January 19, 2009

Electronic Medical Records, Google, and Microsoft

Greetings. It's well known that a significant portion of the Obama administration's stimulus plans will likely be a major thrust toward electronic medical records. These are touted as reducing errors, creating jobs, and saving money -- though it's arguable if medical consumers are the ones who actually pocket the savings in most cases.

But there are serious concerns about these systems as well -- reminding us that exactly the same sorts of problems that tend to plague our other computer-based ecosystems could now start hitting people's medical records in pretty much the same ways.

Today's New York Times has an excellent story about privacy and security issues associated with electronic medical records -- and the medical industry heavyweights who are trying to water down related provisions in associated and upcoming legislation. A few days ago, AP reported on a range of potentially serious medical errors created by the Veterans Administration's new electronic medical records system.

Both Google and Microsoft have unveiled electronic medical records systems for users, and are actively seeking partnerships with major medical treatment organizations. While they both promise comprehensive privacy and control by users -- in some ways that exceed those mandated by HIPAA privacy requirements, these systems are explicitly not actually covered by HIPAA -- though my hunch is that this status is likely to change in the near future.

The key concern with such non-HIPAA medical records systems isn't their privacy and security at the moment -- which as I noted appear to be good at present. Rather, an important aspect of HIPAA is that it represents a set of rules that cannot be arbitrarily changed by the organizations involved. Consumers need to know that the "rules of the game" when it comes to their medical records will not be subject to unilateral alterations on the basis of business conditions or management changes, outside the realm of legislated national rules.

My belief is that electronic medical records in general, and the services like those
from Google and MS in particular, have the potential for significant benefits. I also believe that a massive rush into any of these environments could end up creating a whole new range of problems that could waste money, risk privacy, and in the worst case even cost lives.

I trust that Congress will move with deliberate speed, but not be pressured, in the area of electronic medical health records implementation, and that they will put patients' rights to privacy, accuracy, security, control, and choice at the top of agenda. A stampede to electronic medical records without due consideration and care would be a very dangerous prescription indeed.


Posted by Lauren at January 19, 2009 12:24 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein