Electronic Medical Records

Electronic Medical Records

PostBy: Richard S. On: Thu Aug 13, 2009 1:14 pm

Yanche wrote: But again there will be a lot of resistance to to status quo. Remember the CEO's make more money if their company has more employee's even it they are mindless paper pushers.


You may have a lot of resistance from the public too, who's going to have access to these records? Certainly you wouldn't want all these records stored all over the place in different systems which would mean one centralized system.

Having said that I just recently read an article about the VA which is using just such a system. They gave an example where the doctor can walk into the patients room, scan his wrist with the bar coded bracelet and have all his records pulled up immediately on a computer. He could then prescribe a drug which is sent right to the pharmacy. The drug arrives at the nurses station and they go into the room and scan the drug to make sure its right drug and correct dosage.

Certainly standardized computer records have an enormous benefit but the privacy and security of such a system is going to be questionable.
Richard S.
 
Stoker Coal Boiler: Van Wert VA1200
Coal Size/Type: Buckwheat/Anthracite

Re: Possible Doctor Shortage with UHC Plan?

PostBy: Yanche On: Thu Aug 13, 2009 2:48 pm

Technically it's straight forward to encrypt so no one, not even the government could read it. It would also be easy to segment the data into groups each with a different pass phrases. That way only the portion of the data needed for the particular purpose could be viewed. It would also be possible to require the patient to provide a pass phrase for access. Lots of straight forward technical solutions are possible. The political issues will be the tough ones.

And for you naysayers that believe the government, usually NSA can read everything, they can't. Even a rudimentary understanding of public key cryptology would show that if the math algorithm is properly chosen a bruit force attack by the fastest computer would take longer than a persons lifetime.
Yanche
 
Stoker Coal Boiler: Alternate Heating Systems S-130
Coal Size/Type: Anthracite Pea

Re: Possible Doctor Shortage with UHC Plan?

PostBy: tvb On: Thu Aug 13, 2009 3:08 pm

Certainly standardized computer records have an enormous benefit but the privacy and security of such a system is going to be questionable.


No worse than the privacy afforded your records now - anyone with access to the "records room" can pull them off the shelf, copy them, and put them back and no one will ever know.

With electronic records, there is an audit trail showing who accessed them and when.
tvb
 
Stove/Furnace Make: Alaska
Stove/Furnace Model: Channing III


Re: Electronic Medical Records

PostBy: Richard S. On: Thu Aug 13, 2009 3:43 pm

Split this to its own topic.

----------------

Yes I understand it can be secure from some prying eyes but the thing to keep in mind is hackers go through back door exploits. The recent knee jerk reaction with the voting machines is good example. A lot of places bought a lot of expensive hardware that is now junk. Our county replaced perfectly good mechanical voting machines with expensive computers that carry huge maintenance fees. some of them actually went to Smitsonia thay were in such good shape and there was never any major issues with them AFAIK. If you want another example look at Blu-Ray, it was supposed to be unbreakable because the disk would be tied to keys on the player that would have to be updated. One reason it was broke was because one single software player was released that was hackable. Doesn't matter if your front door is a 3 foot thick steel vault door if the back door is made of cardboard.

Security aside If such a system were to be implemented everyone should have control of his/her records and be able to say who can access them and it should be logged who accessed what and when no matter who it is with the person being able to check the logs themselves. The medical profession would go ballistic over such a proposition but it's the only way I can see that it would work. I can certainly think of scenarios where it would be an issue such as emergency treatment. Certainly you'll want ER's and even emergency responders access to that information but you're opening up a hole...
Richard S.
 
Stoker Coal Boiler: Van Wert VA1200
Coal Size/Type: Buckwheat/Anthracite

Re: Possible Doctor Shortage with UHC Plan?

PostBy: Richard S. On: Thu Aug 13, 2009 3:52 pm

tvb wrote:
No worse than the privacy afforded your records now - anyone with access to the "records room" can pull them off the shelf, copy them, and put them back and no one will ever know.


I would suggest its worse, you're going from a handful of people to potentially who knows how many that could gain access.

With electronic records, there is an audit trail showing who accessed them and when.


Yes as i suggested but also keep in mind electronic data can easily be manipulated, changed, edited, deleted with a few keystokes.
Richard S.
 
Stoker Coal Boiler: Van Wert VA1200
Coal Size/Type: Buckwheat/Anthracite

Re: Electronic Medical Records

PostBy: ErikLaurence On: Thu Aug 13, 2009 4:41 pm

If you don't have the encryption key then it doesn't really matter who has access to the records.

This is not rocket science

PGP would work fine.

http://en.wikipedia.org/wiki/Pretty_Good_Privacy
ErikLaurence
 
Stove/Furnace Make: Reading Lehigh
Stove/Furnace Model: LL Hyfire II w/heat jacket

Re: Electronic Medical Records

PostBy: djackman On: Thu Aug 13, 2009 5:27 pm

People still can't use or remember a halfway descent password for their email or online accounts, good luck getting them to manage or provide an encryption key. Biometric ID would be the probable solution - hard to leave your body at home for a Dr's visit.

Funny how people get all bent about the security of their medical records but will post their life history and contact info on Facebook or Linkedin for all to see.
djackman
 
Stove/Furnace Make: 1980 vintage Tarm
Stove/Furnace Model: FT22 (aka 202) installed!

Re: Electronic Medical Records

PostBy: beemerboy On: Fri Aug 14, 2009 12:21 pm

Keep in mind that the insurance companies have all of your medical records on file in electronic format. How many people there have access and what is their security measures?

If your employer is a self insurer your boss has access to your medical records. The company I worked for was self insured for a while and I had surgery done on a very personal part of me. When I returned to work after the surgery my boss asked me how I was while describing what had been done. I never told him or anyone else what was being operated on, all I told him was I was having an operation and I would be out for two weeks.
beemerboy
 
Stove/Furnace Make: SAEY
Stove/Furnace Model: Hannover 1

Re: Electronic Medical Records

PostBy: Richard S. On: Fri Aug 14, 2009 1:55 pm

ErikLaurence wrote:If you don't have the encryption key then it doesn't really matter who has access to the records.

This is not rocket science


Yes but it's not how secure the data can be that is the real issue, it's accessibility. For example lets say you get hit by bus you're in a coma and they need access to those records. Now what? What if you lose the key?

For example if you ask me for your password here I can't give it to you, it's gone. I can change it but I could never find out what it is. The reason that is done is if someone were to get access to the database they wouldn't be able to go and try and use those passwords elsewhere such as a banking site because people frequently use the same passwords on multiple sites. People lose their passwords on this site all the time. It's constant... I probably get a email a week asking for them and that doesn't include the majority who would be getting new password without any help.

The point is if you don't know what it is the data(password itself) is lost and I suspect if you start handing out keys to bunch of people they are going to be losing them left and right.

The only way to alleviate either of those problems is for someone else to have access and that is where the security breaks down.
Richard S.
 
Stoker Coal Boiler: Van Wert VA1200
Coal Size/Type: Buckwheat/Anthracite

Re: Electronic Medical Records

PostBy: Yanche On: Fri Aug 14, 2009 4:17 pm

Richard, the problems you point out with passwords is exactly the same problem companies have with encrypted data when the employee is hit by a truck. The public key cryptology systems have various methods of dealing with the problem. One technique is mathematical, which allows multiple pass phrases, when the keys are first generated. They are each different but can both access the data. The other technique is the custodial problem of allowing access to the generated pass phrase. The pass phrases are kept under lock and key with a custodial procedure for getting it. Much like a court order required to unlock the bank safe deposit box. Obviously this wouldn't work for medical records. A third method use multiple persons each with a different phase phrase active at the same time. This is commonly used in business to recover data from frankly dead employees. Multiple employees, usually including someone from the legal department all key in their pass phrases within a short period of each other. Often they both need to be physically present at the same place and time. There are technical solutions to the medical records problem. With a multiple pass phrase system more that one person, perhaps you, could be required to look at your records. Much like when the telephone company calls you trying to sell you some new service. The caller doesn't have access to you existing records until you give permission. The phone call is recorded and kept showing you gave your permission. There are ways to make it secure, but a balance needs to determined between so secure it's not useful and wide open access. Let's see what NIST proposes.

Note, I've used the term pass phrase because it not just a pass word, it truly is a phrase. Something humans have an easier time remembering than just a pass word. The key to remembering passwords and pass phrases is to use something already etched in your brain, like "The first person I made love to was my teacher, Mrs. ....." , well you get the idea. :-)
Yanche
 
Stoker Coal Boiler: Alternate Heating Systems S-130
Coal Size/Type: Anthracite Pea

Re: Electronic Medical Records

PostBy: Richard S. On: Fri Aug 14, 2009 4:24 pm

Yanche wrote: Multiple employees, usually including someone from the legal department all key in their pass phrases within a short period of each other. Often they both need to be physically present at the same place and time.


So what if you and one of the multiple employees gets hit by the bus? :lol:

Having said that I did a similar thing with my own important files. A close relative knows one part of the key and another knows the other part. Actually accidental as I was giving them the key over a phone and was reluctant to give whole key.
Richard S.
 
Stoker Coal Boiler: Van Wert VA1200
Coal Size/Type: Buckwheat/Anthracite