Greetings. In response to my discussion of The Online Medical Records Trap, I've been asked what would happen if a central medical records system were encrypted in the manner I suggested, where the service provider couldn't access the records even in the face of an outside demand (like a court order) without the user's permission, in the case of the person being incapacitated or unconscious.

There are several rather simple answers to this. The most basic is that to depend on a centralized system as the only location where medical records are stored would be incredibly foolhardy. If doctors or hospitals needed access to that data, and their local computers or Internet connections were down, or if the central servers had been hacked or were having other problems (including possible connectivity issues) then patients would be S.O.L. (that is, up the creek without a paddle).

It should be required that doctors and hospitals maintain local copies of patient records, ideally not only on their local computers (the same level of encryption and access control that I propose for central medical records systems would not be necessary nor desirable on these local systems), but also the records should be kept in hardcopy form as well.

Yes, I said hardcopy. A hassle that devalues the computerized systems? Yep, but I want my medical records kept locally in a form that doesn't depend on computers or even electricity. I like those manila folders on the shelves, especially living in an area where earthquakes and other natural disasters (with their resulting power outages) are always a possibility. Most other areas also have their own risks of disasters or problems that could make computer-based access to patient records impossible just when they're needed most, especially if those records are centralized and communications are down.

As far as access to a central system is concerned, nothing says that a user couldn't provide friends, next-of-kin, etc. with their access key, or even have it noted on whatever emergency contact information that they hopefully carry routinely. I have a slip of paper in my wallet with a few contact names and numbers for emergency use, mainly in case some idiot wipes me out making a left turn in front of me when I'm riding, but the point is that while carrying around your passwords isn't a great idea in the general case, this is one specific situation where it could make sense.

I should add that it's also wise to include on your contact sheet full information about any allergies or other serious medical conditions that exist so that responders will know about them in emergencies. To depend on access to a centralized medical system for such info in these situations could be disastrous, even if none of the central data were encrypted or otherwise access controlled -- there's no guarantee that the central system would be reachable when you might need it most.

So what does this all boil down to? A centralized medical records system should never be depended upon for anything other than secondary access to medical data, if that. Doctors and hospitals must be required to maintain local copies of patient data since there is no guarantee that central systems will be accessible at any given time, particularly in disaster or other emergency situations.

To help prevent misuse of central medical records systems, all personal medical data on those central systems should only be accessible with the permission of the user or their designated contacts, and should be encrypted in a manner that makes other access impossible. Period. Anything short of this opens up enormous abuse potential.

--Lauren--