April 28, 2003
"Kaiser Permanente, the nation's largest nonprofit health maintenance
organization, said yesterday that it will spend $1.8 billion over
the next three years to create a vast electronic archive of medical
records for its 8.4 million members. Under the plan, Kaiser's health
care providers, including 12,000 physicians, will have access to what
the HMO's chief executive, George C. Halvorson, called 'the largest
and most current patient database in the world.' The password-protected
system 'will make it much easier for physicians to provide the very
best care' by giving them access to up-to-the minute medical records,
test results and scientific literature, Halvorson said. Kaiser members
also will be able to go online to get information on their health
status, test results and medications they are taking. And they will
be able to send questions to Kaiser doctors and nurses."
I can certainly see the convenience
of being able to email a doctor or nurse, and I would certainly like
having access to lab results, vaccination history, prescription refills,
and other such information from my home computer at any time.
This seems to be the future.
Other HMOs and medical facilities are also going online (while some
already are). Corporations are investing millions to get software
and computer systems ready for the health community.
including Sun Microsystems, are set to invest in an $8 million commercialisation
of world-leading health electronic records technology developed by
the Distributed Systems and Technology Centre.... The CRC has developed
a health records standard as part of the technology, which was recently
adopted by the European Union's standards body, CEN, and is in talks
with the American standards body, HL7."
So what's the catch?
"For a computer security
professional, Lance Spitzner has an unusual goal: He wants ill-intentioned
hackers to steal more Social Security numbers and medical records.
Mr. Spitzner, a former Army officer, spends his days working at Sun
Microsystems and his evenings running the volunteer Honeynet Project,
a group of security professionals working to track hackers. Until
recently, the four-year-old nonprofit effort focused on building and
monitoring honeypots � computer systems designed to be easily penetrated
so that Honeynet volunteers can covertly scrutinize hackers' tricks
when they break into the systems."
This information is out there.
If I can access it, then so can anyone else with a knowledge of computers
and the desire to hack the system. Even the best systems are compromised;
the ideal is to stop the crime before it is committed. The reality
is that the online crimes are tracked and dealt with after the fact--just
like any other crime.
Now, let's go back about
a year and a half: before most computer systems were online, when
very little personal medical information was online, when your medical
life story was still kept in that big folder with your name on it
that came out of storage each time you had a doctor's appointment...
"Tuesday, Nov. 6, 2001
BY CHARLES PILLER
Los Angeles Times
Detailed psychological records containing the innermost secrets of
at least 62 children and teenagers were accidentally posted on the
University of Montana Web's site last week in one of the most damaging
violations of privacy over the Internet. The 400 pages of documents
describe patient visits and offer diagnoses by therapists of mental
retardation, depression, schizophrenia and other serious conditions.
In nearly all cases they contain full names, dates of birth, and sometimes
home addresses and schools attended, along with results of psychological
Okay, so accidents happen.
This had nothing to do with a major medical institution putting records
on a network to help doctors or patients. This had nothing to do with
hackers. This was simply an accident... Doctors and patients will
benefit. Having this information connected online on a network will
make access, diagnosis, and treatment more convenient. Information
that is easier for one to get, is easier for others. What happens
if this information gets compromised? What happens if this information
is leaked? What happens when the network crashes?
Questions of the Week:
What are the benefits that will come once the entire medical system
is online (providing patients and doctors with "up-to-the minute
medical records" for reference and cross-reference)? What are
the negative aspects of having all of this information so readily
available? It is the future of medicine; do you think the benefits
outweigh the risks? How might you and your family personally benefit?
What concerns do you have about how this might affect you or someone
Please email me with any ideas or suggestions.
Note: Due to increasing amounts of SPAM sent to this account, please include "QOW" in the subject line when sending me email.
I look forward to reading
what you have to say.
Health Community Coordinator
Access Excellence @ the National Health Museum