Coming off of my Facebook-focused blog from yesterday, I'll turn to the recent leak of State Dept. documents on WikiLeaks.
The leak has a lot of people up in arms about the federal government's push for EHR adoption and health information exchange. The criticism is that this scandal exposes the government's inability to secure such sensitive information as patient medical data.
As Deborah Peel, MD, founder of Patient Privacy Rights, said, of computerized records, "Once it's out, it's out." Peel feels that the federal government weakened privacy provisions of the HITECH Act.
One can argue whether the privacy provisions were weakened or not. In the case of the WikiLeaks, Twila Brase, president of the Citizens' Council for Health Freedom, got to the heart of the matter when she said, "What WikiLeaks shows you is how security information is all about the integrity of individuals."
The bottom line is that someone in the State Dept. leaked the documents. No iron-clad privacy provision in the world can protect against a person leaking information - whether it's paper based or computerized. Brase went on to say, "Once you get information on any kind of electronic format, it is very easy to take it, to access it, to share it, to download it."
So if you can't protect against someone abusing information, should we eliminate the whole program to computerize patient information?
If, according to a case study by a healthcare security vendor, healthcare providers experience on average between 25 and 100 privacy breaches per month, should that number drop if they comply with federal mandates for sharing electronic health information? Or will it not matter to the public who would be wary of that statistic and therefore not trust healthcare providers with their data?
Let's apply it to the financial industry. How many banks and other financial institutions have privacy breaches? If it's a low number, do we attribute it to compliance with federal privacy laws for the financial industry? Can we guarantee that someone in a bank of other financial institution wouldn't abuse documents? If we can't, how is it that we trust how the system works in this industry?
The silver lining in the WikiLeaks scandal is that it puts a laser focus on privacy and security issues, which are things we need to keep working on to make it right. There are a lot of questions, some of which I bring up here, that need to be answered.
Photo by Mataparda courtesy of Creative Commons license.
