Wednesday, October 21, 2009

E-Health and Privacy: The Right Model of Patient Information Sharing?

Canadian Bar Association Privacy Sub-Section Talk – April 15, 2009
Excerpts of Presentation by Micheal Vonn

. . . Policy being driven by technology,
and privacy seen receding in the rear-view mirror,
this is clearly the central privacy challenge of our time.
Although the study of health information systems is now its own sub-discipline in the academy, there is no public awareness of this issue, let alone public discussion. Patients, citizens, the public have been no part of these developments and are practically barred from even venturing an opinion because of a complete failure on the part of the government to provide any meaningful information at all.

Where we would hope for comprehensive, balanced information, when we have received what amounts to advertising slogans from the PR department: Viagra will save your marriage, iPods will make you groovy, and e-Health will make you safer, cheaper.

Where, exactly would the average citizen look for a foothold to enter such a non-debate?

The presentation is so relentlessly one-sided that there is essentially – and irresponsibly - no discussion of the profound risks beyond the mandatory endorsement that systems will, of course, be “privacy protective” and “secure”.

The very troubling lack of public awareness on these issues has driven a small, informal coalition of privacy-concerned organizations to try to fill the informational void on e-Health. And I’d like to share some examples of what we think it is critical for the public to understand about the profound transformation in health care that is underway through e-Health.

First, let’s get specific about what we’re talking about. “e-Health”, writ large, is a vast field and includes all kinds of technologies that are of undisputed benefit with no privacy concerns. Technology, for example, that allows specialist surgeons to remotely direct and guide surgeries being undertaken in far-off locations. Just to be clear, there is no Luddite Conspiracy trying to derail such fantastic uses of technology.

Nor are we concerned with electronic health care records per se. If my doctor records my data electronically and that data is stored on a server in her office, there is not very much of a difference between that and paper files locked in a filing cabinet. She is the guardian and custodian of that information in the same way. We have no problem with that, naturally.

The concern is centralization: vast repositories; massive, longitudinal databases of citizens’ health information, envisioned, as you know, to ultimately be accessible across the entire country.

I have looked everywhere I can think to look and waited in vain for any government, or indeed, anyone to provide compelling evidence that a vast centralization of citizens’ health data improves health care outcomes and/or saves money.

There appears to be almost no evidence to support the very elaborate promised benefits of this system.

This is a very serious point, and yet, I admit it often takes a comic turn. Like when minutes before her keynote address at a recent e-Health conference, a BC government official changed the name of her talk from “Evidence-based Innovation” to “Leveraging the Investment”. Or the researcher at another e-Health conference who I credit with inventing the term “soft but compelling evidence”; which is rather like saying “vague but definitive”. . .

As Ross Anderson, Professor of Security Engineering at Cambridge, wrote in the Feb 2008 edition of “The Economist”:
Patient data held at a GP practice may be vulnerable to security lapse on the premise, but the damage will be limited. You can have security, or functionality, or scale – you can even have any two of these. But you can’t have all three, and the government will eventually be forced to admit this. In the meantime, billions of pounds are being wasted on gigantic systems projects that usually don’t work and that place citizens’ privacy and safety at risk when they do.

Britain, in fact, has had to stop even pretending that it can safeguard patient data faced with tens of millions of records lost or compromised and just recently, the Prime Minister’s own medical data illegally accessed and given to the media. The Telegraph reports that civil servants in the UK are fired or disciplined for privacy breaches at a rate of about one per day.

All the credible, independent security experts that I am aware of say that a massive concentration of electronic health information imperils the privacy of that data. The “Honeypot Problem” was discussed recently in an article in the Guardian:
This is the recurrent problem with large databases that contain valuable data. Because they are so valuable, they attract malevolent attention of large numbers of hackers, fraudsters, criminals, even terrorists. Under sustained attack, even such sophisticated organizations as Microsoft and the Pentagon have succumbed…

… As well as the honey pot problem, there is another difficulty that applies to these vast government databases. To do their job, these databases have to be accessible to many people…. they can only work if they have thousands of access points. If the government cannot protect one laptop or one flash drive, what chance a system with over ten thousand terminals?
All of which, I suggest, is obvious.

So, let me conclude my prepared remarks by saying this. Contrary to the reports that consensus favours the development of centralized electronic health records, I quote from the Rowntree Report:
There is a developing consensus among medical practitioners that for safety, privacy and system engineering reasons, we need to go back from the shared-record model, to the traditional model of provider-specific records plus a messaging framework that will enable data to be passed from one provider to another when it is appropriate.
In other words, the system needs to be an architecture in which data is pushed from one health care provider to another. Not pulled from every health care provider into a massive database.

We are not building the right model of patient information sharing.

No comments: