The New York Times reminds us that President-Elect Obama is committed to the automation of medical records. I think that's great, as there are many reasons why electronic health records a great idea. The specific focus of the NYT article is on legislative initiatives to assure privacy, of which there seem to be many. My feelings about that are more mixed -- I love the idea, but am not so wild about the implementation.
I emphatically believe it is crucial to set up a new legal structure for privacy and the government use of information. When making that case, I usually conflate the two big areas of medical records and security/anti-terrorism/law enforcement. But that's a bit sloppy. The truth is, medical privacy issues should be solved first, before we fully tackle the others. National-security privacy issues are almost certain to fall afoul of partisan politics, at least until an example is set by consensus in a less contentious area. And there are indeed several reasons it should be easier to achieve such a consensus in the medical area than it is in security or law enforcement. In the medical realm, unlike national security:
1. The interests of the information's subject are obviously paramount. There are three main reasons to manage medical information -- to treat patients, to facilitate the business side of health care, and to support general medical research. Treating patients is clearly the most important.
2. Information policies can safely be transparent. In national security matters, there's great secrecy even as to what information is or isn't being stored. The medical area is thankfully free of that complication.
3. It is obvious that everybody is equally deserving of protection, with only the most limited of exceptions. This simplifies the discussion. National security vs. privacy debates are often complicated by arguments to the effect that most people are deserving of freedom, but some need to be carefully watched. Whether or not you think that's true, you hopefully agree it doesn't apply in the medical case.
Unfortunately, much of the legislative effort in medical privacy misses the main point. With the happy exception of the Genetic Nondiscrimination Information Act, privacy initiatives are focused on controlling the accumulation and movement of data, rather than its use. I think that's quite insufficient. No matter how stringent the rules are about acquiring and sharing information, they'll never suffice. Reasons include:
Here are some examples of laws-about-medical-information-use I would favor:
This is not to say that there shouldn't also be rules about a general duty to keep information confidential. But they're a sideshow. The bottom line is this:
Medical information will be exchanged. The legal focus needs to be on ensuring that patients don't suffer as a result.
Curt Monash is a leading analyst of and strategic advisor to the software industry. Praised by Lawrence J. Ellison for his "unmatched insight into technology and marketplace trends," Curt was the software/services industry's #1 ranked stock analyst while at PaineWebber, Inc., where he served as a First Vice President until 1987. He subsequently co-founded Evernet, Inc., a $40 million networking systems integrator. Since 1990, he has owned and operated Monash Research, an analysis and advisory firm covering software-intensive sectors of the technology industry. In that period he also has been co-founder, president, or chairman of several other technology startups.
Curt has served as a strategic advisor to many well-known firms, including Oracle, Microsoft, SAP, AOL, CA, and Netezza. Curt earned a Ph.D. in mathematics (Game Theory) from Harvard University. He has held faculty positions in mathematics, economics and public policy at Harvard, Yale, and Suffolk universities.