-
1
01/27/10 | Report as spam
google
I trust google a bit more now that they're coming clean on their China censorship.
gary
-
2
01/27/10 | Report as spam
The paranoia comes legitimately. The question is what to do about it.
Exactly how many hours was it between the time that "Joe the Plumber" evoked an embarrassing answer from candidate Obama, and that his personal information was accessed by the accounts belonging to the office of the Ohio Attorney General, the Cuyahoga County Child Support Enforcement Agency and the Toledo Police Department? About 48?
Of course, he wasn't alone. Obama had passport data looked over. And Sarah Palin had numerous data breech incidents.
Okay, so that's not likely to happen to most people. However, nearly everybody personally knows at least one ordinary somebody who's had their ID stolen and has had to deal with the collateral damage that results.
The point is that when it comes to the security of data of the most personal nature, I don't think you need to be a luddite in order to have a legitimate concern.
On the other end of the equation, the government has a dismal history of managing large IT projects. Just name any alphabet agency (FBI, FAA, CIA, IRS...) and you'll have an example of massive projects where billions were spent with little to show for it.
So the cynicism comes legitimately, and it's going to take more than hope and change to alter that impression as well.
That said, I actually do agree with you in that in order to move forward and make health care more efficient, we need to overcome our paranoia. As a systems analyst who has spent an adult lifetime figuring out stuff like this, I get thoroughly frustrated every time I go to a new provider and have to spend a half hour filling out the same information. Why can't I beam in all of this ahead of time?
I also agree with you that data mining (minus personally identifiable information) could be invaluable for research of all kinds, as well as identifying preventable disease trends. It might even eventually lead to cost savings. (although not enough to pay for everything they fantasize about paying for)
So we agree. Now what? You say "Technologists, engineers, scientists, and IT professionals need to understand this fact and push back against it. Progress remains controversial." We already get that.
The question is, exactly how do we do it?
-
3
01/27/10 | Report as spam
RE: Americans still fear storage of their health data
Americans may be suspicious of anyone but their doctors having their health information, but the fact is that it's the doctors that are going to put their information into computers. The stimulus bill included a very large dollar amount for encouraging doctors and hospitals to get electronic medical records, and penalties (in the form of lower payments from Medicare, the nation's largest payer of medical bills) if they aren't using electronic records in a meaningful way by 2015. Once the information is in the doctors' or hospitals' computers, they'll swap it as needed to facilitate care, and we'll all sign papers letting them do so because who wants ill-informed doctors? This is probably the single best thing that could happen to the system from a quality of care standpoint.
The provider community and the payers (of whom the government is, let's not forget, the largest) will mine the data as needed, with identifiers stripped. They already do this extensively with hospital discharge summaries, but the data is of very bad quality and leads to many erroneous conclusions. At least being able to mine complete records should improve that situation quite a bit.
All this is to say that this change will happen despite public paranoia, and in 15 years it will seem just as normal and innocuous as the ATM network, and ever so much more useful. Like the ATM network, it will suffer occasional breaches, but those won't be enough for the public to want to shut the whole thing down.
-
4
01/27/10 | Report as spam
How do we do it?
We might start with making this a technical question instead of a political one. For every accusation against a Democrat (Obama wasn't President when the Joe the Plumber incident happened -- Bush was in office) abusing power with data, there are equivalent examples going the other way. It's bipartisan.
The solution has to be bipartisan too. Or rather, non partisan. By which I mean it needs to be done by security professionals, and we need to understand that mistakes happen, at which point we use law enforcement.
One more thing about Joe. It was reporters who abused his privacy, not anyone in government. And the reason was that, by putting himself forward as a spokesman for a point of view (which he did, deliberately) he made himself a public figure, according to the rules of Times vs. Sullivan. He wasn't just some sort of "Joe the Plumber" who came upon the President, we learned quickly. He was a political operative masquerading as a political naif.
Now, how many reporters you want to put in jail for getting that stuff?
-
5
01/27/10 | Report as spam
Here's an idea to supplement all other ideas and security measures...
To help alleviate the fears about a huge database of medical records, perhaps an alert system needs to be developed.
I would call such a system: "Heads Up!"
Alternately, it could also be called: "Access Alert!".
In essence, if a medial record was accessed for anything at all, be it for update or for reading or browsing, the owner of that record would get an alert notice indicating that his or her record had activity performed against it.
That alert would get automatically generated no matter who did the access, even if the record was updated by a doctor or by any third party, like the government or any kind of hospital or medical insurer.
The alert should indicate what information was added or changed or updated. The total medical record does not need to be sent as part of the advisory.
When it comes to the alert, even any kind of government access to the record should trigger an alert, even if it's just for "a government study" or a "research study".
The alerts can generated for on-line viewing or as a letter for those who don't have access to computers or prefer a paper notice.
A method should be provided that allows the patient to inquire further about the access.
-
6
01/27/10 | Report as spam
I'd be glad to be "bipartisan" on this issue...
...if "reporters" would be. Was anyone ever punished for the "Joe"
leaks or did the promised investigation just disappear into the miasma?
If there were visible prosecution as the result of data leaks, that
would go a long way towards convincing the public that this was an
issue that was being taken seriously.
I like adornoe's idea of notification of any time anyone looks at my
data. The only problem I see with that is that I'm afraid that it is
inevitable that there will be "exceptions" to the notification rule.
(There always is)
-
7
01/27/10 | Report as spam
JohnMcGrew: That's an excellent question about exceptions ...
however, even that should have a solution.
How about if that issue is taken care of in the oversight arena?
In other words, no one entity, should have governance or control over the database. The database should administered by a neutral player, but with oversight by multiple parties. The oversight parties can be from both the public sector and the government sector.
The neutral administrator can be a Microsoft or a Google or an IBM or any other large and capable business entity. The government oversight body should be there to insure that access and administration is handled according to regulations and that no abuse can occur. A private oversight body can be composed of many different sectors of the economy, including businesses and hospitals and doctors and medical insurers and regular citizens. That way, they can all keep an eye on each other and abuse can be cut down. Whatever one sector wants to do with the database, all of the other oversight components must approve.
Rules and regulations have to be predefined and no one entity can be superior to the others, not even the government side.
-
8
01/28/10 | Report as spam
It would have to be something like that
Of course, that does bring us back to the original "luddite" problem,
where the bigger and more complex something is, the harder it is to get
people to understand and trust it. Selling "accountability" will be
crucial.
-
9
01/28/10 | Report as spam
JohnMcGrew: If there's no accountability and no security ...
and the ultimate owner of the record on the database is not the patient, then the system should never be undertaken.
If people have the right to information on their credit records, they have an even bigger right when it comes to their medical records. Medical records are a lot more personal than their credit worthiness or credit histories.
-
10
01/29/10 | Report as spam
PHRs
Every personal health record is owned by the patient. It is hosted at
a Microsoft or Google or elsewhere so that security can be applied,
and so that interoperability can be maintained with the Electronic
Health Records (EHRs) on which it's based.
Now why do people get into the PHR business? Motives vary. Microsoft
wants to support its EHR customers. Google wants to sell ads against
your data and interests. Insurers want to maintain "customer
control." TANSTAAFL.
An "alert system" should be automatic. Access to any PHR does not
happen without the consumer initiating it in some way, unless there's
a break-in. And we do get notice of break-ins.
Many states, Georgia included, have laws requiring that you be
allowed to get a free copy of your credit score every year. Yet even
here we have a lot of people buying the "free" credit score
advertised on TV, which isn't free at all but requires the purchase
of a subscription to a service designed to deliver alerts.
Allowing not-free to masquerade as free only feeds the paranoia. I
want to see paranoia reduced. But in this case the way to do it is
with government regulation.
-
11
01/29/10 | Report as spam
Dana: Two things...
Google wants to sell ads against your data and interests.
If that's what Google would do with our records, then Google should be dropped from consideration for the administration of that PHR database. Our most personal records are not to be used as a client base for Google's advertising. Banish that thought.
But in this case the way to do it is with government regulation.
Regulations are fine and indeed, perhaps necessary.
However, no government control. Period. I don't trust government with my data. They already have enough information about me and I don't want them to have another layer of information and control over my life. I'm pretty sure there are millions of others with the same sentiment.
-
12
01/30/10 | Report as spam
Ownership of Data
The analogy to how credit data is handled is probably the biggest
reason people are resistant to the idea. I think that I should have
complete ownership over my credit data; just being allowed to view it
for free is inadequate.
I think that the law should recognize that the citizen owns their
personal data. (financial, medical or otherwise) I don't think that
credit agencies should be allowed to sell that information as they do
without my express permission. If an agency would like to enter into
a contract where I am paid when they sell my data, that might be
acceptable. Either way, it's up to the "owner".
Of course, that trashes the credit industry's business model, and
possibly Google's as well. Either way, the only way this will fly is
if people are convinced that they have complete ownership and control
over their data.
So, where do we go from here?
-
13
01/30/10 | Report as spam
Taking the credit history and credit agencies analogies a bit firther...
I believe that no one "agency" or company or cloud service provider should be handed the total personal health records business. It should be distributed amongst a few players. No one company can earn the trust of all the people, not even a government agency.
However, the application systems that handle PHRs should be the same regardless of who is doing the servicing. That way, if one service goes down, the others are available to step in and with the same kind of software/hardware and interface.
Redundancy is of the utmost necessity, but with security still being a very high requirement.
-
14
01/31/10 | Report as spam
Whatever happened to competitive capitalism?
I think the PHR game should be built on free enterprise principles. I
don't know why anyone would disagree.
But John McGrew demands heavy handed laws insisting that credit and
health data be designated personal and no longer exchanged within the
marketplace. Who's a socialist now, John?
Adornoe seems to think the government can designate who will be a
player in this game, and thus who won't. I think the only regulation
should be on standards, standards for security, for interoperability
and for handling data. Beyond that, let the market prevail.
Government picking winners and losers is not the way to go. Down with
big government! Anyone for tea?
-
15
02/01/10 | Report as spam
Data: A PHR database is not about "free market" capitalism
A PHR database is not the same as a database full of leads for telemarketing purposes.
A PHR database, though it might be centralized, is not about how it can be turned around for sales or marketing schemes.
A PHR database should have the same kind of security and internal protections as credit card records or bank account records. In fact, it should have a lot more stringent controls than those other bank or credit card records because the PHR records are about much more intimate and personal information regarding people.
I think the PHR game should be built on free enterprise principles. I don't know why anyone would disagree.
The discussion has been about building and safeguarding a PHR database. The discussion is not about "the free enterprise principles" that might be involved. Personal health information regards the most personal type of information that a person can put into a database. The only person that should have any say on how the information can be used is the patient; not the database administrator and not the government, especially not the government. Period.
The free enterprise system's involvement would be there only as far as the initial competition to see who would build and maintain the system. After that, it would be a highly personal interaction between doctors and patients and the database. No other external considerations should be built into or around the system. In other words, no external system should expect to use information from the database for such things as telemarketing. The database should have legal and internal protections in the same way that a doctor/patient relation is protected.
Ant, don't try to lecture McGrew or me about free market capitalism. You are the one who has repeatedly, in just about all of your posts, demonstrated your disrespect and dislike for capitalism. You are a big government proponent and your berating of McGrew and me is due to our dislike for that big government which you cherish.
In fact, although you haven't said it directly and you've also denied it, your words and actions demonstrate quite clearly that you are a socialist with a highly negative view of "the free market principles". A proponent of any kind of big government control over any part of our lives, is a socialist.
But John McGrew demands heavy handed laws insisting that credit and health data be designated personal and no longer exchanged within the
marketplace. Who's a socialist now, John?<
You are twisting his words.
But, I'll let him speak for himself if he notices your post.
Adornoe seems to think the government can designate who will be a player in this game, and thus who won't. I think the only regulation should be on standards, standards for security, for interoperability
and for handling data. Beyond that, let the market prevail.
In the above paragraph, you are twisting my statements. Either that or you have a problem understanding what you read.
First off, I never mentioned anything anywhere in my posts about the government "designating" who would or wouldn't be "in the game". I just don't want' them involved in any part of the PHR system excepting for perhaps regulations. Health records are not the property of the government and the government shouldn't have any say as to who the design and implementation goes to.
When it comes to government, I would like for it to be completely uninvolved in the PHR database. I don't want them controlling it; I don't want then designing it; I don't want them picking the winners or losers in the "lottery" for the design and implementation of the system. The only thing I might accept as intervention by the government would be some rules or regulations, but nothing to the extent where the government would exert any kind of control.
Government picking winners and losers is not the way to go. Down with big government!
Good to see you finally agreeing with McGrew and me. 
There might be a capitalist in you yet. (But, I know I'll get to see pigs flying when that happens).
Anyone for tea?
Did you happen to catch the "tea party" celebrations after the Jan 19th win in Massachusetts? I think I saw a lot of steaming hot tea bags being poured over a sign with your picture on it. Or was that Chavez? I have such a hard time telling you two apart.
Finally, one last thing: I thought that prior to your last post, this had been a civil discussion with ideas getting tossed around and some of them actually useful. But you had to go and spoil the whole thing by bringing up your liberal way of thinking and denigrating the ideas of others.
But, what the heck. I know that you're not here to actually come up with any kind of solutions to real problems. You're in this site to just try to get traffic to the site and to make a living. Nothing about you is real. You're just one big phony.
-
16
02/02/10 | Report as spam
Dana understands little of Capitalism...
...or what makes it work.
Free Market Capitalism cannot function without the establishment and
respect for property rights. If the "ownership" of personal data
cannot be recognized or respected, then there's little hope of
establishing a marketplace for the management of personal data. It is
the well defined place of government to protect property rights.
Asking Congress to establish respect for my personal data is hardly
"socialist". It's quite the opposite.
One of the most dispiriting aspects of covering health reform over the last year has been how Americans all say they support the goals yet uniformly oppose any move toward achieving them.
