliable indicator of what a
physician was trying to treat unlike verbal histories from patients
which are often unclear because the patient doesn't understand their
medical problems.)  These things are nice to know but not essential to
know.

Beyond that, any other medical history is not really useful because
a).  You are so sick that regardless of your history, you are going to
get a specific treatment because it is literally a "do or die"
situation or b). you are stable enough that the ER will run diagnostic
tests before treatment to confirm their diagnosis and course of
action.

With that in mind, it may be worthwhile to carve out a *very small*
portion of information that would be useful in situations where the
patient was "in extremis" and encrypt everything else.  However, the
information needed in those cases is minimal and is not a valid
argument to providing open access to a patient's entire medical
record.

Ed

On 10/5/07, David Farber <dfarber@cs.cmu.edu> wrote:
> Begin forwarded message:
>
> From: Lauren Weinstein <lauren@vortex.com>
> Date: October 5, 2007 11:58:56 AM EDT
> To: dave@farber.net
> Cc: lauren@vortex.com
> Subject: More Regarding the Online Medical Records Trap
>
>
>
>                  More Regarding the Online Medical Records Trap
>
>                   http://lauren.vortex.com/archive/000307.html
>
>
> Greetings.  In response to my discussion of "The Online Medical
> Records Trap" ( http://lauren.vortex.com/archive/000306.html ), I've
> been asked what would happen if a central medical records system
> were encrypted in the manner I suggested, where the service provider
> couldn't access the records even in the face of an outside demand
> (like a court order) without the user's permission, in the case of
> the person being incapacitated or unconscious.
>
> There are several rather simple answers to this.  The most basic is
> that to depend on a centralized system as the only location where
> medical records are stored would be incredibly foolhardy.  If
> doctors or hospitals needed access to that data, and their local
> computers or Internet connections were down, or if the central
> servers had been hacked or were having other problems (including
> possible connectivity issues) then patients would be S.O.L.  (that
> is, up the creek without a paddle).
>
> It should be required that doctors and hospitals maintain local
> copies of patient records, ideally not only on their local computers
> (the same level of encryption and access control that I propose for
> central medical records systems would not be necessary nor desirable
> on these local systems), but also the records should be kept in
> hardcopy form as well.
>
> Yes, I said hardcopy.  A hassle that devalues the computerized
> systems?  Yep, but I want my medical records kept locally in a form
> that doesn't depend on computers or even electricity.  I like those
> manila folders on the shelves, especially living in an area where
> earthquakes and other natural disasters (with their resulting power
> outages) are always a possibility.  Most other areas also have their
> own risks of disasters or problems that could make computer-based
> access to patient records impossible just when they're needed most,
> especially if those records are centralized and communications are
> down.
>
> As far as access to a central system is concerned, nothing says that
> a user couldn't provide friends, next-of-kin, etc. with their access
> key, or even have it noted on whatever emergency contact information
> that they hopefully carry routinely.  I have a slip of paper in my
> wallet with a few contact names and numbers for emergency use,
> mainly in case some idiot wipes me out making a left turn in front
> of me when I'm riding, but the point is that while carrying around
> your passwords isn't a great idea in the general case, this is one
> specific situation where it could make sense.
>
> I should add that it's also wise to include on your contact sheet
> full information about any allergies or other serious medical
> conditions that exist so that responders will know about them in
> emergencies.  To depend on access to a centralized medical system
> for such info in these situations could be disastrous, even if none
> of the central data were encrypted or otherwise access controlled --
> there's no guarantee that the central system would be reachable when
> you might need it most.
>
> So what does this all boil down to?  A centralized medical records
> system should never be depended upon for anything other than
> secondary access to medical data, if that.  Doctors and hospitals
> must be required to maintain local copies of patient data since
> there is no guarantee that central systems will be accessible at any
> given time, particularly in disaster or other emergency situations.
>
> To help prevent misuse of central medical records systems, all
> personal medical data on those central systems should only be
> accessible with the permission of the user or their designated
> contacts, and should be encrypted in a manner that makes other
> access impossible.  Period.  Anything short of this opens up
> enormous abuse potential.
>
> --Lauren--
> Lauren Weinstein
> lauren@vortex.com or lauren@pfir.org
> Tel: +1 (818) 225-2800
> http://www.pfir.org/lauren
> Co-Founder, PFIR
>    - People For Internet Responsibility - http://www.pfir.org
> Founder, PRIVACY Forum - http://www.vortex.com
> Member, ACM Committee on Computers and Public Policy
> Lauren's Blog: http://lauren.vortex.com
>
>
> -------------------------------------------


-------------------------------------------