Can Electronic Records Improve Our Health Without Jeopardizing Our Privacy?
Early this September Stanford Hospital discovered that somebody had posted personal data for nearly 20,000 emergency room patients online, so that anyone who happened across the page could look up everything from the patients’ names to the codes identifying their various diagnoses. Worse still, the data had been online for more than a year.
The tale of how the data ended up online involves the sort of slapstick you expect from a bad sitcom. It seems that a hospital staffer had given the data to a job applicant, as a test to see whether the applicant could manipulate it. The applicant then posted the data online, seeking advice on how to convert it to a bar graph. He didn’t get the job, but the damage had been done.
The episode may have wider relevance: The data came from electronic medical records. And if you have followed the health care debate, then you’ve probably heard reformers talk about how such records can transform medicine, by raising the quality of care while decreasing its costs. The idea, at least in theory, is that moving medical data from paper to digital sources will mean fewer mistakes, more sharing of crucial health information, and more opportunities to analyze and learn from a wealth of new data.
But, as the Stanford episode suggests, protecting privacy becomes a lot more essential when medical records go digital. And that raises a key question: Will the security measures necessary to protect against such breaches of privacy make them impractical to use?