President Proposes Security of Medical Records

Event Summary

On Friday, October 29th, President Clinton proposed that national standards be developed to ensure the privacy of patient medical records. Citing instances in which employers have reviewed medical records of prospective employees without notifying the employee, the President said that "With the click of a mouse, personal health information can easily, and now legally, be passed around without patients' consent to people who aren't doctors for reasons that have nothing to do with health care." The new privacy standards would apply to all electronic medical records and would require providers to strengthen safeguards.

The President also stated that, "Storing and transmitting medical records electronically is a remarkable application of information technology. Electronic records are not only cost effective; they can save lives by helping doctors to make quicker and better-informed decisions, by helping to prevent dangerous drug interactions, by giving patients in rural areas the benefit of specialist care hundreds of miles away."

Market Impact

This announcement is not just about securing patient medical records -- it is also about centralizing medical records. Once a development plan is underway, the first thing that will become obvious is that patient medical records need to be centralized. It is too costly and too complex to secure information records that are stored in multiple locations.It will also be difficult to enforce compliance if medical records are stored in multiple locations. We live in a very mobile society, where families and individuals move fairly often. By the time an individual turns 18, he or she may already have lived in many different towns, and states, and have medical records in a dozen or more places. It will not be possible to secure medical records without first centralizing them.

The centralization of medical records raises many new issues, including ownership. Who will own the administration, upkeep, and support of the systems that will be needed to centralize patient records? The ownership issue needs to be resolved before a centralized system can be put into place. Secure authentication systems require the establishment of an ownership component. The patient will own their own medical information, but who will own the storage systems that the information resides on? Clearly the system owners need to be someone who has no potential profit motive on the horizon.

Does that mean that the U.S. Government will be setting up a medical record database for all its citizens? This poses a lot of potential questions. Is the U.S. Government prepared to architect and deliver a major technology initiative? Is a National Registration System, like the one that the Health department in Jamaica has proposed, the next step in moving forward to a more advanced society? What vendors and what products will be used? Does the U.S. Government have enough credibility with system security to have such an initiative supported by the general public? Lately there has been a lot of exposure regarding security violations on government systems. Should federal agencies like the FBI have access to private medical records?

User Recommendations

In order to effect the new privacy initiative, it is time for technology savvy citizens to write their senators and congressmen and pose suggestions and recommendations.

Such a privacy and security initiative will surely be expensive to implement. Today is the time for vendors to start thinking about how they can get a piece of the pie. What sort of technology infrastructure will this require? Who will lead the project development? What are the best products and technologies to use?

The new medical information privacy initiative will likely turn into a huge information technology infrastructure project. Systems will be put into place. Networks will be built. Databases will be contructed. If security and networking integrators are not yet on the General Services Administration (GSA) schedule, now is the time to do that. The U.S. Government works with publicly held and privately owned industries only if the corporation is on the GSA schedule.

comments powered by Disqus