Sense and Consequence - HIPAA (Redux)
This entry was posted on 4/21/2008 11:41 AM and is filed under uncategorized.
20 April 2008
Sense and Consequence - HIPAA (Redux)
In my 2 March 2008 entry, "III of X. Sense and Consequence - HIPAA," I wrote about HIPAA and the move by AT&T and the state of Tennessee to "provide the country's first statewide system to electronically exchange patient medical information" (Erik Schelzig, "AT&T, Tenn. Create Medical Info Exchange," Associated Press, San Francisco Chronicle, 25 February 2008).
In that entry, I also pointed to my 7 October 2007 entry, "Accounting for the Fissures of this Disjointed Reality," where I first brough up the issue of HIPAA and the move by Microsoft to make a patient's medical information available online:
"Through HealthVault, Microsoft is planning to further this direction by providing "a secure, encrypted database" for the storage of an individual's "personal health record" (Steve Lohr, "Microsoft Rolls Out Heallth Records", The New York Times, 4 October 2007). Through its database, Microsoft "hopes that individuals will give doctors, clinics and hospitals permission to directly send into their HealthVault record information like medicines prescribed or...test results showing blood pressure and cholesterol levels." On this front, however, there is critical need for pause.
On 21 August 1996, the 104th Congress passed into public law the Health Insurance Portability and Accountability Act (HIPAA) to (among other things) "combat waste, fraud, and abuse in health insurance and health care delivery" and above all, "to ensure the integrity and confidentiality of the information; to protect against any reasonably anticipated threats or hazards to the security or integrity of the information; and unauthorized uses or disclosures of the information" (Public Law 104-191).
If the need for privacy of personal information and the handling of such information by medical and healthcare professionals were identified as so crucially necessary that a law and protocols with that law had to be executed into effect with the threat of legal ramifications if so violated, why would a proposed database against that law be so quickly proposed?
Although Microsoft explains that the database will be secure and encrypted, have we not learned the lessons of the agile hacker mind? There are countless cases and a cornucopia of ocular proof that information - especially on the net - is a 'sitting duck' in hacker territory. To offset the possibility of data corruption, Peter Neupert, VP of Microsoft's health group, makes the analogy to online banking that initially met with privacy worries and is today mainstream. I beg to differ.
There are still many who are justifiably hesitant to disclose their financial information online - can we say, "identity theft"? So no, banking is NOT mainstream.
Banking aside, if financial information is hacked into, it can be reversed and corrected. Banks and credit card companies anticipate hackers and identity thieves so much so that they have swift and effective protocols in place to correct the fraudulent activity. However, when personal information - health or otherwise - is hacked into, there is no corrective reversal. The information is the key. To disclose that information to anyone other than the patient or medical/healthcare professional it is intended for is the irreversable violation and infringement that HIPAA sought so painstakingly to safeguard.
I wrote then and I reiterate again:
The direction and consequence of moving forward without respect to common sense is increasingly fatal compounded by the fact that it is occurring in every sector affecting the individual, his freedoms, his safety, and his right to life on this planet...take heed...
Now, it seems researchers are slowly realizing this to be a critical issue, as with the recent article in The New England Journal of Medicine where "two leading researchers warn that the entry of big companies like Microsoft and Google into the field of personal health records could drastically alter the practice of clinical research and raise new challenges to the privacy of patient records" because "Microsoft and Google, the authors note, are not bound by the privacy restrictions of the Health Insurance Portability and Accountability Act...that regulates personal data handling and patient privacy" (Steve Lohr, "Warning on Storage of Health Records," The New York Times, 17 April 2008).
I am the first to admit I am the leading researcher of nothing and an absolute nobody, but even I raised HIPAA as my immediate concern back in October 2007 and then again in March 2008. Only now this becomes an issue - raised by "leading researchers"?!?
What is going on with our academics? The supposed intelligent?
How about this:
How about introducing a little thinking now and then?
Maybe think before acting?
Maybe think before endangering and jeapordizing innocent lives and breaking oaths of confidentiality?
When will we regain our common sensibility?
Will we ever?
