[IP] Re: More Regarding the Online Medical Records Trap

[David Farber <dave@farber.net>]

Begin forwarded message:

From: Ed Gerck <egerck@nma.com>
Date: October 10, 2007 1:15:27 PM EDT
To: dave@farber.net
Cc: ip@v2.listbox.com
Subject: Re: [IP] Re:  More Regarding the Online Medical Records Trap

[Dave: for IP if you wish]

Federated record systems, where no single entity can control  
everything, is a
standard solution for cases with similar privacy and control issues,  
such as
client databases used by competing business.

On the other hand, a centralized database is not used in such cases and
Microsoft has failed in the past with similar initiatives, including  
Microsoft's
Hailstorm, Passport, and My Services in .NET (google references).  
Businesses
were not convinced that keeping their users' and clients' data with
Microsoft was secure or even desirable, in spite of all the assurances
and certainly not with the disclaimers.

Lawyerly circumventing HIPAA privacy assurances, as HealthVault does,
is also not helpful for the party at risk --the patient.

A federated system, where both health care providers and patients,
can selectively control, aggregate, and make available information
to parties chosen *by them*, would not only protect privacy but also
prevent a third-party to be unnecessarily involved in the security  
risks.

Such a system already exists with secure email at http://zsentry.com ,
providing HIPAA assurance, encryption, spoof prevention, proof of
delivery, secure attachments, document expiration, secure personal
archive in the user's computer, ease of use, and no cost for the  
patient.
The patient may aggregate and distribute at the patient's will.

Best,
Ed Gerck



-------------------------------------------