I feel like one of those people who kept saying there was going to be a catastrophe in the Gulf when that Category 5 storm hits. I know I keep harping on the need for health data security (and therefore the opportunity), but here are two more pieces of relevant information.
The New York Times writes that a GAO study indicates “the Bush administration has no clear strategy to protect the privacy of patients as it promotes the use of electronic medical records throughout the nation’s health care system, federal investigators say in a new report.”
Meanwhile, hospital CIOs report (in an admittedly imperfect but interesting survey) that they expect to greatly increase spending on clinical systems – systems that will contain even more personal information than is currently in any large-scale database.
The Times elaborated:
In the report, the Government Accountability Office, an investigative arm of Congress, said the administration had a jumble of studies and vague policy statements but no overall strategy to ensure that privacy protections would be built into computer networks linking insurers, doctors, hospitals and other health care providers. (emphasis mine)
… In 2004, Mr. Bush declared that every American should have a “personal electronic medical record” within 10 years …
Is anybody listening? The personal electronic medical record is a good idea – but eminently hackable under current conditions. Even today’s medical records contain enough information to do serious damage, and I’ve reported on a staggering series of data losses.
This issue is both a policy concern and an entrepreneurial opportunity. Who will address it first – private-sector tech innovators, or policy makers?
Or will the problem just linger on, unaddressed, until one day Americans find themselves flooded with breaches of privacy regarding their health history?
Sorry to sound alarmist, but look at it this way: Do you wonder to spend your time wondering who will be the first to post your medical records online?