^{Democracy & Technology Blog} Protecting digitized health histories

Over at Discovery Blog, Bruce Chapman discusses the Obama administration’s great interest in digitizing health records even though the technological and legal infrastructure isn’t in place to protect patient privacy.

There appear to be new technologies to prevent such problems and at reasonable cost, but the overall problem of vulnerable computer security–on medical records or national security–is not a minor threat for the country as a whole or for our citizens as individuals. It won’t solve itself. It needs high priority notice by government and businesses alike.

If people have to fear:

• Their doctor may discover a chronic condition, some unfortunate piece of family health history or a youthful indiscretion
• The information is added to their digitized record
• The digitized record is stored somewhere or shared with researchers or vendors
• The file is compromised somehow
• The information makes its way into the public domain
• There is ineffective privacy protection

they may be afraid to seek medical treatment, endangering their own life and possibly becomming a public health risk.
There are things network providers and data centers can do to make transmission and storage more secure. But that won’t solve the problem of accidental disclosure by members of the health care profession (e.g., lost or stolen laptops) or even intentional disclosure (remember how private investigators gained access to cellphone records through impersonation or other means?).
A comprehensive approach is needed with criminal penalties for inappropriate access, disclosure or other use. Also, we need to modify the evidentiary rules followed by the courts so that sensitive health data contained in a digitized health record is inadmissible in most civil and criminal proceedings.