October 29th, President Clinton proposed that national standards be developed
to ensure the privacy of patient medical records. Citing instances in which
employers have reviewed medical records of prospective employees without notifying
the employee, the President said that "With the click of a mouse, personal health
information can easily, and now legally, be passed around without patients'
consent to people who aren't doctors for reasons that have nothing to do with
health care." The new privacy standards would apply to all electronic medical
records and would require providers to strengthen safeguards.
also stated that, "Storing and transmitting medical records electronically is
a remarkable application of information technology. Electronic records are not
only cost effective; they can save lives by helping doctors to make quicker
and better-informed decisions, by helping to prevent dangerous drug interactions,
by giving patients in rural areas the benefit of specialist care hundreds of
is not just about securing patient medical records -- it is also about centralizing
medical records. Once a development plan is underway, the first thing that will
become obvious is that patient medical records need to be centralized. It is
too costly and too complex to secure information records that are stored in
multiple locations.It will also be difficult to enforce compliance if medical
records are stored in multiple locations. We live in a very mobile society,
where families and individuals move fairly often. By the time an individual
turns 18, he or she may already have lived in many different towns, and states,
and have medical records in a dozen or more places. It will not be possible
to secure medical records without first centralizing them.
of medical records raises many new issues, including ownership. Who will own
the administration, upkeep, and support of the systems that will be needed to
centralize patient records? The ownership issue needs to be resolved before
a centralized system can be put into place. Secure authentication systems require
the establishment of an ownership component. The patient will own their own
medical information, but who will own the storage systems that the information
resides on? Clearly the system owners need to be someone who has no potential
profit motive on the horizon.
Does that mean
that the U.S. Government will be setting up a medical record database for all
its citizens? This poses a lot of potential questions. Is the U.S. Government
prepared to architect and deliver a major technology initiative? Is a National
Registration System, like the one that the Health department in Jamaica has
proposed, the next step in moving forward to a more advanced society? What vendors
and what products will be used? Does the U.S. Government have enough credibility
with system security to have such an initiative supported by the general public?
Lately there has been a lot of exposure regarding security violations on government
systems. Should federal agencies like the FBI have access to private medical
In order to
effect the new privacy initiative, it is time for technology savvy citizens
to write their senators and congressmen and pose suggestions and recommendations.
Such a privacy
and security initiative will surely be expensive to implement. Today is the
time for vendors to start thinking about how they can get a piece of the pie.
What sort of technology infrastructure will this require? Who will lead the
project development? What are the best products and technologies to use?
The new medical
information privacy initiative will likely turn into a huge information technology
infrastructure project. Systems will be put into place. Networks will be built.
Databases will be contructed. If security and networking integrators are not
yet on the General Services Administration
(GSA) schedule, now is the time to do that. The U.S. Government works with publicly
held and privately owned industries only if the corporation is on the GSA schedule.