Obama’s Electronic Health Records initiative could usher in a new wave of ID theft

With the stimulus bill all but signed it looks like the government will be handing out $19 billion in an effort to digitize America’s health record system. The problem is we have a noble goal but no plan or direction on how it should be accomplished. The stated goal, which has garnered substantial support, is to build a National Electronic Health Records (EHR) system. But the plan or direction on how to get us there is completely missing from the stimulus bill. When the government throws lots of money at a problem before they have a viable plan or even the framework of a plan in place disaster usually strikes. Reference the recent Tarp disaster for proof. Given the current stimulus bill’s ambiguity it looks like we are destined for yet another misuse of funds, this time with modernizing healthcare. Modernizing America’s health record system is not a new undertaking by government it just has a new advocate, President Obama, willing to take up the fight for it. President Bush was the first to start down this path when he formed the Office of the National Coordinator for Health Information Technology in 2004. Unfortunately, the new office was never given the funds or support that it desperately needed to accomplish its goal. Its goal was, and still is, to create an electronic health record for every American by 2014. Given that this goal was announced 5 years ago and only has 5 more years to go one would assume it should be about halfway-accomplished right? Ah…not exactly. Reality is we really haven’t even started yet. Up to now it is mostly window dressing and press releases. And since we are starting basically from scratch here there are a few things that stand out as problems with the current stimulus bill as it relates to EHR. The first one is the Institute for Health Freedom (IHF) is warning the public that the economic stimulus bill mandates the federal government to plan for each American to use "an" electronic health record (EHR) by 2014 -- without opt-out or patient-consent provisions. This is a very serious breach of privacy and one I would hope will be overturned with time. Seems as though the government decided to not come up with a comprehensive plan but instead made sure that no matter what it is everyone will have to be a part of it. This would open up your complete medical records to over 600,000 healthcare providers, payment processors, and government health agencies without your consent. An no, HIPAA will not protect you from this. This kind of pervasive access to anyone’s health records screams of privacy and security concerns. Ok, so maybe your thinking that this is not so bad because it is for the greater good, just needs to be done, and we can trust the government to protect our security and privacy. Well consider the quote below, taken right from the stimulus bills pages.

Anything strike you as out of place here? How about the fact that the National Coordinator can take up to 12 MONTHS to appoint a Chief Privacy Officer for starters! Given the nature of the privacy and security risks involved in this project it is criminal, in my opinion, to not appoint this position in the initial forming of the team. The CPO should be viewed as a critical component that needs to be on the team day one. The second issue I have with the above is it should be the case that the CPO be independently appointed, not appointed by the National Coordinator. This is to ensure that the National Coordinator doesn’t appoint a “Yes“ man to the job as happens all to frequently in these committees. My final issue with the role of the CPO as stated in the bill is that it doesn’t define any authority the position has. The Nation needs a Chief Privacy Officer that has the authority to overrule decisions made by the National Coordinator that affect privacy and or security of its citizens. The way the bill is currently written, the CPO is just a puppet to the rest of the committee with no designated authorities that will protect us. Now do you want an opt-out clause added? I sure do. I’ve saved the best for last, here it is. The stimulus bill provides no guidance on how to create a nationalized EHR system other than to say this:

Health information technology architecture that will support the nationwide electronic exchange and use of health information in a secure, private, and accurate manner, including connecting health information exchanges, and which may include up-dating and implementing the infrastructure necessary within different agencies of the Department of Health and Human Services to support the electronic use and exchange of health information.
What this means is that the standards will need to be developed by both government and the private sector. All parties involved will have to form a committee that comes up with standards that everyone agrees on. Now that shouldn’t take to long now should it? (insert sarcasm) Without providing the framework for such a committee and its membership the government has doomed us to failure before we even got started. Instead of a cohesive interoperable National EHR system we will instead end up with a hodgepodge of 3rd party EHR systems scattered throughout our healthcare system that are unable to communicate with one another. Healthcare providers will use the government funding to go out and buy whatever closed EHR system they want. In a nutshell we will be saving the problem for another generation to fix. The stimulus bill will give physicians between $44,000 and $64,000 in incentives to digitize their medical records systems. Hospitals on the other hand can get up to $11 million for the same. The bill does lay out some broad penalties for non-compliance, for example providers who treat Medicare and Medicaid patients and have not gone to digital systems within five years will lose government funding for those services. I have no doubt that the government will manage to spend the $19,000,000,000.00 on this boondoggle. Government never seems to fail at spending tax payer money, regardless of whether it is achieving its goals by doing so. I believe, without a doubt, that this nation would be much better off if we had a proper National Electronic Health Record system in place today. I just don’t see that happening with this legislation. I can only hope that President Obama appoints a super genius as Secretary to this who is able to fix it. Please tell me where I’m going wrong. Read the whole stimulus bill here http://readthestimulus.org/ Well done article on recent events by David J. Brailer, MD, PhD. In 2004, Dr. Brailer was appointed by President George W. Bush as the first National Coordinator for Health Information Technology. In this role, Dr. Brailer developed and led the nation’s strategy for ushering health care into the digital era. http://healthaffairs.org/blog/2009/01/14/complete-the-work-on-health-information-technology/ Health Freedom Website http://www.forhealthfreedom.org/Publications/Privacy/EconomicStimulusAndPrivacy4.html

The opinions and information presented here are my personal views and not those of my employer.

More from Jamey Heary: Credit Card Skimming: How thieves can steal your card info without you knowing it Cisco enters the crowded AV and DLP client marketCisco's new ASA code allows you to securely take your Cisco IP Phone with you anywhereCisco targets Symantec, McAfee with its new antivirus client Google's Chrome raises security concerns and tastes like chicken feet a>Go to Jamey’s Blog for more articles on security.

*

*

*

*

*

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)